Org.apache.tomcat:tomcat-coyote

This hub aggregates every CVE we track for Org.apache.tomcat:tomcat-coyote, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Org.apache.tomcat:tomcat-coyote.

• CVE-2025-66614Apache Tomcat: Client certificate verification bypass due to virtual host mapping7.6Feb 17, 2026
• CVE-2025-48989Apache Tomcat: h2 DoS - Made You Reset7.5Aug 13, 2025
• CVE-2025-53506Apache Tomcat: DoS via excessive h2 streams at connection start7.5Jul 10, 2025
• CVE-2025-31650Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame7.5Apr 28, 2025
• CVE-2024-52317Apache Tomcat: Request/response mix-up with HTTP/26.5Nov 18, 2024
• CVE-2024-34750Apache Tomcat: HTTP/2 excess header handling DoS7.5Jul 3, 2024
• CVE-2024-24549Apache Tomcat: HTTP/2 header handling DoS7.5Mar 13, 2024
• CVE-2024-21733Apache Tomcat: Leaking of unrelated request bodies in default error page5.3Jan 19, 2024
• CVE-2023-45648Apache Tomcat: Trailer header parsing too lenient5.3Oct 10, 2023
• CVE-2023-42794Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows5.9Oct 10, 2023
• CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5Oct 10, 2023
• CVE-2023-34981Apache Tomcat: AJP response header mix-up7.5Jun 21, 2023
• CVE-2023-28709Apache Tomcat: Fix for CVE-2023-24998 is incomplete7.5May 22, 2023
• CVE-2023-24998Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts7.5Feb 20, 2023
• CVE-2022-42252Apache Tomcat request smuggling via malformed content-length7.5Nov 1, 2022