Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/101591?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/101591?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@0.6", "type": "maven", "namespace": "org.apache.tika", "name": "tika-parsers", "version": "0.6", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12295?format=api", "vulnerability_id": "VCID-1111-je65-yub2", "summary": "Loop with Unreachable Exit Condition (Infinite Loop)\nA carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `BPGParser`.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2669", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03002", "scoring_system": "epss", "scoring_elements": "0.86808", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1338" }, { "reference_url": "https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1338", "reference_id": "CVE-2018-1338", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1338" }, { "reference_url": "https://github.com/advisories/GHSA-5mf7-26mw-3rqr", "reference_id": "GHSA-5mf7-26mw-3rqr", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5mf7-26mw-3rqr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54370?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-afue-mktt-8bdd" }, { "vulnerability": "VCID-b49c-ddca-skfe" }, { "vulnerability": "VCID-hkxq-6qn6-qbar" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-hyu9-rzgz-1yhw" }, { "vulnerability": "VCID-seg6-emwn-37ee" }, { "vulnerability": "VCID-uebs-ergb-kqet" }, { "vulnerability": "VCID-yh9u-n18p-ckgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.18" } ], "aliases": [ "CVE-2018-1338", "GHSA-5mf7-26mw-3rqr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1111-je65-yub2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9936?format=api", "vulnerability_id": "VCID-afue-mktt-8bdd", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11027", "scoring_system": "epss", "scoring_elements": "0.93557", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11761" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63" }, { "reference_url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "http://www.securityfocus.com/bid/105514", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/105514" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11761", "reference_id": "CVE-2018-11761", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11761" }, { "reference_url": "https://github.com/advisories/GHSA-6jq2-789q-fff2", "reference_id": "GHSA-6jq2-789q-fff2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6jq2-789q-fff2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55470?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b49c-ddca-skfe" }, { "vulnerability": "VCID-hkxq-6qn6-qbar" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-hyu9-rzgz-1yhw" }, { "vulnerability": "VCID-seg6-emwn-37ee" }, { "vulnerability": "VCID-weue-en6t-7uam" }, { "vulnerability": "VCID-yh9u-n18p-ckgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19" } ], "aliases": [ "CVE-2018-11761", "GHSA-6jq2-789q-fff2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afue-mktt-8bdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10191?format=api", "vulnerability_id": "VCID-azes-yhcs-cuen", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07049", "scoring_system": "epss", "scoring_elements": "0.91629", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6809" }, { "reference_url": "https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt" }, { "reference_url": "http://seclists.org/bugtraq/2016/Nov/40", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/bugtraq/2016/Nov/40" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610" }, { "reference_url": "https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E" }, { "reference_url": "http://www.securityfocus.com/bid/94247", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94247" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6809", "reference_id": "CVE-2016-6809", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6809" }, { "reference_url": "https://github.com/advisories/GHSA-j8g6-2wh7-6439", "reference_id": "GHSA-j8g6-2wh7-6439", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j8g6-2wh7-6439" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52394?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1111-je65-yub2" }, { "vulnerability": "VCID-afue-mktt-8bdd" }, { "vulnerability": "VCID-b49c-ddca-skfe" }, { "vulnerability": "VCID-hkxq-6qn6-qbar" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-hyu9-rzgz-1yhw" }, { "vulnerability": "VCID-seg6-emwn-37ee" }, { "vulnerability": "VCID-tepz-p727-b3ak" }, { "vulnerability": "VCID-uebs-ergb-kqet" }, { "vulnerability": "VCID-yh9u-n18p-ckgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.14" } ], "aliases": [ "CVE-2016-6809", "GHSA-j8g6-2wh7-6439" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azes-yhcs-cuen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199525?format=api", "vulnerability_id": "VCID-b49c-ddca-skfe", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-33879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0808", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-33879" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220812-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220812-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220812-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220812-0004/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/06/27/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/06/27/5" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002", "reference_id": "1015002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33879", "reference_id": "CVE-2022-33879", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33879" }, { "reference_url": "https://github.com/advisories/GHSA-6q8v-2hvm-fx37", "reference_id": "GHSA-6q8v-2hvm-fx37", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6q8v-2hvm-fx37" }, { "reference_url": "https://usn.ubuntu.com/7529-1/", "reference_id": "USN-7529-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7529-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/549711?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.28.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hyu9-rzgz-1yhw" }, { "vulnerability": "VCID-seg6-emwn-37ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.28.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/549717?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@2.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@2.4.1" } ], "aliases": [ "CVE-2022-33879", "GHSA-6q8v-2hvm-fx37" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b49c-ddca-skfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12973?format=api", "vulnerability_id": "VCID-hkxq-6qn6-qbar", "summary": "Improper Restriction of XML External Entity Reference\nTika reuses SAXParsers and calls `reset()` after each parse; the parser ignores entity expansion limits after the first parse.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0394", "scoring_system": "epss", "scoring_elements": "0.88537", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190903-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190903-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190903-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190903-0002/" }, { "reference_url": "http://www.securityfocus.com/bid/105585", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/105585" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11796", "reference_id": "CVE-2018-11796", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11796" }, { "reference_url": "https://github.com/advisories/GHSA-h8q5-g2cj-qr5h", "reference_id": "GHSA-h8q5-g2cj-qr5h", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h8q5-g2cj-qr5h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55517?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.19.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b49c-ddca-skfe" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-hyu9-rzgz-1yhw" }, { "vulnerability": "VCID-seg6-emwn-37ee" }, { "vulnerability": "VCID-weue-en6t-7uam" }, { "vulnerability": "VCID-yh9u-n18p-ckgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19.1" } ], "aliases": [ "CVE-2018-11796", "GHSA-h8q5-g2cj-qr5h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hkxq-6qn6-qbar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12292?format=api", "vulnerability_id": "VCID-tepz-p727-b3ak", "summary": "Loop with Unreachable Exit Condition (Infinite Loop)\nA carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `ChmParser`.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2669", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89328", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1339" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd" }, { "reference_url": "https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000", "reference_id": "900000", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1339", "reference_id": "CVE-2018-1339", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1339" }, { "reference_url": "https://github.com/advisories/GHSA-p699-3wgc-7h72", "reference_id": "GHSA-p699-3wgc-7h72", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p699-3wgc-7h72" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54370?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-afue-mktt-8bdd" }, { "vulnerability": "VCID-b49c-ddca-skfe" }, { "vulnerability": "VCID-hkxq-6qn6-qbar" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-hyu9-rzgz-1yhw" }, { "vulnerability": "VCID-seg6-emwn-37ee" }, { "vulnerability": "VCID-uebs-ergb-kqet" }, { "vulnerability": "VCID-yh9u-n18p-ckgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.18" } ], "aliases": [ "CVE-2018-1339", "GHSA-p699-3wgc-7h72" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tepz-p727-b3ak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175616?format=api", "vulnerability_id": "VCID-yh9u-n18p-ckgg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.4478", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28657" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28657", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28657" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210507-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210507-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210507-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210507-0004/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805", "reference_id": "986805", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805" }, { "reference_url": "https://github.com/advisories/GHSA-567x-m4wm-87v8", "reference_id": "GHSA-567x-m4wm-87v8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-567x-m4wm-87v8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/418720?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b49c-ddca-skfe" }, { "vulnerability": "VCID-hyu9-rzgz-1yhw" }, { "vulnerability": "VCID-seg6-emwn-37ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.26" } ], "aliases": [ "CVE-2021-28657", "GHSA-567x-m4wm-87v8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yh9u-n18p-ckgg" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@0.6" }