Known Vulnerabilities for products from Apache
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Apache".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-43975 json | Not Provided | 2026-05-06 | 2026-05-06 | |
| CVE-2026-43870 json | Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralizat... | Not Provided | 2026-05-05 | 2026-05-06 |
| CVE-2026-43869 json | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: befo... | Not Provided | 2026-05-05 | 2026-05-06 |
| CVE-2026-43868 json | Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0.... | Not Provided | 2026-05-05 | 2026-05-06 |
| CVE-2026-43826 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-43646 json | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket:... | Not Provided | 2026-05-06 | 2026-05-06 |
| CVE-2026-43515 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-43514 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-43513 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-43512 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-42812 json | In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and w... | Not Provided | 2026-05-04 | 2026-05-12 |
| CVE-2026-42811 json | In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a c... | Not Provided | 2026-05-04 | 2026-05-12 |
| CVE-2026-42810 json | Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies... | Not Provided | 2026-05-04 | 2026-05-12 |
| CVE-2026-42809 json | Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective tab... | Not Provided | 2026-05-04 | 2026-05-12 |
| CVE-2026-42779 json | The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: ... | Not Provided | 2026-05-01 | 2026-05-01 |
| CVE-2026-42778 json | The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The ... | Not Provided | 2026-05-01 | 2026-05-01 |
| CVE-2026-42509 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket. This is... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2026-42440 json | OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.... | Not Provided | 2026-05-04 | 2026-05-06 |
| CVE-2026-42404 json | Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyRefe... | Not Provided | 2026-05-01 | 2026-05-01 |
| CVE-2026-42403 json | Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular... | Not Provided | 2026-05-01 | 2026-05-01 |
Known software with vulnerabilities from Apache
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Apache | Accumulo | 1.10.0 |
| Application | Apache | Activemq | - |
| Application | Apache | Activemq Apollo | 1.0 |
| Application | Apache | Activemq Artemis | - |
| Application | Apache | Airflow | 0.1 |
| Application | Apache | Allura | 1.0.0 |
| Application | Apache | Ambari | 0.9 |
| Application | Apache | Amqp 0-x Jms Client | 6.0.3 |
| Application | Apache | Amqp Jms Client | 0.9.0 |
| Application | Apache | Ant | 1.1 |
| Application | Apache | Apache-ssl | 1.37 |
| Application | Apache | Apache Test | - |
| Application | Apache | Apisix | 1.2 |
| Application | Apache | Apr-util | 0.9.1 |
| Application | Apache | Archiva | 0.9 |
| Application | Apache | Arrow | 0.1.0 |
| Application | Apache | Asterixdb | - |
| Application | Apache | Atlas | 0.5.0 |
| Application | Apache | Axis | - |
| Application | Apache | Axis2 | - |