VulnerableCode Package Details - pkg:nuget/Apache.Avro@1.7.7.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-6yqn-2w2d-3yd3 Aliases: CVE-2023-39410 GHSA-rhrv-645h-fjfh PYSEC-2023-188	When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.	1.11.3 Affected by 0 other vulnerabilities.
VCID-keum-zdsz-s3by Aliases: CVE-2021-43045 GHSA-868x-rg4c-cjqg	Allocation of Resources Without Limits or Throttling in Apache Avro A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro and prior versions. Users should update to which addresses this issue.	1.11.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-6yqn-2w2d-3yd3
Aliases:
CVE-2023-39410
GHSA-rhrv-645h-fjfh
PYSEC-2023-188

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

1.11.3
Affected by 0 other vulnerabilities.

VCID-keum-zdsz-s3by
Aliases:
CVE-2021-43045
GHSA-868x-rg4c-cjqg

Allocation of Resources Without Limits or Throttling in Apache Avro A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro and prior versions. Users should update to which addresses this issue.

1.11.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:39:45.435014+00:00	GitLab Importer	Affected by	VCID-6yqn-2w2d-3yd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Apache.Avro/CVE-2023-39410.yml	38.4.0
2026-04-16T21:37:03.190198+00:00	GitLab Importer	Affected by	VCID-keum-zdsz-s3by	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Apache.Avro/CVE-2021-43045.yml	38.4.0
2026-04-11T23:59:11.787822+00:00	GitLab Importer	Affected by	VCID-6yqn-2w2d-3yd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Apache.Avro/CVE-2023-39410.yml	38.3.0
2026-04-11T22:51:00.303602+00:00	GitLab Importer	Affected by	VCID-keum-zdsz-s3by	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Apache.Avro/CVE-2021-43045.yml	38.3.0
2026-04-03T00:02:16.378851+00:00	GitLab Importer	Affected by	VCID-6yqn-2w2d-3yd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Apache.Avro/CVE-2023-39410.yml	38.1.0
2026-04-02T23:00:24.752247+00:00	GitLab Importer	Affected by	VCID-keum-zdsz-s3by	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Apache.Avro/CVE-2021-43045.yml	38.1.0
2026-04-01T17:19:09.983057+00:00	GitLab Importer	Affected by	VCID-keum-zdsz-s3by	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Apache.Avro/CVE-2021-43045.yml	38.0.0