org.apache.druid:druid vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-59390Criticalorg.apache.druid:druid: Apache Druid’s Kerberos authenticator uses a weak fallback secretCVE-2025-27888Mediumorg.apache.druid:druid: Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open RedirectCVE-2024-45537Loworg.apache.druid:druid: Apache Druid: Users can provide MySQL JDBC properties not on allow listCVE-2021-44791Mediumorg.apache.druid:druid: Apache Druid before 0.23.0 vulnerable to reflected XSS via unescaped URL parametersCVE-2022-28889Mediumorg.apache.druid:druid: Apache Druid before 0.23.0 vulnerable to clickjackingCVE-2020-1958Mediumorg.apache.druid:druid: Credentials bypass in Apache DruidCVE-2021-26919Highorg.apache.druid:druid: Arbitrary code execution in Apache DruidCVE-2021-25646Highorg.apache.druid:druid: Code injection in Apache Druid

Stop the waste.
Protect your environment with Kodem.