apache

3,084 tracked vulnerabilities.

CVE-2025-61581 HIGH
Apache Traffic Control - Info Disclosure
Oct 16, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-54539 CRITICAL
Apache ActiveMQ NMS AMQP < 2.4.0 - Remote Code Execution via Untrusted AMQP Server Deserialization
Oct 16, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-55039 MEDIUM
Apache Spark <4.0.0-3.5.2-3.4.4 - Info Disclosure
Oct 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-30001 HIGH
Apache StreamPark 2.1.4-2.1.5 - Incorrect Execution-Assigned Permissions
Oct 10, 2025
CVSS 7.3
EPSS 0.01
CVE-2025-62228 HIGH
Apache Flink CDC 3.4.0 - Authenticated SQL Injection via Maliciously Crafted Identifiers
Oct 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-61735 HIGH
Apache Kylin 4.0.0-5.0.2 - Server-Side Request Forgery
Oct 02, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-61734 HIGH
Apache Kylin <5.0.2 - Info Disclosure
Oct 02, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-61733 HIGH
Apache Kylin 4.0.0-5.0.2 - Authentication Bypass Using an Alternate Path or Channel
Oct 02, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-61622 CRITICAL
pyfory 0.12.0-0.12.2 and pyfury 0.1.0-0.10.3 - Remote Code Execution via Pickle Deserialization
Oct 01, 2025
CVSS 9.8
EPSS 0.41
CVE-2025-54831 MEDIUM
Apache Airflow <3.0.3 - Info Disclosure
Sep 26, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-58457 MEDIUM
Apache ZooKeeper <3.9.4 - Privilege Escalation
Sep 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-48459 MEDIUM
Apache IoTDB <2.0.5 - Deserialization
Sep 24, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-48392 HIGH
Apache IoTDB <2.0.4 - Info Disclosure
Sep 24, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-59328 MEDIUM
Apache Fory < 0.12.2 - Denial of Service via Insecure Deserialization
Sep 15, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-48208 HIGH
Apache HertzBeat <= 1.7.2 - Authenticated LDAP Injection via Custom Commands
Sep 09, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-24404 HIGH
Apache HertzBeat < 1.7.0 - Authenticated XML Injection via Sitemap XML Parsing
Sep 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-58782 MEDIUM
Apache Jackrabbit Core/JCR Commons <2.22.1 - Deserialization
Sep 08, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-26467 HIGH
Apache Cassandra <4.0.16 - Privilege Escalation
Aug 25, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-54813 HIGH
Apache Log4cxx <1.5.0 - Info Disclosure
Aug 22, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-54812 MEDIUM
Apache Log4cxx < 1.5.0 - Cross-Site Scripting in HTMLLayout Logger Name
Aug 22, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-54988 HIGH
Apache Tika 1.13-3.2.1 - XML External Entity Injection via Crafted XFA in PDF
Aug 20, 2025
CVSS 8.4
EPSS 0.03
CVE-2025-53192 HIGH
Apache Commons OGNL - Code Injection
Aug 18, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-54466 CRITICAL
Apache OFBiz < 24.09.02 - Unauthenticated Remote Code Execution via Scrum Plugin
Aug 15, 2025
CVSS 9.8
EPSS 0.14
CVE-2025-55675 MEDIUM
Apache Superset <5.0.0 - Info Disclosure
Aug 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-55674 MEDIUM
Apache Superset <5.0.0 - Info Disclosure
Aug 14, 2025
CVSS 6.5
EPSS 0.01