CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Summary Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.15.1, which fixes the issue. Note: A Db2 server is not vulnerable to CVE-2025-30065 if the database manager...

10CVSS8.9AI score0.00419EPSS

Exploits9Affected Software1

IBM Security Bulletins•added 2025/07/21 3:41 p.m.•7 views

Security Bulletin: Apache Parquet Common Vulnerability reported in Cloudera offerings with IBM. Fixes available from Cloudera

Summary On April 1, 2025, a critical vulnerability in the parquet-avro module of Apache Parquet CVE-2025-30065, CVSS score 10.0 was announced. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows ba...

10CVSS8.7AI score0.00419EPSS

Exploits9Affected Software1

IBM Security Bulletins•added 2025/07/18 8:11 a.m.•5 views

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-300...

10CVSS8.8AI score0.00419EPSS

Exploits9Affected Software1

Tenable Nessus•added 2025/07/17 12:0 a.m.•3 views

Oracle GoldenGate for Big Data Multiple Vulnerabilities 21.x < 21.19.0.0.0 (July 2025 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - Security-in-Depth issue in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate component: GoldenGate...

10CVSS8.5AI score0.00419EPSS

Exploits9References3

IBM Security Bulletins•added 2025/06/20 5:37 a.m.•11 views

Security Bulletin: Apache Parquet vulnerabilities affect watsonx.data

Summary Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15...

10CVSS9.7AI score0.00419EPSS

Exploits9Affected Software1

IBM Security Bulletins•added 2025/06/17 2:53 p.m.•9 views

Security Bulletin: Apache Parquet Common Vulnerability reported in Cloudera offerings with IBM. Fixes available from Cloudera.

10CVSS7.7AI score0.00419EPSS

Exploits9Affected Software4

IBM Security Bulletins•added 2025/05/30 12:38 p.m.•10 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the parquet-avro module of Apache Parquet (CVE-2025-30065)

Summary A vulnerability in the parquet-avro module of Apache Parquet that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors ...

10CVSS7.2AI score0.00419EPSS

Exploits9Affected Software1

OSV•added 2025/05/06 12:30 p.m.•0 views

GHSA-53WX-PR6Q-M3J5 Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

7.1CVSS7.4AI score0.0038EPSS

Exploits0References5

Github Security Blog•added 2025/05/06 12:30 p.m.•13 views

Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

8.1CVSS7.5AI score0.0038EPSS

Exploits0References5Affected Software1

NVD•added 2025/05/06 10:15 a.m.•18 views

CVE-2025-46762

8.1CVSS0.0038EPSS

Exploits0References2

Cvelist•added 2025/05/06 9:8 a.m.•10 views

CVE-2025-46762 Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

7.1CVSS0.0038EPSS

Exploits0References1

Vulnrichment•added 2025/05/06 9:8 a.m.•11 views

CVE-2025-46762 Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

7.1CVSS7.6AI score0.0038EPSS

Exploits0References1

CVE•added 2025/05/06 9:8 a.m.•217 views

CVE-2025-46762

CVE-2025-46762 affects Apache Parquet, specifically the parquet-avro module (versions 1.15.0 and earlier). The issue is a schema parsing flaw that can allow arbitrary code execution when the client uses the specific or reflect models to read Parquet files; the generic model is not affected. Upgra...

8.1CVSS7.3AI score0.0038EPSS

Exploits0References2Affected Software1

CNNVD•added 2025/05/06 12:0 a.m.•2 views

Apache Parquet 安全漏洞

Apache Parquet is a columnar storage format from the Apache USA Foundation. It can be used in any project in the Hadoop ecosystem. A security vulnerability exists in Apache Parquet 1.15.0 and earlier versions, which stems from parquet-avro module mode parsing allowing execution of arbitrary code...

8.1CVSS7AI score0.0038EPSS

Exploits0References3

Positive Technologies•added 2025/05/02 12:0 a.m.•2 views

PT-2025-18792 · Apache · Apache Parquet Java

Name of the Vulnerable Software and Affected Versions: Apache Parquet versions prior to 1.15.2 Description: The vulnerability in Apache Parquet Java allows remote code execution via insecure parquet-avro module schema parsing. The issue affects versions up to 1.15.1. The parquet-avro module is...

9.8CVSS7.6AI score0.0038EPSS

Exploits0References33