Apache Software Foundation

560 tracked vulnerabilities.

CVE-2025-66249 MEDIUM
Apache Livy 0.3.0-0.9.0 - Path Traversal
Mar 13, 2026
CVSS 6.3
EPSS 0.01
CVE-2025-60012 MEDIUM
Apache Livy 0.7.0-0.8.0 - Unauthorized File Access
Mar 13, 2026
CVSS 6.3
EPSS 0.00
CVE-2025-66168 MEDIUM
Apache ActiveMQ - Memory Corruption
Mar 04, 2026
CVSS 5.4
EPSS 0.01
CVE-2025-66614 CRITICAL
Apache Tomcat 11.0.0-M1-11.0.14 - DoS
Feb 17, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-68493 HIGH
Apache Struts <6.1.0 - XML Validation
Jan 11, 2026
CVSS 8.1
EPSS 0.23
CVE-2025-68161 MEDIUM
Apache Log4j Core <2.25.2 - SSL Verification Bypass
Dec 18, 2025
CVSS 4.8
EPSS 0.01
CVE-2025-54057 MEDIUM
Apache SkyWalking <= 10.2.0 - Cross-Site Scripting
Nov 27, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-61795 MEDIUM
Apache Tomcat 8.5.0-8.5.100, 9.0.0.M1-9.0.109, 10.1.0.M1-10.1.46, 11.0.0-M1-11.0.11 - DoS via Uncleaned Multipart Upload
Oct 27, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-55754 CRITICAL
Apache Tomcat 11.0.0-M1-11.0.10, 10.1.0-M1-10.1.44, 9.0.40-9.0.108 - ANSI Escape Sequence Injection
Oct 27, 2025
CVSS 9.6
EPSS 0.10
CVE-2025-55752 HIGH
Apache Tomcat 8.5.6-8.5.100, 9.0.0.M11-9.0.108, 10.1.0-M1-10.1.44, 11.0.0-M1-11.0.10 - RCE via URI Rewrite Bypass
Oct 27, 2025
CVSS 7.5
EPSS 0.67
CVE-2025-48989 HIGH
Apache Tomcat <11.0.10, 10.1.44, 9.0.108 - Improper Resource Shutdown
Aug 13, 2025
CVSS 7.5
EPSS 0.03
CVE-2025-32897 CRITICAL
Apache Seata 2.0.0-2.3.0 - Deserialization of Untrusted Data in Raft Cluster Mode
Jun 28, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-48734 HIGH
Apache Commons <2.0.0 - Info Disclosure
May 28, 2025
CVSS 8.8
EPSS 0.02
CVE-2024-47552 CRITICAL
Apache Seata <2.2.0 - Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-48962 HIGH
Apache OFBiz < 18.12.17 - Cross-Site Request Forgery
Nov 18, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-36265 CRITICAL
Apache Submarine Server Core <0.8.0 - Incorrect Authorization
Jun 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2022-45047 CRITICAL
Apache MINA SSHD <= 2.9.1 - Deserialization of Untrusted Data in SimpleGeneratorHostKeyProvider
Nov 16, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-36124 HIGH
Apache Avro Rust SDK <0.14.0 - Memory Corruption
Aug 09, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-34169 HIGH
Apache Xalan <2.7.3 - Code Injection
Jul 19, 2022
CVSS 7.5
EPSS 0.18
CVE-2022-23307 HIGH
Apache Chainsaw < 2.1.0 - Deserialization of Untrusted Data
Jan 18, 2022
CVSS 8.8
EPSS 0.52
CVE-2022-23305 CRITICAL
Apache Log4j 1.2.x - SQL Injection via JDBCAppender Message Converter
Jan 18, 2022
CVSS 9.8
EPSS 0.67
CVE-2022-23302 HIGH
Apache Log4j 1.x - Deserialization of Untrusted Data via JMSSink Configuration
Jan 18, 2022
CVSS 8.8
EPSS 0.62
CVE-2021-44832 MEDIUM
Apache Log4j 2.0-beta7-2.17.0 - Remote Code Execution via JDBC Appender JNDI LDAP Data Source
Dec 28, 2021
CVSS 6.6
EPSS 0.98
CVE-2021-45105 MEDIUM
Apache Log4j 2.0-alpha1-2.16.0 - Denial of Service via Thread Context Map Self-Referential Lookup
Dec 18, 2021
CVSS 5.9
EPSS 1.00
CVE-2021-4104 HIGH
Apache Log4j 1.2 - Remote Code Execution via JMSAppender JNDI Requests
Dec 14, 2021
CVSS 7.5
EPSS 0.81