apache
3,084 tracked vulnerabilities.
CVE-2025-27526
MEDIUM
Apache InLong <2.2.0 - Deserialization
May 28, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-27522
MEDIUM
Apache InLong <2.2.0 - Deserialization
May 28, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-35003
CRITICAL
Apache NuttX 7.25-12.9.0 - Stack-based Buffer Overflow in Bluetooth HCI/UART Stack
May 26, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-47436
CRITICAL
Apache ORC < 1.8.9, 1.9.0-1.9.5, 2.0.0-2.0.4, 2.1.0-2.1.1 - Heap-based Buffer Overflow in C++ LZO Decompression
May 14, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-26864
HIGH
Apache IoTDB 0.10.0-1.3.3 and 2.0.1-beta - Sensitive Information Exposure via OpenIdAuthorizer
May 14, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-26795
HIGH
Apache IoTDB JDBC Driver 0.10.0-1.3.3 and 2.0.1-beta - Sensitive Information Exposure via Log File Insertion
May 14, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27696
HIGH
Apache Superset <= 4.1.1 - Authenticated Ownership Takeover via Dashboard Chart or Dataset
May 13, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-46392
MEDIUM
Apache Commons Configuration 1.x - Uncontrolled Resource Consumption
May 09, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-27533
HIGH
Apache ActiveMQ 5.16.0-5.16.7, 5.17.0-5.17.6, 5.18.0-5.18.6 - Denial of Service via OpenWire Buffer Size Validation
May 07, 2025
CVSS 7.5
EPSS 0.08
CVE-2025-46762
HIGH
Apache Parquet < 1.15.2 - Remote Code Execution via Parquet-Avro Schema Parsing
May 06, 2025
CVSS 8.1
EPSS 0.01
CVE-2025-3891
HIGH
Apache HTTP Server - Denial of Service via Empty POST Request with OIDCPreservePost Enabled
Apr 29, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-31651
CRITICAL
Apache Tomcat 9.0.0-9.0.102, 10.1.0-M1-10.1.39, 11.0.0-M1-11.0.5 - Security Constraint Bypass
Apr 28, 2025
CVSS 9.8
EPSS 0.04
CVE-2025-31650
HIGH
Apache Tomcat 9.0.76-9.0.102, 10.1.10-10.1.39, 11.0.0-M2-11.0.5 - Denial of Service via HTTP Priority Header Memory Leak
Apr 28, 2025
CVSS 7.5
EPSS 0.67
CVE-2025-27820
HIGH
Apache HttpClient 5.4-5.4.2 - Improper Certificate Validation in PSL Domain Check Logic
Apr 24, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-26413
HIGH
Apache Kvrocks <= 2.11.1 - Denial of Service via SETRANGE Command Offset Validation
Apr 22, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-29953
CRITICAL
Apache ActiveMQ NMS OpenWire Client <2.1.1 - Deserialization
Apr 18, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-24859
HIGH
Apache Roller <6.1.5 - Info Disclosure
Apr 14, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-27391
MEDIUM
Apache ActiveMQ Artemis <2.40.0 - Info Disclosure
Apr 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-31672
MEDIUM
Apache POI < 5.4.0 - Improper Input Validation in OOXML File Parsing
Apr 09, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-30677
MEDIUM
Apache Pulsar < 3.0.11, 3.3.6, 4.0.4 - Sensitive Information Exposure in Kafka Connector Logs
Apr 09, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-30473
HIGH
Apache Airflow Common SQL Provider - SQL Injection
Apr 07, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-30676
MEDIUM
Apache OFBiz < 18.12.19 - Cross-Site Scripting
Apr 01, 2025
CVSS 6.1
EPSS 0.65
CVE-2025-30177
MEDIUM
Apache Camel <4.10.3, <4.8.6 - Command Injection
Apr 01, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-30065
CRITICAL
Apache Parquet Java < 1.15.1 - Remote Code Execution via Schema Parsing
Apr 01, 2025
CVSS 9.8
EPSS 0.39
CVE-2025-29868
MEDIUM
Apache Answer <1.4.2 - Info Disclosure
Apr 01, 2025
CVSS 6.5
EPSS 0.01
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters