VYPR

Atlas

by Apache

Source repositories

CVEs (11)

  • CVE-2025-22509HigJan 8, 2026
    risk 0.53cvss 8.1epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through <= 2.1.0.

  • CVE-2017-3154HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.02

    Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.

  • CVE-2016-8752HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.02

    Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.

  • CVE-2026-40563HigMay 4, 2026
    risk 0.46cvss 8.1epss 0.00

    Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access…

  • CVE-2017-3155MedAug 29, 2017
    risk 0.40cvss 6.1epss 0.02

    Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.

  • CVE-2017-3153MedAug 29, 2017
    risk 0.40cvss 6.1epss 0.02

    Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.

  • CVE-2017-3152MedAug 29, 2017
    risk 0.40cvss 6.1epss 0.02

    Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.

  • CVE-2017-3151MedAug 29, 2017
    risk 0.40cvss 6.1epss 0.02

    Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.

  • CVE-2017-3150MedAug 29, 2017
    risk 0.40cvss 6.1epss 0.02

    Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.

  • CVE-2025-62198Jun 22, 2026
    risk 0.00cvss epss 0.00

    An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue.

  • CVE-2019-10070Nov 18, 2019
    risk 0.00cvss epss 0.02

    Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality