Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tika/tika-parsers@0.6

Type maven

Namespace org.apache.tika

Name tika-parsers

Version 0.6

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-1111-je65-yub2

vulnerability_id VCID-1111-je65-yub2

summary

Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `BPGParser`.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:2669

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2669

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1338

reference_id

reference_type

scores

value	0.03002
scoring_system	epss
scoring_elements	0.86808
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1338

reference_url

https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1338

reference_id

CVE-2018-1338

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1338

reference_url

https://github.com/advisories/GHSA-5mf7-26mw-3rqr

reference_id

GHSA-5mf7-26mw-3rqr

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-5mf7-26mw-3rqr

fixed_packages

url pkg:maven/org.apache.tika/tika-parsers@1.18

purl pkg:maven/org.apache.tika/tika-parsers@1.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-afue-mktt-8bdd

vulnerability	VCID-b49c-ddca-skfe

vulnerability	VCID-hkxq-6qn6-qbar

vulnerability	VCID-htes-xvfq-fkdt

vulnerability	VCID-hyu9-rzgz-1yhw

vulnerability	VCID-seg6-emwn-37ee

vulnerability	VCID-uebs-ergb-kqet

vulnerability	VCID-yh9u-n18p-ckgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.18

aliases CVE-2018-1338, GHSA-5mf7-26mw-3rqr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1111-je65-yub2

url VCID-afue-mktt-8bdd

vulnerability_id VCID-afue-mktt-8bdd

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11761

reference_id

reference_type

scores

value	0.11027
scoring_system	epss
scoring_elements	0.93557
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11761

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63
reference_id
reference_type
scores
url	https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63

reference_url

https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E

reference_url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

http://www.securityfocus.com/bid/105514

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105514

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11761

reference_id

CVE-2018-11761

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11761

reference_url

https://github.com/advisories/GHSA-6jq2-789q-fff2

reference_id

GHSA-6jq2-789q-fff2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6jq2-789q-fff2

fixed_packages

url pkg:maven/org.apache.tika/tika-parsers@1.19

purl pkg:maven/org.apache.tika/tika-parsers@1.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b49c-ddca-skfe

vulnerability	VCID-hkxq-6qn6-qbar

vulnerability	VCID-htes-xvfq-fkdt

vulnerability	VCID-hyu9-rzgz-1yhw

vulnerability	VCID-seg6-emwn-37ee

vulnerability	VCID-weue-en6t-7uam

vulnerability	VCID-yh9u-n18p-ckgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19

aliases CVE-2018-11761, GHSA-6jq2-789q-fff2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afue-mktt-8bdd

url VCID-azes-yhcs-cuen

vulnerability_id VCID-azes-yhcs-cuen

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6809

reference_id

reference_type

scores

value	0.07049
scoring_system	epss
scoring_elements	0.91629
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6809

reference_url

https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt

reference_url

http://seclists.org/bugtraq/2016/Nov/40

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/bugtraq/2016/Nov/40

reference_url

https://github.com/apache/tika

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika

reference_url

https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610

reference_url

https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E

reference_url

https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E

reference_url

https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E

reference_url

http://www.securityfocus.com/bid/94247

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/94247

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6809

reference_id

CVE-2016-6809

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6809

reference_url

https://github.com/advisories/GHSA-j8g6-2wh7-6439

reference_id

GHSA-j8g6-2wh7-6439

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-j8g6-2wh7-6439

fixed_packages

url pkg:maven/org.apache.tika/tika-parsers@1.14

purl pkg:maven/org.apache.tika/tika-parsers@1.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1111-je65-yub2

vulnerability	VCID-afue-mktt-8bdd

vulnerability	VCID-b49c-ddca-skfe

vulnerability	VCID-hkxq-6qn6-qbar

vulnerability	VCID-htes-xvfq-fkdt

vulnerability	VCID-hyu9-rzgz-1yhw

vulnerability	VCID-seg6-emwn-37ee

vulnerability	VCID-tepz-p727-b3ak

vulnerability	VCID-uebs-ergb-kqet

vulnerability	VCID-yh9u-n18p-ckgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.14

aliases CVE-2016-6809, GHSA-j8g6-2wh7-6439

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azes-yhcs-cuen

url VCID-b49c-ddca-skfe

vulnerability_id VCID-b49c-ddca-skfe

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-33879

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.0808
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-33879

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh

reference_url

https://security.netapp.com/advisory/ntap-20220812-0004

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220812-0004

reference_url	https://security.netapp.com/advisory/ntap-20220812-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220812-0004/

reference_url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
reference_id	1015002
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-33879

reference_id

CVE-2022-33879

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-33879

reference_url

https://github.com/advisories/GHSA-6q8v-2hvm-fx37

reference_id

GHSA-6q8v-2hvm-fx37

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6q8v-2hvm-fx37

reference_url	https://usn.ubuntu.com/7529-1/
reference_id	USN-7529-1
reference_type
scores
url	https://usn.ubuntu.com/7529-1/

fixed_packages

url pkg:maven/org.apache.tika/tika-parsers@1.28.4

purl pkg:maven/org.apache.tika/tika-parsers@1.28.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hyu9-rzgz-1yhw

vulnerability	VCID-seg6-emwn-37ee

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.28.4

url	pkg:maven/org.apache.tika/tika-parsers@2.4.1
purl	pkg:maven/org.apache.tika/tika-parsers@2.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@2.4.1

aliases CVE-2022-33879, GHSA-6q8v-2hvm-fx37

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b49c-ddca-skfe

url VCID-hkxq-6qn6-qbar

vulnerability_id VCID-hkxq-6qn6-qbar

summary

Improper Restriction of XML External Entity Reference
Tika reuses SAXParsers and calls `reset()` after each parse; the parser ignores entity expansion limits after the first parse.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:3892

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3892

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11796

reference_id

reference_type

scores

value	0.0394
scoring_system	epss
scoring_elements	0.88537
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11796

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tika

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika

reference_url

https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20190903-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190903-0002

reference_url	https://security.netapp.com/advisory/ntap-20190903-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190903-0002/

reference_url

http://www.securityfocus.com/bid/105585

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105585

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11796

reference_id

CVE-2018-11796

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11796

reference_url

https://github.com/advisories/GHSA-h8q5-g2cj-qr5h

reference_id

GHSA-h8q5-g2cj-qr5h

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-h8q5-g2cj-qr5h

fixed_packages

url pkg:maven/org.apache.tika/tika-parsers@1.19.1

purl pkg:maven/org.apache.tika/tika-parsers@1.19.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b49c-ddca-skfe

vulnerability	VCID-htes-xvfq-fkdt

vulnerability	VCID-hyu9-rzgz-1yhw

vulnerability	VCID-seg6-emwn-37ee

vulnerability	VCID-weue-en6t-7uam

vulnerability	VCID-yh9u-n18p-ckgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19.1

aliases CVE-2018-11796, GHSA-h8q5-g2cj-qr5h

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkxq-6qn6-qbar

url VCID-tepz-p727-b3ak

vulnerability_id VCID-tepz-p727-b3ak

summary

Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `ChmParser`.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:2669

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2669

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1339

reference_id

reference_type

scores

value	0.04517
scoring_system	epss
scoring_elements	0.89328
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1339

reference_url

https://github.com/apache/tika

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika

reference_url

https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd

reference_url

https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000
reference_id	900000
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1339

reference_id

CVE-2018-1339

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1339

reference_url

https://github.com/advisories/GHSA-p699-3wgc-7h72

reference_id

GHSA-p699-3wgc-7h72

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p699-3wgc-7h72

fixed_packages

url pkg:maven/org.apache.tika/tika-parsers@1.18

purl pkg:maven/org.apache.tika/tika-parsers@1.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-afue-mktt-8bdd

vulnerability	VCID-b49c-ddca-skfe

vulnerability	VCID-hkxq-6qn6-qbar

vulnerability	VCID-htes-xvfq-fkdt

vulnerability	VCID-hyu9-rzgz-1yhw

vulnerability	VCID-seg6-emwn-37ee

vulnerability	VCID-uebs-ergb-kqet

vulnerability	VCID-yh9u-n18p-ckgg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.18

aliases CVE-2018-1339, GHSA-p699-3wgc-7h72

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tepz-p727-b3ak

url VCID-yh9u-n18p-ckgg

vulnerability_id VCID-yh9u-n18p-ckgg

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28657

reference_id

reference_type

scores

value	0.00221
scoring_system	epss
scoring_elements	0.4478
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28657

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-28657

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-28657

reference_url

https://security.netapp.com/advisory/ntap-20210507-0004

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210507-0004

reference_url	https://security.netapp.com/advisory/ntap-20210507-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210507-0004/

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1944881
reference_id	1944881
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1944881

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805
reference_id	986805
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805

reference_url

https://github.com/advisories/GHSA-567x-m4wm-87v8

reference_id

GHSA-567x-m4wm-87v8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-567x-m4wm-87v8

fixed_packages

url pkg:maven/org.apache.tika/tika-parsers@1.26

purl pkg:maven/org.apache.tika/tika-parsers@1.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b49c-ddca-skfe

vulnerability	VCID-hyu9-rzgz-1yhw

vulnerability	VCID-seg6-emwn-37ee

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.26

aliases CVE-2021-28657, GHSA-567x-m4wm-87v8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yh9u-n18p-ckgg

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@0.6

Package Instance