Apache James Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apache James Server.
By the Year
In 2026 there have been 0 vulnerabilities in Apache James Server. Last year, in 2025 James Server had 2 security vulnerabilities published. Right now, James Server is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 7.50 |
It may take a day or so for new James Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache James Server Security Vulnerabilities
Apache James JMAP HTML-to-text unbounded memory pre-3.8.2/3.7.6
CVE-2024-45626
7.5 - High
- February 06, 2025
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue.
Resource Exhaustion
Apache James DoS via IMAP Literals (v3.7.6,3.8.2 Mitigated)
CVE-2024-37358
7.5 - High
- February 06, 2025
Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals.
Allocation of Resources Without Limits or Throttling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache James Server or by Apache? Click the Watch button to subscribe.
