Apache Skywalking vulnerabilities
3 known vulnerabilities affecting apache/skywalking.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-54057MEDIUMCVSS 6.1fixed in 10.3.02025-11-27
CVE-2025-54057 [MEDIUM] CWE-80 CVE-2025-54057: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apach
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking.
This issue affects Apache SkyWalking: <= 10.2.0.
Users are recommended to upgrade to version 10.3.0, which fixes the issue.
nvd
CVE-2020-13921CRITICALCVSS 9.8v6.5.0v6.6.0+3 more2020-08-05
CVE-2020-13921 [CRITICAL] CWE-89 CVE-2020-13921: **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vu
**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.
nvd
CVE-2020-9483HIGHCVSS 7.5PoC≥ 6.0.0, ≤ 6.6.0v7.0.02020-06-30
CVE-2020-9483 [HIGH] CWE-89 CVE-2020-9483: **Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL
**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.
nvd