Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@10.1.0-M16
purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M16
Next non-vulnerable version 10.1.16
Latest non-vulnerable version 11.0.10
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-jubv-tebw-3fgb
Aliases:
CVE-2022-34305
GHSA-6j88-6whg-x687
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
10.1.0-M17
Affected by 1 other vulnerability.
VCID-khwj-pqm5-rbc4
Aliases:
CVE-2021-42340
GHSA-wph7-x527-w3h5
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
10.1.1
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T10:04:32.387161+00:00 GitLab Importer Affected by VCID-khwj-pqm5-rbc4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2021-42340.yml 37.0.0
2025-07-31T12:34:33.249773+00:00 GHSA Importer Affected by VCID-jubv-tebw-3fgb https://github.com/advisories/GHSA-6j88-6whg-x687 37.0.0
2025-07-31T08:03:17.611875+00:00 Apache Tomcat Importer Affected by VCID-jubv-tebw-3fgb https://tomcat.apache.org/security-10.html 37.0.0