Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1725

Browse all 1725 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Apache Software Foundation develops and maintains open-source software, primarily known for the widely deployed Apache HTTP Server and foundational Java frameworks. Its extensive portfolio exposes a significant attack surface, evidenced by the 1717 recorded CVEs. Historically, vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configuration errors or input validation failures in legacy components. While the foundation enforces rigorous security review processes, the sheer volume of projects increases the likelihood of undiscovered flaws. Notable incidents include critical flaws in Log4j, which allowed remote code execution via crafted log messages, highlighting risks in dependency management. The organization relies on community-driven patching, requiring administrators to promptly apply updates to mitigate exploitation. This model ensures transparency but demands active vigilance from users to maintain system integrity against evolving threat vectors.

Found 19 results / 1725Clear Filters
Top products by Apache Software Foundation: Apache HTTP Server Apache Airflow Apache Tomcat Apache Superset Apache Traffic Server Apache NiFi Apache OFBiz Apache InLong Apache CloudStack Apache DolphinScheduler Apache OpenOffice Apache Struts Apache Solr Apache OpenMeetings Apache Zeppelin Apache Camel Apache CXF Apache Hadoop Apache JSPWiki Apache Fineract Apache Geode Apache Pulsar Apache Ambari Apache Dubbo Apache Kylin Apache Hive Apache Thrift Apache Spark Apache Tika Apache ActiveMQ
CVE IDTitleCVSSSeverityPublished
CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store — Apache CamelCWE-502 8.8AIHighAI2026-04-27
CVE-2026-33453 Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution — Apache CamelCWE-915 9.8AICriticalAI2026-04-27
CVE-2026-33454 Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant) — Apache CamelCWE-502 9.1AICriticalAI2026-04-27
CVE-2026-40858 Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository — Apache CamelCWE-502 8.8AIHighAI2026-04-27
CVE-2026-40860 Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp — Apache CamelCWE-502 9.8AICriticalAI2026-04-27
CVE-2026-23552 Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy — Apache CamelCWE-346 5.3AIMediumAI2026-02-23
CVE-2025-30177 Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering — Apache Camel 7.5 -2025-04-01
CVE-2025-29891 Apache Camel: Camel Message Header Injection through request parameters — Apache CamelCWE-164 8.2 -2025-03-12
CVE-2025-27636 Apache Camel: Camel Message Header Injection via Improper Filtering — Apache Camel 7.5 -2025-03-09
CVE-2024-22371 Apache Camel issue on ExchangeCreatedEvent — Apache Camel 2.9 Low2024-02-26
CVE-2024-23114 Apache Camel: Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository — Apache CamelCWE-502 9.8 -2024-02-20
CVE-2024-22369 Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository — Apache CamelCWE-502 9.8 -2024-02-20
CVE-2018-8041 Apache Camel Mail 路径遍历漏洞 — Apache Camel 5.3 -2018-09-17
CVE-2018-8027 Apache Camel Core XSD validation processor 安全漏洞 — Apache Camel 9.8 -2018-07-31
CVE-2017-12634 Apache Camel camel-castor组件安全漏洞 — Apache Camel 9.8 -2017-11-15
CVE-2017-12633 Apache Camel camel-hessian组件安全漏洞 — Apache Camel 9.8 -2017-11-15
CVE-2016-8749 Apache Camel 安全漏洞 — Apache Camel 9.8 -2017-03-28
CVE-2017-5643 Apache Camel Validation Component 安全漏洞 — Apache Camel 7.4 -2017-03-16
CVE-2017-3159 Apache Camel camel-snakeyaml组件安全漏洞 — Apache Camel 9.8 -2017-03-07

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.