org.apache.dolphinscheduler:dolphinscheduler-api
Maven9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.dolphinscheduler:dolphinscheduler-apipage 1 of 1
- CVE-2020-13922MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.3.22021-01-11
vulnerable: 1.2.0, 1.2.1, 1.3.0, 1.3.1
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
- CVE-2023-25601MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.1.22023-04-20
vulnerable: 3.0.0 ... 3.1.1 (9 versions)
On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For u…
- CVE-2023-49068HIGHCVSS 7.5EG 7.5✓ Fixed in 3.2.12023-11-27
vulnerable: 1.2.0 ... 3.2.0 (42 versions)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the…
- CVE-2023-49620MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.1.02023-11-30
vulnerable: 1.2.0 ... 3.0.6 (31 versions)
Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this iss…
- CVE-2026-32966CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.4.22026-06-17
vulnerable: 1.2.0 ... 3.4.1 (48 versions)
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which …
- CVE-2026-32967CRITICALCVSS 9.1EG 9.1✓ Fixed in 3.4.22026-06-17
vulnerable: 1.2.0 ... 3.4.1 (48 versions)
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
- CVE-2026-41280MEDIUMCVSS 4.9EG 4.9✓ Fixed in 3.4.22026-06-17
vulnerable: 1.2.0 ... 3.4.1 (48 versions)
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to …
- CVE-2026-42357MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.4.22026-06-17
vulnerable: 1.2.0 ... 3.4.1 (48 versions)
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recomm…
- CVE-2026-47340MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.4.22026-06-17
vulnerable: 1.2.0 ... 3.4.1 (48 versions)
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrad…
Check whether org.apache.dolphinscheduler:dolphinscheduler-api is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.dolphinscheduler:dolphinscheduler-api CVEs against the assets you own.
Start Free Scan →