VulnerableCode Package Details - pkg:maven/org.apache.avro/avro@1.11.5

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.avro/avro@1.11.5

Essentials
History (1)

purl	pkg:maven/org.apache.avro/avro@1.11.5

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-cfcn-gwwn-ybe8	Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue.	CVE-2025-33042 GHSA-rp46-r563-jrc7 PYSEC-2026-26

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:50:06.361804+00:00	GitLab Importer	Fixing	VCID-cfcn-gwwn-ybe8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2025-33042.yml	38.6.0