Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2025-48924 Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs — Apache Commons LangCWE-674 7.5AIHighAI2025-07-11
CVE-2025-53506 Apache Tomcat: DoS via excessive h2 streams at connection start — Apache TomcatCWE-400 7.5 -2025-07-10
CVE-2025-52520 Apache Tomcat: DoS via integer overflow in multipart file upload — Apache TomcatCWE-190 7.5 -2025-07-10
CVE-2025-52434 Apache Tomcat: APR/Native Connector crash leading to DoS — Apache TomcatCWE-362 8.1 -2025-07-10
CVE-2025-53020 Apache HTTP Server: HTTP/2 DoS by Memory Increase — Apache HTTP ServerCWE-401 9.1 -2025-07-10
CVE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attack — Apache HTTP ServerCWE-287 7.4AIHighAI2025-07-10
CVE-2025-49630 Apache HTTP Server: mod_proxy_http2 denial of service — Apache HTTP ServerCWE-617 7.5AIHighAI2025-07-10
CVE-2025-23048 Apache HTTP Server: mod_ssl access control bypass with session resumption — Apache HTTP ServerCWE-284 8.1AIHighAI2025-07-10
CVE-2024-43394 Apache HTTP Server: SSRF on Windows due to UNC paths — Apache HTTP ServerCWE-918 7.5 -2025-07-10
CVE-2024-47252 Apache HTTP Server: mod_ssl error log variable escaping — Apache HTTP ServerCWE-150 5.3AIMediumAI2025-07-10
CVE-2024-43204 Apache HTTP Server: SSRF with mod_headers setting Content-Type header — Apache HTTP ServerCWE-918 5.9AIMediumAI2025-07-10
CVE-2024-42516 Apache HTTP Server: HTTP response splitting — Apache HTTP ServerCWE-20 5.3AIMediumAI2025-07-10
CVE-2025-27446 Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges — Apache APISIX Java Plugin RunnerCWE-732 7.8 -2025-07-06
CVE-2024-35164 Apache Guacamole: Improper input validation of console codes — Apache GuacamoleCWE-129 6.8 Medium2025-07-02
CVE-2025-46647 Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect — Apache APISIXCWE-302 7.5AIHighAI2025-07-02
CVE-2025-32897 Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server — Apache Seata (incubating)CWE-502 9.8AICriticalAI2025-06-28
CVE-2025-50213 Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator — Apache Airflow Providers SnowflakeCWE-75 9.8AICriticalAI2025-06-24
CVE-2025-32896 Apache SeaTunnel: Unauthenticated insecure access — Apache SeaTunnelCWE-306 9.8AICriticalAI2025-06-19
CVE-2025-31698 Apache Traffic Server: Client IP address from PROXY protocol is not used for ACL — Apache Traffic ServerCWE-284--AI2025-06-19
CVE-2025-49763 Apache Traffic Server: Remote DoS via memory exhaustion in ESI Plugin — Apache Traffic ServerCWE-400 7.5AIHighAI2025-06-19
CVE-2025-48976 Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers — Apache Commons FileUpload 7.5 -2025-06-16
CVE-2025-49124 Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows — Apache TomcatCWE-426 7.8AIHighAI2025-06-16
CVE-2025-49125 Apache Tomcat: Security constraint bypass for pre/post-resources — Apache TomcatCWE-288 9.1 -2025-06-16
CVE-2025-48988 Apache Tomcat: FileUpload large number of parts with headers DoS — Apache TomcatCWE-770 7.5 -2025-06-16
CVE-2025-47869 Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size. — Apache NuttX RTOSCWE-119 9.8AICriticalAI2025-06-16
CVE-2025-47868 Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition. — Apache NuttX RTOS: tools/bdf-converter.CWE-787 9.8AICriticalAI2025-06-16
CVE-2025-30675 Apache CloudStack: Unauthorised template/ISO list access to the domain/resource admins — Apache CloudStackCWE-200 4.7 Medium2025-06-10
CVE-2025-22829 Apache CloudStack: Unauthorised access to dedicated resources in Quota plugin — Apache CloudStackCWE-269 4.3AIMediumAI2025-06-10
CVE-2025-26521 Apache CloudStack: CKS cluster in project exposes user API keys — Apache CloudStackCWE-200 7.5AIHighAI2025-06-10
CVE-2025-47849 Apache CloudStack: Insecure access of user's API/Secret Keys in the same domain — Apache CloudStackCWE-269 7.2AIHighAI2025-06-10

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.