Apache Software Foundation
560 tracked vulnerabilities.
CVE-2026-40557
MEDIUM
Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections
Apr 27, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-33453
CRITICAL
NUCLEI
Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution
Apr 27, 2026
CVSS 10.0
EPSS 0.06
CVE-2026-27172
HIGH
Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
Apr 27, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-41409
CRITICAL
Apache MINA: CWE-502 Deserialization of Untrusted Data
Apr 27, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-40858
HIGH
Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository
Apr 27, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-40022
HIGH
Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime
Apr 27, 2026
CVSS 8.2
EPSS 0.01
CVE-2026-33454
CRITICAL
Apache Camel MailHeaderFilterStrategy - MIME Header Injection RCE
Apr 27, 2026
CVSS 9.4
EPSS 0.01
CVE-2026-41635
CRITICAL
Apache MINA IoBuffer - Deserialization Remote Code Execution
Apr 27, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-40860
CRITICAL
Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp
Apr 27, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-40473
HIGH
Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP
Apr 27, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-40453
CRITICAL
Apache Camel HeaderFilterStrategy - Case-Variant Internal Header Injection
Apr 27, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-40048
HIGH
Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager
Apr 27, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-40690
MEDIUM
Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users
Apr 24, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-38743
MEDIUM
Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities
Apr 24, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-23902
HIGH
Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution.
Apr 24, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41044
HIGH
Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia
Apr 24, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-41043
MEDIUM
Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues
Apr 24, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-40466
HIGH
NUCLEI
Apache ActiveMQ Broker < 5.19.6 and 6.0.0 to before 6.2.5 - Remote Code Execution
Apr 24, 2026
CVSS 8.8
EPSS 0.05
CVE-2026-40542
HIGH
Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification
Apr 22, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-33558
MEDIUM
Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output
Apr 20, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-33557
CRITICAL
Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication
Apr 20, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-40948
MEDIUM
Apache Airflow: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager
Apr 18, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-32690
LOW
Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1
Apr 18, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-32228
HIGH
Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to
Apr 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30912
HIGH
Apache Airflow: Exposing stack trace in case of constraint error
Apr 18, 2026
CVSS 7.5
EPSS 0.00
Products
Apache Tomcat 52
Apache Airflow 42
Apache HTTP Server 36
Apache Camel 33
Apache ActiveMQ 23
Apache OFBiz 22
Apache CXF 20
Apache ActiveMQ All 17
Apache APISIX 15
Apache OpenMeetings 15
Apache ActiveMQ Broker 13
Apache IoTDB 12
Apache NiFi 12
Apache Struts 12
Apache Thrift 11
Apache Atlas 9
Apache DolphinScheduler 8
Apache Answer 7
Apache CloudStack 7
Apache Hadoop 6
Apache OpenOffice 6
Apache Shiro 6
Apache Wicket 6
Apache Kvrocks 5
Apache MINA 5
Apache Ranger 5
Apache ActiveMQ Client 4
Apache Ambari 4
Apache Gravitino 4
Apache Log4j 1.x 4
Quick Filters