Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tika/tika-server@1.25

Type maven

Namespace org.apache.tika

Name tika-server

Version 1.25

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.28.4

Latest_non_vulnerable_version 2.4.1

Affected_by_vulnerabilities

url VCID-42ad-sh45-7fev

vulnerability_id VCID-42ad-sh45-7fev

summary

Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28657

reference_id

reference_type

scores

value	0.00221
scoring_system	epss
scoring_elements	0.44847
published_at	2026-06-05T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44778
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20210507-0004

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210507-0004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1944881
reference_id	1944881
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1944881

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805
reference_id	986805
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-28657

reference_id

CVE-2021-28657

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-28657

reference_url	https://github.com/advisories/GHSA-567x-m4wm-87v8
reference_id	GHSA-567x-m4wm-87v8
reference_type
scores
url	https://github.com/advisories/GHSA-567x-m4wm-87v8

fixed_packages

url pkg:maven/org.apache.tika/tika-server@1.26

purl pkg:maven/org.apache.tika/tika-server@1.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qc9-3mxe-8ydp

vulnerability	VCID-zj8z-ja31-mkcr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.26

aliases CVE-2021-28657, GHSA-567x-m4wm-87v8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-42ad-sh45-7fev

url VCID-8qc9-3mxe-8ydp

vulnerability_id VCID-8qc9-3mxe-8ydp

summary The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-33879

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07949
published_at	2026-06-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07981
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-33879

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-33879

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-33879

reference_url

https://security.netapp.com/advisory/ntap-20220812-0004

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220812-0004

reference_url	https://security.netapp.com/advisory/ntap-20220812-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220812-0004/

reference_url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
reference_id	1015002
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002

reference_url

https://github.com/advisories/GHSA-6q8v-2hvm-fx37

reference_id

GHSA-6q8v-2hvm-fx37

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6q8v-2hvm-fx37

reference_url	https://usn.ubuntu.com/7529-1/
reference_id	USN-7529-1
reference_type
scores
url	https://usn.ubuntu.com/7529-1/

fixed_packages

url	pkg:maven/org.apache.tika/tika-server@1.28.4
purl	pkg:maven/org.apache.tika/tika-server@1.28.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.28.4

url	pkg:maven/org.apache.tika/tika-server@2.4.1
purl	pkg:maven/org.apache.tika/tika-server@2.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@2.4.1

aliases CVE-2022-33879, GHSA-6q8v-2hvm-fx37

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qc9-3mxe-8ydp

url VCID-zj8z-ja31-mkcr

vulnerability_id VCID-zj8z-ja31-mkcr

summary tika-core: incomplete fix for CVE-2022-30126

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30973.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30973.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30973

reference_id

reference_type

scores

value	0.0025
scoring_system	epss
scoring_elements	0.48449
published_at	2026-06-05T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48387
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30973

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-rpjm-422r-95mh

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rpjm-422r-95mh

reference_url

https://github.com/apache/tika

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika

reference_url

https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265

reference_url

https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51

reference_url

https://lists.apache.org/thread/gqvb5t4p7tmdpl0y5bdbf72pgxj04h7p

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/gqvb5t4p7tmdpl0y5bdbf72pgxj04h7p

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-30973

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-30973

reference_url

https://security.netapp.com/advisory/ntap-20220722-0004

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220722-0004

reference_url	https://security.netapp.com/advisory/ntap-20220722-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220722-0004/

reference_url

http://www.openwall.com/lists/oss-security/2022/05/31/2

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/05/31/2

reference_url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2099553
reference_id	2099553
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2099553

reference_url	https://access.redhat.com/errata/RHSA-2022:7257
reference_id	RHSA-2022:7257
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7257

reference_url	https://usn.ubuntu.com/7529-1/
reference_id	USN-7529-1
reference_type
scores
url	https://usn.ubuntu.com/7529-1/

fixed_packages

url pkg:maven/org.apache.tika/tika-server@1.28.3

purl pkg:maven/org.apache.tika/tika-server@1.28.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qc9-3mxe-8ydp

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.28.3

aliases CVE-2022-30973, GHSA-qw3f-w4pf-jh5f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zj8z-ja31-mkcr

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.25

Package Instance