Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tika/tika-parsers@1.23
Typemaven
Namespaceorg.apache.tika
Nametika-parsers
Version1.23
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.1
Latest_non_vulnerable_version2.4.1
Affected_by_vulnerabilities
0
url VCID-42ad-sh45-7fev
vulnerability_id VCID-42ad-sh45-7fev
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28657
reference_id
reference_type
scores
0
value 0.00221
scoring_system epss
scoring_elements 0.44847
published_at 2026-06-05T12:55:00Z
1
value 0.00221
scoring_system epss
scoring_elements 0.44778
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28657
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
6
reference_url https://security.netapp.com/advisory/ntap-20210507-0004
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210507-0004
7
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
8
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1944881
reference_id 1944881
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1944881
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805
reference_id 986805
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28657
reference_id CVE-2021-28657
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28657
12
reference_url https://github.com/advisories/GHSA-567x-m4wm-87v8
reference_id GHSA-567x-m4wm-87v8
reference_type
scores
url https://github.com/advisories/GHSA-567x-m4wm-87v8
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.26
purl pkg:maven/org.apache.tika/tika-parsers@1.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8qc9-3mxe-8ydp
1
vulnerability VCID-q319-5s6s-aqab
2
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.26
aliases CVE-2021-28657, GHSA-567x-m4wm-87v8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-42ad-sh45-7fev
1
url VCID-8qc9-3mxe-8ydp
vulnerability_id VCID-8qc9-3mxe-8ydp
summary The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-33879
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07949
published_at 2026-06-04T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07981
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-33879
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-33879
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-33879
5
reference_url https://security.netapp.com/advisory/ntap-20220812-0004
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220812-0004
6
reference_url https://security.netapp.com/advisory/ntap-20220812-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220812-0004/
7
reference_url http://www.openwall.com/lists/oss-security/2022/06/27/5
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/06/27/5
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
reference_id 1015002
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
9
reference_url https://github.com/advisories/GHSA-6q8v-2hvm-fx37
reference_id GHSA-6q8v-2hvm-fx37
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6q8v-2hvm-fx37
10
reference_url https://usn.ubuntu.com/7529-1/
reference_id USN-7529-1
reference_type
scores
url https://usn.ubuntu.com/7529-1/
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.28.4
purl pkg:maven/org.apache.tika/tika-parsers@1.28.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.28.4
1
url pkg:maven/org.apache.tika/tika-parsers@2.4.1
purl pkg:maven/org.apache.tika/tika-parsers@2.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@2.4.1
aliases CVE-2022-33879, GHSA-6q8v-2hvm-fx37
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qc9-3mxe-8ydp
2
url VCID-q319-5s6s-aqab
vulnerability_id VCID-q319-5s6s-aqab
summary 
Apache Tika has XXE vulnerability
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF.

This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways.

First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable.

Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66516.json
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66516.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66516
reference_id
reference_type
scores
0
value 0.01579
scoring_system epss
scoring_elements 0.81939
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66516
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66516
3
reference_url https://cve.org/CVERecord?id=CVE-2025-54988
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-15T04:56:02Z/
url https://cve.org/CVERecord?id=CVE-2025-54988
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-15T04:56:02Z/
url https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121954
reference_id 1121954
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121954
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418870
reference_id 2418870
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418870
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66516
reference_id CVE-2025-66516
reference_type
scores
0
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66516
9
reference_url https://github.com/advisories/GHSA-f58c-gq56-vjjf
reference_id GHSA-f58c-gq56-vjjf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f58c-gq56-vjjf
10
reference_url https://access.redhat.com/errata/RHSA-2025:23225
reference_id RHSA-2025:23225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23225
11
reference_url https://usn.ubuntu.com/8324-1/
reference_id USN-8324-1
reference_type
scores
url https://usn.ubuntu.com/8324-1/
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@2.0.0
purl pkg:maven/org.apache.tika/tika-parsers@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8qc9-3mxe-8ydp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@2.0.0
aliases CVE-2025-66516, GHSA-f58c-gq56-vjjf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q319-5s6s-aqab
3
url VCID-yetb-gykm-nyhf
vulnerability_id VCID-yetb-gykm-nyhf
summary 
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard.

Users are recommended to upgrade to version 3.2.2, which fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54988.json
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54988.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54988
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05824
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54988
2
reference_url https://archive.apache.org/dist/tika/3.2.2/CHANGES-3.2.2.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://archive.apache.org/dist/tika/3.2.2/CHANGES-3.2.2.txt
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54988
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54988
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://github.com/apache/tika/commit/2b52257304f4d3cde2b8463657380bdb936d9ef2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/2b52257304f4d3cde2b8463657380bdb936d9ef2
6
reference_url https://github.com/apache/tika/pull/2291
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/pull/2291
7
reference_url https://issues.apache.org/jira/browse/TIKA-4459
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/TIKA-4459
8
reference_url https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-22T04:55:48Z/
url https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w
9
reference_url https://lists.apache.org/thread/stn9oh7rfn9yv76n1srxr9w56oy04p72
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/stn9oh7rfn9yv76n1srxr9w56oy04p72
10
reference_url https://lists.debian.org/debian-lts-announce/2025/10/msg00030.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/10/msg00030.html
11
reference_url http://www.openwall.com/lists/oss-security/2025/08/20/2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/20/2
12
reference_url http://www.openwall.com/lists/oss-security/2025/08/20/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/20/3
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111763
reference_id 1111763
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111763
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2389910
reference_id 2389910
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2389910
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54988
reference_id CVE-2025-54988
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54988
16
reference_url https://github.com/advisories/GHSA-p72g-pv48-7w9x
reference_id GHSA-p72g-pv48-7w9x
reference_type
scores
url https://github.com/advisories/GHSA-p72g-pv48-7w9x
17
reference_url https://usn.ubuntu.com/8324-1/
reference_id USN-8324-1
reference_type
scores
url https://usn.ubuntu.com/8324-1/
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@2.0.0-ALPHA
purl pkg:maven/org.apache.tika/tika-parsers@2.0.0-ALPHA
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@2.0.0-ALPHA
aliases CVE-2025-54988, GHSA-p72g-pv48-7w9x
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yetb-gykm-nyhf
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.23