org.apache.activemq:activemq-client (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.activemq:activemq-client, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2014-3600 — CVSS 9.8 (critical): XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors…
CVE-2015-5254 — CVSS 9.8 (critical): Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to…
CVE-2026-39304 — CVSS 7.5 (high): Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL…
CVE-2014-3576 — CVSS 7.5 (high): The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a…
CVE-2019-0222 — CVSS 7.5 (high): In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
CVE-2025-27533 — CVSS 7.5 (high): Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of…
CVE-2018-11775 — CVSS 7.4 (high): TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM…
CVE-2013-3060 — CVSS 6.4 (medium): The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive…
CVE-2016-0734 — CVSS 6.1 (medium): The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it…
CVE-2016-6810 — CVSS 6.1 (medium): In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based…
CVE-2016-0782 — CVSS 5.4 (medium): The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote…
CVE-2015-1830 — CVSS 5.0 (medium): Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2…
CVE-2013-1879 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary…
CVE-2026-33227 — CVSS 4.3 (medium): Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache…
CVE-2014-8110 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow…
CVE-2015-7559 — CVSS 2.7 (low): It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker…