Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/560792?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/560792?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.28.1", "type": "maven", "namespace": "org.apache.tika", "name": "tika-core", "version": "1.28.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.2.2", "latest_non_vulnerable_version": "3.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11903?format=api", "vulnerability_id": "VCID-m578-av81-kbhr", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30126.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30126.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67907", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01313", "scoring_system": "epss", "scoring_elements": "0.80304", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01313", "scoring_system": "epss", "scoring_elements": "0.80312", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01313", "scoring_system": "epss", "scoring_elements": "0.8032", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30126" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://github.com/apache/tika/commit/83b0de4d60161ebd4bc224141a959ac8c18d95f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/83b0de4d60161ebd4bc224141a959ac8c18d95f4" }, { "reference_url": "https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265" }, { "reference_url": "https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51" }, { "reference_url": "https://lists.apache.org/thread/dh3syg68nxogbmlg13srd6gjn3h2z6r4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/dh3syg68nxogbmlg13srd6gjn3h2z6r4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30126", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30126" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220624-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220624-0004" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/05/16/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/05/16/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/05/31/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/05/31/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/06/27/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/06/27/5" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002", "reference_id": "1015002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088523", "reference_id": "2088523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088523" }, { "reference_url": "https://github.com/advisories/GHSA-qw3f-w4pf-jh5f", "reference_id": "GHSA-qw3f-w4pf-jh5f", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qw3f-w4pf-jh5f" }, { "reference_url": "https://github.com/advisories/GHSA-rpjm-422r-95mh", "reference_id": "GHSA-rpjm-422r-95mh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rpjm-422r-95mh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://usn.ubuntu.com/7529-1/", "reference_id": "USN-7529-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7529-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384933?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.28.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p5rg-wubx-fyh9" }, { "vulnerability": "VCID-qdvh-q7rh-tfad" }, { "vulnerability": "VCID-t9mf-yf9h-xqdz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.28.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/384934?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p5rg-wubx-fyh9" }, { "vulnerability": "VCID-t9mf-yf9h-xqdz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@2.4.0" } ], "aliases": [ "CVE-2022-30126", "GHSA-rpjm-422r-95mh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m578-av81-kbhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12114?format=api", "vulnerability_id": "VCID-p5rg-wubx-fyh9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-33879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08017", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08009", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07982", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08013", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-33879" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220812-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220812-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220812-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220812-0004/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/06/27/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/06/27/5" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002", "reference_id": "1015002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33879", "reference_id": "CVE-2022-33879", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33879" }, { "reference_url": "https://github.com/advisories/GHSA-6q8v-2hvm-fx37", "reference_id": "GHSA-6q8v-2hvm-fx37", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6q8v-2hvm-fx37" }, { "reference_url": "https://usn.ubuntu.com/7529-1/", "reference_id": "USN-7529-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7529-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/574538?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.28.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-t9mf-yf9h-xqdz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.28.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/574539?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-t9mf-yf9h-xqdz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@2.4.1" } ], "aliases": [ "CVE-2022-33879", "GHSA-6q8v-2hvm-fx37" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5rg-wubx-fyh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11946?format=api", "vulnerability_id": "VCID-qdvh-q7rh-tfad", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30973.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30973.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48618", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48623", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4848", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48637", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30973" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265" }, { "reference_url": "https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51" }, { "reference_url": "https://lists.apache.org/thread/gqvb5t4p7tmdpl0y5bdbf72pgxj04h7p", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/gqvb5t4p7tmdpl0y5bdbf72pgxj04h7p" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220722-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220722-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220722-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220722-0004/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/05/31/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/05/31/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/06/27/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/06/27/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099553", "reference_id": "2099553", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099553" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30973", "reference_id": "CVE-2022-30973", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30973" }, { "reference_url": "https://github.com/advisories/GHSA-qw3f-w4pf-jh5f", "reference_id": "GHSA-qw3f-w4pf-jh5f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qw3f-w4pf-jh5f" }, { "reference_url": "https://github.com/advisories/GHSA-rpjm-422r-95mh", "reference_id": "GHSA-rpjm-422r-95mh", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rpjm-422r-95mh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7257", "reference_id": "RHSA-2022:7257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7257" }, { "reference_url": "https://usn.ubuntu.com/7529-1/", "reference_id": "USN-7529-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7529-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24361?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.28.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p5rg-wubx-fyh9" }, { "vulnerability": "VCID-t9mf-yf9h-xqdz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.28.3" } ], "aliases": [ "CVE-2022-30973", "GHSA-qw3f-w4pf-jh5f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qdvh-q7rh-tfad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94605?format=api", "vulnerability_id": "VCID-t9mf-yf9h-xqdz", "summary": "Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \n\nThis CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. \n\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66516.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66516.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66516", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02042", "scoring_system": "epss", "scoring_elements": "0.8427", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02042", "scoring_system": "epss", "scoring_elements": "0.84275", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02042", "scoring_system": "epss", "scoring_elements": "0.84267", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02042", "scoring_system": "epss", "scoring_elements": "0.84212", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66516" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66516" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121954", "reference_id": "1121954", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121954" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418870", "reference_id": "2418870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418870" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66516", "reference_id": "CVE-2025-66516", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66516" }, { "reference_url": "https://cve.org/CVERecord?id=CVE-2025-54988", "reference_id": "CVERecord?id=CVE-2025-54988", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-15T04:56:02Z/" } ], "url": "https://cve.org/CVERecord?id=CVE-2025-54988" }, { "reference_url": "https://github.com/advisories/GHSA-f58c-gq56-vjjf", "reference_id": "GHSA-f58c-gq56-vjjf", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f58c-gq56-vjjf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23143", "reference_id": "RHSA-2025:23143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23225", "reference_id": "RHSA-2025:23225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23225" }, { "reference_url": "https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k", "reference_id": "s5x3k93nhbkqzztp1olxotoyjpdlps9k", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-15T04:56:02Z/" } ], "url": "https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k" }, { "reference_url": "https://usn.ubuntu.com/8324-1/", "reference_id": "USN-8324-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8324-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35882?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@3.2.2" } ], "aliases": [ "CVE-2025-66516", "GHSA-f58c-gq56-vjjf" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9mf-yf9h-xqdz" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.28.1" }