apache

3,084 tracked vulnerabilities.

CVE-2026-25604 MEDIUM
apache-airflow-providers-amazon < 9.22.0 - Origin Validation Error in AWS Auth Manager
Mar 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-24713 CRITICAL
Apache IoTDB 1.0.0-1.3.6/2.0.0-2.0.6 - Input Validation
Mar 09, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-24015 CRITICAL
Apache IoTDB 1.0.0-1.3.6/2.0.0-2.0.6 - Vuln Type
Mar 09, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-24308 HIGH
Apache ZooKeeper 3.8.5/3.9.4 - Info Disclosure
Mar 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-24281 HIGH
Apache ZooKeeper <3.8.6/3.9.5 - Auth Bypass
Mar 07, 2026
CVSS 7.4
EPSS 0.01
CVE-2026-27446 CRITICAL
Apache Artemis/ActiveMQ Artemis - Auth Bypass
Mar 04, 2026
CVSS 9.8
EPSS 0.11
CVE-2026-23984 MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23983 MEDIUM
Apache Superset < 6.0.0 - Authenticated Sensitive Data Exposure via Tag Endpoint
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23982 MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23980 MEDIUM
Apache Superset <6.0.0 - SQL Injection
Feb 24, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-23969 MEDIUM
Apache Superset <4.1.2 - SQL Injection
Feb 24, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-25747 HIGH
Apache Camel LevelDB - Deserialization
Feb 23, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-23552 CRITICAL
Apache Camel 4.15.0-4.17.0 - Auth Bypass
Feb 23, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-24734 HIGH
Apache Tomcat Native 1.3.0-1.3.4 - Auth Bypass
Feb 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-24733 LOW
Apache Tomcat 9.0.0-11.0.14 - Auth Bypass
Feb 17, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-25087 HIGH
Apache Arrow C++ 15.0.0-23.0.0 - Use After Free
Feb 17, 2026
CVSS 7.0
EPSS 0.01
CVE-2026-25903 MEDIUM
Apache NiFi 1.1.0-2.7.2 - Privilege Escalation
Feb 17, 2026
CVSS 6.6
EPSS 0.01
CVE-2026-24343 HIGH
Apache HertzBeat <1.8.0 - XPath Injection
Feb 10, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-23906 CRITICAL
Apache Druid 0.17.0-35.x - Authentication Bypass via LDAP Anonymous Bind
Feb 10, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-23901 LOW
Apache Shiro <2.0.7 - Info Disclosure
Feb 10, 2026
CVSS 2.5
EPSS 0.00
CVE-2026-24098 MEDIUM
Apache Airflow <3.1.7 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-22922 MEDIUM
Apache Airflow <3.1.6 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23903 MEDIUM
Apache Shiro < 2.0.7 - Authentication Bypass via Case-Insensitive Static File Request
Feb 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-24735 HIGH
Apache Answer <2.0.0 - Info Disclosure
Feb 04, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-23795 MEDIUM
Apache Syncope <3.0.15/<4.0.3 - XML External Entity Reference
Feb 03, 2026
CVSS 4.9
EPSS 0.01