apache

3,084 tracked vulnerabilities.

CVE-2025-69219 HIGH
apache-airflow-providers-http < 6.0.0 - Authenticated Remote Code Execution via Crafted Database Entry
Mar 09, 2026
CVSS 8.8
EPSS 0.01
CVE-2025-66168 MEDIUM
Apache ActiveMQ - Memory Corruption
Mar 04, 2026
CVSS 5.4
EPSS 0.01
CVE-2025-59060 MEDIUM
Apache Ranger <=2.7.0 - Auth Bypass
Mar 03, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-59059 CRITICAL
Apache Ranger <= 2.7.0 - Remote Code Execution via NashornScriptEngineCreator
Mar 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-27555 MEDIUM
Apache Airflow < 2.11.1 - Authenticated Sensitive Information Exposure in Audit Logs
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-65995 MEDIUM
Airflow <3.1.4/2.11.1 - Info Disclosure
Feb 21, 2026
CVSS 6.5
EPSS 0.01
CVE-2025-66614 CRITICAL
Apache Tomcat 11.0.0-M1-11.0.14 - DoS
Feb 17, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-33042 HIGH
Apache Avro Java SDK <1.12.1-1.11.5 - Code Injection
Feb 13, 2026
CVSS 7.3
EPSS 0.01
CVE-2025-27821 HIGH
Apache Hadoop 3.2.0-3.4.1 - Out-of-bounds Write in HDFS Native Client
Jan 26, 2026
CVSS 7.3
EPSS 0.01
CVE-2025-59355 MEDIUM
Apache Linkis 1.0.0-1.7.0 - Sensitive Information Disclosure in HiveUtils Base64 Decode Error Log
Jan 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-29847 HIGH
Apache Linkis <1.7.0 - Info Disclosure
Jan 19, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-68675 HIGH
Apache Airflow <3.1.6 - Info Disclosure
Jan 16, 2026
CVSS 7.5
EPSS 0.02
CVE-2025-68438 HIGH
Apache Airflow 3.1.0-3.1.5 - Exposure of Sensitive Information in Rendered Templates UI
Jan 16, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-60021 CRITICAL
Apache bRPC < 1.15.0 - Remote Command Injection via Heap Profiler extra_options Parameter
Jan 16, 2026
CVSS 9.8
EPSS 0.26
CVE-2025-66169 MEDIUM
Apache Camel <4.10.8, <4.14.3, <4.17.0 - Cypher Injection
Jan 14, 2026
CVSS 5.3
EPSS 0.01
CVE-2025-68493 HIGH
Apache Struts <6.1.0 - XML Validation
Jan 11, 2026
CVSS 8.1
EPSS 0.23
CVE-2025-62235 HIGH
Apache NimBLE <= 1.8.0 - Authentication Bypass by Spoofing via Security Request
Jan 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-53477 HIGH
Apache Nimble <1.9.0 - NULL Pointer Dereference
Jan 10, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-53470 LOW
Apache NimBLE <1.9 - Out-of-bounds Read
Jan 10, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-52435 HIGH
Apache NimBLE <=1.8.0 - Info Disclosure
Jan 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-68637 CRITICAL
Apache Uniffle < 0.10.0 - Man-in-the-Middle via Disabled SSL Certificate Validation
Jan 07, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-68280 MEDIUM
Apache SIS 0.4-1.5 - XML External Entity Injection in GeoTIFF, ISO 19115, GML, and GPX Parsers
Jan 05, 2026
CVSS 6.5
EPSS 0.01
CVE-2025-66518 HIGH
Apache Kyuubi <1.10.2 - Auth Bypass
Jan 05, 2026
CVSS 8.8
EPSS 0.01
CVE-2025-48769 HIGH
Apache NuttX RTOS <12.11.0 - Use After Free
Jan 01, 2026
CVSS 8.1
EPSS 0.02
CVE-2025-48768 MEDIUM
Apache NuttX RTOS 10.0.0-12.10.0 - Denial of Service via Inode Removal
Jan 01, 2026
CVSS 6.5
EPSS 0.01