Atlas
by Apache
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-22509 | Hig | 0.53 | 8.1 | 0.01 | Jan 8, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through <= 2.1.0. | ||
| CVE-2017-3154 | Hig | 0.49 | 7.5 | 0.02 | Aug 29, 2017 | Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. | ||
| CVE-2016-8752 | Hig | 0.49 | 7.5 | 0.02 | Aug 29, 2017 | Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. | ||
| CVE-2026-40563 | Hig | 0.46 | 8.1 | 0.00 | May 4, 2026 | Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access… | ||
| CVE-2017-3155 | Med | 0.40 | 6.1 | 0.02 | Aug 29, 2017 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. | ||
| CVE-2017-3153 | Med | 0.40 | 6.1 | 0.02 | Aug 29, 2017 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. | ||
| CVE-2017-3152 | Med | 0.40 | 6.1 | 0.02 | Aug 29, 2017 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. | ||
| CVE-2017-3151 | Med | 0.40 | 6.1 | 0.02 | Aug 29, 2017 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. | ||
| CVE-2017-3150 | Med | 0.40 | 6.1 | 0.02 | Aug 29, 2017 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. | ||
| CVE-2025-62198 | 0.00 | — | 0.00 | Jun 22, 2026 | An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue. | |||
| CVE-2019-10070 | 0.00 | — | 0.02 | Nov 18, 2019 | Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality |
- risk 0.53cvss 8.1epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through <= 2.1.0.
- risk 0.49cvss 7.5epss 0.02
Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
- risk 0.49cvss 7.5epss 0.02
Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
- risk 0.46cvss 8.1epss 0.00
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access…
- risk 0.40cvss 6.1epss 0.02
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
- risk 0.40cvss 6.1epss 0.02
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.
- risk 0.40cvss 6.1epss 0.02
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
- risk 0.40cvss 6.1epss 0.02
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
- risk 0.40cvss 6.1epss 0.02
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.
- CVE-2025-62198Jun 22, 2026risk 0.00cvss —epss 0.00
An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue.
- CVE-2019-10070Nov 18, 2019risk 0.00cvss —epss 0.02
Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality