apache

3,084 tracked vulnerabilities.

CVE-2025-27526 MEDIUM
Apache InLong <2.2.0 - Deserialization
May 28, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-27522 MEDIUM
Apache InLong <2.2.0 - Deserialization
May 28, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-35003 CRITICAL
Apache NuttX 7.25-12.9.0 - Stack-based Buffer Overflow in Bluetooth HCI/UART Stack
May 26, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-47436 CRITICAL
Apache ORC < 1.8.9, 1.9.0-1.9.5, 2.0.0-2.0.4, 2.1.0-2.1.1 - Heap-based Buffer Overflow in C++ LZO Decompression
May 14, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-26864 HIGH
Apache IoTDB 0.10.0-1.3.3 and 2.0.1-beta - Sensitive Information Exposure via OpenIdAuthorizer
May 14, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-26795 HIGH
Apache IoTDB JDBC Driver 0.10.0-1.3.3 and 2.0.1-beta - Sensitive Information Exposure via Log File Insertion
May 14, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27696 HIGH
Apache Superset <= 4.1.1 - Authenticated Ownership Takeover via Dashboard Chart or Dataset
May 13, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-46392 MEDIUM
Apache Commons Configuration 1.x - Uncontrolled Resource Consumption
May 09, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-27533 HIGH
Apache ActiveMQ 5.16.0-5.16.7, 5.17.0-5.17.6, 5.18.0-5.18.6 - Denial of Service via OpenWire Buffer Size Validation
May 07, 2025
CVSS 7.5
EPSS 0.08
CVE-2025-46762 HIGH
Apache Parquet < 1.15.2 - Remote Code Execution via Parquet-Avro Schema Parsing
May 06, 2025
CVSS 8.1
EPSS 0.01
CVE-2025-3891 HIGH
Apache HTTP Server - Denial of Service via Empty POST Request with OIDCPreservePost Enabled
Apr 29, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-31651 CRITICAL
Apache Tomcat 9.0.0-9.0.102, 10.1.0-M1-10.1.39, 11.0.0-M1-11.0.5 - Security Constraint Bypass
Apr 28, 2025
CVSS 9.8
EPSS 0.04
CVE-2025-31650 HIGH
Apache Tomcat 9.0.76-9.0.102, 10.1.10-10.1.39, 11.0.0-M2-11.0.5 - Denial of Service via HTTP Priority Header Memory Leak
Apr 28, 2025
CVSS 7.5
EPSS 0.67
CVE-2025-27820 HIGH
Apache HttpClient 5.4-5.4.2 - Improper Certificate Validation in PSL Domain Check Logic
Apr 24, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-26413 HIGH
Apache Kvrocks <= 2.11.1 - Denial of Service via SETRANGE Command Offset Validation
Apr 22, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-29953 CRITICAL
Apache ActiveMQ NMS OpenWire Client <2.1.1 - Deserialization
Apr 18, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-24859 HIGH
Apache Roller <6.1.5 - Info Disclosure
Apr 14, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-27391 MEDIUM
Apache ActiveMQ Artemis <2.40.0 - Info Disclosure
Apr 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-31672 MEDIUM
Apache POI < 5.4.0 - Improper Input Validation in OOXML File Parsing
Apr 09, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-30677 MEDIUM
Apache Pulsar < 3.0.11, 3.3.6, 4.0.4 - Sensitive Information Exposure in Kafka Connector Logs
Apr 09, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-30473 HIGH
Apache Airflow Common SQL Provider - SQL Injection
Apr 07, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-30676 MEDIUM
Apache OFBiz < 18.12.19 - Cross-Site Scripting
Apr 01, 2025
CVSS 6.1
EPSS 0.65
CVE-2025-30177 MEDIUM
Apache Camel <4.10.3, <4.8.6 - Command Injection
Apr 01, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-30065 CRITICAL
Apache Parquet Java < 1.15.1 - Remote Code Execution via Schema Parsing
Apr 01, 2025
CVSS 9.8
EPSS 0.39
CVE-2025-29868 MEDIUM
Apache Answer <1.4.2 - Info Disclosure
Apr 01, 2025
CVSS 6.5
EPSS 0.01