Org.apache.tomcat:tomcat

This hub aggregates every CVE we track for Org.apache.tomcat:tomcat, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Org.apache.tomcat:tomcat.

• CVE-2026-24733Apache Tomcat: Security constraint bypass with HTTP/0.96.5Feb 17, 2026
• CVE-2025-66614Apache Tomcat: Client certificate verification bypass due to virtual host mapping7.6Feb 17, 2026
• CVE-2025-61795Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS5.3Oct 27, 2025
• CVE-2025-55752Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled7.5Oct 27, 2025
• CVE-2025-55754Apache Tomcat: console manipulation via escape sequences in log messages9.6Oct 27, 2025
• CVE-2025-49124Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows8.4Jun 16, 2025
• CVE-2024-54677Apache Tomcat: DoS in examples web application5.3Dec 17, 2024
• CVE-2024-52318Apache Tomcat: Incorrect JSP tag recycling leads to XSS6.1Nov 18, 2024
• CVE-2023-45648Apache Tomcat: Trailer header parsing too lenient5.3Oct 10, 2023
• CVE-2023-42795Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests5.3Oct 10, 2023
• CVE-2023-41080Apache Tomcat: Open redirect with FORM authentication6.1Aug 25, 2023
• CVE-2021-43980Apache Tomcat: Information disclosure3.7Sep 28, 2022
• CVE-2022-34305XSS in examples web application6.1Jun 23, 2022
• CVE-2022-25762Response mix-up with WebSocket concurrent send and close8.6May 13, 2022
• CVE-2022-29885EncryptInterceptor does not provide complete protection on insecure networks7.5May 12, 2022