FLAT-QSF1J (CVE-2026-39816)
Improper authorization control for web services In org.apache.nifi:nifi-other-graph-services-nar
4.8
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi-other-graph-services-nar
FLAT-YJ0G3 (CVE-2026-25903)
Improper authorization control for web services In org.apache.nifi:nifi-web-api
5.6
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi-web-api
FLAT-0KY49 (CVE-2025-66524)
Insecure deserialization In org.apache.nifi:nifi-asana-processors
4.8
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi-asana-processors
FLAT-SDL5O (CVE-2025-27017)
Sensitive information in source code In org.apache.nifi:nifi-mongodb-services
3.6
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi-mongodb-services
FLAT-27G46 (CVE-2024-52067)
Log injection In org.apache.nifi:nifi-framework-core
3.4
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi-framework-core
FLAT-WI12U (CVE-2024-56512)
Improper authorization control for web services In org.apache.nifi:nifi-web-api
0.5
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi-web-api
FLAT-1RE9T (CVE-2024-45477)
Server side cross-site scripting In org.apache.nifi:nifi-web-ui
1.2
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi-web-ui
FLAT-CRNWZ (CVE-2024-37389)
Server side cross-site scripting In org.apache.nifi:nifi-web-ui
1.3
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi-web-ui
FLAT-VZC5G (CVE-2023-49145)
Reflected cross-site scripting (XSS) In org.apache.nifi:nifi-jolt-transform-json-ui
1.1
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi-jolt-transform-json-ui
FLAT-C0C5H (CVE-2023-40037)
Lack of data validation In org.apache.nifi:nifi-dbcp-service-api
4.9
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi-dbcp-service-api
FLAT-KNM0D (CVE-2023-36542)
Server side template injection In org.apache.nifi:nifi-hikari-dbcp-service
6.3
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi-hikari-dbcp-service
FLAT-TT7VD (CVE-2023-34212)
Insecure deserialization In org.apache.nifi:nifi-jms-processors
4.9
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi-jms-processors
FLAT-ODIIY (CVE-2023-34468)
Lack of data validation In org.apache.nifi:nifi-dbcp-base
6.3
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi-dbcp-base
FLAT-77CBL (CVE-2023-22832)
XML injection (XXE) In org.apache.nifi:nifi-ccda-processors
6.3
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi-ccda-processors
FLAT-BG6VR (CVE-2022-26850)
Weak credential policy In org.apache.nifi:nifi-single-user-utils
1.3
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi-single-user-utils
FLAT-TXQM5 (CVE-2022-33140)
OS Command Injection In org.apache.nifi:nifi
5.2
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-SU3B6 (CVE-2017-7665)
Reflected cross-site scripting (XSS) In org.apache.nifi:nifi
1.3
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-W03LZ (CVE-2017-7667)
Missing subresource integrity check In org.apache.nifi:nifi
6.6
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-761K9 (CVE-2017-12623)
XML injection (XXE) In org.apache.nifi:nifi
4.9
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-B3HSQ (CVE-2017-5636)
Lack of data validation In org.apache.nifi:nifi
8.1
High
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-TQCNQ (CVE-2017-15697)
Lack of data validation In org.apache.nifi:nifi
8.1
High
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-BIGNZ (CVE-2017-12632)
Lack of data validation In org.apache.nifi:nifi
6.6
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-FEYDE (CVE-2018-1310)
Insecure deserialization In org.apache.nifi:nifi
6.6
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-Z12EN (CVE-2018-1309)
XML injection (XXE) In org.apache.nifi:nifi-standard-processors
8.1
High
Ecosystem: Maven
Package: org.apache.nifi:nifi-standard-processors
FLAT-D401P (CVE-2016-8748)
Reflected cross-site scripting (XSS) In org.apache.nifi:nifi
1.2
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-IYY1C (CVE-2017-5635)
Improper authorization control for web services In org.apache.nifi:nifi
6.6
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-DOGN2 (CVE-2022-29265)
XML injection (XXE) In org.apache.nifi:nifi
8.1
High
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-A7IMA (CVE-2020-9491)
Insecure encryption algorithm In org.apache.nifi:nifi
6.6
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-48KT4 (CVE-2020-9487)
Authentication mechanism absence or evasion In org.apache.nifi:nifi
6.6
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-KKSPX (CVE-2020-9486)
Log injection In org.apache.nifi:nifi-stateless
6.6
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi-stateless
FLAT-9TEBA (CVE-2020-13940)
XML injection (XXE) In org.apache.nifi:nifi
6.3
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-9021F (CVE-2020-1942)
Sensitive information sent insecurely In org.apache.nifi:nifi-security-utils
6.6
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi-security-utils
FLAT-UM3C0 (CVE-2020-1928)
Sensitive information sent insecurely In org.apache.nifi:nifi-parameter
2.7
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi-parameter
FLAT-6XPFK (CVE-2020-1933)
Reflected cross-site scripting (XSS) In org.apache.nifi:nifi
0.6
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-Y0HMN (CVE-2021-44145)
Sensitive information sent insecurely In org.apache.nifi:nifi
4.9
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-BI62W (GHSA-q594-2475-8v9f)
Non-encrypted confidential information In org.apache.nifi:nifi-standard-processors
0.0
None
Ecosystem: Maven
Package: org.apache.nifi:nifi-standard-processors
FLAT-D4LLV (CVE-2019-12421)
Insecure session management In org.apache.nifi:nifi-web-api
6.3
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi-web-api
FLAT-ALW8B (CVE-2019-10083)
Business information leak In org.apache.nifi:nifi
2.7
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-IBW69 (CVE-2019-10080)
XML injection (XXE) In org.apache.nifi:nifi
2.3
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-6JXII (CVE-2017-15703)
Insecure deserialization In org.apache.nifi:nifi-framework-cluster-protocol
1.7
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi-framework-cluster-protocol
FLAT-B2D7B (CVE-2018-17195)
Use of insecure channel - Source code In org.apache.nifi:nifi
4.8
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-376RA (CVE-2018-17193)
Reflected cross-site scripting (XSS) In org.apache.nifi:nifi
1.3
Low
Ecosystem: Maven
Package: org.apache.nifi:nifi
FLAT-WA4P7 (CVE-2018-17194)
Lack of data validation In org.apache.nifi:nifi-framework-cluster
6.6
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi-framework-cluster
FLAT-XDSS6 (CVE-2018-17192)
Clickjacking In org.apache.nifi:nifi
4.9
Medium
Ecosystem: Maven
Package: org.apache.nifi:nifi