Known Vulnerabilities for Skywalking by Apache
Listed below are 5 of the newest known vulnerabilities associated with "Skywalking" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34476 json | Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking M... | Not Provided | 2026-04-13 | 2026-04-13 |
| CVE-2026-30778 json | The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This is... | Not Provided | 2026-04-15 | 2026-04-16 |
| CVE-2025-54057 json | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue... | Not Provided | 2025-11-27 | 2026-04-13 |
| CVE-2022-36127 json | A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this ... | 7.5 - HIGH | 2022-07-18 | 2022-07-25 |
| CVE-2020-13921 json | **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildca... | 9.8 - CRITICAL | 2020-08-05 | 2023-11-07 |
| CVE-2020-9483 json | **Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL... | 7.5 - HIGH | 2020-06-30 | 2020-07-10 |