VulnerableCode Package Details - pkg:maven/org.apache.tika/tika@1.9

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.tika/tika@1.9

Essentials
History (8)

purl	pkg:maven/org.apache.tika/tika@1.9

Next non-vulnerable version	1.28.4
Latest non-vulnerable version	2.4.1
Risk

Vulnerabilities affecting this package (8)

Vulnerability	Summary	Fixed by
VCID-2yb7-v3m7-3ffz Aliases: CVE-2020-1950 GHSA-3h29-52vh-pqgr	Uncontrolled Resource Consumption A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser.	1.24 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-42ad-sh45-7fev Aliases: CVE-2021-28657 GHSA-567x-m4wm-87v8	Loop with Unreachable Exit Condition (Infinite Loop) A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser	1.26 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-8qc9-3mxe-8ydp Aliases: CVE-2022-33879 GHSA-6q8v-2hvm-fx37	The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.	1.28.4 Affected by 0 other vulnerabilities. 2.4.1 Affected by 0 other vulnerabilities.
VCID-en59-hstj-8kc1 Aliases: CVE-2022-30126 GHSA-rpjm-422r-95mh	tika-core: Regular Expression Denial of Service in standards extractor	1.28.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-eu4h-uqdw-n7ez Aliases: CVE-2022-25169 GHSA-7qcq-xp2f-56f6	Allocation of Resources Without Limits or Throttling The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.	1.28.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-uj1b-pk9r-ryhz Aliases: CVE-2020-1951 GHSA-3264-3fm9-fg44	Loop with Unreachable Exit Condition (Infinite Loop) A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser.	1.24 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yhgb-qh1t-3qhj Aliases: CVE-2020-9489 GHSA-4pv3-63jw-4jw2	Missing Release of Memory after Effective Lifetime A carefully crafted or corrupt file may trigger a `System.exit` in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops.	1.24.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zj8z-ja31-mkcr Aliases: CVE-2022-30973 GHSA-qw3f-w4pf-jh5f	tika-core: incomplete fix for CVE-2022-30126	1.28.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T02:39:27.225261+00:00	GitLab Importer	Affected by	VCID-8qc9-3mxe-8ydp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika/CVE-2022-33879.yml	38.6.0
2026-06-06T02:34:42.082134+00:00	GitLab Importer	Affected by	VCID-zj8z-ja31-mkcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika/CVE-2022-30973.yml	38.6.0
2026-06-06T02:08:59.109011+00:00	GitLab Importer	Affected by	VCID-en59-hstj-8kc1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika/CVE-2022-30126.yml	38.6.0
2026-06-06T02:07:16.053099+00:00	GitLab Importer	Affected by	VCID-eu4h-uqdw-n7ez	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika/CVE-2022-25169.yml	38.6.0
2026-06-06T00:36:40.544198+00:00	GitLab Importer	Affected by	VCID-42ad-sh45-7fev	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika/CVE-2021-28657.yml	38.6.0
2026-06-06T00:36:21.347728+00:00	GitLab Importer	Affected by	VCID-uj1b-pk9r-ryhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika/CVE-2020-1951.yml	38.6.0
2026-06-06T00:36:16.921853+00:00	GitLab Importer	Affected by	VCID-2yb7-v3m7-3ffz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika/CVE-2020-1950.yml	38.6.0
2026-06-06T00:36:12.012002+00:00	GitLab Importer	Affected by	VCID-yhgb-qh1t-3qhj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika/CVE-2020-9489.yml	38.6.0