apache
3,084 tracked vulnerabilities.
CVE-2026-42440
HIGH
Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader
May 04, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-42027
CRITICAL
Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader
May 04, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-40682
CRITICAL
Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor
May 04, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-40563
HIGH
Apache Atlas: Script injection allows access to unintended data
May 04, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33523
MEDIUM
Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line
May 04, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33007
MEDIUM
Apache HTTP Server: mod_authn_socache crash
May 04, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-33006
MEDIUM
Apache HTTP Server: mod_auth_digest timing attack
May 04, 2026
CVSS 4.8
EPSS 0.01
CVE-2026-29169
HIGH
Apache HTTP Server: mod_dav_lock indirect lock crash
May 04, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-23918
HIGH
Apache HTTP Server: http2: double free and possible RCE on early reset
May 04, 2026
CVSS 8.8
EPSS 0.46
CVE-2026-34032
MEDIUM
Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
May 04, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33857
MEDIUM
Apache HTTP Server: Off-by-one OOB reads in AJP getter functions
May 04, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34059
HIGH
Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
May 04, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-24072
HIGH
Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
May 04, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-42779
CRITICAL
Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2)
May 01, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-42778
CRITICAL
Apache MINA: CWE-502 Deserialization of Untrusted Data (take 2)
May 01, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-42404
MEDIUM
Apache Neethi: Unrestricted HTTP Redirect Following in Policy References
May 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42403
HIGH
Apache Neethi: Circular Policy Reference Infinite Loop
May 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-42402
HIGH
Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS
May 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-41016
MEDIUM
Apache Airflow Providers SMTP: No certificate validation on SMTP STARTTLS connections in SMTP provider
Apr 30, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41873
CRITICAL
Pony Mail: Admin account takeover via request smuggling
Apr 28, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-41636
HIGH
Apache Thrift: Node.js skip() recursion
Apr 28, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41607
MEDIUM
Apache Thrift: C++ JSON OOB read
Apr 28, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-41606
MEDIUM
Apache Thrift: c_glib dispatch stack overflow
Apr 28, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-41605
HIGH
Apache Thrift: Swift Compact Protocol integer overflow
Apr 28, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-41604
HIGH
Apache Thrift: Swift Range crash in skip()
Apr 28, 2026
CVSS 8.2
EPSS 0.01
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters