apache
3,095 tracked vulnerabilities.
CVE-2021-26118
HIGH
Apache ActiveMQ Artemis < 2.16.0 - Improper Access Control via OpenWire Advisory Message Creation
Jan 27, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-26117
HIGH
Apache ActiveMQ 5.15.0-5.15.13 and 5.16.0 - Improper Authentication via LDAP Anonymous Bind
Jan 27, 2021
CVSS 7.5
EPSS 0.11
CVE-2021-23901
CRITICAL
Apache Nutch < 1.18 - XML External Entity Injection in DmozParser
Jan 25, 2021
CVSS 9.1
EPSS 0.04
CVE-2021-20190
HIGH
jackson-databind < 2.9.10.7 - Deserialization of Untrusted Data
Jan 19, 2021
CVSS 8.1
EPSS 0.07
CVE-2021-24122
MEDIUM
Apache Tomcat 7.0.0-7.0.106, 8.5.0-8.5.59, 9.0.0.M1-9.0.39, 10.0.0-M1-10.0.0-M9 - JSP Source Code Disclosure
Jan 14, 2021
CVSS 5.9
EPSS 0.23
CVE-2021-23926
CRITICAL
Apache XMLBeans <= 2.6.0 - XML External Entity Injection
Jan 14, 2021
CVSS 9.1
EPSS 0.06
CVE-2020-13929
HIGH
Apache Zeppelin < 0.9.0 - Authentication Bypass
Sep 02, 2021
CVSS 7.5
EPSS 0.03
CVE-2020-9493
CRITICAL
Apache Chainsaw < 2.1.0 - Remote Code Execution via Deserialization
Jun 16, 2021
CVSS 9.8
EPSS 0.05
CVE-2020-35452
HIGH
Apache HTTP Server 2.4.0-2.4.46 - Out-of-bounds Write in mod_auth_digest via Digest Nonce
Jun 10, 2021
CVSS 7.3
EPSS 0.53
CVE-2020-13950
HIGH
Apache HTTP Server 2.4.41-2.4.46 - Denial of Service via Crafted Content-Length and Transfer-Encoding Headers
Jun 10, 2021
CVSS 7.5
EPSS 0.49
CVE-2020-13938
MEDIUM
Apache HTTP Server 2.4.0-2.4.46 - Unauthenticated Denial of Service via Local Stop Command
Jun 10, 2021
CVSS 5.5
EPSS 0.12
CVE-2020-17514
HIGH
Apache Fineract <1.5.0 - Info Disclosure
May 27, 2021
CVSS 7.4
EPSS 0.03
CVE-2020-17517
HIGH
Apache Ozone <1.1.0 - Info Disclosure
Apr 27, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-23922
HIGH
giflib < 5.1.4 - Heap-Based Buffer Over-Read in DumpScreen2RGB
Apr 21, 2021
CVSS 7.1
EPSS 0.02
CVE-2020-1946
CRITICAL
Apache SpamAssassin < 3.4.5 - OS Command Injection via Rule Configuration Files
Mar 25, 2021
CVSS 9.8
EPSS 0.06
CVE-2020-17525
HIGH
Subversion 1.9.0-1.10.6 - Denial of Service via Non-Existing Repository URL
Mar 17, 2021
CVSS 7.5
EPSS 0.40
CVE-2020-13924
HIGH
Apache Ambari < 2.6.2.2 - Path Traversal
Mar 17, 2021
CVSS 7.5
EPSS 0.04
CVE-2020-1926
MEDIUM
Apache Hive <2.3.8 - Info Disclosure
Mar 16, 2021
CVSS 5.9
EPSS 0.02
CVE-2020-13959
MEDIUM
Apache Velocity Tools < 3.1 - Cross-Site Scripting via URL vm File Parameter
Mar 10, 2021
CVSS 6.1
EPSS 0.06
CVE-2020-13936
HIGH
Apache Velocity Engine < 2.3 - Remote Code Execution via Template Modification
Mar 10, 2021
CVSS 8.8
EPSS 0.23
CVE-2020-35451
MEDIUM
Apache Oozie < 5.2.1 - Race Condition in OozieSharelibCLI
Mar 09, 2021
CVSS 4.7
EPSS 0.00
CVE-2020-1936
MEDIUM
Apache Ambari < 2.7.4 - Cross-Site Scripting in Views
Mar 02, 2021
CVSS 6.1
EPSS 0.03
CVE-2020-9479
MEDIUM
Apache AsterixDB < 0.9.5 - Path Traversal via UDF Zip File Extraction
Mar 01, 2021
CVSS 5.5
EPSS 0.02
CVE-2020-27223
MEDIUM
Eclipse Jetty 9.4.6-9.4.36, 10.0.0, 11.0.0 - Denial of Service via Multiple Accept Headers with Quality Parameters
Feb 26, 2021
CVSS 5.2
EPSS 0.78
CVE-2020-11988
HIGH
Apache XmlGraphics Commons < 2.4 - Server-Side Request Forgery via XMPParser
Feb 24, 2021
CVSS 8.2
EPSS 0.07
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters