Browse Security Advisories
Security Advisories for org.apache.tomcat.embed:tomcat-embed-core for https://github.com/apache/tomcat in maven Clear Filters
Moderate
about 2 months ago
Apache Tomcat - Security constraint bypass for pre/post-resources
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
High
about 2 months ago
Apache Tomcat - DoS in multipart upload
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
Low
2 months ago
Apache Tomcat - CGI security constraint bypass
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
Low
3 months ago
Apache Tomcat Rewrite rule bypass
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
Moderate
3 months ago
Apache Tomcat Denial of Service via invalid HTTP priority header
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote
Critical
5 months ago
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
High
8 months ago
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
Moderate
9 months ago
Apache Tomcat Request and/or response mix-up
maven
org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
High
about 1 year ago
Apache Tomcat - Denial of Service
maven
org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Moderate
over 1 year ago
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
maven
org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Moderate
over 1 year ago
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote
High
over 1 year ago
Apache Tomcat Improper Input Validation vulnerability
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
Moderate
almost 2 years ago
Apache Tomcat Improper Input Validation vulnerability
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Moderate
almost 2 years ago
Apache Tomcat Incomplete Cleanup vulnerability
maven
org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Moderate
almost 2 years ago
Apache Tomcat Open Redirect vulnerability
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
High
about 2 years ago
Apache Tomcat - Fix for CVE-2023-24998 was incomplete
maven
org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
High
about 2 years ago
Apache Tomcat vulnerable to information leak
maven
org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
High
over 2 years ago
Apache Tomcat improperly escapes input from JsonErrorReportValve
maven
org.apache.tomcat:tomcat-util, org.apache.tomcat:tomcat-catalina, org.apache.tomcat.embed:tomcat-embed-core
High
over 2 years ago
Apache Tomcat may reject request containing invalid Content-Length header
maven
org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Moderate
about 3 years ago
Denial of service in Apache Tomcat
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote
Critical
about 3 years ago
Expected Behavior Violation in Apache Tomcat
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote
Critical
about 3 years ago
Exposure of Resource to Wrong Sphere in Apache Tomcat
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
Moderate
about 3 years ago
Apache Tomcat Cross-site scripting (XSS) vulnerability
maven
org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Moderate
about 4 years ago
Information Disclosure in Apache Tomcat
maven
org.apache.tomcat.embed:tomcat-embed-core
High
over 4 years ago
Potential remote code execution in Apache Tomcat
maven
org.apache.tomcat.embed:tomcat-embed-core
High
about 6 years ago
Improper Locking in Apache Tomcat
maven
org.apache.tomcat.embed:tomcat-embed-core
Moderate
about 6 years ago
Cross-site scripting in Apache Tomcat
maven
org.apache.tomcat.embed:tomcat-embed-core
Moderate
almost 7 years ago
Apache Tomcat Race Condition vulnerability
maven
org.apache.tomcat.embed:tomcat-embed-core
High
almost 7 years ago
The host name verification missing in Apache Tomcat
maven
org.apache.tomcat.embed:tomcat-embed-core
Critical
almost 7 years ago
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
maven
org.apache.tomcat.embed:tomcat-embed-core
High
almost 7 years ago
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder
maven
org.apache.tomcat.embed:tomcat-embed-core
Moderate
almost 7 years ago
Apache Tomcat information exposure vulnerability
maven
org.apache.tomcat.embed:tomcat-embed-core
Moderate
almost 7 years ago
Apache Tomcat unauthorized access vulnerability
maven
org.apache.tomcat.embed:tomcat-embed-core
Moderate
almost 7 years ago
Apache Tomcat Open Redirect vulnerability
maven
org.apache.tomcat.embed:tomcat-embed-core
Filter by Severity
Filter by Ecosystem
maven
6,666
packagist
5,357
pypi
4,846
npm
4,195
go
2,803
nuget
1,702
cargo
1,067
rubygems
919
hex
37
swift
35
actions
32
pub
10
Filter by Package
org.jenkins-ci.main:jenkins-core
239
org.apache.tomcat:tomcat
138
com.liferay.portal:release.portal.bom
110
com.liferay.portal:release.dxp.bom
105
com.fasterxml.jackson.core:jackson-databind
69
org.apache.struts:struts2-core
57
org.keycloak:keycloak-core
50
org.apache.tomcat.embed:tomcat-embed-core
46
org.xwiki.platform:xwiki-platform-oldcore
41
org.keycloak:keycloak-services
41
org.elasticsearch:elasticsearch
41
com.thoughtworks.xstream:xstream
37
net.mingsoft:ms-mcms
36
com.jfinal:jfinal
36
org.jenkins-ci.plugins:script-security
34
io.undertow:undertow-core
34
org.apache.solr:solr-core
28
org.opencms:opencms-core
27
org.springframework.security:spring-security-core
26
org.eclipse.jetty:jetty-server
25
org.keycloak:keycloak-parent
24
org.bouncycastle:bcprov-jdk14
22
org.apache.openmeetings:openmeetings-parent
22
org.apache.tomcat:tomcat-catalina
21
org.apache.nifi:nifi
21
org.cloudfoundry.identity:cloudfoundry-identity-server
20
org.xwiki.platform:xwiki-platform-web-templates
19
org.apache.tomcat:tomcat-coyote
19
org.apache.jspwiki:jspwiki-main
18
com.vaadin:vaadin-bom
18
org.apache.geode:geode-core
17
org.springframework:spring-core
17
org.apache.inlong:manager-pojo
17
org.apache.ranger:ranger
16
org.apache.activemq:activemq-client
16
org.bouncycastle:bcprov-jdk15
16
org.apache.dubbo:dubbo
16
org.apache.struts.xwork:xwork-core
15
org.xwiki.platform:xwiki-platform-web
14
org.jenkins-ci.plugins.workflow:workflow-cps
13
org.apache.hadoop:hadoop-main
13
org.apache.cxf:cxf-core
13
org.graylog2:graylog2-server
12
org.jeecgframework.boot:jeecg-boot-parent
12
com.vaadin:flow-server
12
org.springframework:spring-web
12
org.jenkins-ci.plugins:git
12
org.apache.dolphinscheduler:dolphinscheduler
12
org.apache.cxf:cxf
12
org.apache.hadoop:hadoop-common
12
org.springframework:spring-webmvc
12
org.apache.tika:tika-core
11
com.xuxueli:xxl-job
11
org.xwiki.platform:xwiki-platform-administration-ui
11
org.apache.commons:commons-compress
11
org.apache.jspwiki:jspwiki-war
11
org.bouncycastle:bcprov-jdk15on
11
org.apache.james:james-server
11
org.apache.archiva:archiva
11
org.jenkins-ci.plugins:email-ext
11
org.igniterealtime.openfire:parent
11
org.mortbay.jetty:jetty
11
ai.h2o:h2o-core
11
org.geoserver.web:gs-web-app
11
org.apache.camel:camel-core
11
h2o
10
org.apache.inlong:manager-service
10
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
10
org.apache.kylin:kylin
10
io.netty:netty
10
org.craftercms:crafter-studio
10
org.jboss.netty:netty
10
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
10
org.apache.hive:hive-exec
10
org.postgresql:postgresql
9
org.opennms:opennms
9
bootstrap
9
org.jenkins-ci.plugins:electricflow
9
org.bouncycastle:bcprov-jdk15to18
9
org.apache.tapestry:tapestry-core
9
cn.hutool:hutool-core
9
org.jenkins-ci.plugins:active-directory
9
bootstrap
9
bootstrap
9
org.jenkins-ci.plugins:config-file-provider
9
io.jenkins:configuration-as-code
9
mysql:mysql-connector-java
9
org.apache.shiro:shiro-core
9
org.opencrx:opencrx-core-models
9
pyspark
9
org.apache.hive:hive
9
org.apache.xmlgraphics:batik
9
org.apache.linkis:linkis
9
org.webjars:bootstrap
9
twbs/bootstrap
9
org.apache.hive:hive-service
8
com.ruoyi:ruoyi
8
org.apache.ozone:ozone-main
8
org.apache.ambari:ambari
8
org.jenkins-ci.plugins:oic-auth
8
org.jenkins-ci.plugins:ec2
8
org.apache.streampark:streampark
8
org.xwiki.platform:xwiki-platform-rest-server
8
jquery
8
org.jeecgframework.boot:jeecg-boot-common
8
org.opensearch.plugin:opensearch-security
8
org.apache.cassandra:cassandra-all
8
org.yaml:snakeyaml
8
org.apache.santuario:xmlsec
8
jquery-rails
8
org.apache.zeppelin:zeppelin
8
org.jenkins-ci.plugins:subversion
8
org.apache.pdfbox:pdfbox
8
io.jenkins.blueocean:blueocean
8
com.hazelcast:hazelcast
8
org.webjars.npm:jquery
8
org.silverpeas.core:silverpeas-core-web
8
io.jenkins.plugins:warnings-ng
7
org.apache.cxf:apache-cxf
7
org.jboss.resteasy:resteasy-client
7
net.opentsdb:opentsdb
7
org.jenkins-ci.plugins:mercurial
7
bootstrap.sass
7
org.apache.tika:tika
7
org.apache.spark:spark-core_2.11
7
jQuery
7
bootstrap-sass
7
io.dataease:dataease-plugin-common
7
org.apache.atlas:atlas-common
7
commons-fileupload:commons-fileupload
7
org.jenkins-ci.plugins:rundeck
7
org.apache.karaf:apache-karaf
7
org.webjars.npm:jquery-ui
7
org.apache.activemq:activemq-parent
7
org.apache.inlong:manager-web
7
org.apache.logging.log4j:log4j-core
7
io.netty:netty-handler
7
org.apache.wicket:wicket-core
7
jquery-ui
7
io.jenkins.plugins:miniorange-saml-sp
7
org.jruby:jruby-stdlib
7
org.jeecgframework.boot:jeecg-boot-base
7
jquery-ui-rails
7
org.jenkins-ci.plugins:openshift-deployer
7
io.jenkins.plugins:cavisson-ns-nd-integration
7
org.apache.poi:poi
7
org.opencastproject:opencast-kernel
7
org.owasp.esapi:esapi
7
io.atomix:atomix
7
org.jenkins-ci.plugins:jobConfigHistory
7
org.owasp.antisamy:antisamy
7
jQuery.UI.Combined
7
org.apache.druid:druid
7
org.jenkins-ci.plugins:artifactory
7
rubygems-update
7
org.apache.derby:derby
7
org.apache.struts:struts2-rest-plugin
6
org.keycloak:keycloak-quarkus-server
6
com.liferay.portal:com.liferay.portal.impl
6
axis:axis
6
ch.qos.logback:logback-core
6
org.apache.kafka:kafka
6
org.jenkins-ci.plugins:gitlab-plugin
6
apache-iotdb
6
org.apache.pulsar:pulsar-broker
6
io.netty:netty-codec-http
6
org.apache.mesos:mesos
6
bootstrap-sass
6
org.jenkins-ci.plugins:fortify-on-demand-uploader
6
org.apache.spark:spark-core_2.10
6
org.jenkins-ci.plugins:ec2-deployment-dashboard
6
org.infinispan:infinispan-core
6
org.geoserver:gs-wms
6
org.apache.zookeeper:zookeeper
6
tech.powerjob:powerjob
6
org.jenkins-ci.plugins:gitlab-oauth
6
org.apache.storm:storm-core
6
org.jenkins-ci.plugins:htmlpublisher
6
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
6
org.jenkins-ci.plugins:repository-connector
6
org.apache.zeppelin:zeppelin-server
6
de.tum.in.ase:artemis-java-test-sandbox
6
com.google.protobuf:protobuf-java
6
org.jenkins-ci.plugins:credentials-binding
6
hudson.plugins:project-inheritance
6
org.jenkins-ci.plugins:pipeline-maven
6
org.apache.solr:solr-parent
6
com.xuxueli:xxl-job-core
6
org.csanchez.jenkins.plugins:kubernetes
6
cn.hutool:hutool-json
6
org.xwiki.commons:xwiki-commons-xml
6
com.xebialabs.deployit.ci:deployit-plugin
6
org.apache.httpcomponents:httpclient
6
org.jenkins-ci.plugins:ghprb
6
com.nimbusds:nimbus-jose-jwt
6
org.apache.shenyu:shenyu-common
6
org.wildfly:wildfly-parent
6
org.jenkins-ci.plugins:azure-vm-agents
6
org.apache.axis:axis
6
org.bouncycastle:bcprov-jdk18on
6