Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how apache compares to other vendors in security performance

View Risk Score →

Software

apache http server
21
apache tomcat
14
apache subversion
4
apache ambari
3
apache cloudstack
2
apache cxf
2
apache ofbiz
2
apache tika
2
apache activemq
1
apache activemq artemis
1
apache airflow
1
apache answer
1
apache apache
1
apache apache airflow
1
apache artemis
1
apache camel
1
apache commons fileupload
1
apache commons httpclient
1
apache commons lang
1
apache commons lang 3
1
apache cordova
1
apache derby
1
apache hadoop
1
apache hive
1
apache ignite
1
apache jakarta slide
1
apache jclouds
1
apache jserv
1
apache karaf
1
apache karaf decanter
1
apache libcloud
1
apache libguac
1
apache log4j
1
apache mina
1
apache mod jk
1
apache mod perl
1
apache mod_dav_svn
1
apache mod_deflate
1
apache mod_dontdothat
1
apache mod_proxy_cluster
1
apache nimble
1
apache pdfbox
1
apache qpid
1
apache roller
1
apache shiro
1
apache solr
1
apache struts 2
1
apache wicket
1
apache xerces
1
apache zookeeper
1

Apache TomcatApache Tomcat: AJP secret compared in non-constant time

Risk 21
Severity
3.7
First published (updated )
CVE-2026-43514

Apache MINAApache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2463177

Apache Apache AirflowApache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1

Risk 21
Severity
3.7
First published (updated )
CVE-2026-32690

Apache ArtemisApache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission

Risk 24
Severity
2.3
First published (updated )
CVE-2026-32642

Apache TomcatInput Validation

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2440437
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache ShiroApache Shiro: Brute force attack possible to determine valid user names

Risk 11
Severity
2.5
EPSS
0.01%
First published (updated )
CVE-2026-23901

Apache Karaf DecanterApache Karaf: Decanter log-socket collector has deserialization vulnerability

Risk 15
Severity
3.7
EPSS
0.03%
First published (updated )
CVE-2026-24656

Apache NimBLEApache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver

Risk 18
Severity
3.1
First published (updated )
CVE-2025-53470

Apache Commons LangUncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2379554

Apache TomcatInteger Overflow

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2379374
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache TomcatAuthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2373018

Apache TomcatImproper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a …

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2362782

Apache OFBizApache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE

Risk 19
Severity
3.5
EPSS
0.07%
First published (updated )
CVE-2025-26865

Apache CXFA potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2339095

Apache TomcatUncontrolled Resource Consumption vulnerability in the examples web application provided with Apache…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2332815
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

go/github.com/apache/incubator-answerApache Answer: Predictable Authorization Token Using UUIDv1

Risk 15
Severity
2.6
First published (updated )
CVE-2024-45719

Apache TomcatUnchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Ja…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2326972

pip/apache-airflow-providers-ftpApache Airflow FTP Provider: FTP_TLS instance with unverified SSL context

Risk 16
Severity
2.7
First published (updated )
CVE-2024-29733

Apache CamelExposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCr…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2266024

go/github.com/apache/incubator-answerApache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions.

Risk 19
Severity
3.1
First published (updated )
CVE-2023-49619
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache mod_proxy_clusterA flaw was found in the mod_proxy_cluster in the Apache server. A malicious user can add a script in…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2254128

Apache CamelApache Camel JIRA: Temporary file information disclosure in Camel-Jira

Risk 18
Severity
3.3
First published (updated )
CVE-2023-34442

Apache TikaIncomplete fix and new regex DoS in StandardsExtractingContentHandler

Risk 17
Severity
3.3
First published (updated )
CVE-2022-33879

Apache TikaWe failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tik…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2099553

Apache poi-scratchpadA shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out …

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2063292
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache KarafPath Traversal

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2046279

Apache PDFBoxIn Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading th…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-1971648

Eclipse JettyInfoleak

Risk 22
Severity
2.7
First published (updated )
CVE-2021-28163

Apache Cordova AndroidWe have resolved a security issue in the camera plugin that could have affected certain Cordova (And…

Risk 18
Severity
3.3
First published (updated )
CVE-2020-11990

Oracle Retail Order Broker Cloud ServiceImproper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version…

Risk 24
Severity
3.7
First published (updated )
CVE-2020-9488
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203