Apache

2,731 tracked vulnerabilities.

CVE-2025-54539 CRITICAL
Apache Activemq Nms Amqp < 2.4.0 - Insecure Deserialization
Oct 16, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-55039 MEDIUM
Apache Spark <4.0.0-3.5.2-3.4.4 - Info Disclosure
Oct 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-44088 MEDIUM
Apache Geode < 1.15.2 - XSS
Oct 14, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-30001 HIGH
Apache StreamPark <2.1.6 - RCE
Oct 10, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-62228 HIGH
Apache Flink Cdc < 3.5.0 - SQL Injection
Oct 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-61735 HIGH
Apache Kylin < 5.0.3 - SSRF
Oct 02, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-61734 HIGH
Apache Kylin <5.0.2 - Info Disclosure
Oct 02, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61733 HIGH
Apache Kylin < 5.0.3 - Authentication Bypass
Oct 02, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61622 CRITICAL
pyfory <0.12.2 - Code Injection
Oct 01, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-54831 MEDIUM
Apache Airflow <3.0.3 - Info Disclosure
Sep 26, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-58457 MEDIUM
Apache ZooKeeper <3.9.4 - Privilege Escalation
Sep 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-48459 MEDIUM
Apache IoTDB <2.0.5 - Deserialization
Sep 24, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-48392 HIGH
Apache IoTDB <2.0.4 - Info Disclosure
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-59328 MEDIUM
Apache Fory < 0.12.2 - Insecure Deserialization
Sep 15, 2025
CVSS 6.5
EPSS 0.03
CVE-2025-48208 HIGH
Apache Hertzbeat < 1.7.3 - LDAP Injection
Sep 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-24404 HIGH
Apache HertzBeat <1.7.0 - RCE
Sep 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-58782 MEDIUM
Apache Jackrabbit Core/JCR Commons <2.22.1 - Deserialization
Sep 08, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-43166 CRITICAL
Apache DolphinScheduler <3.2.2 - Info Disclosure
Sep 03, 2025
CVSS 9.8
EPSS 0.00
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
Sep 03, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-26467 HIGH
Apache Cassandra <4.0.16 - Privilege Escalation
Aug 25, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-54813 HIGH
Apache Log4cxx <1.5.0 - Info Disclosure
Aug 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54812 MEDIUM
Apache Log4cxx < 1.5.0 - XSS
Aug 22, 2025
CVSS 5.4
EPSS 0.00
CVE-2024-48988 HIGH
Apache Streampark < 2.1.6 - SQL Injection
Aug 22, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-54988 HIGH
Apache Tika < 3.2.2 - XXE
Aug 20, 2025
CVSS 8.4
EPSS 0.00
CVE-2024-39954 MEDIUM
Apache Eventmesh < 1.12.0 - SSRF
Aug 20, 2025
CVSS 6.3
EPSS 0.00
Products
http_server 306 tomcat 234 airflow 101 struts 90 traffic_server 80 superset 68 openoffice 60 ofbiz 57 activemq 51 subversion 47 solr 46 nifi 44 cxf 43 cloudstack 38 hadoop 37 inlong 32 camel 31 ambari 26 tika 25 openmeetings 25 dolphinscheduler 24 jspwiki 24 geode 23 zeppelin 22 ranger 21 spark 21 kylin 21 couchdb 20 fineract 20 hive 20
Quick Filters
Critical CVEs With Exploits In CISA KEV