Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tika/tika-parsers@1.8
Typemaven
Namespaceorg.apache.tika
Nametika-parsers
Version1.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.1
Latest_non_vulnerable_version2.4.1
Affected_by_vulnerabilities
0
url VCID-2yxn-wffn-x7gr
vulnerability_id VCID-2yxn-wffn-x7gr
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's `SQLite3Parser`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17197.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17197.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17197
reference_id
reference_type
scores
0
value 0.03108
scoring_system epss
scoring_elements 0.87075
published_at 2026-06-07T12:55:00Z
1
value 0.03108
scoring_system epss
scoring_elements 0.87061
published_at 2026-06-04T12:55:00Z
2
value 0.03108
scoring_system epss
scoring_elements 0.87081
published_at 2026-06-06T12:55:00Z
3
value 0.03108
scoring_system epss
scoring_elements 0.87083
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17197
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika/commit/0c49c851979163334ea05cbebdd11ff87feba62d
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/0c49c851979163334ea05cbebdd11ff87feba62d
5
reference_url https://lists.apache.org/thread.html/7c021a4ea2037e52e74628e17e8e0e2acab1f447160edc8be0eae6d3@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7c021a4ea2037e52e74628e17e8e0e2acab1f447160edc8be0eae6d3@%3Cdev.tika.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
7
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
8
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
9
reference_url http://www.securityfocus.com/bid/106293
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106293
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1663925
reference_id 1663925
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1663925
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17197
reference_id CVE-2018-17197
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17197
12
reference_url https://github.com/advisories/GHSA-3448-vfvv-xp9g
reference_id GHSA-3448-vfvv-xp9g
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3448-vfvv-xp9g
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.20
purl pkg:maven/org.apache.tika/tika-parsers@1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-q319-5s6s-aqab
3
vulnerability VCID-yetb-gykm-nyhf
4
vulnerability VCID-yt8m-g5bf-wkf7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.20
aliases CVE-2018-17197, GHSA-3448-vfvv-xp9g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2yxn-wffn-x7gr
1
url VCID-42ad-sh45-7fev
vulnerability_id VCID-42ad-sh45-7fev
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28657
reference_id
reference_type
scores
0
value 0.00221
scoring_system epss
scoring_elements 0.44832
published_at 2026-06-07T12:55:00Z
1
value 0.00221
scoring_system epss
scoring_elements 0.44778
published_at 2026-06-04T12:55:00Z
2
value 0.00221
scoring_system epss
scoring_elements 0.44847
published_at 2026-06-05T12:55:00Z
3
value 0.00221
scoring_system epss
scoring_elements 0.44853
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28657
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
6
reference_url https://security.netapp.com/advisory/ntap-20210507-0004
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210507-0004
7
reference_url https://security.netapp.com/advisory/ntap-20210507-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210507-0004/
8
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
9
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1944881
reference_id 1944881
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1944881
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805
reference_id 986805
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28657
reference_id CVE-2021-28657
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28657
13
reference_url https://github.com/advisories/GHSA-567x-m4wm-87v8
reference_id GHSA-567x-m4wm-87v8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-567x-m4wm-87v8
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.26
purl pkg:maven/org.apache.tika/tika-parsers@1.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8qc9-3mxe-8ydp
1
vulnerability VCID-q319-5s6s-aqab
2
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.26
aliases CVE-2021-28657, GHSA-567x-m4wm-87v8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-42ad-sh45-7fev
2
url VCID-7d9k-ekje-fbe1
vulnerability_id VCID-7d9k-ekje-fbe1
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `ChmParser`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1339.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1339.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1339
reference_id
reference_type
scores
0
value 0.04517
scoring_system epss
scoring_elements 0.89357
published_at 2026-06-07T12:55:00Z
1
value 0.04517
scoring_system epss
scoring_elements 0.89339
published_at 2026-06-04T12:55:00Z
2
value 0.04517
scoring_system epss
scoring_elements 0.89358
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1339
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1339
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1339
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd
6
reference_url https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1572424
reference_id 1572424
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1572424
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000
reference_id 900000
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1339
reference_id CVE-2018-1339
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1339
10
reference_url https://github.com/advisories/GHSA-p699-3wgc-7h72
reference_id GHSA-p699-3wgc-7h72
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p699-3wgc-7h72
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.18
purl pkg:maven/org.apache.tika/tika-parsers@1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yxn-wffn-x7gr
1
vulnerability VCID-42ad-sh45-7fev
2
vulnerability VCID-8qc9-3mxe-8ydp
3
vulnerability VCID-98bu-vqgb-x7a8
4
vulnerability VCID-c7gc-egj2-2yb9
5
vulnerability VCID-jyak-stwf-f3gw
6
vulnerability VCID-q319-5s6s-aqab
7
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.18
aliases CVE-2018-1339, GHSA-p699-3wgc-7h72
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7d9k-ekje-fbe1
3
url VCID-7snd-ac5u-bydy
vulnerability_id VCID-7snd-ac5u-bydy
summary 
Deserialization of Untrusted Data
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes `JMatIO` to do native deserialization.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6809.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6809.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6809
reference_id
reference_type
scores
0
value 0.07049
scoring_system epss
scoring_elements 0.91657
published_at 2026-06-07T12:55:00Z
1
value 0.07049
scoring_system epss
scoring_elements 0.9166
published_at 2026-06-06T12:55:00Z
2
value 0.07049
scoring_system epss
scoring_elements 0.91658
published_at 2026-06-05T12:55:00Z
3
value 0.07049
scoring_system epss
scoring_elements 0.91646
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6809
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6809
3
reference_url https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt
4
reference_url http://seclists.org/bugtraq/2016/Nov/40
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://seclists.org/bugtraq/2016/Nov/40
5
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
6
reference_url https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610
7
reference_url https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E
12
reference_url http://www.securityfocus.com/bid/94247
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94247
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1394156
reference_id 1394156
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1394156
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6809
reference_id CVE-2016-6809
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-6809
15
reference_url https://github.com/advisories/GHSA-j8g6-2wh7-6439
reference_id GHSA-j8g6-2wh7-6439
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-j8g6-2wh7-6439
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.14
purl pkg:maven/org.apache.tika/tika-parsers@1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yxn-wffn-x7gr
1
vulnerability VCID-42ad-sh45-7fev
2
vulnerability VCID-7d9k-ekje-fbe1
3
vulnerability VCID-8qc9-3mxe-8ydp
4
vulnerability VCID-98bu-vqgb-x7a8
5
vulnerability VCID-c7gc-egj2-2yb9
6
vulnerability VCID-jyak-stwf-f3gw
7
vulnerability VCID-q319-5s6s-aqab
8
vulnerability VCID-x3y9-rbfc-47b8
9
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.14
aliases CVE-2016-6809, GHSA-j8g6-2wh7-6439
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7snd-ac5u-bydy
4
url VCID-8qc9-3mxe-8ydp
vulnerability_id VCID-8qc9-3mxe-8ydp
summary The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-33879
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07949
published_at 2026-06-04T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07972
published_at 2026-06-07T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.07996
published_at 2026-06-06T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.07981
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-33879
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-33879
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-33879
5
reference_url https://security.netapp.com/advisory/ntap-20220812-0004
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220812-0004
6
reference_url https://security.netapp.com/advisory/ntap-20220812-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220812-0004/
7
reference_url http://www.openwall.com/lists/oss-security/2022/06/27/5
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/06/27/5
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
reference_id 1015002
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
9
reference_url https://github.com/advisories/GHSA-6q8v-2hvm-fx37
reference_id GHSA-6q8v-2hvm-fx37
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6q8v-2hvm-fx37
10
reference_url https://usn.ubuntu.com/7529-1/
reference_id USN-7529-1
reference_type
scores
url https://usn.ubuntu.com/7529-1/
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.28.4
purl pkg:maven/org.apache.tika/tika-parsers@1.28.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.28.4
1
url pkg:maven/org.apache.tika/tika-parsers@2.4.1
purl pkg:maven/org.apache.tika/tika-parsers@2.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@2.4.1
aliases CVE-2022-33879, GHSA-6q8v-2hvm-fx37
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qc9-3mxe-8ydp
5
url VCID-98bu-vqgb-x7a8
vulnerability_id VCID-98bu-vqgb-x7a8
summary 
Improper Restriction of XML External Entity Reference
In Apache Tika, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a DoS.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11761.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11761.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11761
reference_id
reference_type
scores
0
value 0.11027
scoring_system epss
scoring_elements 0.93583
published_at 2026-06-07T12:55:00Z
1
value 0.11027
scoring_system epss
scoring_elements 0.93585
published_at 2026-06-06T12:55:00Z
2
value 0.11027
scoring_system epss
scoring_elements 0.93584
published_at 2026-06-05T12:55:00Z
3
value 0.11027
scoring_system epss
scoring_elements 0.93574
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11761
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11761
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11761
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63
5
reference_url https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
7
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
8
reference_url http://www.securityfocus.com/bid/105514
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105514
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1632462
reference_id 1632462
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1632462
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11761
reference_id CVE-2018-11761
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11761
11
reference_url https://github.com/advisories/GHSA-6jq2-789q-fff2
reference_id GHSA-6jq2-789q-fff2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6jq2-789q-fff2
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.19
purl pkg:maven/org.apache.tika/tika-parsers@1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yxn-wffn-x7gr
1
vulnerability VCID-42ad-sh45-7fev
2
vulnerability VCID-8qc9-3mxe-8ydp
3
vulnerability VCID-c7gc-egj2-2yb9
4
vulnerability VCID-q319-5s6s-aqab
5
vulnerability VCID-yetb-gykm-nyhf
6
vulnerability VCID-yt8m-g5bf-wkf7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19
aliases CVE-2018-11761, GHSA-6jq2-789q-fff2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98bu-vqgb-x7a8
6
url VCID-c7gc-egj2-2yb9
vulnerability_id VCID-c7gc-egj2-2yb9
summary 
Improper Restriction of XML External Entity Reference
Tika reuses SAXParsers and calls `reset()` after each parse; the parser ignores entity expansion limits after the first parse.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3892
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11796.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11796.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11796
reference_id
reference_type
scores
0
value 0.0394
scoring_system epss
scoring_elements 0.88566
published_at 2026-06-07T12:55:00Z
1
value 0.0394
scoring_system epss
scoring_elements 0.88547
published_at 2026-06-04T12:55:00Z
2
value 0.0394
scoring_system epss
scoring_elements 0.88565
published_at 2026-06-05T12:55:00Z
3
value 0.0394
scoring_system epss
scoring_elements 0.88567
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11796
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
6
reference_url https://security.netapp.com/advisory/ntap-20190903-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190903-0002
7
reference_url https://security.netapp.com/advisory/ntap-20190903-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190903-0002/
8
reference_url http://www.securityfocus.com/bid/105585
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105585
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1639090
reference_id 1639090
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1639090
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11796
reference_id CVE-2018-11796
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11796
11
reference_url https://github.com/advisories/GHSA-h8q5-g2cj-qr5h
reference_id GHSA-h8q5-g2cj-qr5h
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h8q5-g2cj-qr5h
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.19.1
purl pkg:maven/org.apache.tika/tika-parsers@1.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yxn-wffn-x7gr
1
vulnerability VCID-42ad-sh45-7fev
2
vulnerability VCID-8qc9-3mxe-8ydp
3
vulnerability VCID-q319-5s6s-aqab
4
vulnerability VCID-yetb-gykm-nyhf
5
vulnerability VCID-yt8m-g5bf-wkf7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19.1
aliases CVE-2018-11796, GHSA-h8q5-g2cj-qr5h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c7gc-egj2-2yb9
7
url VCID-jyak-stwf-f3gw
vulnerability_id VCID-jyak-stwf-f3gw
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
In Apache Tikato, a carefully crafted file can trigger an infinite loop in the `IptcAnpaParser`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8017.json
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8017.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8017
reference_id
reference_type
scores
0
value 0.02108
scoring_system epss
scoring_elements 0.84433
published_at 2026-06-07T12:55:00Z
1
value 0.02108
scoring_system epss
scoring_elements 0.84441
published_at 2026-06-06T12:55:00Z
2
value 0.02108
scoring_system epss
scoring_elements 0.84438
published_at 2026-06-05T12:55:00Z
3
value 0.02108
scoring_system epss
scoring_elements 0.84414
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8017
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8017
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8017
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://github.com/apache/tika/commit/62926cae31a02d4f23d21148435804b96c543cc
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/62926cae31a02d4f23d21148435804b96c543cc
6
reference_url https://github.com/apache/tika/commit/8a6a9e1344f5b10ebfa1a189dc3c30d0da2b9d4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/8a6a9e1344f5b10ebfa1a189dc3c30d0da2b9d4
7
reference_url https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E
8
reference_url http://www.securityfocus.com/bid/105513
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105513
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1632466
reference_id 1632466
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1632466
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914643
reference_id 914643
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914643
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8017
reference_id CVE-2018-8017
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8017
12
reference_url https://github.com/advisories/GHSA-j53j-gmr9-h8g3
reference_id GHSA-j53j-gmr9-h8g3
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-j53j-gmr9-h8g3
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.19
purl pkg:maven/org.apache.tika/tika-parsers@1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yxn-wffn-x7gr
1
vulnerability VCID-42ad-sh45-7fev
2
vulnerability VCID-8qc9-3mxe-8ydp
3
vulnerability VCID-c7gc-egj2-2yb9
4
vulnerability VCID-q319-5s6s-aqab
5
vulnerability VCID-yetb-gykm-nyhf
6
vulnerability VCID-yt8m-g5bf-wkf7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19
aliases CVE-2018-8017, GHSA-j53j-gmr9-h8g3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jyak-stwf-f3gw
8
url VCID-x3y9-rbfc-47b8
vulnerability_id VCID-x3y9-rbfc-47b8
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `BPGParser`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1338.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1338.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1338
reference_id
reference_type
scores
0
value 0.03002
scoring_system epss
scoring_elements 0.86843
published_at 2026-06-07T12:55:00Z
1
value 0.03002
scoring_system epss
scoring_elements 0.86826
published_at 2026-06-04T12:55:00Z
2
value 0.03002
scoring_system epss
scoring_elements 0.86848
published_at 2026-06-05T12:55:00Z
3
value 0.03002
scoring_system epss
scoring_elements 0.86846
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1338
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1338
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1338
4
reference_url https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1572421
reference_id 1572421
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1572421
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1338
reference_id CVE-2018-1338
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1338
7
reference_url https://github.com/advisories/GHSA-5mf7-26mw-3rqr
reference_id GHSA-5mf7-26mw-3rqr
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5mf7-26mw-3rqr
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.18
purl pkg:maven/org.apache.tika/tika-parsers@1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yxn-wffn-x7gr
1
vulnerability VCID-42ad-sh45-7fev
2
vulnerability VCID-8qc9-3mxe-8ydp
3
vulnerability VCID-98bu-vqgb-x7a8
4
vulnerability VCID-c7gc-egj2-2yb9
5
vulnerability VCID-jyak-stwf-f3gw
6
vulnerability VCID-q319-5s6s-aqab
7
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.18
aliases CVE-2018-1338, GHSA-5mf7-26mw-3rqr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x3y9-rbfc-47b8
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.8