Known Vulnerabilities for products from Apache
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Apache".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-49361 json | Not Provided | 2026-06-01 | 2026-06-01 | |
| CVE-2026-49328 json | Not Provided | 2026-06-01 | 2026-06-01 | |
| CVE-2026-49298 json | A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API ... | Not Provided | 2026-06-01 | 2026-06-03 |
| CVE-2026-49270 json | Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ ... | Not Provided | 2026-06-01 | 2026-06-01 |
| CVE-2026-49267 json | Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without... | Not Provided | 2026-06-01 | 2026-06-03 |
| CVE-2026-49157 json | Not Provided | 2026-06-01 | 2026-06-01 | |
| CVE-2026-48827 json | Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pac... | Not Provided | 2026-06-01 | 2026-06-01 |
| CVE-2026-48726 json | A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout ... | Not Provided | 2026-06-01 | 2026-06-03 |
| CVE-2026-48589 json | Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In aff... | Not Provided | 2026-05-25 | 2026-05-28 |
| CVE-2026-48557 json | Not Provided | 2026-05-29 | 2026-05-29 | |
| CVE-2026-46764 json | The Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` in Apache Airflow fetched audit-log rows directly by num... | Not Provided | 2026-06-01 | 2026-06-02 |
| CVE-2026-46745 json | Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attacker... | Not Provided | 2026-05-25 | 2026-05-27 |
| CVE-2026-46718 json | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This iss... | Not Provided | 2026-06-02 | 2026-06-03 |
| CVE-2026-46605 json | Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to rem... | Not Provided | 2026-06-01 | 2026-06-01 |
| CVE-2026-46586 json | Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Cod... | Not Provided | 2026-05-19 | 2026-05-20 |
| CVE-2026-45505 json | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker,... | Not Provided | 2026-06-01 | 2026-06-01 |
| CVE-2026-45434 json | Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This i... | Not Provided | 2026-05-19 | 2026-05-20 |
| CVE-2026-45426 json | Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at... | Not Provided | 2026-06-01 | 2026-06-01 |
| CVE-2026-45361 json | Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic ... | Not Provided | 2026-05-25 | 2026-06-01 |
| CVE-2026-45360 json | Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and d... | Not Provided | 2026-06-01 | 2026-06-03 |
Known software with vulnerabilities from Apache
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Apache | Accumulo | 1.10.0 |
| Application | Apache | Activemq | - |
| Application | Apache | Activemq Apollo | 1.0 |
| Application | Apache | Activemq Artemis | - |
| Application | Apache | Airflow | 0.1 |
| Application | Apache | Allura | 1.0.0 |
| Application | Apache | Ambari | 0.9 |
| Application | Apache | Amqp 0-x Jms Client | 6.0.3 |
| Application | Apache | Amqp Jms Client | 0.9.0 |
| Application | Apache | Ant | 1.1 |
| Application | Apache | Apache-ssl | 1.37 |
| Application | Apache | Apache Test | - |
| Application | Apache | Apisix | 1.2 |
| Application | Apache | Apr-util | 0.9.1 |
| Application | Apache | Archiva | 0.9 |
| Application | Apache | Arrow | 0.1.0 |
| Application | Apache | Asterixdb | - |
| Application | Apache | Atlas | 0.5.0 |
| Application | Apache | Axis | - |
| Application | Apache | Axis2 | - |