Apache Security Vulnerabilities (CVEs)

Track 573 security vulnerabilities affecting Apache products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

204 Critical

271 High

95 Medium

3 Low

Sort by:

🔔 Get Alerts for Apache

CVE-2021-26118 7.5

CVE-2021-26118 is an access control bypass vulnerability in Apache ActiveMQ Artemis where advisory message creation in the OpenWire protocol bypasses ...

Jan 27, 2021

CVE-2021-23901 9.1

This XXE vulnerability in Apache Nutch's DmozParser allows attackers to read arbitrary files from the server filesystem and potentially perform server...

Jan 25, 2021

CVE-2021-23926 9.1

This vulnerability in XMLBeans XML parsers allows attackers to perform XML Entity Expansion (XXE) attacks by submitting malicious XML input. It affect...

Jan 14, 2021

CVE-2020-17534 7.0

CVE-2020-17534 is a race condition vulnerability in the webkit subproject of Apache NetBeans HTML/Java API that could allow local privilege escalation...

Jan 11, 2021

CVE-2020-11995 9.8

CVE-2020-11995 is a critical deserialization vulnerability in Apache Dubbo that allows remote attackers to execute arbitrary code by sending specially...

Jan 11, 2021

CVE-2020-17508 7.5

This CVE describes a memory disclosure vulnerability in the ATS ESI plugin for Apache Traffic Server. Attackers could potentially read sensitive data ...

Jan 11, 2021

CVE-2020-11974 9.8

CVE-2020-11974 is a remote code execution vulnerability in DolphinScheduler 1.2.0 and 1.2.1 when configured with MySQL as the database. Attackers can ...

Dec 18, 2020

CVE-2020-13931 9.8

This vulnerability in Apache TomEE exposes an unauthenticated JMX port (TCP 1099) when using a misconfigured embedded ActiveMQ broker. Attackers can r...

Dec 18, 2020

CVE-2020-17530 9.8

This vulnerability in Apache Struts allows attackers to perform remote code execution by forcing OGNL evaluation on raw user input in tag attributes. ...

Dec 11, 2020

CVE-2020-17528 9.1

This vulnerability allows attackers to perform out-of-bounds writes in Apache NuttX's TCP stack by supplying malicious urgent data pointer offsets in ...

Dec 9, 2020

CVE-2020-25649 7.5

CVE-2020-25649 is an XML external entity (XXE) vulnerability in FasterXML Jackson Databind that allows attackers to read arbitrary files from the serv...

Dec 3, 2020

CVE-2020-13942 9.8

CVE-2020-13942 is a critical remote code execution vulnerability in Apache Unomi that allows attackers to inject malicious OGNL or MVEL scripts throug...

Nov 24, 2020

CVE-2020-13927 9.8

CVE-2020-13927 is a critical authentication bypass vulnerability in Apache Airflow's Experimental API that allows unauthenticated remote attackers to ...

Nov 10, 2020

CVE-2020-17510 9.8

CVE-2020-17510 is an authentication bypass vulnerability in Apache Shiro when used with Spring. A specially crafted HTTP request can bypass authentica...

Nov 5, 2020

CVE-2020-13957 9.8

This vulnerability in Apache Solr allows attackers to bypass security controls and upload malicious ConfigSets via API without authentication. By comb...

Oct 13, 2020

CVE-2019-0230 9.8

CVE-2019-0230 is a remote code execution vulnerability in Apache Struts where forced double OGNL evaluation on raw user input in tag attributes allows...

Sep 14, 2020

CVE-2020-11998 9.8

This vulnerability in Apache ActiveMQ allows remote attackers to execute arbitrary code by exploiting a JMX re-bind regression. Attackers can bypass a...

Sep 10, 2020

CVE-2020-11986 9.8

CVE-2020-11986 is a critical vulnerability in Apache NetBeans IDE where Gradle build scripts execute automatically without user consent when loading p...

Sep 9, 2020

CVE-2020-11984 9.8

CVE-2020-11984 is a critical vulnerability in Apache HTTP Server's mod_proxy_uwsgi module that allows attackers to disclose sensitive information and ...

Aug 7, 2020

CVE-2020-13921 9.8

This SQL injection vulnerability in Apache SkyWalking allows attackers to execute arbitrary SQL commands when using H2, MySQL, or TiDB as storage back...

Aug 5, 2020

CVE-2020-1948 9.8

CVE-2020-1948 is a critical deserialization vulnerability in Apache Dubbo that allows remote code execution. Attackers can send malicious RPC requests...

Jul 14, 2020

CVE-2020-13925 9.8

CVE-2020-13925 is a critical OS command injection vulnerability in Apache Kylin's REST API that allows remote attackers to execute arbitrary commands ...

Jul 14, 2020

CVE-2015-6420 9.8

This vulnerability allows remote attackers to execute arbitrary commands on affected Cisco devices by sending crafted serialized Java objects. It affe...

Dec 15, 2015

← Previous Page 12 of 12

Why Monitor Apache Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 573+ known vulnerabilities affecting Apache products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Apache packages in under 60 seconds. No agents required - completely agentless scanning that works across Apache deployments.

Free vulnerability database: Access detailed information about every Apache CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Apache CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Apache CVEs Free