Org.apache.tomcat:tomcat-catalina

This hub aggregates every CVE we track for Org.apache.tomcat:tomcat-catalina, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Org.apache.tomcat:tomcat-catalina.

• CVE-2026-24733Apache Tomcat: Security constraint bypass with HTTP/0.96.5Feb 17, 2026
• CVE-2025-61795Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS5.3Oct 27, 2025
• CVE-2025-55752Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled7.5Oct 27, 2025
• CVE-2025-55754Apache Tomcat: console manipulation via escape sequences in log messages9.6Oct 27, 2025
• CVE-2025-55668Apache Tomcat: session fixation via rewrite valve6.5Aug 13, 2025
• CVE-2025-52520Apache Tomcat: DoS via integer overflow in multipart file upload7.5Jul 10, 2025
• CVE-2025-49124Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows8.4Jun 16, 2025
• CVE-2025-49125Apache Tomcat: Security constraint bypass for pre/post-resources7.5Jun 16, 2025
• CVE-2025-48988Apache Tomcat: FileUpload large number of parts with headers DoS7.5Jun 16, 2025
• CVE-2025-46701Apache Tomcat: Security constraint bypass for CGI scripts7.3May 29, 2025
• CVE-2025-31651Apache Tomcat: Bypass of rules in Rewrite Valve9.8Apr 28, 2025
• CVE-2025-24813Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUTKEV9.8Mar 10, 2025
• CVE-2024-56337Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete9.8Dec 20, 2024
• CVE-2024-54677Apache Tomcat: DoS in examples web application5.3Dec 17, 2024
• CVE-2024-50379Apache Tomcat: RCE due to TOCTOU issue in JSP compilation9.8Dec 17, 2024