Package impact

Maven / org.apache.tomcat.embed:tomcat-embed-core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2023-44487	high	7.5	9.0	3y ago	Important: nodejs:20 security update	+6
CVE-2025-46701	high	—	8.0	9d ago	Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to th…	+1
CVE-2026-29129	high	—	8.0	2mo ago	Apache Tomcat: Configured cipher preference order not preserved
CVE-2026-24880	high	—	8.0	2mo ago	Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
CVE-2025-31651	high	—	8.0	6mo ago	Important: tomcat security update	+1
CVE-2025-52520	high	—	8.0	9mo ago	Important: tomcat security update	+1
CVE-2025-48988	high	—	8.0	9mo ago	Important: tomcat security update	+2
CVE-2025-49125	high	—	8.0	9mo ago	Important: tomcat security update	+2
CVE-2025-53506	high	—	8.0	9mo ago	Important: tomcat security update	+1
CVE-2024-56337	high	—	8.0	11mo ago	Important: tomcat security update	+1
CVE-2025-31650	high	—	8.0	11mo ago	Important: tomcat security update	+2
CVE-2024-34750	high	—	8.0	2y ago	Important: tomcat security update	+1
CVE-2024-24549	high	—	8.0	2y ago	Important: tomcat security and bug fix update	+1
CVE-2023-46589	high	—	8.0	2y ago	Important: tomcat security update	+1
CVE-2021-24122	high	—	8.0	5y ago	When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to …
CVE-2019-0199	high	—	8.0	6y ago	Apache Tomcat Denial of Service vulnerability
CVE-2020-9484	high	—	8.0	6y ago	Potential remote code execution in Apache Tomcat
CVE-2018-8037	high	—	8.0	8y ago	Important: pki-deps:10.6 security update
CVE-2018-8034	high	—	8.0	8y ago	Important: pki-deps:10.6 security update
CVE-2018-8014	high	—	8.0	8y ago	Important: pki-deps:10.6 security update
CVE-2018-11784	high	—	8.0	8y ago	Important: pki-deps:10.6 security update
CVE-2026-43513	high	7.5	7.5	16d ago	Apache Tomcat: LockOutRealm treats user names as case-sensitive
CVE-2026-41284	high	7.5	7.5	16d ago	Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
CVE-2025-55752	high	7.5	7.5	6mo ago	Important: tomcat security update	+2
CVE-2025-48989	high	7.5	7.5	9mo ago	Important: tomcat security update	+2
CVE-2026-42498	high	7.3	7.3	16d ago	Apache Tomcat - WebSocket authentication header exposure
CVE-2025-24813	medium	—	7.0	1y ago	Moderate: tomcat security update	+1
CVE-2020-1938	medium	—	7.0	6y ago	Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploit…
CVE-2024-50379	medium	—	5.5	11mo ago	Moderate: tomcat security update	+1
CVE-2023-41080	medium	—	5.5	2y ago	Moderate: tomcat security update
CVE-2023-42795	medium	—	5.5	2y ago	Moderate: tomcat security update
CVE-2023-45648	medium	—	5.5	2y ago	Moderate: tomcat security update
CVE-2023-24998	medium	—	5.5	3y ago	Moderate: tomcat security and bug fix update	+1
CVE-2023-28709	medium	—	5.5	3y ago	Moderate: tomcat security and bug fix update
CVE-2020-1935	medium	—	5.5	6y ago	In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as va…
CVE-2025-61795	medium	5.3	5.3	7mo ago	Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
CVE-2014-0095	medium	—	5.0	12y ago	Denial of service in Apache Tomcat
CVE-2026-43514	low	3.7	3.7	16d ago	Apache Tomcat - AJP secret compared in non-constant time