Apache Oozie
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apache Oozie.
By the Year
In 2026 there have been 0 vulnerabilities in Apache Oozie. Last year, in 2025 Oozie had 1 security vulnerability published. Right now, Oozie is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 4.50 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 4.70 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 6.50 |
It may take a day or so for new Oozie vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Oozie Security Vulnerabilities
Apache Oozie XSS via Improper Neutralization of Input
CVE-2025-26796
- March 22, 2025
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
XSS
Azure Apache Oozie Workflow Spoofing Vulnerability
CVE-2023-36877
4.5 - Medium
- August 08, 2023
Azure Apache Oozie Spoofing Vulnerability
There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which
CVE-2020-35451
4.7 - Medium
- March 09, 2021
There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.
Race Condition
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users
CVE-2018-11799
6.5 - Medium
- December 19, 2018
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Oozie or by Apache? Click the Watch button to subscribe.
