Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/tika@1.22-2?distro=sid
Typedeb
Namespacedebian
Nametika
Version1.22-2
Qualifiers
distro sid
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.22-2+deb11u1
Latest_non_vulnerable_version1.22-2+deb11u1
Affected_by_vulnerabilities
0
url VCID-q319-5s6s-aqab
vulnerability_id VCID-q319-5s6s-aqab
summary 
Apache Tika has XXE vulnerability
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF.

This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways.

First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable.

Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66516.json
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66516.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66516
reference_id
reference_type
scores
0
value 0.01579
scoring_system epss
scoring_elements 0.8194
published_at 2026-06-07T12:55:00Z
1
value 0.01579
scoring_system epss
scoring_elements 0.81939
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66516
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66516
3
reference_url https://cve.org/CVERecord?id=CVE-2025-54988
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-15T04:56:02Z/
url https://cve.org/CVERecord?id=CVE-2025-54988
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-15T04:56:02Z/
url https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121954
reference_id 1121954
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121954
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418870
reference_id 2418870
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418870
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66516
reference_id CVE-2025-66516
reference_type
scores
0
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66516
9
reference_url https://github.com/advisories/GHSA-f58c-gq56-vjjf
reference_id GHSA-f58c-gq56-vjjf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f58c-gq56-vjjf
10
reference_url https://access.redhat.com/errata/RHSA-2025:23225
reference_id RHSA-2025:23225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23225
11
reference_url https://usn.ubuntu.com/8324-1/
reference_id USN-8324-1
reference_type
scores
url https://usn.ubuntu.com/8324-1/
fixed_packages
0
url pkg:deb/debian/tika@1.22-2%2Bdeb11u1?distro=sid
purl pkg:deb/debian/tika@1.22-2%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%252Bdeb11u1%3Fdistro=sid
aliases CVE-2025-66516, GHSA-f58c-gq56-vjjf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q319-5s6s-aqab
1
url VCID-yetb-gykm-nyhf
vulnerability_id VCID-yetb-gykm-nyhf
summary 
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard.

Users are recommended to upgrade to version 3.2.2, which fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54988.json
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54988.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54988
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05824
published_at 2026-06-05T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.06074
published_at 2026-06-07T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.06077
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54988
2
reference_url https://archive.apache.org/dist/tika/3.2.2/CHANGES-3.2.2.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://archive.apache.org/dist/tika/3.2.2/CHANGES-3.2.2.txt
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54988
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54988
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://github.com/apache/tika/commit/2b52257304f4d3cde2b8463657380bdb936d9ef2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/2b52257304f4d3cde2b8463657380bdb936d9ef2
6
reference_url https://github.com/apache/tika/pull/2291
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/pull/2291
7
reference_url https://issues.apache.org/jira/browse/TIKA-4459
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/TIKA-4459
8
reference_url https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-22T04:55:48Z/
url https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w
9
reference_url https://lists.apache.org/thread/stn9oh7rfn9yv76n1srxr9w56oy04p72
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/stn9oh7rfn9yv76n1srxr9w56oy04p72
10
reference_url https://lists.debian.org/debian-lts-announce/2025/10/msg00030.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/10/msg00030.html
11
reference_url http://www.openwall.com/lists/oss-security/2025/08/20/2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/20/2
12
reference_url http://www.openwall.com/lists/oss-security/2025/08/20/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/20/3
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111763
reference_id 1111763
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111763
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2389910
reference_id 2389910
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2389910
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54988
reference_id CVE-2025-54988
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54988
16
reference_url https://github.com/advisories/GHSA-p72g-pv48-7w9x
reference_id GHSA-p72g-pv48-7w9x
reference_type
scores
url https://github.com/advisories/GHSA-p72g-pv48-7w9x
17
reference_url https://usn.ubuntu.com/8324-1/
reference_id USN-8324-1
reference_type
scores
url https://usn.ubuntu.com/8324-1/
fixed_packages
0
url pkg:deb/debian/tika@1.22-2%2Bdeb11u1?distro=sid
purl pkg:deb/debian/tika@1.22-2%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%252Bdeb11u1%3Fdistro=sid
aliases CVE-2025-54988, GHSA-p72g-pv48-7w9x
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yetb-gykm-nyhf
Fixing_vulnerabilities
0
url VCID-2yb7-v3m7-3ffz
vulnerability_id VCID-2yb7-v3m7-3ffz
summary 
Uncontrolled Resource Consumption
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1950.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1950.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1950
reference_id
reference_type
scores
0
value 0.00417
scoring_system epss
scoring_elements 0.62142
published_at 2026-06-05T12:55:00Z
1
value 0.00417
scoring_system epss
scoring_elements 0.62138
published_at 2026-06-07T12:55:00Z
2
value 0.00417
scoring_system epss
scoring_elements 0.62093
published_at 2026-06-04T12:55:00Z
3
value 0.00417
scoring_system epss
scoring_elements 0.62149
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1950
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1950
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1950
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E
6
reference_url https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html
7
reference_url https://usn.ubuntu.com/4564-1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4564-1
8
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
9
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1822759
reference_id 1822759
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1822759
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954303
reference_id 954303
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954303
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1950
reference_id CVE-2020-1950
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1950
13
reference_url https://github.com/advisories/GHSA-3h29-52vh-pqgr
reference_id GHSA-3h29-52vh-pqgr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3h29-52vh-pqgr
14
reference_url https://access.redhat.com/errata/RHSA-2020:5568
reference_id RHSA-2020:5568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5568
15
reference_url https://usn.ubuntu.com/4564-1/
reference_id USN-4564-1
reference_type
scores
url https://usn.ubuntu.com/4564-1/
16
reference_url https://usn.ubuntu.com/7529-1/
reference_id USN-7529-1
reference_type
scores
url https://usn.ubuntu.com/7529-1/
fixed_packages
0
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2020-1950, GHSA-3h29-52vh-pqgr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2yb7-v3m7-3ffz
1
url VCID-2yxn-wffn-x7gr
vulnerability_id VCID-2yxn-wffn-x7gr
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's `SQLite3Parser`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17197.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17197.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17197
reference_id
reference_type
scores
0
value 0.03108
scoring_system epss
scoring_elements 0.87075
published_at 2026-06-07T12:55:00Z
1
value 0.03108
scoring_system epss
scoring_elements 0.87061
published_at 2026-06-04T12:55:00Z
2
value 0.03108
scoring_system epss
scoring_elements 0.87081
published_at 2026-06-06T12:55:00Z
3
value 0.03108
scoring_system epss
scoring_elements 0.87083
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17197
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika/commit/0c49c851979163334ea05cbebdd11ff87feba62d
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/0c49c851979163334ea05cbebdd11ff87feba62d
5
reference_url https://lists.apache.org/thread.html/7c021a4ea2037e52e74628e17e8e0e2acab1f447160edc8be0eae6d3@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7c021a4ea2037e52e74628e17e8e0e2acab1f447160edc8be0eae6d3@%3Cdev.tika.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
7
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
8
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
9
reference_url http://www.securityfocus.com/bid/106293
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106293
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1663925
reference_id 1663925
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1663925
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17197
reference_id CVE-2018-17197
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17197
12
reference_url https://github.com/advisories/GHSA-3448-vfvv-xp9g
reference_id GHSA-3448-vfvv-xp9g
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3448-vfvv-xp9g
fixed_packages
0
url pkg:deb/debian/tika@1.20-1?distro=sid
purl pkg:deb/debian/tika@1.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.20-1%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2018-17197, GHSA-3448-vfvv-xp9g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2yxn-wffn-x7gr
2
url VCID-7d9k-ekje-fbe1
vulnerability_id VCID-7d9k-ekje-fbe1
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `ChmParser`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1339.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1339.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1339
reference_id
reference_type
scores
0
value 0.04517
scoring_system epss
scoring_elements 0.89357
published_at 2026-06-07T12:55:00Z
1
value 0.04517
scoring_system epss
scoring_elements 0.89339
published_at 2026-06-04T12:55:00Z
2
value 0.04517
scoring_system epss
scoring_elements 0.89358
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1339
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1339
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1339
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd
6
reference_url https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1572424
reference_id 1572424
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1572424
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000
reference_id 900000
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1339
reference_id CVE-2018-1339
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1339
10
reference_url https://github.com/advisories/GHSA-p699-3wgc-7h72
reference_id GHSA-p699-3wgc-7h72
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p699-3wgc-7h72
fixed_packages
0
url pkg:deb/debian/tika@1.18-1?distro=sid
purl pkg:deb/debian/tika@1.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.18-1%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2018-1339, GHSA-p699-3wgc-7h72
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7d9k-ekje-fbe1
3
url VCID-7snd-ac5u-bydy
vulnerability_id VCID-7snd-ac5u-bydy
summary 
Deserialization of Untrusted Data
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes `JMatIO` to do native deserialization.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6809.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6809.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6809
reference_id
reference_type
scores
0
value 0.07049
scoring_system epss
scoring_elements 0.91657
published_at 2026-06-07T12:55:00Z
1
value 0.07049
scoring_system epss
scoring_elements 0.9166
published_at 2026-06-06T12:55:00Z
2
value 0.07049
scoring_system epss
scoring_elements 0.91658
published_at 2026-06-05T12:55:00Z
3
value 0.07049
scoring_system epss
scoring_elements 0.91646
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6809
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6809
3
reference_url https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt
4
reference_url http://seclists.org/bugtraq/2016/Nov/40
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://seclists.org/bugtraq/2016/Nov/40
5
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
6
reference_url https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610
7
reference_url https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E
12
reference_url http://www.securityfocus.com/bid/94247
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94247
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1394156
reference_id 1394156
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1394156
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6809
reference_id CVE-2016-6809
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-6809
15
reference_url https://github.com/advisories/GHSA-j8g6-2wh7-6439
reference_id GHSA-j8g6-2wh7-6439
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-j8g6-2wh7-6439
fixed_packages
0
url pkg:deb/debian/tika@1.18-1?distro=sid
purl pkg:deb/debian/tika@1.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.18-1%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2016-6809, GHSA-j8g6-2wh7-6439
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7snd-ac5u-bydy
4
url VCID-98bu-vqgb-x7a8
vulnerability_id VCID-98bu-vqgb-x7a8
summary 
Improper Restriction of XML External Entity Reference
In Apache Tika, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a DoS.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11761.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11761.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11761
reference_id
reference_type
scores
0
value 0.11027
scoring_system epss
scoring_elements 0.93583
published_at 2026-06-07T12:55:00Z
1
value 0.11027
scoring_system epss
scoring_elements 0.93585
published_at 2026-06-06T12:55:00Z
2
value 0.11027
scoring_system epss
scoring_elements 0.93584
published_at 2026-06-05T12:55:00Z
3
value 0.11027
scoring_system epss
scoring_elements 0.93574
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11761
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11761
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11761
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63
5
reference_url https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
7
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
8
reference_url http://www.securityfocus.com/bid/105514
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105514
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1632462
reference_id 1632462
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1632462
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11761
reference_id CVE-2018-11761
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11761
11
reference_url https://github.com/advisories/GHSA-6jq2-789q-fff2
reference_id GHSA-6jq2-789q-fff2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6jq2-789q-fff2
fixed_packages
0
url pkg:deb/debian/tika@1.20-1?distro=sid
purl pkg:deb/debian/tika@1.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.20-1%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2018-11761, GHSA-6jq2-789q-fff2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98bu-vqgb-x7a8
5
url VCID-b19y-wyyt-4ff9
vulnerability_id VCID-b19y-wyyt-4ff9
summary 
Improper Restriction of XML External Entity Reference
Apache Tika does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-0248.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0248.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2017-0249.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0249.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2017-0272.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0272.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4434.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4434.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4434
reference_id
reference_type
scores
0
value 0.00415
scoring_system epss
scoring_elements 0.62023
published_at 2026-06-07T12:55:00Z
1
value 0.00415
scoring_system epss
scoring_elements 0.61979
published_at 2026-06-04T12:55:00Z
2
value 0.00415
scoring_system epss
scoring_elements 0.62027
published_at 2026-06-05T12:55:00Z
3
value 0.00415
scoring_system epss
scoring_elements 0.62034
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4434
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4434
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4434
6
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
7
reference_url https://mail-archives.apache.org/mod_mbox/tika-dev/201605.mbox/%3C1705136517.1175366.1464278135251.JavaMail.yahoo%40mail.yahoo.com%3E
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://mail-archives.apache.org/mod_mbox/tika-dev/201605.mbox/%3C1705136517.1175366.1464278135251.JavaMail.yahoo%40mail.yahoo.com%3E
8
reference_url http://www.securityfocus.com/archive/1/538500/100/0/threaded
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/538500/100/0/threaded
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1340386
reference_id 1340386
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1340386
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825501
reference_id 825501
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825501
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4434
reference_id CVE-2016-4434
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4434
12
reference_url https://github.com/advisories/GHSA-4xr4-4c65-hj7f
reference_id GHSA-4xr4-4c65-hj7f
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4xr4-4c65-hj7f
13
reference_url https://access.redhat.com/errata/RHSA-2017:0248
reference_id RHSA-2017:0248
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0248
14
reference_url https://access.redhat.com/errata/RHSA-2017:0249
reference_id RHSA-2017:0249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0249
15
reference_url https://access.redhat.com/errata/RHSA-2017:0272
reference_id RHSA-2017:0272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0272
fixed_packages
0
url pkg:deb/debian/tika@1.18-1?distro=sid
purl pkg:deb/debian/tika@1.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.18-1%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2016-4434, GHSA-4xr4-4c65-hj7f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b19y-wyyt-4ff9
6
url VCID-c7gc-egj2-2yb9
vulnerability_id VCID-c7gc-egj2-2yb9
summary 
Improper Restriction of XML External Entity Reference
Tika reuses SAXParsers and calls `reset()` after each parse; the parser ignores entity expansion limits after the first parse.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3892
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11796.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11796.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11796
reference_id
reference_type
scores
0
value 0.0394
scoring_system epss
scoring_elements 0.88566
published_at 2026-06-07T12:55:00Z
1
value 0.0394
scoring_system epss
scoring_elements 0.88547
published_at 2026-06-04T12:55:00Z
2
value 0.0394
scoring_system epss
scoring_elements 0.88565
published_at 2026-06-05T12:55:00Z
3
value 0.0394
scoring_system epss
scoring_elements 0.88567
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11796
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
6
reference_url https://security.netapp.com/advisory/ntap-20190903-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190903-0002
7
reference_url https://security.netapp.com/advisory/ntap-20190903-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190903-0002/
8
reference_url http://www.securityfocus.com/bid/105585
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105585
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1639090
reference_id 1639090
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1639090
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11796
reference_id CVE-2018-11796
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11796
11
reference_url https://github.com/advisories/GHSA-h8q5-g2cj-qr5h
reference_id GHSA-h8q5-g2cj-qr5h
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h8q5-g2cj-qr5h
fixed_packages
0
url pkg:deb/debian/tika@0?distro=sid
purl pkg:deb/debian/tika@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@0%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2018-11796, GHSA-h8q5-g2cj-qr5h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c7gc-egj2-2yb9
7
url VCID-dc2n-xs2k-abbz
vulnerability_id VCID-dc2n-xs2k-abbz
summary 
Out of memory
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's `RecursiveParserWrapper`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10088
reference_id
reference_type
scores
0
value 0.00989
scoring_system epss
scoring_elements 0.7724
published_at 2026-06-05T12:55:00Z
1
value 0.00989
scoring_system epss
scoring_elements 0.77238
published_at 2026-06-07T12:55:00Z
2
value 0.00989
scoring_system epss
scoring_elements 0.77249
published_at 2026-06-06T12:55:00Z
3
value 0.00989
scoring_system epss
scoring_elements 0.77208
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10088
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10088
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
8
reference_url https://security.netapp.com/advisory/ntap-20190828-0004
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0004
9
reference_url https://security.netapp.com/advisory/ntap-20190828-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0004/
10
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933744
reference_id 933744
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933744
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10088
reference_id CVE-2019-10088
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10088
14
reference_url https://github.com/advisories/GHSA-mfwh-gqx8-c787
reference_id GHSA-mfwh-gqx8-c787
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mfwh-gqx8-c787
fixed_packages
0
url pkg:deb/debian/tika@1.22-1?distro=sid
purl pkg:deb/debian/tika@1.22-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-1%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2019-10088, GHSA-mfwh-gqx8-c787
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc2n-xs2k-abbz
8
url VCID-hvfw-yh4j-cqfm
vulnerability_id VCID-hvfw-yh4j-cqfm
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3271
reference_id
reference_type
scores
0
value 0.01074
scoring_system epss
scoring_elements 0.7814
published_at 2026-06-05T12:55:00Z
1
value 0.01074
scoring_system epss
scoring_elements 0.78138
published_at 2026-06-07T12:55:00Z
2
value 0.01074
scoring_system epss
scoring_elements 0.78147
published_at 2026-06-06T12:55:00Z
3
value 0.01074
scoring_system epss
scoring_elements 0.78113
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3271
1
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
2
reference_url https://github.com/apache/tika/commit/98672cdd92b6325ff78c763955a7c045b364095b
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/98672cdd92b6325ff78c763955a7c045b364095b
3
reference_url https://lists.apache.org/thread.html/d2b3e7afb0251fac95fdee9817423cbc91e3d99a848c25a51d91c1e8@1439485507@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d2b3e7afb0251fac95fdee9817423cbc91e3d99a848c25a51d91c1e8@1439485507@%3Cdev.tika.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/d2b3e7afb0251fac95fdee9817423cbc91e3d99a848c25a51d91c1e8%401439485507%40%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d2b3e7afb0251fac95fdee9817423cbc91e3d99a848c25a51d91c1e8%401439485507%40%3Cdev.tika.apache.org%3E
5
reference_url http://www.openwall.com/lists/oss-security/2015/08/13/5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/08/13/5
6
reference_url http://www.securityfocus.com/bid/95020
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/95020
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3271
reference_id CVE-2015-3271
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3271
8
reference_url https://github.com/advisories/GHSA-ccjp-w723-2jf2
reference_id GHSA-ccjp-w723-2jf2
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-ccjp-w723-2jf2
fixed_packages
0
url pkg:deb/debian/tika@0?distro=sid
purl pkg:deb/debian/tika@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@0%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2015-3271, GHSA-ccjp-w723-2jf2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hvfw-yh4j-cqfm
9
url VCID-j6j1-yp44-hqdt
vulnerability_id VCID-j6j1-yp44-hqdt
summary 
Path Traversal
In a rare edge case where a user does not specify an extract directory on the commandline (`--extract-dir=`) and the input file has an embedded file with an absolute path, tika-app would overwrite that file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11762.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11762.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11762
reference_id
reference_type
scores
0
value 0.00866
scoring_system epss
scoring_elements 0.75515
published_at 2026-06-07T12:55:00Z
1
value 0.00866
scoring_system epss
scoring_elements 0.75525
published_at 2026-06-06T12:55:00Z
2
value 0.00866
scoring_system epss
scoring_elements 0.75521
published_at 2026-06-05T12:55:00Z
3
value 0.00866
scoring_system epss
scoring_elements 0.75492
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11762
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11762
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11762
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika/commit/a09d853dbed712f644e274b497cce254f3189d57
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/a09d853dbed712f644e274b497cce254f3189d57
5
reference_url https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b@%3Cdev.tika.apache.org%3E
6
reference_url http://www.securityfocus.com/bid/105515
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105515
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1632469
reference_id 1632469
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1632469
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11762
reference_id CVE-2018-11762
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11762
9
reference_url https://github.com/advisories/GHSA-w6g3-v46q-5p28
reference_id GHSA-w6g3-v46q-5p28
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w6g3-v46q-5p28
fixed_packages
0
url pkg:deb/debian/tika@1.20-1?distro=sid
purl pkg:deb/debian/tika@1.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.20-1%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2018-11762, GHSA-w6g3-v46q-5p28
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6j1-yp44-hqdt
10
url VCID-jyak-stwf-f3gw
vulnerability_id VCID-jyak-stwf-f3gw
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
In Apache Tikato, a carefully crafted file can trigger an infinite loop in the `IptcAnpaParser`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8017.json
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8017.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8017
reference_id
reference_type
scores
0
value 0.02108
scoring_system epss
scoring_elements 0.84433
published_at 2026-06-07T12:55:00Z
1
value 0.02108
scoring_system epss
scoring_elements 0.84441
published_at 2026-06-06T12:55:00Z
2
value 0.02108
scoring_system epss
scoring_elements 0.84438
published_at 2026-06-05T12:55:00Z
3
value 0.02108
scoring_system epss
scoring_elements 0.84414
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8017
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8017
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8017
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://github.com/apache/tika/commit/62926cae31a02d4f23d21148435804b96c543cc
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/62926cae31a02d4f23d21148435804b96c543cc
6
reference_url https://github.com/apache/tika/commit/8a6a9e1344f5b10ebfa1a189dc3c30d0da2b9d4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/8a6a9e1344f5b10ebfa1a189dc3c30d0da2b9d4
7
reference_url https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E
8
reference_url http://www.securityfocus.com/bid/105513
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105513
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1632466
reference_id 1632466
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1632466
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914643
reference_id 914643
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914643
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8017
reference_id CVE-2018-8017
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8017
12
reference_url https://github.com/advisories/GHSA-j53j-gmr9-h8g3
reference_id GHSA-j53j-gmr9-h8g3
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-j53j-gmr9-h8g3
fixed_packages
0
url pkg:deb/debian/tika@1.20-1?distro=sid
purl pkg:deb/debian/tika@1.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.20-1%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2018-8017, GHSA-j53j-gmr9-h8g3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jyak-stwf-f3gw
11
url VCID-q319-5s6s-aqab
vulnerability_id VCID-q319-5s6s-aqab
summary 
Apache Tika has XXE vulnerability
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF.

This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways.

First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable.

Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66516.json
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66516.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66516
reference_id
reference_type
scores
0
value 0.01579
scoring_system epss
scoring_elements 0.8194
published_at 2026-06-07T12:55:00Z
1
value 0.01579
scoring_system epss
scoring_elements 0.81939
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66516
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66516
3
reference_url https://cve.org/CVERecord?id=CVE-2025-54988
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-15T04:56:02Z/
url https://cve.org/CVERecord?id=CVE-2025-54988
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-15T04:56:02Z/
url https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121954
reference_id 1121954
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121954
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418870
reference_id 2418870
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418870
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66516
reference_id CVE-2025-66516
reference_type
scores
0
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66516
9
reference_url https://github.com/advisories/GHSA-f58c-gq56-vjjf
reference_id GHSA-f58c-gq56-vjjf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f58c-gq56-vjjf
10
reference_url https://access.redhat.com/errata/RHSA-2025:23225
reference_id RHSA-2025:23225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23225
11
reference_url https://usn.ubuntu.com/8324-1/
reference_id USN-8324-1
reference_type
scores
url https://usn.ubuntu.com/8324-1/
fixed_packages
0
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2%2Bdeb11u1?distro=sid
purl pkg:deb/debian/tika@1.22-2%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%252Bdeb11u1%3Fdistro=sid
aliases CVE-2025-66516, GHSA-f58c-gq56-vjjf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q319-5s6s-aqab
12
url VCID-r5jk-9f46-rygg
vulnerability_id VCID-r5jk-9f46-rygg
summary 
Stack buffer overflow
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a `StackOverflowError` in Apache Tika's `RecursiveParserWrapper`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10094
reference_id
reference_type
scores
0
value 0.00546
scoring_system epss
scoring_elements 0.68174
published_at 2026-06-04T12:55:00Z
1
value 0.00546
scoring_system epss
scoring_elements 0.68222
published_at 2026-06-06T12:55:00Z
2
value 0.00546
scoring_system epss
scoring_elements 0.68214
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10094
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10094
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10094
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
8
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
9
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933746
reference_id 933746
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933746
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10094
reference_id CVE-2019-10094
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10094
12
reference_url https://github.com/advisories/GHSA-mm7m-xg4h-6m52
reference_id GHSA-mm7m-xg4h-6m52
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mm7m-xg4h-6m52
fixed_packages
0
url pkg:deb/debian/tika@1.22-1?distro=sid
purl pkg:deb/debian/tika@1.22-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-1%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2019-10094, GHSA-mm7m-xg4h-6m52
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r5jk-9f46-rygg
13
url VCID-uj1b-pk9r-ryhz
vulnerability_id VCID-uj1b-pk9r-ryhz
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1951
reference_id
reference_type
scores
0
value 0.0021
scoring_system epss
scoring_elements 0.43495
published_at 2026-06-06T12:55:00Z
1
value 0.0021
scoring_system epss
scoring_elements 0.43472
published_at 2026-06-07T12:55:00Z
2
value 0.0021
scoring_system epss
scoring_elements 0.43413
published_at 2026-06-04T12:55:00Z
3
value 0.0021
scoring_system epss
scoring_elements 0.43485
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1951
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1951
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1951
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
4
reference_url https://lists.apache.org/thread.html/rd8c1b42bd0e31870d804890b3f00b13d837c528f7ebaf77031323172%40%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd8c1b42bd0e31870d804890b3f00b13d837c528f7ebaf77031323172%40%3Cdev.tika.apache.org%3E
5
reference_url https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html
6
reference_url https://usn.ubuntu.com/4564-1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4564-1
7
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
8
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954302
reference_id 954302
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954302
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1951
reference_id CVE-2020-1951
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1951
11
reference_url https://github.com/advisories/GHSA-3264-3fm9-fg44
reference_id GHSA-3264-3fm9-fg44
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3264-3fm9-fg44
12
reference_url https://usn.ubuntu.com/4564-1/
reference_id USN-4564-1
reference_type
scores
url https://usn.ubuntu.com/4564-1/
13
reference_url https://usn.ubuntu.com/7529-1/
reference_id USN-7529-1
reference_type
scores
url https://usn.ubuntu.com/7529-1/
fixed_packages
0
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2020-1951, GHSA-3264-3fm9-fg44
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uj1b-pk9r-ryhz
14
url VCID-uyg4-mswu-s3f5
vulnerability_id VCID-uyg4-mswu-s3f5
summary 
Code Injection
From Apache Tika, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.
references
0
reference_url http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html
1
reference_url https://access.redhat.com/errata/RHSA-2019:3140
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3140
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1335.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1335.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1335
reference_id
reference_type
scores
0
value 0.93876
scoring_system epss
scoring_elements 0.99881
published_at 2026-06-07T12:55:00Z
1
value 0.93876
scoring_system epss
scoring_elements 0.9988
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1335
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1335
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1335
5
reference_url https://github.com/apache/tika/commit/302f22aff7a836868b270038e1d66002a2004869
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/302f22aff7a836868b270038e1d66002a2004869
6
reference_url https://github.com/apache/tika/commit/4fdc51a40bf9532d7db57d0b08c1aec3931468ad
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/4fdc51a40bf9532d7db57d0b08c1aec3931468ad
7
reference_url https://github.com/apache/tika/commit/5d983aad0b68a228f180686a4135ed8c7cd589f1
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/5d983aad0b68a228f180686a4135ed8c7cd589f1
8
reference_url https://github.com/apache/tika/commit/b2d3932b847a171a85e356aa230af461a0f80d91
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/b2d3932b847a171a85e356aa230af461a0f80d91
9
reference_url https://github.com/apache/tika/commit/d1bc09386405d28d6b0f0a29ce8c3e7efd72d6c7
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/d1bc09386405d28d6b0f0a29ce8c3e7efd72d6c7
10
reference_url https://github.com/apache/tika/commit/e82c2efd2b1ac731b6954634741b70ecf0ed6f01
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/e82c2efd2b1ac731b6954634741b70ecf0ed6f01
11
reference_url https://github.com/apache/tika/commit/ffb48dd29d0c2009490caefda75e5b57c7958c51
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/ffb48dd29d0c2009490caefda75e5b57c7958c51
12
reference_url https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E
13
reference_url https://www.exploit-db.com/exploits/46540
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46540
14
reference_url https://www.exploit-db.com/exploits/46540/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46540/
15
reference_url http://www.securityfocus.com/bid/104001
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104001
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1572416
reference_id 1572416
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1572416
17
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/46540.py
reference_id CVE-2018-1335
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/46540.py
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/47208.rb
reference_id CVE-2018-1335
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/47208.rb
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1335
reference_id CVE-2018-1335
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1335
20
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/apache_tika_jp2_jscript.rb
reference_id CVE-2018-1335
reference_type exploit
scores
url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/apache_tika_jp2_jscript.rb
21
reference_url https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
reference_id CVE-2018-1335
reference_type exploit
scores
url https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
22
reference_url https://github.com/advisories/GHSA-9r24-gp44-h3pm
reference_id GHSA-9r24-gp44-h3pm
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9r24-gp44-h3pm
fixed_packages
0
url pkg:deb/debian/tika@1.18-1?distro=sid
purl pkg:deb/debian/tika@1.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.18-1%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2018-1335, GHSA-9r24-gp44-h3pm
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uyg4-mswu-s3f5
15
url VCID-x3y9-rbfc-47b8
vulnerability_id VCID-x3y9-rbfc-47b8
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `BPGParser`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1338.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1338.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1338
reference_id
reference_type
scores
0
value 0.03002
scoring_system epss
scoring_elements 0.86843
published_at 2026-06-07T12:55:00Z
1
value 0.03002
scoring_system epss
scoring_elements 0.86826
published_at 2026-06-04T12:55:00Z
2
value 0.03002
scoring_system epss
scoring_elements 0.86848
published_at 2026-06-05T12:55:00Z
3
value 0.03002
scoring_system epss
scoring_elements 0.86846
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1338
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1338
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1338
4
reference_url https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1572421
reference_id 1572421
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1572421
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1338
reference_id CVE-2018-1338
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1338
7
reference_url https://github.com/advisories/GHSA-5mf7-26mw-3rqr
reference_id GHSA-5mf7-26mw-3rqr
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5mf7-26mw-3rqr
fixed_packages
0
url pkg:deb/debian/tika@1.18-1?distro=sid
purl pkg:deb/debian/tika@1.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.18-1%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2018-1338, GHSA-5mf7-26mw-3rqr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x3y9-rbfc-47b8
16
url VCID-yetb-gykm-nyhf
vulnerability_id VCID-yetb-gykm-nyhf
summary 
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard.

Users are recommended to upgrade to version 3.2.2, which fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54988.json
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54988.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54988
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05824
published_at 2026-06-05T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.06074
published_at 2026-06-07T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.06077
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54988
2
reference_url https://archive.apache.org/dist/tika/3.2.2/CHANGES-3.2.2.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://archive.apache.org/dist/tika/3.2.2/CHANGES-3.2.2.txt
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54988
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54988
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://github.com/apache/tika/commit/2b52257304f4d3cde2b8463657380bdb936d9ef2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/2b52257304f4d3cde2b8463657380bdb936d9ef2
6
reference_url https://github.com/apache/tika/pull/2291
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/pull/2291
7
reference_url https://issues.apache.org/jira/browse/TIKA-4459
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/TIKA-4459
8
reference_url https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-22T04:55:48Z/
url https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w
9
reference_url https://lists.apache.org/thread/stn9oh7rfn9yv76n1srxr9w56oy04p72
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/stn9oh7rfn9yv76n1srxr9w56oy04p72
10
reference_url https://lists.debian.org/debian-lts-announce/2025/10/msg00030.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/10/msg00030.html
11
reference_url http://www.openwall.com/lists/oss-security/2025/08/20/2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/20/2
12
reference_url http://www.openwall.com/lists/oss-security/2025/08/20/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/20/3
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111763
reference_id 1111763
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111763
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2389910
reference_id 2389910
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2389910
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54988
reference_id CVE-2025-54988
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54988
16
reference_url https://github.com/advisories/GHSA-p72g-pv48-7w9x
reference_id GHSA-p72g-pv48-7w9x
reference_type
scores
url https://github.com/advisories/GHSA-p72g-pv48-7w9x
17
reference_url https://usn.ubuntu.com/8324-1/
reference_id USN-8324-1
reference_type
scores
url https://usn.ubuntu.com/8324-1/
fixed_packages
0
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2%2Bdeb11u1?distro=sid
purl pkg:deb/debian/tika@1.22-2%2Bdeb11u1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%252Bdeb11u1%3Fdistro=sid
aliases CVE-2025-54988, GHSA-p72g-pv48-7w9x
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yetb-gykm-nyhf
17
url VCID-yt8m-g5bf-wkf7
vulnerability_id VCID-yt8m-g5bf-wkf7
summary 
Uncontrolled Resource Consumption
In Apache Tika, a carefully crafted `2003ml` or `2006ml` file could consume all available `SAXParsers` in the pool and lead to very long hangs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10093
reference_id
reference_type
scores
0
value 0.01423
scoring_system epss
scoring_elements 0.80981
published_at 2026-06-05T12:55:00Z
1
value 0.01423
scoring_system epss
scoring_elements 0.8098
published_at 2026-06-07T12:55:00Z
2
value 0.01423
scoring_system epss
scoring_elements 0.80983
published_at 2026-06-06T12:55:00Z
3
value 0.01423
scoring_system epss
scoring_elements 0.80952
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10093
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10093
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10093
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
8
reference_url https://security.netapp.com/advisory/ntap-20190828-0004
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0004
9
reference_url https://security.netapp.com/advisory/ntap-20190828-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0004/
10
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933745
reference_id 933745
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933745
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10093
reference_id CVE-2019-10093
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10093
14
reference_url https://github.com/advisories/GHSA-4mq5-mj59-qq9c
reference_id GHSA-4mq5-mj59-qq9c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4mq5-mj59-qq9c
fixed_packages
0
url pkg:deb/debian/tika@1.22-1?distro=sid
purl pkg:deb/debian/tika@1.22-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-1%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2019-10093, GHSA-4mq5-mj59-qq9c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yt8m-g5bf-wkf7
18
url VCID-zj8z-ja31-mkcr
vulnerability_id VCID-zj8z-ja31-mkcr
summary tika-core: incomplete fix for CVE-2022-30126
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30973.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30973.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-30973
reference_id
reference_type
scores
0
value 0.0025
scoring_system epss
scoring_elements 0.48436
published_at 2026-06-07T12:55:00Z
1
value 0.0025
scoring_system epss
scoring_elements 0.48387
published_at 2026-06-04T12:55:00Z
2
value 0.0025
scoring_system epss
scoring_elements 0.48449
published_at 2026-06-05T12:55:00Z
3
value 0.0025
scoring_system epss
scoring_elements 0.48455
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-30973
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/advisories/GHSA-rpjm-422r-95mh
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rpjm-422r-95mh
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265
6
reference_url https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51
7
reference_url https://lists.apache.org/thread/gqvb5t4p7tmdpl0y5bdbf72pgxj04h7p
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/gqvb5t4p7tmdpl0y5bdbf72pgxj04h7p
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-30973
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-30973
9
reference_url https://security.netapp.com/advisory/ntap-20220722-0004
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220722-0004
10
reference_url https://security.netapp.com/advisory/ntap-20220722-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220722-0004/
11
reference_url http://www.openwall.com/lists/oss-security/2022/05/31/2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/05/31/2
12
reference_url http://www.openwall.com/lists/oss-security/2022/06/27/5
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/06/27/5
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2099553
reference_id 2099553
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2099553
14
reference_url https://access.redhat.com/errata/RHSA-2022:7257
reference_id RHSA-2022:7257
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7257
15
reference_url https://usn.ubuntu.com/7529-1/
reference_id USN-7529-1
reference_type
scores
url https://usn.ubuntu.com/7529-1/
fixed_packages
0
url pkg:deb/debian/tika@0?distro=sid
purl pkg:deb/debian/tika@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@0%3Fdistro=sid
1
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
aliases CVE-2022-30973, GHSA-qw3f-w4pf-jh5f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zj8z-ja31-mkcr
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid