Apache Software Foundation Apache HTTP Server Vulnerabilities
CVE security advisories and vulnerability history for Apache HTTP Server by Apache Software Foundation.
125
Total CVEs
Published
5
In CISA KEV
Exploited in the wild
20
Public exploits
PoC or exploit code
7.5
Avg CVSS
2010–2026
Last updated
Overview
Apache Software Foundation Apache HTTP Server has 125 published CVE records since 2010, of which 5 are in CISA's Known Exploited Vulnerabilities catalog and 20 have a known public exploit. The average CVSS base score across scored CVEs is 7.5.
This page aggregates every publicly disclosed vulnerability (CVE) affecting Apache Software Foundation Apache HTTP Server, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list. Affected platforms include Windows.
Severity and exploitation
How the CVSS severity of Apache Software Foundation Apache HTTP Server's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
Critical26
High65
Medium34
Low0
In CISA’s Known Exploited Vulnerabilities catalog
5
5 of Apache Software Foundation Apache HTTP Server's CVEs are confirmed exploited in the wild.
Public exploits
20
20 of Apache Software Foundation Apache HTTP Server's CVEs have a known public exploit available.
Affected versions and CVEs
Browse every Apache Software Foundation Apache HTTP Server version named in a CVE, then pick one to see only the CVEs that affect it.
Common questions about Apache Software Foundation Apache HTTP Server vulnerabilities.
How many CVEs does Apache Software Foundation Apache HTTP Server have?
Apache Software Foundation Apache HTTP Server has 125 published CVE records since 2010.
How many Apache Software Foundation Apache HTTP Server CVEs are in CISA KEV?
Yes — 5 of Apache Software Foundation Apache HTTP Server's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
Are there public exploits for Apache Software Foundation Apache HTTP Server vulnerabilities?
Yes — 20 of Apache Software Foundation Apache HTTP Server's CVEs have a known public exploit.
Which versions of Apache Software Foundation Apache HTTP Server are affected?
124 distinct Apache Software Foundation Apache HTTP Server versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
What are the most common weakness types in Apache Software Foundation Apache HTTP Server CVEs?
Apache Software Foundation Apache HTTP Server's CVEs most often map to these CWE weakness types: CWE-476 (NULL Pointer Dereference), CWE-125 (Out-of-bounds Read), CWE-918 (Server-Side Request Forgery (SSRF)), CWE-122 (Heap-based Buffer Overflow).
How many critical Apache Software Foundation Apache HTTP Server vulnerabilities are there?
Apache Software Foundation Apache HTTP Server has 26 critical and 65 high-severity CVEs.
What is the average severity of Apache Software Foundation Apache HTTP Server CVEs?
The average CVSS base score across Apache Software Foundation Apache HTTP Server's scored CVEs is 7.5.