English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

← Back to Products

dolphinscheduler

Vendor: apache

11
Total CVEs
3
Critical
7
High
1
Medium
0
Low

Recent CVEs

CVE-2025-62188

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, includ...

Affected versions: 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 +5 more

Published: Apr 9, 2026

7.5

CVSS

CVE-2024-43166

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the i...

Affected versions: 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 +41 more

Published: Sep 3, 2025

9.8

CVSS

CVE-2024-43115

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2....

Affected versions: 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 +41 more

Published: Sep 3, 2025

8.8

CVSS

CVE-2024-43202

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which...

Affected versions: 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 +14 more

Published: Aug 20, 2024

9.8

CVSS

CVE-2024-30188

File read and write vulnerability in Apache DolphinScheduler ,  authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2...

Affected versions: 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 +7 more

Published: Aug 12, 2024

8.1

CVSS

CVE-2024-29831

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plu...

Affected versions: 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 +41 more

Published: Aug 12, 2024

8.8

CVSS

CVE-2024-23320

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-...

Affected versions: 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 +40 more

Published: Feb 23, 2024

8.8

CVSS

CVE-2023-51770

Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which...

Affected versions: 1.2.0 1.2.1 1.3.0 1.3.1 1.3.2 +33 more

Published: Feb 20, 2024

7.5

CVSS

CVE-2023-50270

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue....

Affected versions: 1.3.8 1.3.9 2.0.0 2.0.1 2.0.2 +25 more

Published: Feb 20, 2024

6.5

CVSS

CVE-2023-49250

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affect...

Affected versions: 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 +40 more

Published: Feb 20, 2024

7.3

CVSS

CVE-2023-49109

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which...

Affected versions: 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 +13 more

Published: Feb 20, 2024

9.8

CVSS

CVE-2023-48796

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credent...

Affected versions: 3.0.0 3.0.1

Published: Nov 24, 2023

7.5

CVSS