Apache Software Foundation

347 tracked vulnerabilities.

CVE-2025-68161 MEDIUM
Apache Log4j Core <2.25.2 - SSL Verification Bypass
Dec 18, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-54057 MEDIUM
Apache SkyWalking <= 10.2.0 - Cross-Site Scripting
Nov 27, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-61795 MEDIUM
Apache Tomcat 8.5.0-8.5.100, 9.0.0.M1-9.0.109, 10.1.0.M1-10.1.46, 11.0.0-M1-11.0.11 - DoS via Uncleaned Multipart Upload
Oct 27, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-55754 CRITICAL
Apache Tomcat 11.0.0-M1-11.0.10, 10.1.0-M1-10.1.44, 9.0.40-9.0.108 - ANSI Escape Sequence Injection
Oct 27, 2025
CVSS 9.6
EPSS 0.00
CVE-2025-55752 HIGH
Apache Tomcat 8.5.6-8.5.100, 9.0.0.M11-9.0.108, 10.1.0-M1-10.1.44, 11.0.0-M1-11.0.10 - RCE via URI Rewrite Bypass
Oct 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-48989 HIGH
Apache Tomcat <11.0.10, 10.1.44, 9.0.108 - Improper Resource Shutdown
Aug 13, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-32897 CRITICAL
Apache Seata 2.0.0-2.3.0 - Deserialization of Untrusted Data in Raft Cluster Mode
Jun 28, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-48734 HIGH
Apache Commons <2.0.0 - Info Disclosure
May 28, 2025
CVSS 8.8
EPSS 0.00
CVE-2024-47552 CRITICAL
Apache Seata <2.2.0 - Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.00
CVE-2024-48962 HIGH
Apache OFBiz < 18.12.17 - Cross-Site Request Forgery
Nov 18, 2024
CVSS 8.8
EPSS 0.01
CVE-2022-45047 CRITICAL
Apache MINA SSHD <= 2.9.1 - Deserialization of Untrusted Data in SimpleGeneratorHostKeyProvider
Nov 16, 2022
CVSS 9.8
EPSS 0.06
CVE-2022-23307 HIGH
Apache Chainsaw < 2.1.0 - Deserialization of Untrusted Data
Jan 18, 2022
CVSS 8.8
EPSS 0.03
CVE-2022-23305 CRITICAL
Apache Log4j 1.2.x - SQL Injection via JDBCAppender Message Converter
Jan 18, 2022
CVSS 9.8
EPSS 0.09
CVE-2022-23302 HIGH
Apache Log4j 1.x - Deserialization of Untrusted Data via JMSSink Configuration
Jan 18, 2022
CVSS 8.8
EPSS 0.01
CVE-2017-5641 CRITICAL
Apache Flex BlazeDS < 4.7.3 - Deserialization of Untrusted Data via AMF(X) Object Deserialization
Dec 28, 2017
CVSS 9.8
EPSS 0.48
CVE-2017-15700 HIGH
Apache Sling Authentication Service 1.4.0 - Exposure of Sensitive Information via Login Form Redirect
Dec 18, 2017
CVSS 8.8
EPSS 0.00
CVE-2017-12630 MEDIUM
Apache Drill < 1.11.0 - Stored Cross-Site Scripting via Query Page Form Submission
Dec 18, 2017
CVSS 5.4
EPSS 0.01
CVE-2017-5663 HIGH
Apache Fineract <=0.6.0-incubating Authenticated SQL Injection via sqlSearch
Dec 14, 2017
CVSS 8.8
EPSS 0.00
CVE-2017-15708 CRITICAL
Apache Synapse < 3.0.1 - Unauthenticated Remote Code Execution via RMI Deserialization
Dec 11, 2017
CVSS 9.8
EPSS 0.20
CVE-2017-15707 MEDIUM
Apache Struts 2.5-2.5.14 - Denial of Service via Malicious JSON Payload
Dec 01, 2017
CVSS 6.2
EPSS 0.02
CVE-2017-15702 CRITICAL
Apache Qpid Broker-J 0.18-0.32 - Unauthenticated Authentication Provider Spoofing via HTTP Port
Dec 01, 2017
CVSS 9.8
EPSS 0.07
CVE-2017-15701 HIGH
Apache Qpid Broker-J 6.1.0-6.1.4 - Unauthenticated Denial of Service via AMQP 1.0 Frame Size Exhaustion
Dec 01, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-12631 HIGH
Apache CXF Fediz < 1.3.3 and 1.4.x < 1.4.3 - Cross-Site Request Forgery
Nov 30, 2017
CVSS 8.8
EPSS 0.01
CVE-2017-3157 MEDIUM
Apache OpenOffice < 4.1.4 - Unauthenticated Exposure of Sensitive Information via Embedded Object File Read
Nov 20, 2017
CVSS 5.5
EPSS 0.00
CVE-2017-12608 HIGH
Apache OpenOffice < 4.1.4 - Memory Corruption and Remote Code Execution via DOC File Parser
Nov 20, 2017
CVSS 7.8
EPSS 0.01
Products
Apache Tomcat 42 Apache HTTP Server 23 Apache OFBiz 20 Apache Airflow 19 Apache OpenMeetings 15 Apache Camel 11 Apache Struts 11 Apache Thrift 11 Apache CXF 9 Apache ActiveMQ 8 Apache Atlas 8 Apache NiFi 8 Apache CloudStack 7 Apache ActiveMQ All 6 Apache Hadoop 6 Apache OpenOffice 6 Apache Wicket 6 Apache ActiveMQ Broker 5 Apache Ranger 5 Apache Ambari 4 Apache Log4j Core 4 Apache MINA 4 Apache OpenNLP 4 Apache Polaris 4 Apache Traffic Server 4 Apache APISIX 3 Apache Brooklyn 3 Apache CXF Fediz 3 Apache Cassandra 3 Apache DolphinScheduler 3
Quick Filters
Critical CVEs With Exploits In CISA KEV