Apache Atlas
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apache Atlas.
By the Year
In 2026 there have been 0 vulnerabilities in Apache Atlas. Last year, in 2025 Atlas had 1 security vulnerability published. Right now, Atlas is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 7.10 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 8.80 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 5.50 |
| 2019 | 1 | 6.10 |
It may take a day or so for new Atlas vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Atlas Security Vulnerabilities
Apache Atlas <=2.3.0 Authenticated XSS allows impersonation
CVE-2024-46910
7.1 - High
- February 13, 2025
An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.
Basic XSS
Apache Atlas 0.8.4-2.2.0 Import Mod Auth Write-To-FS Vulnerability
CVE-2022-34271
8.8 - High
- December 14, 2022
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.
Directory traversal
Apache Groovy provides extension methods to aid with creating temporary directories
CVE-2020-17521
5.5 - Medium
- December 07, 2020
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality
CVE-2019-10070
6.1 - Medium
- November 18, 2019
Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Atlas or by Apache? Click the Watch button to subscribe.
