Synced 17 Jun 2026 22:27 UTC Account
← Apache Subversion

Apache Subversion vulnerabilities: known CVEs & security history

Apache · Version control · 48 tracked CVEs · 0 actively exploited · updated June 2026 · what is a CVE? →

This is the full list of known vulnerabilities (CVEs) across all Apache Subversion release lines — 48 in total. A CVE here doesn't mean your version is affected — check Apache Subversion's current status and the safe version to run.

48
known CVEs
0
actively exploited (KEV)
1
critical severity
0
ransomware-linked

Known Apache Subversion CVEs

Actively-exploited and most-severe first. Open any CVE for full details.

CVESeverityCVSSEPSSYear
CVE-2017-9800 critical 9.8 19% 2017
CVE-2013-4246 high 8.8 3% 2017
CVE-2015-5259 high 8.6 57% 2016
CVE-2024-45720 high 8.2 1% 2024
CVE-2015-0202 high 7.8 8% 2015
CVE-2013-2112 high 7.8 4% 2013
CVE-2015-5343 high 7.6 30% 2016
CVE-2022-24070 high 7.5 9% 2022
CVE-2020-17525 high 7.5 38% 2021
CVE-2019-0203 high 7.5 3% 2019
CVE-2018-11803 high 7.5 58% 2019
CVE-2013-2088 high 7.1 31% 2013
CVE-2016-2167 medium 6.8 7% 2016
CVE-2010-4539 medium 6.8 5% 2011
CVE-2004-0179 medium 6.8 11% 2004
CVE-2018-11782 medium 6.5 2% 2019
CVE-2016-8734 medium 6.5 6% 2017
CVE-2016-2168 medium 6.5 20% 2016
CVE-2010-3315 medium 6 4% 2010
CVE-2013-1968 medium 5.5 3% 2013
CVE-2015-3184 medium 5 11% 2015
CVE-2015-0248 medium 5 13% 2015
CVE-2014-8108 medium 5 10% 2014
CVE-2014-3580 medium 5 11% 2014
CVE-2013-1884 medium 5 51% 2013
CVE-2013-1847 medium 5 51% 2013
CVE-2011-1752 medium 5 8% 2011
CVE-2021-28544 medium 4.3 3% 2022
CVE-2014-0032 medium 4.3 11% 2014
CVE-2013-1849 medium 4.3 9% 2013
CVE-2011-1921 medium 4.3 6% 2011
CVE-2011-1783 medium 4.3 7% 2011
CVE-2011-0715 medium 4.3 6% 2011
CVE-2015-3187 medium 4 6% 2015
CVE-2015-0251 medium 4 8% 2015
CVE-2014-3528 medium 4 7% 2014
CVE-2014-3522 medium 4 6% 2014
CVE-2014-3504 medium 4 3% 2014
CVE-2013-4131 medium 4 4% 2013
CVE-2013-1846 medium 4 7% 2013
CVE-2013-4558 low 3.5 6% 2013
CVE-2010-4644 low 3.5 4% 2011
CVE-2013-4277 low 3.3 1% 2013
CVE-2024-46901 low 3.1 2% 2024
CVE-2013-4505 low 2.6 8% 2013
CVE-2013-7393 low 2.4 1% 2014
CVE-2013-4262 low 2.4 1% 2014
CVE-2013-1845 low 2.1 6% 2013

Is my Apache Subversion version affected?

The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.

Check your Apache Subversion version → · Monitor Apache Subversion for new CVEs →

Apache Subversion vulnerabilities — frequently asked

How many known vulnerabilities does Apache Subversion have?

IsItPatched tracks 48 CVEs for Apache Subversion. 1 is critical-severity and 11 high-severity. These span every release line — what matters is whether the version you run is affected.

Does Apache Subversion have any actively-exploited vulnerabilities?

None of Apache Subversion's tracked CVEs are currently in CISA's KEV catalog — but new ones can be added at any time, so keep your version current.

What is the most severe Apache Subversion vulnerability?

Among tracked issues, CVE-2017-9800 (CRITICAL, CVSS 9.8) ranks highest — a Improper input validation weakness.

Is Apache Subversion safe to use?

It depends on the version. The latest supported Apache Subversion release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.

CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Apache Subversion security status · Apache Subversion end-of-life · actively-exploited CVEs. Always verify against Apache's advisories — see our disclaimer.