org.apache.tomcat:tomcat vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-41284Highorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handlingCVE-2026-43512Criticalorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - Digest authenticator will authenticate any unknown userCVE-2026-43513Highorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat: LockOutRealm treats user names as case-sensitiveCVE-2026-43515Criticalorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - Security constraints not correctly appliedCVE-2026-43514Loworg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - AJP secret compared in non-constant timeCVE-2026-41293Criticalorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - HTTP/2 request headers not validatedCVE-2026-42498Highorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - WebSocket authentication header exposureCVE-2026-34486Highorg.apache.tomcat:tomcat: Apache Tomcat Missing Encryption of Sensitive Data vulnerabilityCVE-2026-34483Highorg.apache.tomcat:tomcat-catalina: Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValveCVE-2026-34487Highorg.apache.tomcat:tomcat: Apache Tomcat vulnerable to Insertion of Sensitive Information into Log FileCVE-2026-32990Mediumorg.apache.tomcat:tomcat: Apache Tomcat has an Improper Input Validation vulnerabilityCVE-2026-25854Mediumorg.apache.tomcat:tomcat-catalina: Apache Tomcat has an Open Redirect vulnerabilityCVE-2026-29129Highorg.apache.tomcat:tomcat: Apache Tomcat: Configured cipher preference order not preservedCVE-2026-29145Criticalorg.apache.tomcat:tomcat: Apache Tomcat: CLIENT_CERT authentication does not fail as expectedCVE-2026-29146Highorg.apache.tomcat:tomcat: Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptorCVE-2025-66614Mediumorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - Client certificate verification bypassCVE-2025-55754Loworg.apache.tomcat:tomcat: Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control SequencesCVE-2025-61795Loworg.apache.tomcat:tomcat: Apache Tomcat Vulnerable to Improper Resource Shutdown or ReleaseCVE-2025-55752Highorg.apache.tomcat:tomcat: Apache Tomcat Vulnerable to Relative Path TraversalCVE-2025-49124Mediumorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat installer for Windows has an untrusted search path vulnerabilityCVE-2024-54677Loworg.apache.tomcat:tomcat-catalina: Apache Tomcat Uncontrolled Resource Consumption vulnerabilityCVE-2024-52318Mediumorg.apache.tomcat:tomcat-jasper: Apache Tomcat - XSS in generated JSPsCVE-2023-45648Mediumorg.apache.tomcat:tomcat: Apache Tomcat Improper Input Validation vulnerabilityCVE-2023-42795Mediumorg.apache.tomcat:tomcat: Apache Tomcat Incomplete Cleanup vulnerabilityCVE-2023-41080Mediumorg.apache.tomcat:tomcat: Apache Tomcat Open Redirect vulnerability

Stop the waste.
Protect your environment with Kodem.