Apache Software Foundation
560 tracked vulnerabilities.
CVE-2025-66249
MEDIUM
Apache Livy 0.3.0-0.9.0 - Path Traversal
Mar 13, 2026
CVSS 6.3
EPSS 0.01
CVE-2025-60012
MEDIUM
Apache Livy 0.7.0-0.8.0 - Unauthorized File Access
Mar 13, 2026
CVSS 6.3
EPSS 0.00
CVE-2025-66168
MEDIUM
Apache ActiveMQ - Memory Corruption
Mar 04, 2026
CVSS 5.4
EPSS 0.01
CVE-2025-66614
CRITICAL
Apache Tomcat 11.0.0-M1-11.0.14 - DoS
Feb 17, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-68493
HIGH
Apache Struts <6.1.0 - XML Validation
Jan 11, 2026
CVSS 8.1
EPSS 0.23
CVE-2025-68161
MEDIUM
Apache Log4j Core <2.25.2 - SSL Verification Bypass
Dec 18, 2025
CVSS 4.8
EPSS 0.01
CVE-2025-54057
MEDIUM
Apache SkyWalking <= 10.2.0 - Cross-Site Scripting
Nov 27, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-61795
MEDIUM
Apache Tomcat 8.5.0-8.5.100, 9.0.0.M1-9.0.109, 10.1.0.M1-10.1.46, 11.0.0-M1-11.0.11 - DoS via Uncleaned Multipart Upload
Oct 27, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-55754
CRITICAL
Apache Tomcat 11.0.0-M1-11.0.10, 10.1.0-M1-10.1.44, 9.0.40-9.0.108 - ANSI Escape Sequence Injection
Oct 27, 2025
CVSS 9.6
EPSS 0.10
CVE-2025-55752
HIGH
Apache Tomcat 8.5.6-8.5.100, 9.0.0.M11-9.0.108, 10.1.0-M1-10.1.44, 11.0.0-M1-11.0.10 - RCE via URI Rewrite Bypass
Oct 27, 2025
CVSS 7.5
EPSS 0.67
CVE-2025-48989
HIGH
Apache Tomcat <11.0.10, 10.1.44, 9.0.108 - Improper Resource Shutdown
Aug 13, 2025
CVSS 7.5
EPSS 0.03
CVE-2025-32897
CRITICAL
Apache Seata 2.0.0-2.3.0 - Deserialization of Untrusted Data in Raft Cluster Mode
Jun 28, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-48734
HIGH
Apache Commons <2.0.0 - Info Disclosure
May 28, 2025
CVSS 8.8
EPSS 0.02
CVE-2024-47552
CRITICAL
Apache Seata <2.2.0 - Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-48962
HIGH
Apache OFBiz < 18.12.17 - Cross-Site Request Forgery
Nov 18, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-36265
CRITICAL
Apache Submarine Server Core <0.8.0 - Incorrect Authorization
Jun 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2022-45047
CRITICAL
Apache MINA SSHD <= 2.9.1 - Deserialization of Untrusted Data in SimpleGeneratorHostKeyProvider
Nov 16, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-36124
HIGH
Apache Avro Rust SDK <0.14.0 - Memory Corruption
Aug 09, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-34169
HIGH
Apache Xalan <2.7.3 - Code Injection
Jul 19, 2022
CVSS 7.5
EPSS 0.18
CVE-2022-23307
HIGH
Apache Chainsaw < 2.1.0 - Deserialization of Untrusted Data
Jan 18, 2022
CVSS 8.8
EPSS 0.52
CVE-2022-23305
CRITICAL
Apache Log4j 1.2.x - SQL Injection via JDBCAppender Message Converter
Jan 18, 2022
CVSS 9.8
EPSS 0.67
CVE-2022-23302
HIGH
Apache Log4j 1.x - Deserialization of Untrusted Data via JMSSink Configuration
Jan 18, 2022
CVSS 8.8
EPSS 0.62
CVE-2021-44832
MEDIUM
Apache Log4j 2.0-beta7-2.17.0 - Remote Code Execution via JDBC Appender JNDI LDAP Data Source
Dec 28, 2021
CVSS 6.6
EPSS 0.98
CVE-2021-45105
MEDIUM
Apache Log4j 2.0-alpha1-2.16.0 - Denial of Service via Thread Context Map Self-Referential Lookup
Dec 18, 2021
CVSS 5.9
EPSS 1.00
CVE-2021-4104
HIGH
Apache Log4j 1.2 - Remote Code Execution via JMSAppender JNDI Requests
Dec 14, 2021
CVSS 7.5
EPSS 0.81
Products
Apache Tomcat 52
Apache Airflow 42
Apache HTTP Server 36
Apache Camel 33
Apache ActiveMQ 23
Apache OFBiz 22
Apache CXF 20
Apache ActiveMQ All 17
Apache APISIX 15
Apache OpenMeetings 15
Apache ActiveMQ Broker 13
Apache IoTDB 12
Apache NiFi 12
Apache Struts 12
Apache Thrift 11
Apache Atlas 9
Apache DolphinScheduler 8
Apache Answer 7
Apache CloudStack 7
Apache Hadoop 6
Apache OpenOffice 6
Apache Shiro 6
Apache Wicket 6
Apache Kvrocks 5
Apache MINA 5
Apache Ranger 5
Apache ActiveMQ Client 4
Apache Ambari 4
Apache Gravitino 4
Apache Log4j 1.x 4
Quick Filters