Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tika/tika-parsers@1.19
Typemaven
Namespaceorg.apache.tika
Nametika-parsers
Version1.19
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.1
Latest_non_vulnerable_version2.4.1
Affected_by_vulnerabilities
0
url VCID-8r17-z7sd-43fm
vulnerability_id VCID-8r17-z7sd-43fm
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10093
reference_id
reference_type
scores
0
value 0.01423
scoring_system epss
scoring_elements 0.81093
published_at 2026-06-12T12:55:00Z
1
value 0.01423
scoring_system epss
scoring_elements 0.81092
published_at 2026-06-14T12:55:00Z
2
value 0.01423
scoring_system epss
scoring_elements 0.81033
published_at 2026-06-11T12:55:00Z
3
value 0.01423
scoring_system epss
scoring_elements 0.81102
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10093
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10093
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10093
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
8
reference_url https://security.netapp.com/advisory/ntap-20190828-0004
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0004
9
reference_url https://security.netapp.com/advisory/ntap-20190828-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0004/
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933745
reference_id 933745
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933745
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10093
reference_id CVE-2019-10093
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10093
12
reference_url https://github.com/advisories/GHSA-4mq5-mj59-qq9c
reference_id GHSA-4mq5-mj59-qq9c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4mq5-mj59-qq9c
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.22
purl pkg:maven/org.apache.tika/tika-parsers@1.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p5rg-wubx-fyh9
1
vulnerability VCID-qmn1-cfdv-4fg3
2
vulnerability VCID-shf6-6dhf-f7g7
3
vulnerability VCID-t9mf-yf9h-xqdz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.22
aliases CVE-2019-10093, GHSA-4mq5-mj59-qq9c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8r17-z7sd-43fm
1
url VCID-k9nz-6k84-1ff9
vulnerability_id VCID-k9nz-6k84-1ff9
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11796.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11796.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11796
reference_id
reference_type
scores
0
value 0.0394
scoring_system epss
scoring_elements 0.88605
published_at 2026-06-11T12:55:00Z
1
value 0.0394
scoring_system epss
scoring_elements 0.88649
published_at 2026-06-14T12:55:00Z
2
value 0.0394
scoring_system epss
scoring_elements 0.88651
published_at 2026-06-13T12:55:00Z
3
value 0.0394
scoring_system epss
scoring_elements 0.88644
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11796
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
4
reference_url https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
5
reference_url https://security.netapp.com/advisory/ntap-20190903-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190903-0002
6
reference_url https://security.netapp.com/advisory/ntap-20190903-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190903-0002/
7
reference_url http://www.securityfocus.com/bid/105585
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105585
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1639090
reference_id 1639090
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1639090
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11796
reference_id CVE-2018-11796
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11796
10
reference_url https://github.com/advisories/GHSA-h8q5-g2cj-qr5h
reference_id GHSA-h8q5-g2cj-qr5h
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h8q5-g2cj-qr5h
11
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id RHSA-2019:3892
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3892
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.19.1
purl pkg:maven/org.apache.tika/tika-parsers@1.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8r17-z7sd-43fm
1
vulnerability VCID-p5rg-wubx-fyh9
2
vulnerability VCID-qmn1-cfdv-4fg3
3
vulnerability VCID-shf6-6dhf-f7g7
4
vulnerability VCID-t9mf-yf9h-xqdz
5
vulnerability VCID-vzy7-7b4u-jff1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19.1
aliases CVE-2018-11796, GHSA-h8q5-g2cj-qr5h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k9nz-6k84-1ff9
2
url VCID-p5rg-wubx-fyh9
vulnerability_id VCID-p5rg-wubx-fyh9
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-33879
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08017
published_at 2026-06-12T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.08009
published_at 2026-06-14T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.07982
published_at 2026-06-11T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.08013
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-33879
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh
4
reference_url https://security.netapp.com/advisory/ntap-20220812-0004
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220812-0004
5
reference_url https://security.netapp.com/advisory/ntap-20220812-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220812-0004/
6
reference_url http://www.openwall.com/lists/oss-security/2022/06/27/5
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/06/27/5
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
reference_id 1015002
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-33879
reference_id CVE-2022-33879
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-33879
9
reference_url https://github.com/advisories/GHSA-6q8v-2hvm-fx37
reference_id GHSA-6q8v-2hvm-fx37
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6q8v-2hvm-fx37
10
reference_url https://usn.ubuntu.com/7529-1/
reference_id USN-7529-1
reference_type
scores
url https://usn.ubuntu.com/7529-1/
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.28.4
purl pkg:maven/org.apache.tika/tika-parsers@1.28.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-shf6-6dhf-f7g7
1
vulnerability VCID-t9mf-yf9h-xqdz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.28.4
1
url pkg:maven/org.apache.tika/tika-parsers@2.4.1
purl pkg:maven/org.apache.tika/tika-parsers@2.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@2.4.1
aliases CVE-2022-33879, GHSA-6q8v-2hvm-fx37
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5rg-wubx-fyh9
3
url VCID-qmn1-cfdv-4fg3
vulnerability_id VCID-qmn1-cfdv-4fg3
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28657
reference_id
reference_type
scores
0
value 0.00221
scoring_system epss
scoring_elements 0.4487
published_at 2026-06-11T12:55:00Z
1
value 0.00649
scoring_system epss
scoring_elements 0.71383
published_at 2026-06-12T12:55:00Z
2
value 0.00649
scoring_system epss
scoring_elements 0.71394
published_at 2026-06-14T12:55:00Z
3
value 0.00649
scoring_system epss
scoring_elements 0.71396
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28657
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28657
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28657
7
reference_url https://security.netapp.com/advisory/ntap-20210507-0004
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210507-0004
8
reference_url https://security.netapp.com/advisory/ntap-20210507-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210507-0004/
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1944881
reference_id 1944881
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1944881
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805
reference_id 986805
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805
11
reference_url https://github.com/advisories/GHSA-567x-m4wm-87v8
reference_id GHSA-567x-m4wm-87v8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-567x-m4wm-87v8
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.26
purl pkg:maven/org.apache.tika/tika-parsers@1.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p5rg-wubx-fyh9
1
vulnerability VCID-shf6-6dhf-f7g7
2
vulnerability VCID-t9mf-yf9h-xqdz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.26
aliases CVE-2021-28657, GHSA-567x-m4wm-87v8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmn1-cfdv-4fg3
4
url VCID-shf6-6dhf-f7g7
vulnerability_id VCID-shf6-6dhf-f7g7
summary 
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard.

Users are recommended to upgrade to version 3.2.2, which fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54988.json
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54988.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54988
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06114
published_at 2026-06-13T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.06102
published_at 2026-06-14T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.06121
published_at 2026-06-12T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.061
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54988
2
reference_url https://archive.apache.org/dist/tika/3.2.2/CHANGES-3.2.2.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://archive.apache.org/dist/tika/3.2.2/CHANGES-3.2.2.txt
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54988
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54988
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://github.com/apache/tika/commit/2b52257304f4d3cde2b8463657380bdb936d9ef2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/2b52257304f4d3cde2b8463657380bdb936d9ef2
6
reference_url https://github.com/apache/tika/pull/2291
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/pull/2291
7
reference_url https://issues.apache.org/jira/browse/TIKA-4459
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/TIKA-4459
8
reference_url https://lists.apache.org/thread/stn9oh7rfn9yv76n1srxr9w56oy04p72
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/stn9oh7rfn9yv76n1srxr9w56oy04p72
9
reference_url https://lists.debian.org/debian-lts-announce/2025/10/msg00030.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/10/msg00030.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54988
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54988
11
reference_url http://www.openwall.com/lists/oss-security/2025/08/20/2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/20/2
12
reference_url http://www.openwall.com/lists/oss-security/2025/08/20/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/20/3
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111763
reference_id 1111763
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111763
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2389910
reference_id 2389910
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2389910
15
reference_url https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w
reference_id 8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-22T04:55:48Z/
url https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w
16
reference_url https://github.com/advisories/GHSA-p72g-pv48-7w9x
reference_id GHSA-p72g-pv48-7w9x
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p72g-pv48-7w9x
17
reference_url https://usn.ubuntu.com/8324-1/
reference_id USN-8324-1
reference_type
scores
url https://usn.ubuntu.com/8324-1/
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@2.0.0-ALPHA
purl pkg:maven/org.apache.tika/tika-parsers@2.0.0-ALPHA
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t9mf-yf9h-xqdz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@2.0.0-ALPHA
aliases CVE-2025-54988, GHSA-p72g-pv48-7w9x
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shf6-6dhf-f7g7
5
url VCID-t9mf-yf9h-xqdz
vulnerability_id VCID-t9mf-yf9h-xqdz
summary 
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. 

This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. 

First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. 

Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66516.json
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66516.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66516
reference_id
reference_type
scores
0
value 0.02042
scoring_system epss
scoring_elements 0.8427
published_at 2026-06-14T12:55:00Z
1
value 0.02042
scoring_system epss
scoring_elements 0.84275
published_at 2026-06-13T12:55:00Z
2
value 0.02042
scoring_system epss
scoring_elements 0.84267
published_at 2026-06-12T12:55:00Z
3
value 0.02042
scoring_system epss
scoring_elements 0.84212
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66516
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66516
3
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121954
reference_id 1121954
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121954
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418870
reference_id 2418870
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418870
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66516
reference_id CVE-2025-66516
reference_type
scores
0
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66516
7
reference_url https://cve.org/CVERecord?id=CVE-2025-54988
reference_id CVERecord?id=CVE-2025-54988
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-15T04:56:02Z/
url https://cve.org/CVERecord?id=CVE-2025-54988
8
reference_url https://github.com/advisories/GHSA-f58c-gq56-vjjf
reference_id GHSA-f58c-gq56-vjjf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f58c-gq56-vjjf
9
reference_url https://access.redhat.com/errata/RHSA-2025:23143
reference_id RHSA-2025:23143
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23143
10
reference_url https://access.redhat.com/errata/RHSA-2025:23225
reference_id RHSA-2025:23225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23225
11
reference_url https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
reference_id s5x3k93nhbkqzztp1olxotoyjpdlps9k
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-15T04:56:02Z/
url https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
12
reference_url https://usn.ubuntu.com/8324-1/
reference_id USN-8324-1
reference_type
scores
url https://usn.ubuntu.com/8324-1/
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@2.0.0
purl pkg:maven/org.apache.tika/tika-parsers@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p5rg-wubx-fyh9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@2.0.0
aliases CVE-2025-66516, GHSA-f58c-gq56-vjjf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9mf-yf9h-xqdz
6
url VCID-vzy7-7b4u-jff1
vulnerability_id VCID-vzy7-7b4u-jff1
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17197.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17197.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17197
reference_id
reference_type
scores
0
value 0.03108
scoring_system epss
scoring_elements 0.87154
published_at 2026-06-12T12:55:00Z
1
value 0.03108
scoring_system epss
scoring_elements 0.8716
published_at 2026-06-14T12:55:00Z
2
value 0.03108
scoring_system epss
scoring_elements 0.87108
published_at 2026-06-11T12:55:00Z
3
value 0.03108
scoring_system epss
scoring_elements 0.87163
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17197
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika/commit/0c49c851979163334ea05cbebdd11ff87feba62d
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/0c49c851979163334ea05cbebdd11ff87feba62d
5
reference_url https://lists.apache.org/thread.html/7c021a4ea2037e52e74628e17e8e0e2acab1f447160edc8be0eae6d3@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7c021a4ea2037e52e74628e17e8e0e2acab1f447160edc8be0eae6d3@%3Cdev.tika.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
7
reference_url http://www.securityfocus.com/bid/106293
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106293
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1663925
reference_id 1663925
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1663925
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17197
reference_id CVE-2018-17197
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17197
10
reference_url https://github.com/advisories/GHSA-3448-vfvv-xp9g
reference_id GHSA-3448-vfvv-xp9g
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3448-vfvv-xp9g
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.20
purl pkg:maven/org.apache.tika/tika-parsers@1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8r17-z7sd-43fm
1
vulnerability VCID-p5rg-wubx-fyh9
2
vulnerability VCID-qmn1-cfdv-4fg3
3
vulnerability VCID-shf6-6dhf-f7g7
4
vulnerability VCID-t9mf-yf9h-xqdz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.20
aliases CVE-2018-17197, GHSA-3448-vfvv-xp9g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vzy7-7b4u-jff1
Fixing_vulnerabilities
0
url VCID-kqc4-vufh-xfcd
vulnerability_id VCID-kqc4-vufh-xfcd
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11761.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11761.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11761
reference_id
reference_type
scores
0
value 0.11027
scoring_system epss
scoring_elements 0.93625
published_at 2026-06-12T12:55:00Z
1
value 0.11027
scoring_system epss
scoring_elements 0.9363
published_at 2026-06-14T12:55:00Z
2
value 0.11027
scoring_system epss
scoring_elements 0.93604
published_at 2026-06-11T12:55:00Z
3
value 0.11027
scoring_system epss
scoring_elements 0.93629
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11761
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11761
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11761
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63
5
reference_url https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
7
reference_url http://www.securityfocus.com/bid/105514
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105514
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1632462
reference_id 1632462
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1632462
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11761
reference_id CVE-2018-11761
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11761
10
reference_url https://github.com/advisories/GHSA-6jq2-789q-fff2
reference_id GHSA-6jq2-789q-fff2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6jq2-789q-fff2
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.19
purl pkg:maven/org.apache.tika/tika-parsers@1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8r17-z7sd-43fm
1
vulnerability VCID-k9nz-6k84-1ff9
2
vulnerability VCID-p5rg-wubx-fyh9
3
vulnerability VCID-qmn1-cfdv-4fg3
4
vulnerability VCID-shf6-6dhf-f7g7
5
vulnerability VCID-t9mf-yf9h-xqdz
6
vulnerability VCID-vzy7-7b4u-jff1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19
aliases CVE-2018-11761, GHSA-6jq2-789q-fff2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqc4-vufh-xfcd
1
url VCID-ws7p-w1vr-tkf6
vulnerability_id VCID-ws7p-w1vr-tkf6
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8017.json
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8017.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8017
reference_id
reference_type
scores
0
value 0.02108
scoring_system epss
scoring_elements 0.8452
published_at 2026-06-12T12:55:00Z
1
value 0.02108
scoring_system epss
scoring_elements 0.84522
published_at 2026-06-14T12:55:00Z
2
value 0.02108
scoring_system epss
scoring_elements 0.84464
published_at 2026-06-11T12:55:00Z
3
value 0.02108
scoring_system epss
scoring_elements 0.84529
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8017
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8017
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8017
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
5
reference_url https://github.com/apache/tika/commit/62926cae31a02d4f23d21148435804b96c543cc
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/62926cae31a02d4f23d21148435804b96c543cc
6
reference_url https://github.com/apache/tika/commit/8a6a9e1344f5b10ebfa1a189dc3c30d0da2b9d4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/8a6a9e1344f5b10ebfa1a189dc3c30d0da2b9d4
7
reference_url https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E
8
reference_url http://www.securityfocus.com/bid/105513
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105513
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1632466
reference_id 1632466
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1632466
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914643
reference_id 914643
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914643
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8017
reference_id CVE-2018-8017
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8017
12
reference_url https://github.com/advisories/GHSA-j53j-gmr9-h8g3
reference_id GHSA-j53j-gmr9-h8g3
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-j53j-gmr9-h8g3
fixed_packages
0
url pkg:maven/org.apache.tika/tika-parsers@1.19
purl pkg:maven/org.apache.tika/tika-parsers@1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8r17-z7sd-43fm
1
vulnerability VCID-k9nz-6k84-1ff9
2
vulnerability VCID-p5rg-wubx-fyh9
3
vulnerability VCID-qmn1-cfdv-4fg3
4
vulnerability VCID-shf6-6dhf-f7g7
5
vulnerability VCID-t9mf-yf9h-xqdz
6
vulnerability VCID-vzy7-7b4u-jff1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19
aliases CVE-2018-8017, GHSA-j53j-gmr9-h8g3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ws7p-w1vr-tkf6
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19