apache
3,084 tracked vulnerabilities.
CVE-2025-61581
HIGH
Apache Traffic Control - Info Disclosure
Oct 16, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-54539
CRITICAL
Apache ActiveMQ NMS AMQP < 2.4.0 - Remote Code Execution via Untrusted AMQP Server Deserialization
Oct 16, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-55039
MEDIUM
Apache Spark <4.0.0-3.5.2-3.4.4 - Info Disclosure
Oct 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-30001
HIGH
Apache StreamPark 2.1.4-2.1.5 - Incorrect Execution-Assigned Permissions
Oct 10, 2025
CVSS 7.3
EPSS 0.01
CVE-2025-62228
HIGH
Apache Flink CDC 3.4.0 - Authenticated SQL Injection via Maliciously Crafted Identifiers
Oct 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-61735
HIGH
Apache Kylin 4.0.0-5.0.2 - Server-Side Request Forgery
Oct 02, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-61734
HIGH
Apache Kylin <5.0.2 - Info Disclosure
Oct 02, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-61733
HIGH
Apache Kylin 4.0.0-5.0.2 - Authentication Bypass Using an Alternate Path or Channel
Oct 02, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-61622
CRITICAL
pyfory 0.12.0-0.12.2 and pyfury 0.1.0-0.10.3 - Remote Code Execution via Pickle Deserialization
Oct 01, 2025
CVSS 9.8
EPSS 0.41
CVE-2025-54831
MEDIUM
Apache Airflow <3.0.3 - Info Disclosure
Sep 26, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-58457
MEDIUM
Apache ZooKeeper <3.9.4 - Privilege Escalation
Sep 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-48459
MEDIUM
Apache IoTDB <2.0.5 - Deserialization
Sep 24, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-48392
HIGH
Apache IoTDB <2.0.4 - Info Disclosure
Sep 24, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-59328
MEDIUM
Apache Fory < 0.12.2 - Denial of Service via Insecure Deserialization
Sep 15, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-48208
HIGH
Apache HertzBeat <= 1.7.2 - Authenticated LDAP Injection via Custom Commands
Sep 09, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-24404
HIGH
Apache HertzBeat < 1.7.0 - Authenticated XML Injection via Sitemap XML Parsing
Sep 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-58782
MEDIUM
Apache Jackrabbit Core/JCR Commons <2.22.1 - Deserialization
Sep 08, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-26467
HIGH
Apache Cassandra <4.0.16 - Privilege Escalation
Aug 25, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-54813
HIGH
Apache Log4cxx <1.5.0 - Info Disclosure
Aug 22, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-54812
MEDIUM
Apache Log4cxx < 1.5.0 - Cross-Site Scripting in HTMLLayout Logger Name
Aug 22, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-54988
HIGH
Apache Tika 1.13-3.2.1 - XML External Entity Injection via Crafted XFA in PDF
Aug 20, 2025
CVSS 8.4
EPSS 0.03
CVE-2025-53192
HIGH
Apache Commons OGNL - Code Injection
Aug 18, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-54466
CRITICAL
Apache OFBiz < 24.09.02 - Unauthenticated Remote Code Execution via Scrum Plugin
Aug 15, 2025
CVSS 9.8
EPSS 0.14
CVE-2025-55675
MEDIUM
Apache Superset <5.0.0 - Info Disclosure
Aug 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-55674
MEDIUM
Apache Superset <5.0.0 - Info Disclosure
Aug 14, 2025
CVSS 6.5
EPSS 0.01
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters