pkg:Maven/org.apache.druid:druid

8 total CVEsCRITICAL1HIGH2MEDIUM4LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2025-59390Apache Druid’s Kerberos authenticator uses a weak fallback secret
    from 0, < 35.0.0
  • HIGH8.8CVE-2021-26919Arbitrary code execution in Apache Druid
    from 0, < 0.20.2
  • HIGH8.8CVE-2021-25646Code injection in Apache Druid
    from 0, < 0.20.1
  • MEDIUM6.5CVE-2020-1958Credentials bypass in Apache Druid
    >= 0.17.0, < 0.17.1
  • MEDIUM6.1CVE-2021-44791Apache Druid before 0.23.0 vulnerable to reflected XSS via unescaped URL parameters
    from 0, < 0.23.0
  • MEDIUM5.4CVE-2025-27888Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect
    from 0, < 31.0.2
  • MEDIUM4.3CVE-2022-28889Apache Druid before 0.23.0 vulnerable to clickjacking
    from 0, < 0.23.0
  • LOW3.1CVE-2024-45537Apache Druid: Users can provide MySQL JDBC properties not on allow list
    from 0, < 30.0.1