ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7) +3907 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-core (>=1.13 <=3.2.1)

org.apache.tika:tika-core MAVEN version =1.13, =1.3, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.0.0, =1.1.0 - ai.konduit.serving:konduit-serving-cli =0.1.0 - ai.konduit.serving:konduit-serving-distro-bom =0.1.0 - ai.platon.pulsar:pulsar-agentic =4.6.0 and...

Apache Tika has XXE vulnerability

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

CVE-2025-66516 Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

CVE-2025-66516

CVE-2025-66516 is a critical XXE in Apache Tika affecting tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5). The root cause is XML External Entity injection triggered by a crafted XFA file in a PDF, allowing an attacker to access sensitive data or trigger intern...

ai.konduit.serving:konduit-serving-cli (=0.1.0), ai.konduit.serving:konduit-serving-distro-bom (=0.1.0) +1594 more potentially affected by CVE-2022-30973 via org.apache.tika:tika-core (>=1.17 <=1.28.2)

org.apache.tika:tika-core MAVEN version =1.17, =4.1.3, =3.1.1, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.2.7, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.4.0-beta.7 and more Source cves: CVE-2022-30973 Source advisory: OSV:GHSA-QW3F-W4PF-JH5F...

be.ugent.idlab.knows:dataio (>=1.2.0 <=1.3.0), be.zvz:KotlinInside (>=1.14.1 <=1.14.2) +326 more potentially affected by CVE-2022-30126 via org.apache.tika:tika-core (>=2.0.0 <=2.3.0)

org.apache.tika:tika-core MAVEN version =2.0.0, =1.2.0, =1.14.1, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =1.9.14, =1.9.14, =21.2.0, =2.2, =2.2, =2.2, =2.2, =2.2, =2.2, =2.4 and more Source cves: CVE-2022-30126 Source advisory: OSV:GHSA-RPJM-422R-95MH...

GHSA-5MF7-26MW-3RQR Moderate severity vulnerability that affects org.apache.tika:tika-core

A carefully crafted or fuzzed file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18...

ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), au.com.turingg:turingg-files (=0.0.1) +1046 more potentially affected by CVE-2018-11762 via org.apache.tika:tika-core (>=0.9 <=1.18)

org.apache.tika:tika-core MAVEN version =0.9, =1.0.0, =1.0.68, =3.6.1, =3.11.0, =1.0.0, =4.6.0, =1.0.12, =18.1.1, =0.1, =0.2.4 and more Source cves: CVE-2018-11762 Source advisory: OSV:GHSA-W6G3-V46Q-5P28...

ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), au.com.turingg:turingg-files (=0.0.1) +1122 more potentially affected by CVE-2018-11796 via org.apache.tika:tika-core (>=0.10 <=1.19)

org.apache.tika:tika-core MAVEN version =0.10, =1.0.0, =4.2.0, =1.0.68, =3.6.1, =3.11.0, =1.0.0, =4.6.0, =5.6.100, =2.0.6, =1.0.10, =1.0.12, =1.0.32 and more Source cves: CVE-2018-11796 Source advisory: OSV:GHSA-H8Q5-G2CJ-QR5H...