CVE-2026-30778
- EPSS 0.05%
- Veröffentlicht 15.04.2026 10:54:25
- Zuletzt bearbeitet 20.04.2026 16:46:52
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes th...
CVE-2026-34476
- EPSS 0.11%
- Veröffentlicht 13.04.2026 13:01:31
- Zuletzt bearbeitet 20.04.2026 16:45:47
Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue.
CVE-2025-54057
- EPSS 0.26%
- Veröffentlicht 27.11.2025 11:47:32
- Zuletzt bearbeitet 13.04.2026 16:16:24
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: <= 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue.
CVE-2020-13921
- EPSS 4.5%
- Veröffentlicht 05.08.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:02:09
**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.
CVE-2020-9483
- EPSS 94.09%
- Veröffentlicht 30.06.2020 15:15:10
- Zuletzt bearbeitet 21.11.2024 05:40:44
**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storag...