Apache Streampipes
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apache Streampipes.
By the Year
In 2026 there have been 1 vulnerability in Apache Streampipes with an average score of 8.1 out of ten. Last year, in 2025 Streampipes had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Streampipes in 2026 could surpass last years number.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 8.10 |
| 2025 | 1 | 0.00 |
| 2024 | 4 | 5.60 |
| 2023 | 1 | 8.80 |
It may take a day or so for new Streampipes vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Streampipes Security Vulnerabilities
Apache StreamPipes 0.97.0: User ID Swap Enables Admin Privilege Escalation (JWT)
CVE-2025-47411
8.1 - High
- January 01, 2026
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an attacker to gain administrative control over the application by manipulating JWT tokens, which can lead to data tampering, unauthorized access and other security issues. This issue affects Apache StreamPipes: through 0.97.0. Users are recommended to upgrade to version 0.98.0, which fixes the issue.
Improper Privilege Management
Apache StreamPipes 0.95.1 REST PrivEsc CVE-2024-24778
CVE-2024-24778
- March 03, 2025
Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue.
Improper Privilege Management
Apache StreamPipes <=0.93.0 Unrestricted Upload RCE Vulnerability
CVE-2024-31411
8.8 - High
- July 17, 2024
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.
Unrestricted File Upload
CVE-2024-31979: Apache StreamPipes SSRF via Pipeline Element Install (<=0.93.0)
CVE-2024-31979
4.3 - Medium
- July 17, 2024
Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.
SSRF
Apache StreamPipes Self-Registration TOCTOU Race Condition (0.93.0)
CVE-2024-30471
3.7 - Low
- July 17, 2024
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.
TOCTTOU
Apache StreamPipes 0.69.00.93.0 CRNG Weak PRNG Vulnerability
CVE-2024-29868
- June 24, 2024
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.
PRNG
Apache StreamPipes Privilege Escalation via Unrestricted REST (0.69.0-0.91.0)
CVE-2023-31469
8.8 - High
- June 23, 2023
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0.
Improper Privilege Management
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Streampipes or by Apache? Click the Watch button to subscribe.
