pkg:PyPI/pyspark

21 total CVEsCRITICAL4HIGH10MEDIUM7

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2022-33891⚠ KEVApache Spark UI can allow impersonation if ACLs enabled
    from 0, <= 3.0.3
  • HIGH8.8CVE-2022-33891⚠ KEVApache Spark UI can allow impersonation if ACLs enabled
    from 0, < 3.1.1, >= 3.2.0, < 3.2.2, >= 3.1.1, < 3.1.3
  • CRITICAL9.9CVE-2023-22946Apache Spark proxy-user privilege escalation from malicious configuration class
    from 0, < 3.3.2
  • CRITICAL9.9CVE-2023-22946Apache Spark proxy-user privilege escalation from malicious configuration class
    from 0, < 3.4.0
  • CRITICAL9.8CVE-2020-9480Improper Authentication in Apache Spark
    from 0, < 2.4.6
  • CRITICAL9.8CVE-2020-9480Improper Authentication in Apache Spark
    from 0, < 2.4.6
  • HIGH8.8CVE-2023-32007Apache Spark: Shell command injection via Spark UI
    from 0, < 3.1.1, >= 3.2.0, < 3.2.2, >= 3.1.1, < 3.2.0
  • HIGH8.8CVE-2023-32007Apache Spark: Shell command injection via Spark UI
    >= 3.1.1, < 3.2.2
  • HIGH7.8CVE-2017-12612Apache Spark Deserialization of Untrusted Data vulnerability
    from 0, < 2.1.2
  • HIGH7.8CVE-2017-12612Apache Spark Deserialization of Untrusted Data vulnerability
    from 0, < 2.1.2
  • HIGH7.5CVE-2021-38296Apache Spark Key Negotiation Vulnerability
    from 0, < 3.1.3
  • HIGH7.5CVE-2021-38296Apache Spark Key Negotiation Vulnerability
    from 0, < 3.1.3
  • HIGH7.5CVE-2019-10099Sensitive data written to disk unencrypted in Spark
    from 0, < 2.3.3
  • HIGH7.5CVE-2019-10099Sensitive data written to disk unencrypted in Spark
    from 0, < 2.3.3
  • MEDIUM6.5CVE-2025-55039Apache Spark has Inadequate Encryption Strength
    from 0, < 3.4.4, >= 3.5.0, < 3.5.2
  • MEDIUM5.5CVE-2018-11760Pyspark User Impersonation Vulnerability
    >= 2.3.0, < 2.3.2, >= 1.0.2, < 2.2.3
  • MEDIUM5.5CVE-2018-11760Pyspark User Impersonation Vulnerability
    >= 2.3.0, < 2.3.2
  • MEDIUM5.4CVE-2022-31777Apache Spark vulnerable to Log Injection
    from 0, < 3.2.2
  • MEDIUM5.4CVE-2022-31777Apache Spark vulnerable to Log Injection
    from 0, < 3.2.2
  • MEDIUM4.7CVE-2018-1334Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
    >= 2.2.0, < 2.2.2, from 0, < 2.1.3
  • MEDIUM4.7CVE-2018-1334Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
    >= 2.2.0, < 2.2.2