- How many CVEs does Apache Software Foundation have?
- Apache Software Foundation has 3,182 published CVE records since 1999, including 660 in the last two years.
- How many Apache Software Foundation CVEs are in CISA KEV?
- Yes — 44 of Apache Software Foundation's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Apache Software Foundation products have the most CVEs?
- The Apache Software Foundation products with the most published CVEs are http_server, Tomcat, Airflow, Apache Airflow, Apache HTTP Server.
- What are the most common weakness types in Apache Software Foundation CVEs?
- Apache Software Foundation's CVEs most often map to these CWE weakness types: CWE-20 (Improper Input Validation), CWE-502 (Deserialization of Untrusted Data), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
- Are there public exploits for Apache Software Foundation vulnerabilities?
- Yes — 448 of Apache Software Foundation's CVEs have a known public exploit.
- How many critical Apache Software Foundation vulnerabilities are there?
- Apache Software Foundation has 610 critical and 1,129 high-severity CVEs.
- What is the average severity of Apache Software Foundation CVEs?
- The average CVSS base score across Apache Software Foundation's scored CVEs is 7.0.