apache
2,899 tracked vulnerabilities.
CVE-2025-29847
HIGH
Apache Linkis <1.7.0 - Info Disclosure
Jan 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-68675
HIGH
Apache Airflow <3.1.6 - Info Disclosure
Jan 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-68438
HIGH
Apache Airflow 3.1.0-3.1.5 - Exposure of Sensitive Information in Rendered Templates UI
Jan 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-60021
CRITICAL
Apache bRPC < 1.15.0 - Remote Command Injection via Heap Profiler extra_options Parameter
Jan 16, 2026
CVSS 9.8
EPSS 0.00
CVE-2025-66169
MEDIUM
Apache Camel <4.10.8, <4.14.3, <4.17.0 - Cypher Injection
Jan 14, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-68493
HIGH
Apache Struts <6.1.0 - XML Validation
Jan 11, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-62235
HIGH
Apache NimBLE <= 1.8.0 - Authentication Bypass by Spoofing via Security Request
Jan 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-53477
HIGH
Apache Nimble <1.9.0 - NULL Pointer Dereference
Jan 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-53470
LOW
Apache NimBLE <1.9 - Out-of-bounds Read
Jan 10, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-52435
HIGH
Apache NimBLE <=1.8.0 - Info Disclosure
Jan 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-68637
CRITICAL
Apache Uniffle < 0.10.0 - Man-in-the-Middle via Disabled SSL Certificate Validation
Jan 07, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-68280
MEDIUM
Apache SIS 0.4-1.5 - XML External Entity Injection in GeoTIFF, ISO 19115, GML, and GPX Parsers
Jan 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-66518
HIGH
Apache Kyuubi <1.10.2 - Auth Bypass
Jan 05, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-48769
HIGH
Apache NuttX RTOS <12.11.0 - Use After Free
Jan 01, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-48768
MEDIUM
Apache NuttX RTOS 10.0.0-12.10.0 - Denial of Service via Inode Removal
Jan 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-47411
HIGH
Apache StreamPipes <= 0.97.0 - Privilege Escalation via JWT Token Manipulation
Jan 01, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-66524
HIGH
Apache NiFi <2.6.0 - Deserialization
Dec 19, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-68161
MEDIUM
Apache Log4j Core <2.25.2 - SSL Verification Bypass
Dec 18, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-67895
CRITICAL
Apache Airflow Providers Edge3 < 2.0.0 - Remote Code Execution via Edge3 Worker RPC
Dec 17, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-66388
MEDIUM
Apache Airflow <3.1.4 - Info Disclosure
Dec 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-53960
MEDIUM
Apache StreamPark <2.1.7 - Privilege Escalation
Dec 12, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-54981
HIGH
Apache StreamPark 2.0.0-2.1.6 - Weak Encryption Algorithm via AES-ECB Mode
Dec 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54947
CRITICAL
Apache StreamPark 2.0.0-2.1.7 - Use of Hard-coded Cryptographic Key
Dec 12, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-58137
HIGH
Apache Fineract <= 1.11.0 - Authorization Bypass Through User-Controlled Key
Dec 12, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-58130
CRITICAL
Apache Fineract <= 1.11.0 - Insufficiently Protected Credentials
Dec 12, 2025
CVSS 9.1
EPSS 0.00
Products
http_server 317
tomcat 254
airflow 120
struts 90
traffic_server 82
ofbiz 74
superset 68
openoffice 60
activemq 57
subversion 47
nifi 46
solr 46
cloudstack 45
cxf 43
camel 40
hadoop 37
inlong 32
openmeetings 28
dolphinscheduler 27
ambari 26
tika 25
jspwiki 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
archiva 20
couchdb 20
Quick Filters