Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tika/tika-app@1.12
Typemaven
Namespaceorg.apache.tika
Nametika-app
Version1.12
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.28.4
Latest_non_vulnerable_version2.4.1
Affected_by_vulnerabilities
0
url VCID-42ad-sh45-7fev
vulnerability_id VCID-42ad-sh45-7fev
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28657
reference_id
reference_type
scores
0
value 0.00221
scoring_system epss
scoring_elements 0.44803
published_at 2026-06-08T12:55:00Z
1
value 0.00221
scoring_system epss
scoring_elements 0.44778
published_at 2026-06-04T12:55:00Z
2
value 0.00221
scoring_system epss
scoring_elements 0.44847
published_at 2026-06-05T12:55:00Z
3
value 0.00221
scoring_system epss
scoring_elements 0.44853
published_at 2026-06-06T12:55:00Z
4
value 0.00221
scoring_system epss
scoring_elements 0.44832
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28657
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
6
reference_url https://security.netapp.com/advisory/ntap-20210507-0004
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210507-0004
7
reference_url https://security.netapp.com/advisory/ntap-20210507-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210507-0004/
8
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
9
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1944881
reference_id 1944881
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1944881
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805
reference_id 986805
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28657
reference_id CVE-2021-28657
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28657
13
reference_url https://github.com/advisories/GHSA-567x-m4wm-87v8
reference_id GHSA-567x-m4wm-87v8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-567x-m4wm-87v8
fixed_packages
0
url pkg:maven/org.apache.tika/tika-app@1.26
purl pkg:maven/org.apache.tika/tika-app@1.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8qc9-3mxe-8ydp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-app@1.26
aliases CVE-2021-28657, GHSA-567x-m4wm-87v8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-42ad-sh45-7fev
1
url VCID-8qc9-3mxe-8ydp
vulnerability_id VCID-8qc9-3mxe-8ydp
summary The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-33879
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07949
published_at 2026-06-04T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07923
published_at 2026-06-08T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.07972
published_at 2026-06-07T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.07996
published_at 2026-06-06T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.07981
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-33879
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-33879
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-33879
5
reference_url https://security.netapp.com/advisory/ntap-20220812-0004
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220812-0004
6
reference_url https://security.netapp.com/advisory/ntap-20220812-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220812-0004/
7
reference_url http://www.openwall.com/lists/oss-security/2022/06/27/5
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/06/27/5
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
reference_id 1015002
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
9
reference_url https://github.com/advisories/GHSA-6q8v-2hvm-fx37
reference_id GHSA-6q8v-2hvm-fx37
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6q8v-2hvm-fx37
10
reference_url https://usn.ubuntu.com/7529-1/
reference_id USN-7529-1
reference_type
scores
url https://usn.ubuntu.com/7529-1/
fixed_packages
0
url pkg:maven/org.apache.tika/tika-app@1.28.4
purl pkg:maven/org.apache.tika/tika-app@1.28.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-app@1.28.4
1
url pkg:maven/org.apache.tika/tika-app@2.4.1
purl pkg:maven/org.apache.tika/tika-app@2.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-app@2.4.1
aliases CVE-2022-33879, GHSA-6q8v-2hvm-fx37
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qc9-3mxe-8ydp
2
url VCID-j6j1-yp44-hqdt
vulnerability_id VCID-j6j1-yp44-hqdt
summary 
Path Traversal
In a rare edge case where a user does not specify an extract directory on the commandline (`--extract-dir=`) and the input file has an embedded file with an absolute path, tika-app would overwrite that file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11762.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11762.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11762
reference_id
reference_type
scores
0
value 0.00866
scoring_system epss
scoring_elements 0.75502
published_at 2026-06-08T12:55:00Z
1
value 0.00866
scoring_system epss
scoring_elements 0.75492
published_at 2026-06-04T12:55:00Z
2
value 0.00866
scoring_system epss
scoring_elements 0.75521
published_at 2026-06-05T12:55:00Z
3
value 0.00866
scoring_system epss
scoring_elements 0.75525
published_at 2026-06-06T12:55:00Z
4
value 0.00866
scoring_system epss
scoring_elements 0.75515
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11762
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11762
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11762
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika/commit/a09d853dbed712f644e274b497cce254f3189d57
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/a09d853dbed712f644e274b497cce254f3189d57
5
reference_url https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b@%3Cdev.tika.apache.org%3E
6
reference_url http://www.securityfocus.com/bid/105515
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105515
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1632469
reference_id 1632469
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1632469
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11762
reference_id CVE-2018-11762
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11762
9
reference_url https://github.com/advisories/GHSA-w6g3-v46q-5p28
reference_id GHSA-w6g3-v46q-5p28
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w6g3-v46q-5p28
fixed_packages
0
url pkg:maven/org.apache.tika/tika-app@1.19
purl pkg:maven/org.apache.tika/tika-app@1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-app@1.19
aliases CVE-2018-11762, GHSA-w6g3-v46q-5p28
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6j1-yp44-hqdt
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-app@1.12