Apache

2,736 tracked vulnerabilities.

CVE-2025-54813 HIGH
Apache Log4cxx <1.5.0 - Info Disclosure
Aug 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54812 MEDIUM
Apache Log4cxx < 1.5.0 - XSS
Aug 22, 2025
CVSS 5.4
EPSS 0.00
CVE-2024-48988 HIGH
Apache Streampark < 2.1.6 - SQL Injection
Aug 22, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-54988 HIGH
Apache Tika < 3.2.2 - XXE
Aug 20, 2025
CVSS 8.4
EPSS 0.00
CVE-2024-39954 MEDIUM
Apache Eventmesh < 1.12.0 - SSRF
Aug 20, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-53192 HIGH
Apache Commons OGNL - Code Injection
Aug 18, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-54466 CRITICAL
Apache Ofbiz < 24.09.02 - Code Injection
Aug 15, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-55675 MEDIUM
Apache Superset <5.0.0 - Info Disclosure
Aug 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-55674 MEDIUM
Apache Superset <5.0.0 - Info Disclosure
Aug 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-55673 MEDIUM
Apache Superset <4.1.3 - Info Disclosure
Aug 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-55672 MEDIUM
Apache Superset <5.0.0 - XSS
Aug 14, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-54472 HIGH
Apache Brpc < 1.14.1 - Integer Overflow
Aug 14, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-55668 MEDIUM
Apache Tomcat <11.0.7, <10.1.41, <9.0.105 - Session Fixation
Aug 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48989 HIGH
Apache Tomcat <11.0.10, 10.1.44, 9.0.108 - Improper Resource Shutdown
Aug 13, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53606 CRITICAL
Apache Seata <2.5.0 - Deserialization
Aug 08, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-48913 CRITICAL
Apache CXF <3.6.8-4.1.3 - RCE
Aug 08, 2025
CVSS 9.8
EPSS 0.00
CVE-2024-51775 MEDIUM
Apache Zeppelin <0.12.0 - SSRF
Aug 03, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-52279 MEDIUM
Apache Zeppelin <0.12.0 - Improper Input Validation
Aug 03, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-41177 MEDIUM
Apache Zeppelin < 0.12.0 - XSS
Aug 03, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-24854 MEDIUM
Apache JSPWiki <2.12.3 - XSS
Jul 31, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-24853 HIGH
Apache JSPWiki - XSS
Jul 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54656 MEDIUM
Apache Struts Extras <2 - Info Disclosure
Jul 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-54090 MEDIUM
Apache HTTP Server <2.4.64 - Info Disclosure
Jul 23, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-50151 HIGH
Apache Jena <5.4.0 - Info Disclosure
Jul 21, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-49656 HIGH
Apache Jena < 5.5.0 - Path Traversal
Jul 21, 2025
CVSS 7.5
EPSS 0.00
Products
http_server 306 tomcat 237 airflow 101 struts 90 traffic_server 80 superset 68 openoffice 60 ofbiz 57 activemq 51 subversion 47 solr 46 nifi 44 cxf 43 cloudstack 38 hadoop 37 inlong 32 camel 31 ambari 26 tika 25 openmeetings 25 jspwiki 24 dolphinscheduler 24 geode 23 zeppelin 22 ranger 21 spark 21 kylin 21 couchdb 20 fineract 20 hive 20
Quick Filters
Critical CVEs With Exploits In CISA KEV