Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

apache — Vulnerabilities & Security Advisories 91

Browse all 91 CVE security advisories affecting apache. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Apache software projects serve as foundational infrastructure for the modern internet, primarily powering web servers and application frameworks. With 91 recorded CVEs, these components frequently exhibit vulnerabilities in input validation and configuration management. Historically, common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex codebases and extensive plugin ecosystems. Security characteristics vary significantly across individual projects, though many rely on community-driven patching rather than centralized corporate support. Major incidents have occasionally exposed critical weaknesses in default configurations, allowing unauthorized access or data exfiltration. The sheer volume of deployments amplifies the impact of any single vulnerability, making timely updates essential. While not inherently insecure, the diversity of implementations requires rigorous auditing. Organizations must prioritize vulnerability management strategies to mitigate risks associated with these widely used, yet complex, open-source tools.

Top products by apache: Apache Tomcat Apache HTTP Server Apache OFBiz Apache Tika OFBiz VCL Olingo Apache CXF Apache JSPWiki Apache Archiva Apache Tapestry Apache Thrift CXF Apache Camel Kafka Apache SpamAssassin Apache Solr Apache Fineract Storm Solr HertzBeat Shiro Apache Dubbo Apache XML-RPC ATS Beam Apache Kylin IoTDB Apache Commons Configuration Kylin
CVE IDTitleCVSSSeverityPublished
CVE-2019-17573 Apache CXF 跨站脚本漏洞 — CXF 6.1 -2020-01-16
CVE-2019-12423 Apache CXF 安全漏洞 — CXF 7.5 -2020-01-16
CVE-2020-1929 Apache Beam MongoDB connector 信任管理问题漏洞 — Beam 7.5 -2020-01-15
CVE-2019-12398 Apache Airflow 跨站脚本漏洞 — Airflow 4.8 -2020-01-14
CVE-2019-12399 Apache Kafka 信息泄露漏洞 — Kafka 7.5 -2020-01-14
CVE-2019-0219 Apache Cordova 跨站脚本漏洞 — Cordova 9.1 -2020-01-14
CVE-2019-12420 Apache SpamAssassin 资源管理错误漏洞 — Apache SpamAssassin 7.5 -2019-12-12
CVE-2018-11805 Apache SpamAssassin 操作系统命令注入漏洞 — Apache SpamAssassin 6.7 -2019-12-12
CVE-2019-17555 Apache Olingo 输入验证错误漏洞 — Olingo 7.5 -2019-12-04
CVE-2019-17556 Apache Olingo 代码问题漏洞 — Olingo 9.8 -2019-12-04
CVE-2019-17554 Apache Olingo 代码问题漏洞 — Olingo 9.8 -2019-12-04
CVE-2019-12422 Apache Shiro 输入验证错误漏洞 — Shiro 7.5 -2019-11-18
CVE-2019-12409 Apache Solr 代码问题漏洞 — Solr 9.8 -2019-11-18
CVE-2019-10070 Apache Atlas 跨站脚本漏洞 — Atlas 6.1 -2019-11-18
CVE-2019-12419 Apache CXF 授权问题漏洞 — Apache CXF 9.8 -2019-11-06
CVE-2011-3923 Apache Struts 安全漏洞 — Struts 9.8 -2019-11-01
CVE-2019-0205 Apache Thrift 安全漏洞 — Apache Thrift 7.5 -2019-10-28
CVE-2019-0210 Apache Thrift 缓冲区错误漏洞 — Apache Thrift 7.5 -2019-10-28
CVE-2019-10071 Apache Tapestry 输入验证错误漏洞 — Apache Tapestry 9.8 -2019-09-16
CVE-2019-0207 Apache Tapestry 路径遍历漏洞 — Apache Tapestry 7.5 -2019-09-16
CVE-2019-10074 Apache OFBiz 输入验证错误漏洞 — OFBiz 9.8 -2019-09-11
CVE-2019-10073 Apache OFBiz 跨站脚本漏洞 — OFBiz 6.1 -2019-09-11
CVE-2019-0189 Apache OFBiz 代码问题漏洞 — OFBiz 9.8 -2019-09-11
CVE-2018-17200 Apache OFBiz 输入验证错误漏洞 — OFBiz 9.8 -2019-09-11
CVE-2019-12401 Apache Solr 资源管理错误漏洞 — Solr 7.5 -2019-09-10
CVE-2019-12405 Apache Traffic Control 授权问题漏洞 — Traffic Control 9.8 -2019-09-09
CVE-2019-12400 Apache Santuario 输入验证错误漏洞 — Apache Santuario - XML Security for Java 8.1 -2019-08-23
CVE-2019-10086 Apache Commons Beanutils 代码问题漏洞 — Apache Commons Beanutils 8.6 -2019-08-20
CVE-2019-10099 Apache Spark 加密问题漏洞 — Apache Spark 7.5 -2019-08-07
CVE-2019-10088 Apache Tika 缓冲区错误漏洞 — Apache Tika 8.8 -2019-08-02

This page lists every published CVE security advisory associated with apache. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.