VulnerableCode Package Details - pkg:pypi/pyarrow@0.14.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-6yaz-ayj9-zqcr Aliases: CVE-2019-12408 GHSA-8cw2-jv5c-c825 PYSEC-2019-195	It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.	0.15.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 0.15.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-7gsz-eas8-5bgp Aliases: CVE-2023-47248 GHSA-5wvp-7f3h-6wmm PYSEC-2023-238	Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files).	14.0.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-7wzb-dv7h-jkdm Aliases: CVE-2019-12410 GHSA-cjw4-2w9r-r8mv PYSEC-2019-196	While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.	0.15.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 0.15.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-6yaz-ayj9-zqcr
Aliases:
CVE-2019-12408
GHSA-8cw2-jv5c-c825
PYSEC-2019-195

It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.

0.15.0
Affected by 1 other vulnerability.

0.15.1
Affected by 1 other vulnerability.

VCID-7gsz-eas8-5bgp
Aliases:
CVE-2023-47248
GHSA-5wvp-7f3h-6wmm
PYSEC-2023-238

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files).

14.0.1
Affected by 1 other vulnerability.

VCID-7wzb-dv7h-jkdm
Aliases:
CVE-2019-12410
GHSA-cjw4-2w9r-r8mv
PYSEC-2019-196

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.

0.15.0
Affected by 1 other vulnerability.

0.15.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T19:19:35.770610+00:00	GHSA Importer	Affected by	VCID-7gsz-eas8-5bgp	https://github.com/advisories/GHSA-5wvp-7f3h-6wmm	38.6.0
2026-06-02T04:25:22.370318+00:00	Pypa Importer	Affected by	VCID-7gsz-eas8-5bgp	https://github.com/pypa/advisory-database/blob/main/vulns/pyarrow/PYSEC-2023-238.yaml	38.6.0
2026-06-02T04:05:56.813973+00:00	Pypa Importer	Affected by	VCID-6yaz-ayj9-zqcr	https://github.com/pypa/advisory-database/blob/main/vulns/pyarrow/PYSEC-2019-195.yaml	38.6.0
2026-06-02T04:05:56.786761+00:00	Pypa Importer	Affected by	VCID-7wzb-dv7h-jkdm	https://github.com/pypa/advisory-database/blob/main/vulns/pyarrow/PYSEC-2019-196.yaml	38.6.0