Lucene search
K

301 matches found

OSV
OSV
added 2026/02/13 12:16 p.m.13 views

PYSEC-2026-26

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

7.3CVSS7.2AI score0.00602EPSS
Exploits0References2
OSV
OSV
added 2026/02/13 11:47 a.m.7 views

CVE-2025-33042 Apache Avro Java SDK: Code injection on Java generated code

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

7.3CVSS7.2AI score0.00602EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/13 11:47 a.m.29 views

CVE-2025-33042 Apache Avro Java SDK: Code injection on Java generated code

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

0.00602EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/13 11:47 a.m.8 views

EUVD-2025-206910

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

7.3CVSS5.5AI score0.00602EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/13 11:47 a.m.5 views

CVE-2025-33042

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

5.5AI score0.00602EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/13 11:47 a.m.54 views

CVE-2025-33042

CVE-2025-33042 : Improper control of generation of code (Code Injection) in the Apache Avro Java SDK. Affects all versions up to 1.11.4 and 1.12.0; upgrading to 1.12.1 or 1.11.5 fixes the issue. CVSS v3.1 base score 7.3 (HIGH). Connected IBM advisories confirm the same vulnerability and the recom...

7.3CVSS5.5AI score0.00602EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/13 11:47 a.m.6 views

CVE-2025-33042 Apache Avro Java SDK: Code injection on Java generated code

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

5.5AI score0.00602EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.11 views

PT-2026-7986

Name of the Vulnerable Software and Affected Versions Apache Avro Java SDK versions through 1.11.4 and version 1.12.0 Description An Improper Control of Generation of Code 'Code Injection' issue exists in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. The flaw...

7.3CVSS5.8AI score0.00602EPSS
Exploits0References23
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.8 views

Apache Avro Java SDK 安全漏洞

The Apache Avro Java SDK is a data processing toolkit developed by the Apache Foundation. Versions of the Apache Avro Java SDK prior to 1.11.4 and 1.12.0 have security vulnerabilities. These vulnerabilities stem from improper control over the generation of specific record schema code from the...

7.3CVSS7.3AI score0.00602EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/02/02 12:31 p.m.5 views

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.1), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.1) +44 more potentially affected by CVE-2024-5986 via ai.h2o:h2o-core (>=0.1.9 <=3.46.0.1)

ai.h2o:h2o-core MAVEN version =0.1.9, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.1 and more Source cves: CVE-2024-5986 Source advisory: OSV:GHSA-WJ3H-WX8G-X699...

9.1CVSS7.7AI score0.00629EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.12 views

CVE-2022-35724

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

7.5CVSS6.7AI score0.01552EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/11/24 4:24 p.m.6 views

@achinet/nestjs-async (>=0.0.1 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +85 more potentially affected by unknown CVE via @asyncapi/avro-schema-parser (=3.0.24)

@asyncapi/avro-schema-parser NPM version =3.0.24 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/avro-schema-parser and may be impacted: - @achinet/nestjs-async =0.0.1, =3.0.0, =0.2.44, =4.1.3, =0.7.1, =0.9.0, =1.10.0, =0.2.0, =0.1.0, =0.2.13...

5.7AI score
Exploits0
EUVD
EUVD
added 2025/11/24 11:44 a.m.4 views

EUVD-2025-198640

Malicious code in @asyncapi/avro-schema-parser npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 11:44 a.m.7 views

Malicious code in @asyncapi/avro-schema-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 563d7e586605241445ca55919018f95a81d98cbf9599eefa9c812eef9ccd7747 The package @asyncapi/avro-schema-parser was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/11/24 11:44 a.m.4 views

MAL-2025-190635 Malicious code in @asyncapi/avro-schema-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 563d7e586605241445ca55919018f95a81d98cbf9599eefa9c812eef9ccd7747 The package @asyncapi/avro-schema-parser was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-9322

Malicious code in bioql PyPI...

10CVSS8.9AI score0.38701EPSS
Exploits9References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-0519

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0296EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6639

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01276EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2020

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00804EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2022-6473

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01353EPSS
Exploits0References3
Rows per page
Query Builder