301 matches found
PYSEC-2026-26
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...
CVE-2025-33042 Apache Avro Java SDK: Code injection on Java generated code
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...
CVE-2025-33042 Apache Avro Java SDK: Code injection on Java generated code
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...
EUVD-2025-206910
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...
CVE-2025-33042
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...
CVE-2025-33042
CVE-2025-33042 : Improper control of generation of code (Code Injection) in the Apache Avro Java SDK. Affects all versions up to 1.11.4 and 1.12.0; upgrading to 1.12.1 or 1.11.5 fixes the issue. CVSS v3.1 base score 7.3 (HIGH). Connected IBM advisories confirm the same vulnerability and the recom...
CVE-2025-33042 Apache Avro Java SDK: Code injection on Java generated code
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...
PT-2026-7986
Name of the Vulnerable Software and Affected Versions Apache Avro Java SDK versions through 1.11.4 and version 1.12.0 Description An Improper Control of Generation of Code 'Code Injection' issue exists in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. The flaw...
Apache Avro Java SDK 安全漏洞
The Apache Avro Java SDK is a data processing toolkit developed by the Apache Foundation. Versions of the Apache Avro Java SDK prior to 1.11.4 and 1.12.0 have security vulnerabilities. These vulnerabilities stem from improper control over the generation of specific record schema code from the...
ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.1), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.1) +44 more potentially affected by CVE-2024-5986 via ai.h2o:h2o-core (>=0.1.9 <=3.46.0.1)
ai.h2o:h2o-core MAVEN version =0.1.9, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.1 and more Source cves: CVE-2024-5986 Source advisory: OSV:GHSA-WJ3H-WX8G-X699...
CVE-2022-35724
It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...
@achinet/nestjs-async (>=0.0.1 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +85 more potentially affected by unknown CVE via @asyncapi/avro-schema-parser (=3.0.24)
@asyncapi/avro-schema-parser NPM version =3.0.24 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/avro-schema-parser and may be impacted: - @achinet/nestjs-async =0.0.1, =3.0.0, =0.2.44, =4.1.3, =0.7.1, =0.9.0, =1.10.0, =0.2.0, =0.1.0, =0.2.13...
EUVD-2025-198640
Malicious code in @asyncapi/avro-schema-parser npm...
Malicious code in @asyncapi/avro-schema-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 563d7e586605241445ca55919018f95a81d98cbf9599eefa9c812eef9ccd7747 The package @asyncapi/avro-schema-parser was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190635 Malicious code in @asyncapi/avro-schema-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 563d7e586605241445ca55919018f95a81d98cbf9599eefa9c812eef9ccd7747 The package @asyncapi/avro-schema-parser was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-9322
Malicious code in bioql PyPI...
EUVD-2022-0519
Malicious code in bioql PyPI...
EUVD-2022-6639
Malicious code in bioql PyPI...
EUVD-2023-2020
Malicious code in bioql PyPI...
EUVD-2022-6473
Malicious code in bioql PyPI...