What is the apache CNA?
apache is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 1,788 CVE records since 2016.
How many CVEs has apache published?
apache has published 1,788 CVE records, including 487 in the last two years.
What is apache's CVE data quality grade?
RadicalNotion.AI grades apache's CVE data quality as D, with an overall completeness score of 65.2%. This reflects how consistently its CVE records include vendor (92.2%), product (99.8%), CVSS (7.3%), and CWE (61.6%) information.
What products does apache publish CVEs for?
apache most frequently publishes CVEs for debian linux, airflow, Apache Airflow, http server, Apache HTTP Server.
Which vendors does apache cover?
apache publishes CVEs across 9 distinct vendors, most often Apache, Apache Software Foundation, Bitnami, pip, debian.
Is apache actively publishing CVEs?
apache is currently active, based on 487 CVEs in the last two years.
What is the average severity of apache's CVEs?
The average CVSS base score across apache's scored CVEs is 6.4.
How many critical CVEs has apache published?
apache has published 215 critical-severity CVEs and 408 high-severity CVEs.
Are any of apache's CVEs in CISA's Known Exploited Vulnerabilities catalog?
Yes. 34 of apache's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
What are the most common weakness types in apache's CVEs?
apache's CVEs most often map to these CWE weakness types: CWE-502 (Deserialization of Untrusted Data), CWE-20 (Improper Input Validation), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
How does apache rank among CNAs?
By total CVE volume, apache ranks #28 of 370 CNAs, and it reports more complete CVE records than 17% of all CNAs.
