Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

apache — Vulnerabilities & Security Advisories 91

Browse all 91 CVE security advisories affecting apache. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Apache software projects serve as foundational infrastructure for the modern internet, primarily powering web servers and application frameworks. With 91 recorded CVEs, these components frequently exhibit vulnerabilities in input validation and configuration management. Historically, common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex codebases and extensive plugin ecosystems. Security characteristics vary significantly across individual projects, though many rely on community-driven patching rather than centralized corporate support. Major incidents have occasionally exposed critical weaknesses in default configurations, allowing unauthorized access or data exfiltration. The sheer volume of deployments amplifies the impact of any single vulnerability, making timely updates essential. While not inherently insecure, the diversity of implementations requires rigorous auditing. Organizations must prioritize vulnerability management strategies to mitigate risks associated with these widely used, yet complex, open-source tools.

Top products by apache: Apache Tomcat Apache HTTP Server Apache OFBiz Apache Tika OFBiz VCL Olingo Apache CXF Apache JSPWiki Apache Archiva Apache Tapestry Apache Thrift CXF Apache Camel Kafka Apache SpamAssassin Apache Solr Apache Fineract Storm Solr HertzBeat Shiro Apache Dubbo Apache XML-RPC ATS Beam Apache Kylin IoTDB Apache Commons Configuration Kylin
CVE IDTitleCVSSSeverityPublished
CVE-2025-58712 Amq: privilege escalation via excessive /etc/passwd permissions — activemq-artemisCWE-276 6.4 Medium2025-10-22
CVE-2024-42362 GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import — HertzBeatCWE-502 8.8 High2024-08-20
CVE-2024-42361 GHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull} — HertzBeatCWE-89 7.5 High2024-08-20
CVE-2021-32824 Regular expression Denial of Service in MooTools — DubboCWE-502 9.8 Critical2023-01-03
CVE-2021-25958 Generation of Error Message Containing Sensitive Information in Apache OFBiz — ofbiz-frameworkCWE-209 6.5 Medium2021-08-30
CVE-2020-11996 Apache Tomcat 资源管理错误漏洞 — Apache Tomcat 7.5 -2020-06-26
CVE-2020-1956 Apache Kylin 操作系统命令注入漏洞 — Kylin 8.8 -2020-05-22
CVE-2019-0235 Apache OFBiz 跨站请求伪造漏洞 — Apache OFBiz 8.8 -2020-04-30
CVE-2019-12425 Apache OFBiz 注入漏洞 — Apache OFBiz 7.5 -2020-04-30
CVE-2020-9482 Apache NiFi Registry 代码问题漏洞 — Apache NiFi Registry 7.1 -2020-04-28
CVE-2020-9481 Apache Traffic Server 资源管理错误漏洞 — ATS--2020-04-27
CVE-2020-1952 Apache IoTDB 信任管理问题漏洞 — IoTDB 9.8 -2020-04-27
CVE-2020-9488 Apache Log4j 信任管理问题漏洞 — Apache Log4j 3.7 -2020-04-27
CVE-2020-1927 Apache HTTP Server 输入验证错误漏洞 — Apache HTTP ServerCWE-601 6.1 -2020-04-01
CVE-2020-1958 Apache Druid 注入漏洞 — Apache Druid 6.5 -2020-04-01
CVE-2019-17564 Apache Dubbo 安全漏洞 — Apache Dubbo 9.8 -2020-04-01
CVE-2018-11802 Apache Solr 安全漏洞 — Apache Solr 7.1 -2020-04-01
CVE-2020-1954 Apache CXF 信息泄露漏洞 — Apache CXF 5.9 -2020-04-01
CVE-2020-1934 Apache HTTP Server 安全漏洞 — Apache HTTP Server 7.5 -2020-04-01
CVE-2020-1943 Apache OFBiz 跨站脚本漏洞 — Apache OFBiz 6.1 -2020-04-01
CVE-2020-1950 Apache Tika 资源管理错误漏洞 — Apache Tika 5.5 -2020-03-23
CVE-2020-1953 Apache Commons Configuration 输入验证错误漏洞 — Apache Commons Configuration 9.8 -2020-03-13
CVE-2011-2487 Apache WSS4J 加密问题漏洞 — WSS4J 5.9 -2020-03-11
CVE-2020-1938 Apache Tomcat 安全漏洞 — Apache Tomcat 9.8 -2020-02-24
CVE-2020-1935 Apache Tomcat 环境问题漏洞 — Apache Tomcat 4.8 -2020-02-24
CVE-2019-17569 Apache Tomcat 环境问题漏洞 — Apache Tomcat 4.8 -2020-02-24
CVE-2020-1937 Apache Kylin SQL注入漏洞 — Apache Kylin 9.8 -2020-02-24
CVE-2014-4651 Rackspace jclouds 输入验证错误漏洞 — Apache jclouds 9.8 -2020-02-18
CVE-2019-12426 Apache OFBiz 信息泄露漏洞 — Apache OFBiz 5.3 -2020-02-06
CVE-2019-17570 Apache XML-RPC 代码问题漏洞 — Apache XML-RPC 9.8 -2020-01-23

This page lists every published CVE security advisory associated with apache. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.