Search for packages
Package details: pkg:maven/org.apache.tomcat/tomcat@8.5.5
purl pkg:maven/org.apache.tomcat/tomcat@8.5.5
Next non-vulnerable version 9.0.83
Latest non-vulnerable version 11.0.10
Risk 10.0
Vulnerabilities affecting this package (35)
Vulnerability Summary Fixed by
VCID-1fkk-yntx-hyfd
Aliases:
CVE-2020-1938
GHSA-c9hw-wf7x-jp9j
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
8.5.51
Affected by 14 other vulnerabilities.
9.0.31
Affected by 13 other vulnerabilities.
VCID-2n65-91en-cqa8
Aliases:
CVE-2023-46589
GHSA-fccv-jmmp-qg76
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
8.5.96
Affected by 1 other vulnerability.
9.0.83
Affected by 0 other vulnerabilities.
10.1.16
Affected by 0 other vulnerabilities.
11.0.0-M11
Affected by 3 other vulnerabilities.
11.0.1
Affected by 3 other vulnerabilities.
VCID-3zw5-dkhq-s3gr
Aliases:
CVE-2019-10072
GHSA-q4hg-rmq2-52q9
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
8.5.41
Affected by 18 other vulnerabilities.
9.0.20
Affected by 18 other vulnerabilities.
VCID-52jg-1p2w-uqc9
Aliases:
CVE-2021-30640
GHSA-36qh-35cm-5w2w
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
8.5.65
Affected by 10 other vulnerabilities.
8.5.66
Affected by 10 other vulnerabilities.
9.0.45
Affected by 9 other vulnerabilities.
9.0.46
Affected by 9 other vulnerabilities.
10.0.5
Affected by 6 other vulnerabilities.
10.0.6
Affected by 6 other vulnerabilities.
VCID-53ea-3wyh-xfg7
Aliases:
CVE-2020-17527
GHSA-vvw4-rfwf-p6hx
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
8.5.60
Affected by 12 other vulnerabilities.
9.0.40
Affected by 11 other vulnerabilities.
10.0.0-M10
Affected by 1 other vulnerability.
10.0.2
Affected by 7 other vulnerabilities.
VCID-7b1n-ck2m-rbfu
Aliases:
CVE-2017-5647
GHSA-3gv7-3h64-78cm
8.5.13
Affected by 30 other vulnerabilities.
9.0.0.M19
Affected by 8 other vulnerabilities.
VCID-7m6d-m7rr-fbgj
Aliases:
CVE-2021-41079
GHSA-59g9-7gfx-c72p
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
8.5.64
Affected by 11 other vulnerabilities.
9.0.44
Affected by 10 other vulnerabilities.
10.0.4
Affected by 7 other vulnerabilities.
VCID-7n44-6sjn-kufk
Aliases:
CVE-2018-11784
GHSA-5q99-f34m-67gc
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
8.5.34
Affected by 21 other vulnerabilities.
9.0.12
Affected by 21 other vulnerabilities.
VCID-7nj6-9exh-5qgr
Aliases:
CVE-2022-42252
GHSA-p22x-g9px-3945
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
8.5.83
Affected by 4 other vulnerabilities.
9.0.68
Affected by 3 other vulnerabilities.
10.0.27
Affected by 1 other vulnerability.
10.1.1
Affected by 3 other vulnerabilities.
VCID-7rmu-m65z-mfcm
Aliases:
CVE-2019-0232
GHSA-8vmx-qmch-mpqg
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
8.5.40
Affected by 19 other vulnerabilities.
9.0.19
Affected by 19 other vulnerabilities.
VCID-8m28-utzk-x7gj
Aliases:
CVE-2022-25762
GHSA-h3ch-5pp2-vh6w
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.
8.5.75
Affected by 8 other vulnerabilities.
8.5.76
Affected by 7 other vulnerabilities.
9.0.20
Affected by 18 other vulnerabilities.
9.0.21
Affected by 17 other vulnerabilities.
VCID-97nc-3edh-9qdx
Aliases:
CVE-2019-0221
GHSA-jjpq-gp5q-8q6w
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
8.5.40
Affected by 19 other vulnerabilities.
9.0.19
Affected by 19 other vulnerabilities.
VCID-anxt-ts7w-wye1
Aliases:
CVE-2019-17563
GHSA-9xcj-c8cr-8c3c
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
8.5.50
Affected by 18 other vulnerabilities.
9.0.30
Affected by 17 other vulnerabilities.
VCID-ay1a-2g1h-hkau
Aliases:
CVE-2020-1745
GHSA-gv2w-88hx-8m9r
Improper Authorization in Undertoe A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.
8.5.51
Affected by 14 other vulnerabilities.
9.0.31
Affected by 13 other vulnerabilities.
VCID-aycw-nzkw-buhj
Aliases:
CVE-2019-12418
GHSA-hh3j-x4mc-g48r
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.
8.5.49
Affected by 18 other vulnerabilities.
9.0.29
Affected by 17 other vulnerabilities.
VCID-dzsr-5hq1-47fd
Aliases:
CVE-2017-5651
GHSA-9hg2-395j-83rm
8.5.13
Affected by 30 other vulnerabilities.
9.0.0.M19
Affected by 8 other vulnerabilities.
VCID-ee8x-kzqv-b3ht
Aliases:
CVE-2020-11996
GHSA-53hp-jpwq-2jgq
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.
8.5.55
Affected by 15 other vulnerabilities.
8.5.56
Affected by 15 other vulnerabilities.
9.0.35
Affected by 13 other vulnerabilities.
9.0.36
Affected by 13 other vulnerabilities.
10.0.0-M5
Affected by 4 other vulnerabilities.
10.0.0-M6
Affected by 3 other vulnerabilities.
VCID-j52h-jxrq-43g1
Aliases:
CVE-2016-6816
GHSA-jc7p-5r39-9477
8.5.8
Affected by 36 other vulnerabilities.
9.0.0.M12
Affected by 0 other vulnerabilities.
9.0.0.M13
Affected by 14 other vulnerabilities.
VCID-j8tv-cs47-93h9
Aliases:
CVE-2018-8014
GHSA-r4x2-3cq5-hqvp
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
8.5.32
Affected by 22 other vulnerabilities.
9.0.9
Affected by 2 other vulnerabilities.
9.0.10
Affected by 22 other vulnerabilities.
VCID-ks1b-8a8q-bker
Aliases:
CVE-2018-8034
GHSA-46j3-r4pj-4835
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
8.5.32
Affected by 22 other vulnerabilities.
9.0.10
Affected by 22 other vulnerabilities.
VCID-kuap-mmfh-jyhr
Aliases:
CVE-2016-8735
GHSA-cw54-59pw-4g8c
8.5.7
Affected by 2 other vulnerabilities.
8.5.8
Affected by 36 other vulnerabilities.
9.0.0.M12
Affected by 0 other vulnerabilities.
9.0.0.M13
Affected by 14 other vulnerabilities.
VCID-mx9m-1qg7-67gh
Aliases:
CVE-2021-43980
GHSA-jx7c-7mj5-9438
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
8.5.78
Affected by 6 other vulnerabilities.
9.0.62
Affected by 6 other vulnerabilities.
10.0.20
Affected by 4 other vulnerabilities.
10.1.0-M14
Affected by 2 other vulnerabilities.
10.1.1
Affected by 3 other vulnerabilities.
VCID-nq3y-spqj-qyca
Aliases:
CVE-2018-1305
GHSA-jx6h-3fjx-cgv5
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.
8.5.28
Affected by 26 other vulnerabilities.
9.0.5
Affected by 26 other vulnerabilities.
VCID-r5jp-6b4w-rffw
Aliases:
CVE-2023-41080
GHSA-q3mw-pvr8-9ggc
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.
8.5.93
Affected by 6 other vulnerabilities.
9.0.80
Affected by 5 other vulnerabilities.
10.1.13
Affected by 4 other vulnerabilities.
11.0.0-M11
Affected by 3 other vulnerabilities.
11.0.1
Affected by 3 other vulnerabilities.
VCID-s2yw-ayf9-gfgp
Aliases:
CVE-2017-5648
GHSA-3vx3-xf6q-r5xp
8.5.12
Affected by 34 other vulnerabilities.
8.5.13
Affected by 30 other vulnerabilities.
9.0.0.M18
Affected by 11 other vulnerabilities.
VCID-s87f-pf8e-yqcz
Aliases:
CVE-2021-24122
GHSA-2rvv-w9r2-rg7m
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.
8.5.60
Affected by 12 other vulnerabilities.
9.0.40
Affected by 11 other vulnerabilities.
10.0.0-M10
Affected by 1 other vulnerability.
VCID-snze-gjzq-dudy
Aliases:
CVE-2017-7674
GHSA-73rx-3f9r-x949
8.5.16
Affected by 28 other vulnerabilities.
9.0.0.M22
Affected by 7 other vulnerabilities.
9.0.1
Affected by 29 other vulnerabilities.
VCID-t538-646q-pqf4
Aliases:
CVE-2018-1336
GHSA-m59c-jpc8-m2x4
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
8.5.31
Affected by 25 other vulnerabilities.
9.0.8
Affected by 25 other vulnerabilities.
VCID-ta6y-kc43-e3ap
Aliases:
CVE-2017-7675
GHSA-68g5-8q7f-m384
8.5.16
Affected by 28 other vulnerabilities.
9.0.0.M22
Affected by 7 other vulnerabilities.
VCID-uy2u-497k-y7fh
Aliases:
CVE-2017-5664
GHSA-jmvv-524f-hj5j
8.5.15
Affected by 29 other vulnerabilities.
9.0.0.M21
Affected by 8 other vulnerabilities.
VCID-wqne-fp1b-5bb2
Aliases:
CVE-2017-5650
GHSA-9785-w233-x6hv
8.5.13
Affected by 30 other vulnerabilities.
9.0.0.M19
Affected by 8 other vulnerabilities.
VCID-x36b-25k2-ckcx
Aliases:
CVE-2020-1935
GHSA-qxf4-chvg-4r8r
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
8.5.51
Affected by 14 other vulnerabilities.
9.0.31
Affected by 13 other vulnerabilities.
VCID-xu7t-p6w1-4ycd
Aliases:
CVE-2018-1304
GHSA-6rxj-58jh-436r
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.
8.5.28
Affected by 26 other vulnerabilities.
9.0.5
Affected by 26 other vulnerabilities.
VCID-znaw-aejz-u7ba
Aliases:
CVE-2019-0199
GHSA-qcxh-w3j9-58qr
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
8.5.38
Affected by 21 other vulnerabilities.
9.0.16
Affected by 21 other vulnerabilities.
VCID-zwc5-6mks-4ked
Aliases:
CVE-2018-8037
GHSA-6v52-mj5r-7j2m
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.
8.5.32
Affected by 22 other vulnerabilities.
9.0.10
Affected by 22 other vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-c5rh-arx1-dfbj CVE-2016-5018
GHSA-4v3g-g84w-hv7r
VCID-cyky-7kzu-nba5 CVE-2016-0762
GHSA-wxcp-f2c8-x6xv
VCID-dd8q-m5rh-fuhw CVE-2016-6794
GHSA-2rvf-329f-p99g
VCID-ufdf-fh63-7ye7 CVE-2016-6796
GHSA-3mjp-p938-4329
VCID-zga5-ukcv-7khq CVE-2016-6797
GHSA-q6x7-f33r-3wxx

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T11:26:43.790318+00:00 GitLab Importer Affected by VCID-2n65-91en-cqa8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-46589.yml 37.0.0
2025-08-01T11:18:24.366545+00:00 GitLab Importer Affected by VCID-r5jp-6b4w-rffw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2023-41080.yml 37.0.0
2025-08-01T10:52:42.857669+00:00 GitLab Importer Affected by VCID-7nj6-9exh-5qgr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2022-42252.yml 37.0.0
2025-08-01T10:48:53.690242+00:00 GitLab Importer Affected by VCID-mx9m-1qg7-67gh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2021-43980.yml 37.0.0
2025-08-01T10:28:05.387977+00:00 GitLab Importer Affected by VCID-ta6y-kc43-e3ap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2017-7675.yml 37.0.0
2025-08-01T10:27:48.995539+00:00 GitLab Importer Affected by VCID-8m28-utzk-x7gj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2022-25762.yml 37.0.0
2025-08-01T10:26:57.614441+00:00 GitLab Importer Affected by VCID-7b1n-ck2m-rbfu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2017-5647.yml 37.0.0
2025-08-01T10:25:46.407086+00:00 GitLab Importer Affected by VCID-s2yw-ayf9-gfgp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2017-5648.yml 37.0.0
2025-08-01T10:25:44.534516+00:00 GitLab Importer Affected by VCID-wqne-fp1b-5bb2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2017-5650.yml 37.0.0
2025-08-01T10:24:26.577868+00:00 GitLab Importer Affected by VCID-j52h-jxrq-43g1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2016-6816.yml 37.0.0
2025-08-01T10:24:21.618319+00:00 GitLab Importer Affected by VCID-uy2u-497k-y7fh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2017-5664.yml 37.0.0
2025-08-01T10:23:48.995021+00:00 GitLab Importer Affected by VCID-dzsr-5hq1-47fd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2017-5651.yml 37.0.0
2025-08-01T10:22:57.236042+00:00 GitLab Importer Affected by VCID-kuap-mmfh-jyhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2016-8735.yml 37.0.0
2025-08-01T10:12:41.046381+00:00 GitLab Importer Affected by VCID-ee8x-kzqv-b3ht https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2020-11996.yml 37.0.0
2025-08-01T10:03:15.937518+00:00 GitLab Importer Affected by VCID-7m6d-m7rr-fbgj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2021-41079.yml 37.0.0
2025-08-01T09:59:11.983545+00:00 GitLab Importer Affected by VCID-52jg-1p2w-uqc9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2021-30640.yml 37.0.0
2025-08-01T09:47:03.258086+00:00 GitLab Importer Affected by VCID-s87f-pf8e-yqcz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2021-24122.yml 37.0.0
2025-08-01T09:45:50.714783+00:00 GitLab Importer Affected by VCID-53ea-3wyh-xfg7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2020-17527.yml 37.0.0
2025-08-01T09:31:40.958774+00:00 GitLab Importer Affected by VCID-ay1a-2g1h-hkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2020-1745.yml 37.0.0
2025-08-01T09:29:23.220938+00:00 GitLab Importer Affected by VCID-x36b-25k2-ckcx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2020-1935.yml 37.0.0
2025-08-01T09:29:22.580555+00:00 GitLab Importer Affected by VCID-1fkk-yntx-hyfd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2020-1938.yml 37.0.0
2025-08-01T09:27:48.795217+00:00 GitLab Importer Affected by VCID-aycw-nzkw-buhj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2019-12418.yml 37.0.0
2025-08-01T09:27:48.115026+00:00 GitLab Importer Affected by VCID-anxt-ts7w-wye1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2019-17563.yml 37.0.0
2025-08-01T09:23:23.047437+00:00 GitLab Importer Affected by VCID-3zw5-dkhq-s3gr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2019-10072.yml 37.0.0
2025-08-01T09:22:19.527238+00:00 GitLab Importer Affected by VCID-97nc-3edh-9qdx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2019-0221.yml 37.0.0
2025-08-01T09:21:07.414712+00:00 GitLab Importer Affected by VCID-7rmu-m65z-mfcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2019-0232.yml 37.0.0
2025-08-01T09:21:02.119984+00:00 GitLab Importer Affected by VCID-znaw-aejz-u7ba https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2019-0199.yml 37.0.0
2025-08-01T09:14:47.195802+00:00 GitLab Importer Affected by VCID-7n44-6sjn-kufk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-11784.yml 37.0.0
2025-08-01T09:13:38.209078+00:00 GitLab Importer Affected by VCID-t538-646q-pqf4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1336.yml 37.0.0
2025-08-01T09:13:37.352093+00:00 GitLab Importer Affected by VCID-ks1b-8a8q-bker https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-8034.yml 37.0.0
2025-08-01T09:07:53.311840+00:00 GitLab Importer Affected by VCID-j8tv-cs47-93h9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-8014.yml 37.0.0
2025-08-01T09:06:35.001060+00:00 GitLab Importer Affected by VCID-xu7t-p6w1-4ycd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1304.yml 37.0.0
2025-08-01T09:06:29.158500+00:00 GitLab Importer Affected by VCID-nq3y-spqj-qyca https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-1305.yml 37.0.0
2025-08-01T09:01:29.608831+00:00 GitLab Importer Affected by VCID-snze-gjzq-dudy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2017-7674.yml 37.0.0
2025-07-31T12:32:25.197077+00:00 GHSA Importer Fixing VCID-ufdf-fh63-7ye7 https://github.com/advisories/GHSA-3mjp-p938-4329 37.0.0
2025-07-31T12:32:24.861606+00:00 GHSA Importer Fixing VCID-dd8q-m5rh-fuhw https://github.com/advisories/GHSA-2rvf-329f-p99g 37.0.0
2025-07-31T12:32:23.685362+00:00 GHSA Importer Fixing VCID-zga5-ukcv-7khq https://github.com/advisories/GHSA-q6x7-f33r-3wxx 37.0.0
2025-07-31T12:32:22.750257+00:00 GHSA Importer Fixing VCID-cyky-7kzu-nba5 https://github.com/advisories/GHSA-wxcp-f2c8-x6xv 37.0.0
2025-07-31T09:27:37.782249+00:00 GitLab Importer Fixing VCID-ufdf-fh63-7ye7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2016-6796.yml 37.0.0
2025-07-31T09:27:36.899451+00:00 GitLab Importer Fixing VCID-zga5-ukcv-7khq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2016-6797.yml 37.0.0
2025-07-31T09:27:15.631649+00:00 GitLab Importer Fixing VCID-cyky-7kzu-nba5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2016-0762.yml 37.0.0
2025-07-31T09:27:03.252395+00:00 GitLab Importer Fixing VCID-dd8q-m5rh-fuhw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2016-6794.yml 37.0.0
2025-07-31T09:23:08.224029+00:00 GitLab Importer Affected by VCID-zwc5-6mks-4ked https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat/tomcat/CVE-2018-8037.yml 37.0.0
2025-07-31T09:14:58.981015+00:00 GithubOSV Importer Fixing VCID-dd8q-m5rh-fuhw https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2rvf-329f-p99g/GHSA-2rvf-329f-p99g.json 37.0.0
2025-07-31T09:14:37.178722+00:00 GithubOSV Importer Fixing VCID-zga5-ukcv-7khq https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q6x7-f33r-3wxx/GHSA-q6x7-f33r-3wxx.json 37.0.0
2025-07-31T09:13:52.105334+00:00 GithubOSV Importer Fixing VCID-cyky-7kzu-nba5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wxcp-f2c8-x6xv/GHSA-wxcp-f2c8-x6xv.json 37.0.0
2025-07-31T09:09:31.724388+00:00 GithubOSV Importer Fixing VCID-ufdf-fh63-7ye7 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3mjp-p938-4329/GHSA-3mjp-p938-4329.json 37.0.0
2025-07-31T08:03:23.824184+00:00 Apache Tomcat Importer Fixing VCID-cyky-7kzu-nba5 https://tomcat.apache.org/security-8.html 37.0.0
2025-07-31T08:03:23.759169+00:00 Apache Tomcat Importer Fixing VCID-c5rh-arx1-dfbj https://tomcat.apache.org/security-8.html 37.0.0
2025-07-31T08:03:23.685523+00:00 Apache Tomcat Importer Fixing VCID-dd8q-m5rh-fuhw https://tomcat.apache.org/security-8.html 37.0.0
2025-07-31T08:03:23.625753+00:00 Apache Tomcat Importer Fixing VCID-ufdf-fh63-7ye7 https://tomcat.apache.org/security-8.html 37.0.0
2025-07-31T08:03:23.551932+00:00 Apache Tomcat Importer Fixing VCID-zga5-ukcv-7khq https://tomcat.apache.org/security-8.html 37.0.0
2025-07-31T08:03:22.579252+00:00 Apache Tomcat Importer Affected by VCID-zwc5-6mks-4ked https://tomcat.apache.org/security-8.html 37.0.0