apache
3,084 tracked vulnerabilities.
CVE-2025-27427
MEDIUM
Apache ActiveMQ Artemis - Privilege Escalation
Apr 01, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-30067
HIGH
Apache Kylin <5.0.1 - Code Injection
Mar 27, 2025
CVSS 7.2
EPSS 0.01
CVE-2025-30474
MEDIUM
Apache Commons VFS <2.10.0 - Info Disclosure
Mar 23, 2025
CVSS 5.0
EPSS 0.01
CVE-2025-27553
HIGH
Apache Commons VFS < 2.10.0 - Relative Path Traversal via Encoded Dot-Dot-Slash Sequences
Mar 23, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-26796
MEDIUM
Apache Oozie - Cross-Site Scripting
Mar 22, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-27888
MEDIUM
NUCLEI
Apache Druid - Server-Side Request Forgery
Mar 20, 2025
CVSS 5.4
EPSS 0.02
CVE-2025-27018
MEDIUM
Apache Airflow MySQL Provider <6.2.0 - SQL Injection
Mar 19, 2025
CVSS 6.3
EPSS 0.01
CVE-2025-27017
MEDIUM
Apache NiFi <2.3.0 - Info Disclosure
Mar 12, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-27867
MEDIUM
Apache Felix HTTP Webconsole Plugin 1.X-1.2.0 - Cross-Site Scripting
Mar 12, 2025
CVSS 5.6
EPSS 0.01
CVE-2025-29891
MEDIUM
Apache Camel <4.10.2-<4.8.5-<3.22.4 - Command Injection
Mar 12, 2025
CVSS 4.8
EPSS 0.72
CVE-2025-24813
CRITICAL
KEVNUCLEI
Tomcat Partial PUT Java Deserialization
Mar 10, 2025
CVSS 9.8
EPSS 1.00
CVE-2025-26865
LOW
Apache OFBiz <18.12.18 - Info Disclosure
Mar 10, 2025
CVSS 3.5
EPSS 0.01
CVE-2025-27636
MEDIUM
Apache Camel <4.10.2 - Command Injection
Mar 09, 2025
CVSS 5.6
EPSS 0.80
CVE-2025-25247
MEDIUM
Apache Felix Webconsole <4.9.8-5.0.8 - XSS
Feb 10, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-25069
MEDIUM
Apache Kvrocks < 2.11.1 - Cross-Protocol Scripting via RESP Request Misinterpretation
Feb 07, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-24860
MEDIUM
Apache Cassandra <4.0.15, <4.1.7 - Auth Bypass
Feb 04, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-23015
HIGH
Apache Cassandra <4.1.8 - Privilege Escalation
Feb 04, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-24783
HIGH
Apache Cocoon - Insecure Continuation ID Generation via Predictable PRNG Seed
Jan 27, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-24814
MEDIUM
Apache Solr < 9.8.0 - Unauthenticated Privilege Escalation via Configset File Replacement
Jan 27, 2025
CVSS 5.5
EPSS 0.01
CVE-2025-23196
HIGH
Apache Ambari < 2.7.9 - Authenticated Remote Code Execution via Alert Script Filename
Jan 21, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-23195
HIGH
Apache Ambari < 2.7.9 - XML External Entity Injection via DocumentBuilderFactory
Jan 21, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-23184
MEDIUM
Apache CXF < 3.5.10, 3.6.5, 4.0.6 - Denial of Service via Unclosed CachedOutputStream
Jan 21, 2025
CVSS 5.9
EPSS 0.02
CVE-2025-22828
MEDIUM
Apache CloudStack >= 4.16.0.0 - Authenticated Exposure of Sensitive Information via Annotations API
Jan 13, 2025
CVSS 4.3
EPSS 0.02
CVE-2024-56373
HIGH
Airflow 2 - Privilege Escalation to RCE
Feb 24, 2026
CVSS 8.4
EPSS 0.01
CVE-2024-44088
MEDIUM
Apache Geode < 1.15.2 - Stored Cross-Site Scripting via REST Web API
Oct 14, 2025
CVSS 6.1
EPSS 0.01
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters