Apache

2,725 tracked vulnerabilities.

CVE-2025-27821 HIGH
Apache Hadoop < 3.4.2 - Out-of-Bounds Write
Jan 26, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-22444 HIGH
Apache Solr < 9.10.1 - Improper Input Validation
Jan 21, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-22022 HIGH
Apache Solr < 9.10.1 - Improper Authorization
Jan 21, 2026
CVSS 8.2
EPSS 0.00
CVE-2025-59355 MEDIUM
Apache Linkis < 1.8.0 - Log Information Exposure
Jan 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-29847 HIGH
Apache Linkis <1.7.0 - Info Disclosure
Jan 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-68675 HIGH
Apache Airflow <3.1.6 - Info Disclosure
Jan 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-68438 HIGH
Apache Airflow < 3.1.6 - Information Disclosure
Jan 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-60021 CRITICAL
Apache Brpc < 1.15.0 - Command Injection
Jan 16, 2026
CVSS 9.8
EPSS 0.00
CVE-2025-66169 MEDIUM
Apache Camel <4.10.8, <4.14.3, <4.17.0 - Cypher Injection
Jan 14, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-68493 HIGH
Apache Struts <6.1.0 - XML Validation
Jan 11, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-62235 HIGH
Apache Nimble < 1.9.0 - Authentication Bypass by Spoofing
Jan 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-53477 HIGH
Apache Nimble <1.9.0 - NULL Pointer Dereference
Jan 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-53470 LOW
Apache NimBLE <1.9 - Out-of-bounds Read
Jan 10, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-52435 HIGH
Apache NimBLE <=1.8.0 - Info Disclosure
Jan 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-68637 CRITICAL
Uniffle <0.10.0 - SSRF
Jan 07, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-68280 MEDIUM
Apache Spatial Information System < 1.5 - XXE
Jan 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-66518 HIGH
Apache Kyuubi <1.10.2 - Auth Bypass
Jan 05, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-48769 HIGH
Apache NuttX RTOS <12.11.0 - Use After Free
Jan 01, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-48768 MEDIUM
Apache NuttX RTOS <12.10.0 - DoS
Jan 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-47411 HIGH
Apache Streampipes < 0.98.0 - Improper Privilege Management
Jan 01, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-66524 HIGH
Apache NiFi <2.6.0 - Deserialization
Dec 19, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-68161 MEDIUM
Apache Log4j Core <2.25.2 - SSL Verification Bypass
Dec 18, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-67895 CRITICAL
Apache-airflow-providers-edge3 < 2.0.0 - Remote Code Execution
Dec 17, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-66388 MEDIUM
Apache Airflow <3.1.4 - Info Disclosure
Dec 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-53960 MEDIUM
Apache StreamPark <2.1.7 - Privilege Escalation
Dec 12, 2025
CVSS 5.9
EPSS 0.00
Products
http_server 306 tomcat 234 airflow 101 struts 90 traffic_server 80 superset 68 openoffice 60 ofbiz 57 activemq 51 subversion 47 solr 46 nifi 44 cxf 43 cloudstack 38 hadoop 37 inlong 32 camel 31 ambari 26 tika 25 openmeetings 25 jspwiki 24 dolphinscheduler 24 geode 23 zeppelin 22 ranger 21 spark 21 kylin 21 couchdb 20 archiva 20 pulsar 20
Quick Filters
Critical CVEs With Exploits In CISA KEV