Package impact

MAVEN / org.apache.tomcat:tomcat

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-43512	critical	9.8	9.8	16d ago	Apache Tomcat - Digest authenticator will authenticate any unknown user
CVE-2026-41293	critical	9.8	9.8	16d ago	Apache Tomcat - HTTP/2 request headers not validated
CVE-2025-55754	critical	9.6	9.6	10d ago	Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences	+1
CVE-2026-29145	critical	—	9.5	2mo ago	Apache Tomcat: CLIENT_CERT authentication does not fail as expected
CVE-2026-43515	critical	9.1	9.1	16d ago	Apache Tomcat - Security constraints not correctly applied
CVE-2025-61795	medium	5.3	5.3	7mo ago	Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
CVE-2026-43514	low	3.7	3.7	16d ago	Apache Tomcat - AJP secret compared in non-constant time
CVE-2024-54677	low	—	2.5	2y ago	Apache Tomcat Uncontrolled Resource Consumption vulnerability