Launch Week Day 1: Announcing Security Design Review
Start for Free
maven

org.apache.tomcat:tomcat-catalina

View on maven registry
40 Total advisories
40 Vulnerabilities
0 Malware

Vulnerabilities

MEDIUM 5.3
Maven

CVE-2023-42795

Apache Tomcat Incomplete Cleanup vulnerability
MEDIUM 6.1
Maven

CVE-2023-41080

Apache Tomcat Open Redirect vulnerability
CRITICAL 9.1
Maven

CVE-2026-43515

Apache Tomcat - Security constraints not correctly applied
LOW 3.7
Maven

CVE-2026-43514

Apache Tomcat - AJP secret compared in non-constant time
MEDIUM 5.3
Maven

CVE-2024-54677

Apache Tomcat Uncontrolled Resource Consumption vulnerability
HIGH 7.0
Maven

CVE-2020-9484

Potential remote code execution in Apache Tomcat
CRITICAL 9.8
Maven

CVE-2026-41293

Apache Tomcat - HTTP/2 request headers not validated
HIGH 7.3
Maven

CVE-2026-42498

Apache Tomcat - WebSocket authentication header exposure
CRITICAL 9.8
Maven

CVE-2026-43512

Apache Tomcat - Digest authenticator will authenticate any unknown user
HIGH 7.5
Maven

CVE-2026-43513

Apache Tomcat: LockOutRealm treats user names as case-sensitive
HIGH 7.5
Maven

CVE-2026-41284

Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
HIGH 7.5
Maven

CVE-2025-55752

Apache Tomcat Vulnerable to Relative Path Traversal
CRITICAL 9.6
Maven

CVE-2025-55754

Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
MEDIUM 5.3
Maven

CVE-2025-61795

Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
HIGH 7.5
Maven

CVE-2026-34483

Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve
MEDIUM 6.1
Maven

CVE-2026-25854

Apache Tomcat has an Open Redirect vulnerability
HIGH 7.5
Maven

CVE-2026-34487

Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File
MEDIUM 4.3
Maven

CVE-2023-28708

Apache Tomcat vulnerable to Unprotected Transport of Credentials
UNKNOWN
Maven

CVE-2026-24733

Apache Tomcat - Security constraint bypass with HTTP/0.9
HIGH 7.5
Maven

CVE-2025-52520

Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits
UNKNOWN
Maven

CVE-2025-46701

Apache Tomcat - CGI security constraint bypass
HIGH 7.5
Maven

CVE-2023-46589

Apache Tomcat Improper Input Validation vulnerability
CRITICAL 9.8
Maven KEV

CVE-2025-24813

Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
UNKNOWN
Maven

CVE-2025-49125

Apache Tomcat - Security constraint bypass for pre/post-resources
UNKNOWN
Maven

CVE-2025-31651

Apache Tomcat Rewrite rule bypass
CRITICAL 9.8
Maven

CVE-2024-50379

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
UNKNOWN
Maven

CVE-2024-56337

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
HIGH 7.5
Maven

CVE-2025-48988

Apache Tomcat - DoS in multipart upload
MEDIUM 6.5
Maven

CVE-2025-55668

Apache Tomcat Session Fixation vulnerability
CRITICAL 9.8
Maven

CVE-2024-52316

Apache Tomcat - Authentication Bypass
UNKNOWN
Maven

CVE-2025-49124

Apache Tomcat installer for Windows has an untrusted search path vulnerability
HIGH 8.1
Maven KEV

CVE-2017-12617

Unrestricted Upload of File with Dangerous Type Apache Tomcat
CRITICAL 9.8
Maven KEV

CVE-2016-8735

Apache Tomcat Improper Access Control vulnerability
UNKNOWN
Maven

CVE-2014-0119

Missing XML Validation in Apache Tomcat
UNKNOWN
Maven

CVE-2014-0096

Improper Input Validation in Apache Tomcat
UNKNOWN
Maven

CVE-2012-5886

Improper Authentication in Apache Tomcat
HIGH 7.5
Maven

CVE-2022-45143

Apache Tomcat improperly escapes input from JsonErrorReportValve
CRITICAL 9.1
Maven

CVE-2017-5648

Exposure of Resource to Wrong Sphere in Apache Tomcat
HIGH 8.1
Maven

CVE-2016-5388

Improper Access Control in Apache Tomcat
HIGH 7.5
Maven

CVE-2017-12616

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes