Apache | KEV Database

CVE-2024-38475 CRITICAL

Apache HTTP Server Improper Escaping of Output Vulnerability

Apache HTTP Server

CVSS 9.1

Added May 01

CVE-2025-24813 CRITICAL

Apache Tomcat Path Equivalence Vulnerability

Apache Tomcat

CVSS 10

Added Apr 01

CVE-2024-45195 CRITICAL

Apache OFBiz Forced Browsing Vulnerability

Apache OFBiz

CVSS 9.8

Added Feb 04

CVE-2024-27348 CRITICAL

Apache HugeGraph-Server Improper Access Control Vulnerability

Apache HugeGraph-Server

CVSS 9.8

Added Sep 18

CVE-2024-38856 HIGH

Apache OFBiz Incorrect Authorization Vulnerability

Apache OFBiz

CVSS 8.1

Added Aug 27

CVE-2024-32113 CRITICAL

Apache OFBiz Path Traversal Vulnerability

Apache OFBiz

CVSS 9.1

Added Aug 07

CVE-2020-17519 CRITICAL

Apache Flink Improper Access Control Vulnerability

Apache Flink

CVSS 9.1

Added May 23

CVE-2023-27524 HIGH

Apache Superset Insecure Default Initialization of Resource Vulnerability

Apache Superset

CVSS 8.9

Added Jan 08

CVE-2023-46604 CRITICAL Ransomware

Apache ActiveMQ Deserialization of Untrusted Data Vulnerability

Apache ActiveMQ

CVSS 10

Added Nov 02

CVE-2023-33246 CRITICAL

Apache RocketMQ Command Execution Vulnerability

Apache RocketMQ

CVSS 9.8

Added Sep 06

CVE-2016-8735 CRITICAL

Apache Tomcat Remote Code Execution Vulnerability

Apache Tomcat

CVSS 9.8

Added May 12

CVE-2021-45046 CRITICAL Ransomware

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

Apache Log4j2

CVSS 9

Added May 01

CVE-2022-33891 HIGH

Apache Spark Command Injection Vulnerability

Apache Spark

CVSS 8.8

Added Mar 07

CVE-2022-24112 CRITICAL

Apache APISIX Authentication Bypass Vulnerability

Apache APISIX

CVSS 9.8

Added Aug 25

CVE-2022-24706 CRITICAL

Apache CouchDB Insecure Default Initialization of Resource Vulnerability

Apache CouchDB

CVSS 9.8

Added Aug 25

CVE-2013-2251 CRITICAL

Apache Struts Improper Input Validation Vulnerability

Apache Struts

CVSS 9.8

Added Mar 25

CVE-2017-12615 HIGH Ransomware

Apache Tomcat on Windows Remote Code Execution Vulnerability

Apache Tomcat

CVSS 8.1

Added Mar 25

CVE-2017-12617 HIGH

Apache Tomcat Remote Code Execution Vulnerability

Apache Tomcat

CVSS 8.1

Added Mar 25

CVE-2020-1956 HIGH

Apache Kylin OS Command Injection Vulnerability

Apache Kylin

CVSS 8.8

Added Mar 25

CVE-2020-1938 CRITICAL

Apache Tomcat Improper Privilege Management Vulnerability

Apache Tomcat

CVSS 9.8

Added Mar 03

CVE-2016-3088 CRITICAL

Apache ActiveMQ Improper Input Validation Vulnerability

Apache ActiveMQ

CVSS 9.8

Added Feb 10

CVE-2017-9791 CRITICAL

Apache Struts 1 Improper Input Validation Vulnerability

Apache Struts 1

CVSS 9.8

Added Feb 10

CVE-2006-1547 HIGH

Apache Struts 1 ActionForm Denial-of-Service Vulnerability

Apache Struts 1

CVSS 7.5

Added Jan 21

CVE-2012-0391 CRITICAL

Apache Struts 2 Improper Input Validation Vulnerability

Apache Struts 2

CVSS 9.8

Added Jan 21

CVE-2020-11978 HIGH

Apache Airflow Command Injection

Apache Airflow

CVSS 8.8

Added Jan 18

CVE-2020-13927 CRITICAL

Apache Airflow's Experimental API Authentication Bypass

Apache Airflow's Experimental API

CVSS 9.8

Added Jan 18

CVE-2019-0193 HIGH

Apache Solr DataImportHandler Code Injection Vulnerability

Apache Solr

CVSS 7.2

Added Dec 10

CVE-2021-44228 CRITICAL Ransomware

Apache Log4j2 Remote Code Execution Vulnerability

Apache Log4j2

CVSS 10

Added Dec 10

CVE-2021-40438 CRITICAL

Apache HTTP Server-Side Request Forgery (SSRF)

Apache Apache

CVSS 9

Added Dec 01

CVE-2016-4437 CRITICAL

Apache Shiro Code Execution Vulnerability

Apache Shiro

CVSS 9.8

Added Nov 03

CVE-2017-5638 CRITICAL Ransomware

Apache Struts Remote Code Execution Vulnerability

Apache Struts

CVSS 9.8

Added Nov 03

CVE-2017-9805 HIGH

Apache Struts Deserialization of Untrusted Data Vulnerability

Apache Struts

CVSS 8.1

Added Nov 03

CVE-2018-11776 HIGH

Apache Struts Remote Code Execution Vulnerability

Apache Struts

CVSS 8.1

Added Nov 03

CVE-2019-0211 HIGH

Apache HTTP Server Privilege Escalation Vulnerability

Apache HTTP Server

CVSS 7.8

Added Nov 03

CVE-2019-17558 HIGH

Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability

Apache Solr

CVSS 7.5

Added Nov 03

CVE-2020-17530 CRITICAL

Apache Struts Remote Code Execution Vulnerability

Apache Struts

CVSS 9.8

Added Nov 03

CVE-2021-41773 HIGH Ransomware

Apache HTTP Server Path Traversal Vulnerability

Apache HTTP Server

CVSS 7.5

Added Nov 03

CVE-2021-42013 CRITICAL Ransomware

Apache HTTP Server Path Traversal Vulnerability

Apache HTTP Server

CVSS 9.8

Added Nov 03

By Vendor

By Product

Apache HTTP Server Improper Escaping of Output Vulnerability

Apache Tomcat Path Equivalence Vulnerability

Apache OFBiz Forced Browsing Vulnerability

Apache HugeGraph-Server Improper Access Control Vulnerability

Apache OFBiz Incorrect Authorization Vulnerability

Apache OFBiz Path Traversal Vulnerability

Apache Flink Improper Access Control Vulnerability

Apache Superset Insecure Default Initialization of Resource Vulnerability

Apache ActiveMQ Deserialization of Untrusted Data Vulnerability

Apache RocketMQ Command Execution Vulnerability

Apache Tomcat Remote Code Execution Vulnerability

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

Apache Spark Command Injection Vulnerability

Apache APISIX Authentication Bypass Vulnerability

Apache CouchDB Insecure Default Initialization of Resource Vulnerability

Apache Struts Improper Input Validation Vulnerability

Apache Tomcat on Windows Remote Code Execution Vulnerability

Apache Tomcat Remote Code Execution Vulnerability

Apache Kylin OS Command Injection Vulnerability

Apache Tomcat Improper Privilege Management Vulnerability

Apache ActiveMQ Improper Input Validation Vulnerability

Apache Struts 1 Improper Input Validation Vulnerability

Apache Struts 1 ActionForm Denial-of-Service Vulnerability

Apache Struts 2 Improper Input Validation Vulnerability

Apache Airflow Command Injection

Apache Airflow's Experimental API Authentication Bypass

Apache Solr DataImportHandler Code Injection Vulnerability

Apache Log4j2 Remote Code Execution Vulnerability

Apache HTTP Server-Side Request Forgery (SSRF)

Apache Shiro Code Execution Vulnerability

Apache Struts Remote Code Execution Vulnerability

Apache Struts Deserialization of Untrusted Data Vulnerability

Apache Struts Remote Code Execution Vulnerability

Apache HTTP Server Privilege Escalation Vulnerability

Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability

Apache Struts Remote Code Execution Vulnerability

Apache HTTP Server Path Traversal Vulnerability

Apache HTTP Server Path Traversal Vulnerability