Known Vulnerabilities for products from Apache
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Apache".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40948 json | Not Provided | 2026-04-18 | 2026-04-20 | |
| CVE-2026-40542 json | Not Provided | 2026-04-22 | 2026-04-22 | |
| CVE-2026-40046 json | Not Provided | 2026-04-09 | 2026-04-10 | |
| CVE-2026-40023 json | Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions befo... | Not Provided | 2026-04-10 | 2026-04-21 |
| CVE-2026-40021 json | Not Provided | 2026-04-10 | 2026-04-10 | |
| CVE-2026-39304 json | Not Provided | 2026-04-10 | 2026-04-10 | |
| CVE-2026-35573 json | Not Provided | 2026-04-07 | 2026-04-08 | |
| CVE-2026-35565 json | Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 De... | Not Provided | 2026-04-13 | 2026-04-15 |
| CVE-2026-35554 json | Not Provided | 2026-04-07 | 2026-04-07 | |
| CVE-2026-35337 json | Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When proces... | Not Provided | 2026-04-13 | 2026-04-15 |
| CVE-2026-34538 json | Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG R... | Not Provided | 2026-04-09 | 2026-04-15 |
| CVE-2026-34500 json | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache ... | Not Provided | 2026-04-09 | 2026-04-14 |
| CVE-2026-34487 json | Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tom... | Not Provided | 2026-04-09 | 2026-04-14 |
| CVE-2026-34486 json | Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of... | Not Provided | 2026-04-09 | 2026-04-14 |
| CVE-2026-34483 json | Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affec... | Not Provided | 2026-04-09 | 2026-04-14 |
| CVE-2026-34476 json | Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking M... | Not Provided | 2026-04-13 | 2026-04-20 |
| CVE-2026-34197 json | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker,... | Not Provided | 2026-04-07 | 2026-04-16 |
| CVE-2026-34020 json | Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HT... | Not Provided | 2026-04-09 | 2026-04-15 |
| CVE-2026-33929 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples. This... | Not Provided | 2026-04-14 | 2026-04-20 |
| CVE-2026-33858 json | Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the we... | Not Provided | 2026-04-13 | 2026-04-17 |
Known software with vulnerabilities from Apache
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Apache | Accumulo | 1.10.0 |
| Application | Apache | Activemq | - |
| Application | Apache | Activemq Apollo | 1.0 |
| Application | Apache | Activemq Artemis | - |
| Application | Apache | Airflow | 0.1 |
| Application | Apache | Allura | 1.0.0 |
| Application | Apache | Ambari | 0.9 |
| Application | Apache | Amqp 0-x Jms Client | 6.0.3 |
| Application | Apache | Amqp Jms Client | 0.9.0 |
| Application | Apache | Ant | 1.1 |
| Application | Apache | Apache-ssl | 1.37 |
| Application | Apache | Apache Test | - |
| Application | Apache | Apisix | 1.2 |
| Application | Apache | Apr-util | 0.9.1 |
| Application | Apache | Archiva | 0.9 |
| Application | Apache | Arrow | 0.1.0 |
| Application | Apache | Asterixdb | - |
| Application | Apache | Atlas | 0.5.0 |
| Application | Apache | Axis | - |
| Application | Apache | Axis2 | - |