Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1771

Browse all 1771 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Apache Software Foundation develops and maintains open-source software, primarily known for the widely deployed Apache HTTP Server and foundational Java frameworks. Its extensive portfolio exposes a significant attack surface, evidenced by the 1717 recorded CVEs. Historically, vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configuration errors or input validation failures in legacy components. While the foundation enforces rigorous security review processes, the sheer volume of projects increases the likelihood of undiscovered flaws. Notable incidents include critical flaws in Log4j, which allowed remote code execution via crafted log messages, highlighting risks in dependency management. The organization relies on community-driven patching, requiring administrators to promptly apply updates to mitigate exploitation. This model ensures transparency but demands active vigilance from users to maintain system integrity against evolving threat vectors.

Found 13 results / 1771Clear Filters
Top products by Apache Software Foundation: Apache HTTP Server Apache Airflow Apache Tomcat Apache Superset Apache Traffic Server Apache OFBiz Apache NiFi Apache InLong Apache CloudStack Apache DolphinScheduler Apache OpenOffice Apache Struts Apache Solr Apache OpenMeetings Apache CXF Apache Zeppelin Apache Camel Apache Hadoop Apache JSPWiki Apache Fineract Apache Geode Apache Kylin Apache Ambari Apache Pulsar Apache Dubbo Apache Hive Apache Thrift Apache Spark Apache Shiro Apache ActiveMQ
CVE IDTitleCVSSSeverityPublished
CVE-2026-48589 Apache Shiro: Jakarta EE open redirect via untrusted Referer in post-login redirect flow — Apache ShiroCWE-601--2026-05-25
CVE-2026-43828 Apache Shiro: Shiro's native session and rememberMe cookies do not have secure flag set by default — Apache ShiroCWE-614--2026-05-25
CVE-2026-43827 Apache Shiro: Session fixation: new session is not created after login by default — Apache ShiroCWE-384--2026-05-25
CVE-2026-23901 Apache Shiro: Brute force attack possible to determine valid user names — Apache ShiroCWE-208 6.5 -2026-02-10
CVE-2026-23903 Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems — Apache ShiroCWE-289 7.5 -2026-02-09
CVE-2023-46749 Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting — Apache ShiroCWE-22 9.8 -2024-01-15
CVE-2023-46750 Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro. — Apache ShiroCWE-601 6.1AIMediumAI2023-12-14
CVE-2023-34478 Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests. — Apache ShiroCWE-22 9.8 -2023-07-24
CVE-2023-22602 Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request — Apache ShiroCWE-436 7.5 -2023-01-14
CVE-2022-40664 Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher — Apache ShiroCWE-287 9.8 -2022-10-12
CVE-2022-32532 Authentication Bypass Vulnerability — Apache ShiroCWE-863 9.8 -2022-06-28
CVE-2021-41303 Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass — Apache ShiroCWE-287 9.8 -2021-09-17
CVE-2020-11989 Apache Shiro 授权问题漏洞 — Apache Shiro 9.8 -2020-06-22

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.