I Use This!
Very High Activity
Analyzed about 18 hours ago. based on code collected 1 day ago.

Project Summary

The Apache Tomcat software is an open source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies.

Tags

apache http http_server java jsp servlet web web_services

Apache License 2.0
Permitted

Commercial Use

Modify

Distribute

Place Warranty

Sub-License

Private Use

Use Patent Claims

Forbidden

Hold Liable

Use Trademarks

Required

Include Copyright

State Changes

Include License

Include Notice

These details are provided for information only. No information here is legal advice and should not be used as such.

Project Security

Vulnerabilities per Version ( last 10 releases )

Project Vulnerability Report

Security Confidence Index

Poor security track-record
Favorable security track-record

Vulnerability Exposure Index

Many reported vulnerabilities
Few reported vulnerabilities

Did You Know...

  • ...
    use of OSS increased in 65% of companies in 2016
  • ...
    compare projects before you chose one to use
  • ...
    nearly 1 in 3 companies have no process for identifying, tracking, or remediating known open source vulnerabilities
  • ...
    you can subscribe to e-mail newsletters to receive update from the Open Hub blog
About Project Security

Languages

Java
82%
XML
9%
XML Schema
7%
10 Other
2%

30 Day Summary

Jun 8 2026 — Jul 8 2026

12 Month Summary

Jul 8 2025 — Jul 8 2026
  • 1373 Commits
    Up + 325 (31%) from previous 12 months
  • 42 Contributors
    Up + 13 (44%) from previous 12 months

Ratings

315 users rate this project:
4.23175
   
4.2/5.0
Click to add your rating
  
Review this Project!
 

Static Analysis ( Generated by Coverity Scan for Apache Tomcat )

Repository URL: https://github.com/apache/tomcat

Version: 12.0.x\ -\ 41e5f87b37f93c17855205174ffa23a4d2db817d

2026-06-28
Last Analyzed
253,199
Lines of Code Analyze
0.18
Defect Density

Defects by status for current build

1,343
Total defects
46
Outstanding
870
Fixed

CWE Top 25 defects

ID CWE-Name Number of Defects
79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 4
327 Use of a Broken or Risky Cryptographic Algorithm 1
352 Cross-Site Request Forgery (CSRF) 3