CVE-2026-42241

ParquetSharp (a .NET library for Parquet) has a vulnerability in DecimalConverter.ReadDecimal from 18.1.0 up to before 23.0.0.1 where a stackalloc is performed using an attacker‑supplied width, allowing stack overflow if a decimal column width is unreasonably large. In a service environment, this...

EUVD-2026-28430

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

PT-2026-37117

Name of the Vulnerable Software and Affected Versions Ray versions 2.49.0 through 2.54.0 Description Ray Data registers custom Arrow extension types ray.data.arrow tensor, ray.data.arrow tensor v2, and ray.data.arrow variable shaped tensor globally in PyArrow. When PyArrow reads a Parquet file...

Information Disclosure

apache arrow is vulnerable to information disclosure. The data read from Apache Parquet files with RLE null encoded data is uninitialized, potentially allowing data in memory to be unintentionally shared over the wire...

Denial Of Service (DoS)

hadoop-aws is vulnerable to denial of service. When using S3AFileSystem to read Parquet files, an attacker is able to crash the application by using a malicious set of circumstances which causes an EOFException that is not thrown when reading the same file from local disk...