Apache

2,725 tracked vulnerabilities.

CVE-2025-66168 MEDIUM
Apache ActiveMQ - Memory Corruption
Mar 04, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-59060 MEDIUM
Apache Ranger <=2.7.0 - Auth Bypass
Mar 03, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-59059 CRITICAL
Apache Ranger <=2.7.0 - RCE
Mar 03, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-23984 MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23983 MEDIUM
Apache Superset - Info Disclosure
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23982 MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23980 MEDIUM
Apache Superset <6.0.0 - SQL Injection
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23969 MEDIUM
Apache Superset <4.1.2 - SQL Injection
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-27555 MEDIUM
Airflow <2.11.1 - Info Disclosure
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2024-56373 HIGH
Airflow 2 - Privilege Escalation to RCE
Feb 24, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-25747 HIGH
Apache Camel LevelDB - Deserialization
Feb 23, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-23552 CRITICAL
Apache Camel 4.15.0-4.17.0 - Auth Bypass
Feb 23, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-65995 MEDIUM
Airflow <3.1.4/2.11.1 - Info Disclosure
Feb 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-33042 HIGH
Apache Avro Java SDK <1.12.1-1.11.5 - Code Injection
Feb 13, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-24343 HIGH
Apache HertzBeat <1.8.0 - XPath Injection
Feb 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-23906 CRITICAL
Apache Druid <36.0.0 - Auth Bypass
Feb 10, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-23901 LOW
Apache Shiro <2.0.7 - Info Disclosure
Feb 10, 2026
CVSS 2.5
EPSS 0.00
CVE-2026-24098 MEDIUM
Apache Airflow <3.1.7 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-22922 MEDIUM
Apache Airflow <3.1.6 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23903 MEDIUM
Apache Shiro <2.0.7 - Auth Bypass
Feb 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-24735 HIGH
Apache Answer <2.0.0 - Info Disclosure
Feb 04, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-23795 MEDIUM
Apache Syncope <3.0.15/<4.0.3 - XML External Entity Reference
Feb 03, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-23794 MEDIUM
Apache Syncope <3.0.15/<4.0.3 - XSS
Feb 03, 2026
CVSS 6.8
EPSS 0.00
CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
Jan 26, 2026
CVSS 9.9
EPSS 0.38
CVE-2026-24656 LOW
Apache Karaf Decanter - Deserialization
Jan 26, 2026
CVSS 3.7
EPSS 0.00
Products
http_server 306 tomcat 234 airflow 101 struts 90 traffic_server 80 superset 68 openoffice 60 ofbiz 57 activemq 51 subversion 47 solr 46 nifi 44 cxf 43 cloudstack 38 hadoop 37 inlong 32 camel 31 ambari 26 tika 25 openmeetings 25 jspwiki 24 dolphinscheduler 24 geode 23 zeppelin 22 ranger 21 spark 21 kylin 21 couchdb 20 archiva 20 pulsar 20
Quick Filters
Critical CVEs With Exploits In CISA KEV