VYPR

Apisix

by Apache

Source repositories

CVEs (24)

  • CVE-2025-62232Oct 31, 2025
    risk 0.00cvss epss 0.00

    Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following…

  • CVE-2025-46647Jul 2, 2025
    risk 0.00cvss epss 0.00

    A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-connect provides services to…

  • CVE-2024-32638May 2, 2024
    risk 0.00cvss epss 0.01

    Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the…

  • CVE-2022-25757Mar 28, 2022
    risk 0.00cvss epss 0.02

    In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example,…

Page 2 of 2