Launch Week Day 1: Announcing Security Design Review
Start for Free
maven

org.apache.tomcat.embed:tomcat-embed-core

View on maven registry
73 Total advisories
73 Vulnerabilities
0 Malware

Vulnerabilities

MEDIUM 5.3
Maven

CVE-2023-45648

Apache Tomcat Improper Input Validation vulnerability
MEDIUM 5.3
Maven

CVE-2023-42795

Apache Tomcat Incomplete Cleanup vulnerability
CRITICAL 9.1
Maven

CVE-2025-66614

Apache Tomcat - Client certificate verification bypass
HIGH 7.5
Maven

CVE-2020-11996

Uncontrolled Resource Consumption in Apache Tomcat
MEDIUM 6.1
Maven

CVE-2023-41080

Apache Tomcat Open Redirect vulnerability
HIGH 7.5
Maven

CVE-2021-25122

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CRITICAL 9.1
Maven

CVE-2026-43515

Apache Tomcat - Security constraints not correctly applied
LOW 3.7
Maven

CVE-2026-43514

Apache Tomcat - AJP secret compared in non-constant time
HIGH 7.5
Maven

CVE-2026-29129

Apache Tomcat: Configured cipher preference order not preserved
HIGH 7.5
Maven

CVE-2026-24880

Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
HIGH 7.0
Maven

CVE-2020-9484

Potential remote code execution in Apache Tomcat
HIGH 7.5
Maven

CVE-2019-0199

Apache Tomcat Denial of Service vulnerability
MEDIUM 5.3
SwiftURL KEV

CVE-2023-44487

HTTP/2 Stream Cancellation Attack
CRITICAL 9.8
Maven

CVE-2026-41293

Apache Tomcat - HTTP/2 request headers not validated
HIGH 7.3
Maven

CVE-2026-42498

Apache Tomcat - WebSocket authentication header exposure
CRITICAL 9.8
Maven

CVE-2026-43512

Apache Tomcat - Digest authenticator will authenticate any unknown user
HIGH 7.5
Maven

CVE-2026-43513

Apache Tomcat: LockOutRealm treats user names as case-sensitive
HIGH 7.5
Maven

CVE-2026-41284

Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
MEDIUM 4.8
Maven

CVE-2020-1935

Potential HTTP request smuggling in Apache Tomcat
CRITICAL 9.8
Maven KEV

CVE-2020-1938

Improper Privilege Management in Tomcat
HIGH 7.5
Maven

CVE-2025-55752

Apache Tomcat Vulnerable to Relative Path Traversal
HIGH 7.5
Maven

CVE-2025-48989

Apache Tomcat Improper Resource Shutdown or Release vulnerability
CRITICAL 9.6
Maven

CVE-2025-55754

Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
MEDIUM 5.3
Maven

CVE-2025-61795

Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
HIGH 7.5
Maven

CVE-2026-34483

Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve
MEDIUM 6.1
Maven

CVE-2026-25854

Apache Tomcat has an Open Redirect vulnerability
MEDIUM 5.3
Maven

CVE-2026-32990

Apache Tomcat has an Improper Input Validation vulnerability
HIGH 7.5
Maven

CVE-2026-34487

Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File
HIGH 7.5
Maven

CVE-2023-28709

Apache Tomcat - Fix for CVE-2023-24998 was incomplete
HIGH 7.5
Maven

CVE-2026-24734

Apache Tomcat has an Improper Input Validation vulnerability
UNKNOWN
Maven

CVE-2026-24733

Apache Tomcat - Security constraint bypass with HTTP/0.9
HIGH 7.5
Maven

CVE-2025-52520

Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits
HIGH 7.5
Maven

CVE-2025-53506

Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams
HIGH 7.0
Maven

CVE-2021-25329

Potential remote code execution in Apache Tomcat
HIGH 7.0
Maven

CVE-2019-12418

Insufficiently Protected Credentials in Apache Tomcat
UNKNOWN
Maven

CVE-2025-46701

Apache Tomcat - CGI security constraint bypass
HIGH 7.5
Maven

CVE-2023-46589

Apache Tomcat Improper Input Validation vulnerability
HIGH 7.5
Maven

CVE-2019-17563

In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack
CRITICAL 9.8
Maven KEV

CVE-2025-24813

Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
UNKNOWN
Maven

CVE-2025-49125

Apache Tomcat - Security constraint bypass for pre/post-resources
UNKNOWN
Maven

CVE-2025-31651

Apache Tomcat Rewrite rule bypass
CRITICAL 9.8
Maven

CVE-2024-50379

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
HIGH 7.5
Maven

CVE-2024-24549

Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
UNKNOWN
Maven

CVE-2024-56337

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
HIGH 7.5
Maven

CVE-2025-48988

Apache Tomcat - DoS in multipart upload
UNKNOWN
Maven

CVE-2025-31650

Apache Tomcat Denial of Service via invalid HTTP priority header
MEDIUM 5.9
Maven

CVE-2021-24122

Information Disclosure in Apache Tomcat
HIGH 7.5
Maven

CVE-2024-34750

Apache Tomcat - Denial of Service
HIGH 7.5
Maven

CVE-2023-24998

Apache Commons FileUpload denial of service vulnerability
MEDIUM 5.3
Maven

CVE-2024-21733

Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
UNKNOWN
Maven

CVE-2025-49124

Apache Tomcat installer for Windows has an untrusted search path vulnerability
HIGH 8.1
Maven KEV

CVE-2017-12615

When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
HIGH 8.1
Maven KEV

CVE-2017-12617

Unrestricted Upload of File with Dangerous Type Apache Tomcat
UNKNOWN
Maven

CVE-2008-1947

Apache Tomcat Cross-site scripting (XSS) vulnerability
MEDIUM 6.5
Maven

CVE-2024-52317

Apache Tomcat Request and/or response mix-up
UNKNOWN
Maven

GHSA-r53m-pfr5-7v87

Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core
MEDIUM 6.5
Maven

CVE-2018-1305

Apache Tomcat information exposure vulnerability
MEDIUM 5.9
Maven

CVE-2018-1304

Apache Tomcat unauthorized access vulnerability
UNKNOWN
Maven

CVE-2014-0095

Denial of service in Apache Tomcat
HIGH 7.5
Maven

CVE-2018-8034

The host name verification missing in Apache Tomcat
HIGH 7.5
Maven

CVE-2023-34981

Apache Tomcat vulnerable to information leak
HIGH 7.5
Maven

CVE-2022-45143

Apache Tomcat improperly escapes input from JsonErrorReportValve
HIGH 7.5
Maven

CVE-2022-42252

Apache Tomcat may reject request containing invalid Content-Length header
CRITICAL 9.8
Maven

CVE-2017-5651

Expected Behavior Violation in Apache Tomcat
CRITICAL 9.1
Maven

CVE-2017-5648

Exposure of Resource to Wrong Sphere in Apache Tomcat
HIGH 8.1
Maven

CVE-2019-0232

Apache Tomcat OS Command Injection vulnerability
HIGH 7.5
Maven

CVE-2018-1336

In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder

CRITICAL 9.8
Maven

CVE-2018-8014

The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
HIGH 7.5
Maven

CVE-2019-10072

Improper Locking in Apache Tomcat
MEDIUM 6.1
Maven

CVE-2019-0221

Cross-site scripting in Apache Tomcat
MEDIUM 5.9
Maven

CVE-2018-8037

Apache Tomcat Race Condition vulnerability
MEDIUM 4.3
Maven

CVE-2018-11784

Apache Tomcat Open Redirect vulnerability
MEDIUM 4.8
Maven

CVE-2019-17569

Potential HTTP request smuggling in Apache Tomcat

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes