Vulnerabilities in Apache Foundation software