org.apache.tomcat:tomcat-catalina vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-41284Highorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handlingCVE-2026-43512Criticalorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - Digest authenticator will authenticate any unknown userCVE-2026-43513Highorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat: LockOutRealm treats user names as case-sensitiveCVE-2026-43515Criticalorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - Security constraints not correctly appliedCVE-2026-43514Loworg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - AJP secret compared in non-constant timeCVE-2026-41293Criticalorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - HTTP/2 request headers not validatedCVE-2026-42498Highorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - WebSocket authentication header exposureCVE-2026-34483Highorg.apache.tomcat:tomcat-catalina: Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValveCVE-2026-25854Mediumorg.apache.tomcat:tomcat-catalina: Apache Tomcat has an Open Redirect vulnerabilityCVE-2025-55754Loworg.apache.tomcat:tomcat: Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control SequencesCVE-2025-61795Loworg.apache.tomcat:tomcat: Apache Tomcat Vulnerable to Improper Resource Shutdown or ReleaseCVE-2025-55752Highorg.apache.tomcat:tomcat: Apache Tomcat Vulnerable to Relative Path TraversalCVE-2025-55668Mediumorg.apache.tomcat:tomcat-catalina: Apache Tomcat Session Fixation vulnerabilityCVE-2025-52520Highorg.apache.tomcat:tomcat-catalina: Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limitsCVE-2025-49124Mediumorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat installer for Windows has an untrusted search path vulnerabilityCVE-2025-49125Mediumorg.apache.tomcat:tomcat-catalina: Apache Tomcat - Security constraint bypass for pre/post-resourcesCVE-2025-48988Highorg.apache.tomcat:tomcat-catalina: Apache Tomcat - DoS in multipart uploadCVE-2025-46701Loworg.apache.tomcat:tomcat-catalina: Apache Tomcat - CGI security constraint bypassCVE-2025-31651Loworg.apache.tomcat:tomcat-catalina: Apache Tomcat Rewrite rule bypassCVE-2025-24813Criticalorg.apache.tomcat:tomcat-catalina: Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with…CVE-2024-56337Highorg.apache.tomcat:tomcat-catalina: Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabilityCVE-2024-54677Loworg.apache.tomcat:tomcat-catalina: Apache Tomcat Uncontrolled Resource Consumption vulnerabilityCVE-2024-50379Highorg.apache.tomcat:tomcat-catalina: Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabilityCVE-2024-52316Criticalorg.apache.tomcat:tomcat-catalina: Apache Tomcat - Authentication BypassCVE-2023-46589Highorg.apache.tomcat:tomcat-catalina: Apache Tomcat Improper Input Validation vulnerability

Stop the waste.
Protect your environment with Kodem.