SecAlerts
CVE ListPricingSign Up
apache logo

apache

Security Risk Profile

51
/100
medium

Security Risk Score

Comprehensive risk assessment based on 1000 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from November 22, 2024 to present

1000
Total CVEs
314
Critical+High
23
Exploited
157
Unpatched

Threat Assessment

Avg CVSS
7.1
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
157
Critical/High
Risk Level
51/100
medium
⚠️ 23 Active Exploits 6 Zero-Days🆕 43Fresh (<7d)📈 179 in Last 30 Days

Severity Distribution

Critical
88
High
226
Medium
204
Low
16

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
1
<5%
59

Age Distribution

Common Weaknesses (CWE)

1
Input Validation
41
2
XSS
24
3
Code Injection
21
4
Path Traversal
20
5
Infoleak
18

Most Affected Products

1. Apache Tomcat650
2. Apache HTTP Server87
3. Apache Airflow77
4. Apache Camel63
5. Apache OFBiz48

Recent Vulnerabilities

See more →
CVE-2026-46745
unknown

Apache Airflow FAB provider: [ Security port ] LDAP Filter Injection in FAB Auth Manager _search_ldap achable via /auth/token (ZDS-223)

5/24/2026🔧 No Patch
CVE-2026-45249
unknown

Apache ECharts: XSS in Lines series tooltip ndering

5/23/2026🔧 No Patch
https://seclists.org/oss-sec/2026/q2/676
unknown

CVE-2026-45249: Apache ECharts: XSS in Lines series tooltip ndering

5/23/2026🔧 No Patch
CVE-2026-44417
unknown

Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)

5/22/2026🔧 No Patch
CVE-2026-44618
unknown

Apache CXF: XXE vulnerability in WS-Transfer functionality

5/22/2026🔧 No Patch
CVE-2026-44930
unknown

Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository

5/22/2026🔧 No Patch
CVE-2026-48207
CVSS 9.8critical

Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

5/21/2026🔧 No Patch
https://seclists.org/oss-sec/2026/q2/646
unknown

CVE-2026-48207: Apache Fory: PyFory duceSerializer Incomplete Policy Enforcement

5/21/2026🔧 No Patch
CVE-2026-45760
unknown

Apache Camel K: Camel K Cross-Namespace Build Deputy Attack

5/21/2026🔧 No Patch
https://seclists.org/oss-sec/2026/q2/644
unknown

CVE-2026-45760: Apache Camel K: Camel K Cross-Namespace Build Deputy Attack

5/21/2026🔧 No Patch

Monitor apache in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

apache Security Vulnerabilities & Risk Score | 1000 CVEs | SecAlerts - SecAlerts