apache
3,084 tracked vulnerabilities.
CVE-2025-69219
HIGH
apache-airflow-providers-http < 6.0.0 - Authenticated Remote Code Execution via Crafted Database Entry
Mar 09, 2026
CVSS 8.8
EPSS 0.01
CVE-2025-66168
MEDIUM
Apache ActiveMQ - Memory Corruption
Mar 04, 2026
CVSS 5.4
EPSS 0.01
CVE-2025-59060
MEDIUM
Apache Ranger <=2.7.0 - Auth Bypass
Mar 03, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-59059
CRITICAL
Apache Ranger <= 2.7.0 - Remote Code Execution via NashornScriptEngineCreator
Mar 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-27555
MEDIUM
Apache Airflow < 2.11.1 - Authenticated Sensitive Information Exposure in Audit Logs
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-65995
MEDIUM
Airflow <3.1.4/2.11.1 - Info Disclosure
Feb 21, 2026
CVSS 6.5
EPSS 0.01
CVE-2025-66614
CRITICAL
Apache Tomcat 11.0.0-M1-11.0.14 - DoS
Feb 17, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-33042
HIGH
Apache Avro Java SDK <1.12.1-1.11.5 - Code Injection
Feb 13, 2026
CVSS 7.3
EPSS 0.01
CVE-2025-27821
HIGH
Apache Hadoop 3.2.0-3.4.1 - Out-of-bounds Write in HDFS Native Client
Jan 26, 2026
CVSS 7.3
EPSS 0.01
CVE-2025-59355
MEDIUM
Apache Linkis 1.0.0-1.7.0 - Sensitive Information Disclosure in HiveUtils Base64 Decode Error Log
Jan 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-29847
HIGH
Apache Linkis <1.7.0 - Info Disclosure
Jan 19, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-68675
HIGH
Apache Airflow <3.1.6 - Info Disclosure
Jan 16, 2026
CVSS 7.5
EPSS 0.02
CVE-2025-68438
HIGH
Apache Airflow 3.1.0-3.1.5 - Exposure of Sensitive Information in Rendered Templates UI
Jan 16, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-60021
CRITICAL
Apache bRPC < 1.15.0 - Remote Command Injection via Heap Profiler extra_options Parameter
Jan 16, 2026
CVSS 9.8
EPSS 0.26
CVE-2025-66169
MEDIUM
Apache Camel <4.10.8, <4.14.3, <4.17.0 - Cypher Injection
Jan 14, 2026
CVSS 5.3
EPSS 0.01
CVE-2025-68493
HIGH
Apache Struts <6.1.0 - XML Validation
Jan 11, 2026
CVSS 8.1
EPSS 0.23
CVE-2025-62235
HIGH
Apache NimBLE <= 1.8.0 - Authentication Bypass by Spoofing via Security Request
Jan 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-53477
HIGH
Apache Nimble <1.9.0 - NULL Pointer Dereference
Jan 10, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-53470
LOW
Apache NimBLE <1.9 - Out-of-bounds Read
Jan 10, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-52435
HIGH
Apache NimBLE <=1.8.0 - Info Disclosure
Jan 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-68637
CRITICAL
Apache Uniffle < 0.10.0 - Man-in-the-Middle via Disabled SSL Certificate Validation
Jan 07, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-68280
MEDIUM
Apache SIS 0.4-1.5 - XML External Entity Injection in GeoTIFF, ISO 19115, GML, and GPX Parsers
Jan 05, 2026
CVSS 6.5
EPSS 0.01
CVE-2025-66518
HIGH
Apache Kyuubi <1.10.2 - Auth Bypass
Jan 05, 2026
CVSS 8.8
EPSS 0.01
CVE-2025-48769
HIGH
Apache NuttX RTOS <12.11.0 - Use After Free
Jan 01, 2026
CVSS 8.1
EPSS 0.02
CVE-2025-48768
MEDIUM
Apache NuttX RTOS 10.0.0-12.10.0 - Denial of Service via Inode Removal
Jan 01, 2026
CVSS 6.5
EPSS 0.01
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters