Search for packages
| purl | pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-18h1-c684-yydc
Aliases: CVE-2024-50379 GHSA-5j33-cvvr-w245 |
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-3d52-ddu8-nkez
Aliases: CVE-2025-46701 GHSA-h2fw-rfh5-95r3 |
multiple issues |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-3d6k-npb8-f7ge
Aliases: CVE-2023-42795 GHSA-g8pj-r55q-5c2v |
Apache Tomcat Incomplete Cleanup vulnerability Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-5hsr-w1fn-c7bv
Aliases: CVE-2024-54677 GHSA-653p-vg55-5652 |
Apache Tomcat Uncontrolled Resource Consumption vulnerability Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-5vc8-3gs5-efhk
Aliases: CVE-2025-24813 GHSA-83qj-6fr2-vhqg |
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-7kak-h2zt-ukgn
Aliases: CVE-2023-46589 GHSA-fccv-jmmp-qg76 |
Apache Tomcat Improper Input Validation vulnerability Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82, and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11Â onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. |
Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-9bx2-1ba2-c7dj
Aliases: CVE-2023-28708 GHSA-2c9m-w27f-53rm |
Apache Tomcat vulnerable to Unprotected Transport of Credentials When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. |
Affected by 4 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-9mg7-cusq-kbbt
Aliases: CVE-2025-53506 GHSA-25xr-qj8w-c4vf |
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-9snt-d7yb-83b7
Aliases: CVE-2023-41080 GHSA-q3mw-pvr8-9ggc |
Apache Tomcat Open Redirect vulnerability URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. |
Affected by 5 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-ak7b-jcsv-4ubx
Aliases: CVE-2024-38286 GHSA-7jqf-v358-p8g7 |
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-c4d1-jsqh-hban
Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013 |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-d5rq-wcph-gffe
Aliases: CVE-2024-52316 GHSA-xcpr-7mr4-h4xq |
Apache Tomcat - Authentication Bypass Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue. |
Affected by 2 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-druk-81bq-mybq
Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c |
denial of service |
Affected by 5 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-dx2y-n8ga-6qdq
Aliases: CVE-2024-23672 GHSA-v682-8vv8-vpwr |
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-fbw1-94zt-ryb3
Aliases: CVE-2025-49125 GHSA-wc4r-xq3c-5cf3 |
multiple issues |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-fmff-4pym-u7fs
Aliases: CVE-2021-43980 GHSA-jx7c-7mj5-9438 |
Apache Tomcat Race Condition vulnerability The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. |
Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-grf2-1ks8-wugb
Aliases: CVE-2024-56337 GHSA-27hp-xhwr-wr2m |
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: - running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) - running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) - running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-gwas-ms8y-suak
Aliases: CVE-2025-48976 GHSA-vv7r-c36w-3prj |
multiple issues |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-jvrv-8jzr-afew
Aliases: CVE-2022-34305 GHSA-6j88-6whg-x687 |
Cross-site Scripting in Apache Tomcat In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. |
Affected by 2 other vulnerabilities. |
|
VCID-mmkq-71ct-wybk
Aliases: CVE-2023-45648 GHSA-r6j3-px5g-cq3x |
Apache Tomcat Improper Input Validation vulnerability Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-n712-mvdc-9kdx
Aliases: CVE-2024-24549 GHSA-7w75-32cg-r6g2 |
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-qbt4-8bfu-yqaj
Aliases: CVE-2022-29885 GHSA-r84p-88g2-2vx2 |
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. |
Affected by 2 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-rmr5-vpa4-9kgw
Aliases: CVE-2025-48988 GHSA-h3gc-qfqq-6h8f |
multiple issues |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-shm2-qc8d-f7ff
Aliases: CVE-2024-34750 GHSA-wm9w-rjj3-j356 |
Apache Tomcat - Denial of Service Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-sjrn-fud9-rfcj
Aliases: CVE-2022-23181 GHSA-9f3j-pm6f-9fm5 |
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. |
Affected by 2 other vulnerabilities. |
|
VCID-swc4-ypny-k3ar
Aliases: CVE-2025-31651 GHSA-ff77-26x5-69cr |
Apache Tomcat Rewrite rule bypass Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6, which fix the issue. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-t4a3-e7fn-73e3
Aliases: CVE-2022-45143 GHSA-rq2w-37h9-vg94 |
Apache Tomcat improperly escapes input from JsonErrorReportValve The `JsonErrorReportValve` in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 does not escape the `type`, `message` or `description` values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. |
Affected by 3 other vulnerabilities. |
|
VCID-uq2m-3tw8-eyhs
Aliases: CVE-2025-52520 GHSA-wr62-c79q-cv37 |
For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-vt2g-rgra-8bf1
Aliases: CVE-2021-42340 GHSA-wph7-x527-w3h5 |
denial of service |
Affected by 2 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-vtsj-tj34-83es
Aliases: CVE-2013-4286 GHSA-j448-j653-r3vj |
There are no reported fixed by versions. | |
|
VCID-zkyd-zu9g-mken
Aliases: CVE-2022-42252 GHSA-p22x-g9px-3945 |
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. |
Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-10T23:16:47.390507+00:00 | Apache Tomcat Importer | Affected by | VCID-9mg7-cusq-kbbt | https://tomcat.apache.org/security-10.html | 37.0.0 |
| 2025-07-10T23:16:47.361481+00:00 | Apache Tomcat Importer | Affected by | VCID-uq2m-3tw8-eyhs | https://tomcat.apache.org/security-10.html | 37.0.0 |
| 2025-07-03T18:05:42.313750+00:00 | GitLab Importer | Affected by | VCID-vt2g-rgra-8bf1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2021-42340.yml | 37.0.0 |
| 2025-07-03T16:53:40.298113+00:00 | GHSA Importer | Affected by | VCID-mmkq-71ct-wybk | https://github.com/advisories/GHSA-r6j3-px5g-cq3x | 37.0.0 |
| 2025-07-03T16:53:28.489203+00:00 | GHSA Importer | Affected by | VCID-9snt-d7yb-83b7 | https://github.com/advisories/GHSA-q3mw-pvr8-9ggc | 37.0.0 |
| 2025-07-03T16:52:30.672129+00:00 | GHSA Importer | Affected by | VCID-vt2g-rgra-8bf1 | https://github.com/advisories/GHSA-wph7-x527-w3h5 | 37.0.0 |
| 2025-07-03T14:33:53.640122+00:00 | Apache Tomcat Importer | Affected by | VCID-vtsj-tj34-83es | https://tomcat.apache.org/security-8.html | 37.0.0 |
| 2025-07-01T15:07:03.919602+00:00 | Apache Tomcat Importer | Affected by | VCID-vt2g-rgra-8bf1 | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.860231+00:00 | Apache Tomcat Importer | Affected by | VCID-sjrn-fud9-rfcj | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.795456+00:00 | Apache Tomcat Importer | Affected by | VCID-fmff-4pym-u7fs | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.737095+00:00 | Apache Tomcat Importer | Affected by | VCID-qbt4-8bfu-yqaj | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.675696+00:00 | Apache Tomcat Importer | Affected by | VCID-jvrv-8jzr-afew | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.586977+00:00 | Apache Tomcat Importer | Affected by | VCID-zkyd-zu9g-mken | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.555723+00:00 | Apache Tomcat Importer | Affected by | VCID-t4a3-e7fn-73e3 | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.518369+00:00 | Apache Tomcat Importer | Affected by | VCID-druk-81bq-mybq | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.487400+00:00 | Apache Tomcat Importer | Affected by | VCID-9bx2-1ba2-c7dj | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.401019+00:00 | Apache Tomcat Importer | Affected by | VCID-9snt-d7yb-83b7 | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.373370+00:00 | Apache Tomcat Importer | Affected by | VCID-3d6k-npb8-f7ge | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.344212+00:00 | Apache Tomcat Importer | Affected by | VCID-c4d1-jsqh-hban | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.316001+00:00 | Apache Tomcat Importer | Affected by | VCID-mmkq-71ct-wybk | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.286736+00:00 | Apache Tomcat Importer | Affected by | VCID-7kak-h2zt-ukgn | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.256295+00:00 | Apache Tomcat Importer | Affected by | VCID-n712-mvdc-9kdx | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.225618+00:00 | Apache Tomcat Importer | Affected by | VCID-dx2y-n8ga-6qdq | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.195324+00:00 | Apache Tomcat Importer | Affected by | VCID-ak7b-jcsv-4ubx | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.162602+00:00 | Apache Tomcat Importer | Affected by | VCID-shm2-qc8d-f7ff | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.131764+00:00 | Apache Tomcat Importer | Affected by | VCID-d5rq-wcph-gffe | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.045170+00:00 | Apache Tomcat Importer | Affected by | VCID-18h1-c684-yydc | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:03.015985+00:00 | Apache Tomcat Importer | Affected by | VCID-5hsr-w1fn-c7bv | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:02.975169+00:00 | Apache Tomcat Importer | Affected by | VCID-grf2-1ks8-wugb | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:02.946250+00:00 | Apache Tomcat Importer | Affected by | VCID-5vc8-3gs5-efhk | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:02.884382+00:00 | Apache Tomcat Importer | Affected by | VCID-swc4-ypny-k3ar | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:02.855066+00:00 | Apache Tomcat Importer | Affected by | VCID-3d52-ddu8-nkez | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:02.827089+00:00 | Apache Tomcat Importer | Affected by | VCID-gwas-ms8y-suak | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:02.797486+00:00 | Apache Tomcat Importer | Affected by | VCID-rmr5-vpa4-9kgw | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T15:07:02.737668+00:00 | Apache Tomcat Importer | Affected by | VCID-fbw1-94zt-ryb3 | https://tomcat.apache.org/security-10.html | 36.1.3 |
| 2025-07-01T14:33:43.022672+00:00 | GHSA Importer | Affected by | VCID-fmff-4pym-u7fs | https://github.com/advisories/GHSA-jx7c-7mj5-9438 | 36.1.3 |
| 2025-07-01T14:33:10.832011+00:00 | GHSA Importer | Affected by | VCID-jvrv-8jzr-afew | https://github.com/advisories/GHSA-6j88-6whg-x687 | 36.1.3 |
| 2025-07-01T14:31:56.746767+00:00 | GHSA Importer | Affected by | VCID-qbt4-8bfu-yqaj | https://github.com/advisories/GHSA-r84p-88g2-2vx2 | 36.1.3 |