apache
3,084 tracked vulnerabilities.
CVE-2026-25604
MEDIUM
apache-airflow-providers-amazon < 9.22.0 - Origin Validation Error in AWS Auth Manager
Mar 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-24713
CRITICAL
Apache IoTDB 1.0.0-1.3.6/2.0.0-2.0.6 - Input Validation
Mar 09, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-24015
CRITICAL
Apache IoTDB 1.0.0-1.3.6/2.0.0-2.0.6 - Vuln Type
Mar 09, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-24308
HIGH
Apache ZooKeeper 3.8.5/3.9.4 - Info Disclosure
Mar 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-24281
HIGH
Apache ZooKeeper <3.8.6/3.9.5 - Auth Bypass
Mar 07, 2026
CVSS 7.4
EPSS 0.01
CVE-2026-27446
CRITICAL
Apache Artemis/ActiveMQ Artemis - Auth Bypass
Mar 04, 2026
CVSS 9.8
EPSS 0.11
CVE-2026-23984
MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23983
MEDIUM
Apache Superset < 6.0.0 - Authenticated Sensitive Data Exposure via Tag Endpoint
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23982
MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23980
MEDIUM
Apache Superset <6.0.0 - SQL Injection
Feb 24, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-23969
MEDIUM
Apache Superset <4.1.2 - SQL Injection
Feb 24, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-25747
HIGH
Apache Camel LevelDB - Deserialization
Feb 23, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-23552
CRITICAL
Apache Camel 4.15.0-4.17.0 - Auth Bypass
Feb 23, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-24734
HIGH
Apache Tomcat Native 1.3.0-1.3.4 - Auth Bypass
Feb 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-24733
LOW
Apache Tomcat 9.0.0-11.0.14 - Auth Bypass
Feb 17, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-25087
HIGH
Apache Arrow C++ 15.0.0-23.0.0 - Use After Free
Feb 17, 2026
CVSS 7.0
EPSS 0.01
CVE-2026-25903
MEDIUM
Apache NiFi 1.1.0-2.7.2 - Privilege Escalation
Feb 17, 2026
CVSS 6.6
EPSS 0.01
CVE-2026-24343
HIGH
Apache HertzBeat <1.8.0 - XPath Injection
Feb 10, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-23906
CRITICAL
Apache Druid 0.17.0-35.x - Authentication Bypass via LDAP Anonymous Bind
Feb 10, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-23901
LOW
Apache Shiro <2.0.7 - Info Disclosure
Feb 10, 2026
CVSS 2.5
EPSS 0.00
CVE-2026-24098
MEDIUM
Apache Airflow <3.1.7 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-22922
MEDIUM
Apache Airflow <3.1.6 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23903
MEDIUM
Apache Shiro < 2.0.7 - Authentication Bypass via Case-Insensitive Static File Request
Feb 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-24735
HIGH
Apache Answer <2.0.0 - Info Disclosure
Feb 04, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-23795
MEDIUM
Apache Syncope <3.0.15/<4.0.3 - XML External Entity Reference
Feb 03, 2026
CVSS 4.9
EPSS 0.01
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters