Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1725

Browse all 1725 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Apache Software Foundation develops and maintains open-source software, primarily known for the widely deployed Apache HTTP Server and foundational Java frameworks. Its extensive portfolio exposes a significant attack surface, evidenced by the 1717 recorded CVEs. Historically, vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configuration errors or input validation failures in legacy components. While the foundation enforces rigorous security review processes, the sheer volume of projects increases the likelihood of undiscovered flaws. Notable incidents include critical flaws in Log4j, which allowed remote code execution via crafted log messages, highlighting risks in dependency management. The organization relies on community-driven patching, requiring administrators to promptly apply updates to mitigate exploitation. This model ensures transparency but demands active vigilance from users to maintain system integrity against evolving threat vectors.

Found 23 results / 1725Clear Filters
Top products by Apache Software Foundation: Apache HTTP Server Apache Airflow Apache Tomcat Apache Superset Apache Traffic Server Apache NiFi Apache OFBiz Apache InLong Apache CloudStack Apache DolphinScheduler Apache OpenOffice Apache Struts Apache Solr Apache OpenMeetings Apache Zeppelin Apache Camel Apache CXF Apache Hadoop Apache JSPWiki Apache Fineract Apache Geode Apache Pulsar Apache Ambari Apache Dubbo Apache Kylin Apache Hive Apache Thrift Apache Spark Apache Tika Apache ActiveMQ
CVE IDTitleCVSSSeverityPublished
CVE-2026-22022 Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin — Apache SolrCWE-285 9.8AICriticalAI2026-01-21
CVE-2026-22444 Apache Solr: Insufficient file-access checking in standalone core-creation requests — Apache SolrCWE-20 5.3AIMediumAI2026-01-21
CVE-2025-24814 Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files — Apache SolrCWE-250 9.8 -2025-01-27
CVE-2024-52012 Apache Solr: Configset upload on Windows allows arbitrary path write-access — Apache SolrCWE-23 7.7 -2025-01-27
CVE-2024-45217 Apache Solr: ConfigSets created during a backup restore command are trusted implicitly — Apache SolrCWE-1188 8.8 -2024-10-16
CVE-2024-45216 Apache Solr: Authentication bypass possible using a fake URL Path ending — Apache SolrCWE-287 9.8 -2024-10-16
CVE-2023-50291 Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords — Apache SolrCWE-522 7.5 -2024-02-09
CVE-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users — Apache SolrCWE-732 9.8 -2024-02-09
CVE-2023-50298 Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions — Apache SolrCWE-200 7.5 -2024-02-09
CVE-2023-50386 Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets — Apache SolrCWE-434 9.8 -2024-02-09
CVE-2023-50290 Apache Solr: Host environment variables are published via the Metrics API — Apache SolrCWE-200 7.5 -2024-01-15
CVE-2021-44548 Apache Solr information disclosure vulnerability through DataImportHandler — Apache SolrCWE-40 8.8 -2021-12-23
CVE-2021-29943 Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections — Apache SolrCWE-863 9.1 -2021-04-13
CVE-2021-29262 Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings — Apache SolrCWE-522 7.5 -2021-04-13
CVE-2021-27905 SSRF vulnerability with the Replication handler — Apache SolrCWE-918 9.1 -2021-04-13
CVE-2017-3164 Apache Solr 代码问题漏洞 — Apache Solr 6.5 -2019-03-08
CVE-2019-0192 Apache Solr 代码问题漏洞 — Apache Solr 9.8 -2019-03-07
CVE-2018-8026 Apache Solr 安全漏洞 — Apache Solr 6.5 -2018-07-05
CVE-2018-8010 Apache Solr 安全漏洞 — Apache Solr 5.5 -2018-05-21
CVE-2018-1308 Apache Solr DataImportHandler 安全漏洞 — Apache Solr 7.5 -2018-04-09
CVE-2017-9803 Apache Solr 授权问题漏洞 — Apache Solr 8.8 -2017-09-18
CVE-2017-3163 Apache Solr 安全漏洞 — Apache Solr 7.5 -2017-08-30
CVE-2017-7660 Apache Solr 安全漏洞 — Apache Solr--2017-07-07

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.