Apache
Security Scorecard
Score
13F
Total CVEs
1,018
Patch Rate
12%
126 patched
Avg Response
521d
days to patch
Critical Gaps
20
exploitable, no detection
Severity Breakdown
Critical10
High57
Medium98
Low0
Patch Status
Patched126 (12%)
Partial/Workaround2 (0%)
Unpatched890 (87%)
CVEs (1,028)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2026-23881 | Kyverno Policy Engine Denial of Service | High | 7.7 | - | Patched |
| CVE-2020-36956 | Openfire XSS Vulnerability | Medium | 6.4 | - | Patched |
| CVE-2025-27821 | HDFS Native Client Vulnerability | High | 7.3 | - | Patched |
| CVE-2025-14969 | Hibernate Reactive Denial of Service | Medium | 4.3 | - | Patched |
| CVE-2026-0603 | Hibernate SQL Injection Flaw | High | 8.3 | - | Patched |
| CVE-2025-69820 | Beam Directory Traversal | Medium | 6.0 | 0d | Unpatched |
| CVE-2026-22445 | Apimo Connector Plugin Vulnerability | Medium | 5.3 | - | Patched |
| CVE-2026-22022 | Apache Solr Rule-Based Authorization Plugin Vulnerability | High | 8.2 | - | Patched |
| CVE-2026-22444 | Apache Solr Core API Bypass | High | 7.1 | - | Patched |
| CVE-2026-21663 | Revive Adserver XSS Vulnerability | Medium | 6.1 | - | Patched |