Vulnerabilities in Apache Software Foundation

1,872 results
CVE-2022-34169HIGHApache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheetsEPSS 17.7%CVE-2021-25641Dubbo Zookeeper does not check serialization idEPSS 17.7%CVE-2018-1333DoS for HTTP/2 connections by crafted requestsEPSS 17.1%CVE-2017-5647A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.7EPSS 16.8%CVE-2017-5664The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the errorEPSS 16.6%CVE-2023-50780HIGHApache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeansEPSS 16.5%CVE-2019-12402The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with speciEPSS 16.2%CVE-2016-8745A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.REPSS 16.0%CVE-2020-17515The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versEPSS 16.0%CVE-2018-1312In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not coEPSS 15.9%CVE-2018-1301A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size liEPSS 15.6%CVE-2026-34486HIGHApache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptorEPSS 15.4%CVE-2021-43297Dubbo Hessian cause RCE when parse errorEPSS 15.3%CVE-2018-1305Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 tEPSS 15.0%CVE-2025-47411HIGHApache StreamPipes: Leverage of User ID for Privilege EscalationEPSS 14.8%CVE-2021-43557Path traversal in request_uri variableEPSS 14.6%CVE-2023-47248PyArrow, PyArrow: Arbitrary code execution when loading a malicious data fileEPSS 14.4%CVE-2021-28359Apache Airflow Reflected XSS via Origin Query Argument in URLEPSS 14.4%CVE-2024-21733MEDIUMApache Tomcat: Leaking of unrelated request bodies in default error pageEPSS 14.3%CVE-2025-54466MEDIUMApache OFBiz: RCE Vulnerability in scrum pluginEPSS 14.0%