Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/avro@1.5.0
Typepypi
Namespace
Nameavro
Version1.5.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.11.5
Latest_non_vulnerable_version1.11.5
Affected_by_vulnerabilities
0
url VCID-cfcn-gwwn-ybe8
vulnerability_id VCID-cfcn-gwwn-ybe8
summary 
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.

This issue affects Apache Avro Java SDK: all versions through 1.11.4 and versionĀ 1.12.0.

Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-33042.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-33042.json
1
reference_url https://github.com/apache/avro
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/avro
2
reference_url https://github.com/apache/avro/commit/84bc7322ca1c04ab4a8e4e708acf1e271541aac4
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/avro/commit/84bc7322ca1c04ab4a8e4e708acf1e271541aac4
3
reference_url https://github.com/apache/avro/pull/3150
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/avro/pull/3150
4
reference_url https://issues.apache.org/jira/browse/AVRO-4053
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/AVRO-4053
5
reference_url https://lists.apache.org/thread/fy88wmgf1lj9479vrpt12cv8x73lroj1
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/fy88wmgf1lj9479vrpt12cv8x73lroj1
6
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEAVRO-15282783
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEAVRO-15282783
7
reference_url http://www.openwall.com/lists/oss-security/2026/02/12/2
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/02/12/2
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2439675
reference_id 2439675
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2439675
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-33042
reference_id CVE-2025-33042
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-33042
10
reference_url https://github.com/advisories/GHSA-rp46-r563-jrc7
reference_id GHSA-rp46-r563-jrc7
reference_type
scores
url https://github.com/advisories/GHSA-rp46-r563-jrc7
11
reference_url https://access.redhat.com/errata/RHSA-2026:7109
reference_id RHSA-2026:7109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7109
12
reference_url https://access.redhat.com/errata/RHSA-2026:7380
reference_id RHSA-2026:7380
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7380
fixed_packages
0
url pkg:pypi/avro@1.11.5
purl pkg:pypi/avro@1.11.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/avro@1.11.5
aliases CVE-2025-33042, GHSA-rp46-r563-jrc7, PYSEC-2026-26
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cfcn-gwwn-ybe8
1
url VCID-p54a-fes2-x7gu
vulnerability_id VCID-p54a-fes2-x7gu
summary 
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.

This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2.  Users should update to apache-avro version 1.11.3 which addresses this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39410.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39410.json
1
reference_url https://github.com/apache/avro
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/avro
2
reference_url https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml
4
reference_url https://issues.apache.org/jira/browse/AVRO-3819
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/AVRO-3819
5
reference_url https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
6
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
7
reference_url https://www.openwall.com/lists/oss-security/2023/09/29/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/09/29/6
8
reference_url http://www.openwall.com/lists/oss-security/2023/09/29/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/09/29/6
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2242521
reference_id 2242521
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2242521
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39410
reference_id CVE-2023-39410
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39410
11
reference_url https://github.com/advisories/GHSA-rhrv-645h-fjfh
reference_id GHSA-rhrv-645h-fjfh
reference_type
scores
url https://github.com/advisories/GHSA-rhrv-645h-fjfh
12
reference_url https://access.redhat.com/errata/RHSA-2023:7247
reference_id RHSA-2023:7247
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7247
13
reference_url https://access.redhat.com/errata/RHSA-2023:7617
reference_id RHSA-2023:7617
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7617
14
reference_url https://access.redhat.com/errata/RHSA-2023:7700
reference_id RHSA-2023:7700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7700
fixed_packages
0
url pkg:pypi/avro@1.11.3
purl pkg:pypi/avro@1.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cfcn-gwwn-ybe8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/avro@1.11.3
aliases CVE-2023-39410, GHSA-rhrv-645h-fjfh, PYSEC-2023-188
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p54a-fes2-x7gu
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/avro@1.5.0