Bounties
Partners
Community
Info
apache / spark
Project repository
Apache Spark - A unified analytics engine for large-scale data processing
Submit a report
FIRST INTERACTION
WITHIN
211 DAYS
REVIEW
WITHIN
270 DAYS
FIX
WITHIN
N/A DAYS
Apache Spark Authentication Bypass Vulnerability
Jul 25th 2025
elexs1zz
•
informative
High
Remote Command Injection in Apache Spark merge_spark_pr.py via Unvalidated Git R...
Jun 18th 2025
echooriginai
•
self closed
Unsafe model loading through PySpark ML Connect may lead to RCE
Jul 28th 2025
sch227
•
informative
High
Command Injection in Apache Spark's RDD.pipe() allows arbitrary shell execution...
Jul 21st 2025
anreddykarthikreddy3003
•
not applicable
Arbitrary File Write via Tar Extraction (Path Traversal)
Apr 7th 2025
hope4real
•
spam
Command Injection in ProcessBuilder
Apr 7th 2025
hope4real
•
not applicable
Improper Neutralization of Special Elements used in an OS Command
Nov 22nd 2024
ralph13
•
informative
High
A member of the Apache org with permission to push code into Spark project has l...
Apr 18th 2022
edivangalindo
•
not applicable
Inefficient Regular Expression Complexity
Oct 28th 2023
ready-research
•
self closed
Code Injection
Sep 27th 2024
anon-artist
•
spam
CRITICAL
$1500
HIGH
$750
MEDIUM
$125
LOW
$20
