Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache — Vulnerabilities & Security Advisories 91

Browse all 91 CVE security advisories affecting Apache. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Apache software projects serve as foundational infrastructure for the modern internet, primarily powering web servers and application frameworks. With 91 recorded CVEs, these components frequently exhibit vulnerabilities in input validation and configuration management. Historically, common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex codebases and extensive plugin ecosystems. Security characteristics vary significantly across individual projects, though many rely on community-driven patching rather than centralized corporate support. Major incidents have occasionally exposed critical weaknesses in default configurations, allowing unauthorized access or data exfiltration. The sheer volume of deployments amplifies the impact of any single vulnerability, making timely updates essential. While not inherently insecure, the diversity of implementations requires rigorous auditing. Organizations must prioritize vulnerability management strategies to mitigate risks associated with these widely used, yet complex, open-source tools.

Top products by Apache: Apache Tomcat Apache HTTP Server Apache OFBiz Apache Tika OFBiz VCL Olingo Apache CXF Apache JSPWiki Apache Archiva Apache Tapestry Apache Thrift CXF Apache Camel Kafka Apache SpamAssassin Apache Solr Apache Fineract Storm Solr HertzBeat Shiro Apache Dubbo Apache XML-RPC ATS Beam Apache Kylin IoTDB Apache Commons Configuration Kylin
CVE IDTitleCVSSSeverityPublished
CVE-2019-10094 Apache Tika 缓冲区错误漏洞 — Apache Tika 7.1 -2019-08-02
CVE-2019-10093 Apache Tika 资源管理错误漏洞 — Apache Tika 5.5 -2019-08-02
CVE-2019-0193 Apache Solr 代码注入漏洞 — Apache Solr 7.2 -2019-08-01
CVE-2015-7559 Apache ActiveMQ 输入验证错误漏洞 — ActiveMQCWE-306 4.9 -2019-08-01
CVE-2018-11772 Apache VCL SQL注入漏洞 — VCL 7.2 -2019-07-29
CVE-2018-11774 Apache VCL SQL注入漏洞 — VCL 7.2 -2019-07-29
CVE-2018-11773 Apache VCL 输入验证错误漏洞 — VCL 9.8 -2019-07-29
CVE-2018-11779 Apache Storm 代码问题漏洞 — StormCWE-502 8.1 -2019-07-25
CVE-2019-0202 Apache Storm 日志信息泄露漏洞 — StormCWE-200 7.5 -2019-07-25
CVE-2019-0234 Apache Roller 跨站脚本漏洞 — Apache Roller 6.1 -2019-07-15
CVE-2018-17196 Apache Kafka 输入验证错误漏洞 — Kafka 8.8 -2019-07-11
CVE-2018-11801 Apache Fineract SQL注入漏洞 — Apache Fineract 9.8 -2019-06-11
CVE-2018-11800 Apache Fineract SQL注入漏洞 — Apache Fineract 9.8 -2019-06-11
CVE-2019-0221 Apache Tomcat 跨站脚本漏洞 — Apache Tomcat 6.1 -2019-05-28
CVE-2019-0188 Apache Camel 代码问题漏洞 — Apache Camel 7.5 -2019-05-28
CVE-2019-0226 Apache Karaf 路径遍历漏洞 — Karaf 4.9 -2019-05-09
CVE-2018-8035 Apache UIMA DUCC 跨站脚本漏洞 — Apache UIMA DUCC 6.1 -2019-05-01
CVE-2019-0227 Apache Axis 代码问题漏洞 — Apache Axis 1.4 7.5 -2019-05-01
CVE-2019-0214 Apache Archiva 输入验证错误漏洞 — Apache Archiva 6.5 -2019-04-30
CVE-2019-0213 Apache Archiva 跨站脚本漏洞 — Apache Archiva 4.1 -2019-04-30
CVE-2019-0194 Apache Camel 路径遍历漏洞 — Apache Camel 7.5 -2019-04-30
CVE-2019-0232 Apache Tomcat 操作系统命令注入漏洞 — Tomcat 7.5 -2019-04-15
CVE-2019-0211 Apache HTTP Server 资源管理错误漏洞 — Apache HTTP Server 8.8 -2019-04-08
CVE-2019-0217 Apache HTTP Server 竞争条件问题漏洞 — Apache HTTP Server 7.5 -2019-04-08
CVE-2019-0215 Apache HTTP Server 访问控制错误漏洞 — Apache HTTP Server 7.5 -2019-04-08
CVE-2019-0212 Apache Hbase 授权问题漏洞 — Apache HBase 8.8 -2019-03-28
CVE-2019-0222 Apache ActiveMQ 代码注入漏洞 — Apache ActiveMQ 7.5 -2019-03-28
CVE-2019-0225 Apache JSPWiki 路径遍历漏洞 — Apache JSPWiki 5.3 -2019-03-28
CVE-2019-0224 Apache JSPWiki 跨站脚本漏洞 — Apache JSPWiki 6.1 -2019-03-28
CVE-2019-0204 Apache Mesos 输入验证错误漏洞 — Apache Mesos 7.8 -2019-03-25

This page lists every published CVE security advisory associated with Apache. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.