Apache Seata
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apache Seata.
By the Year
In 2026 there have been 0 vulnerabilities in Apache Seata. Last year, in 2025 Seata had 4 security vulnerabilities published. Right now, Seata is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 9.80 |
| 2024 | 1 | 9.80 |
It may take a day or so for new Seata vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Seata Security Vulnerabilities
Apache Seata 2.4.0 Deserialization Issue (Prior to 2.5.0)
CVE-2025-53606
9.8 - Critical
- August 08, 2025
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Marshaling, Unmarshaling
Apache Seata Deserialization Vulnerability before 2.3.0 (CVE-2025-32897)
CVE-2025-32897
- June 28, 2025
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow. This issue affects Apache Seata (incubating): from 2.0.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
Marshaling, Unmarshaling
Apache Seata 2.2.0 or earlier: Data Amplification via Highly Compressed Data
CVE-2024-54016
- March 20, 2025
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): through <=2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
Data Amplification
Apache Seata 2.0.0-<2.2.0 Deserialization Vulnerability
CVE-2024-47552
- March 20, 2025
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): from 2.0.0 before 2.2.0. Users are recommended to upgrade to version 2.2.0, which fixes the issue.
Marshaling, Unmarshaling
Apache Seata <=2.0.0 SeataServer Deserialization of Untrusted Data
CVE-2024-22399
9.8 - Critical
- September 16, 2024
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue.
Marshaling, Unmarshaling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Seata or by Apache? Click the Watch button to subscribe.
