org.apache.opennlp:opennlp-distr (>=3.0.0-M1 <=3.0.0-M2) potentially affected by CVE-2026-42440 via org.apache.opennlp:opennlp-tools (>=3.0.0-M1 <=3.0.0-M2)

org.apache.opennlp:opennlp-tools MAVEN version =3.0.0-M1, =3.0.0-M1, =3.0.0-M2 Source cves: CVE-2026-42440 Source advisory: OSV:GHSA-659W-93R5-9J6M...

ae.teletronics.nlp:entityextraction (=1.3), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0) +1738 more potentially affected by CVE-2026-42440 via org.apache.opennlp:opennlp-tools (>=1.5.2-incubating <=2.5.8)

org.apache.opennlp:opennlp-tools MAVEN version =1.5.2-incubating, =0.1.0, =0.1.0, =2.12.1, =2.12.1, =19.9.0, =19.9.1, =19.9.1, =19.9.0, =19.9.0, =19.9.0, =19.9.0, =26.3.2 and more Source cves: CVE-2026-42440 Source advisory: OSV:GHSA-659W-93R5-9J6M...

ae.teletronics.nlp:entityextraction (=1.3), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0) +1738 more potentially affected by CVE-2026-42027 via org.apache.opennlp:opennlp-tools (>=1.5.2-incubating <=2.5.8)

org.apache.opennlp:opennlp-tools MAVEN version =1.5.2-incubating, =0.1.0, =0.1.0, =2.12.1, =2.12.1, =19.9.0, =19.9.1, =19.9.1, =19.9.0, =19.9.0, =19.9.0, =19.9.0, =26.3.2 and more Source cves: CVE-2026-42027 Source advisory: OSV:GHSA-CX4M-2P55-RW7J...

org.apache.opennlp:opennlp-distr (>=3.0.0-M1 <=3.0.0-M2) potentially affected by CVE-2026-42027 via org.apache.opennlp:opennlp-tools (>=3.0.0-M1 <=3.0.0-M2)

org.apache.opennlp:opennlp-tools MAVEN version =3.0.0-M1, =3.0.0-M1, =3.0.0-M2 Source cves: CVE-2026-42027 Source advisory: OSV:GHSA-CX4M-2P55-RW7J...

ae.teletronics.nlp:entityextraction (=1.3), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0) +1738 more potentially affected by CVE-2026-40682 via org.apache.opennlp:opennlp-tools (>=1.5.2-incubating <=2.5.8)

org.apache.opennlp:opennlp-tools MAVEN version =1.5.2-incubating, =0.1.0, =0.1.0, =2.12.1, =2.12.1, =19.9.0, =19.9.1, =19.9.1, =19.9.0, =19.9.0, =19.9.0, =19.9.0, =26.3.2 and more Source cves: CVE-2026-40682 Source advisory: OSV:GHSA-4V8G-86X5-3VRC...

org.apache.opennlp:opennlp-distr (>=3.0.0-M1 <=3.0.0-M2) potentially affected by CVE-2026-40682 via org.apache.opennlp:opennlp-tools (>=3.0.0-M1 <=3.0.0-M2)

org.apache.opennlp:opennlp-tools MAVEN version =3.0.0-M1, =3.0.0-M1, =3.0.0-M2 Source cves: CVE-2026-40682 Source advisory: OSV:GHSA-4V8G-86X5-3VRC...

ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +817 more potentially affected by CVE-2026-40682 via org.apache.opennlp:opennlp-tools (>=2.0.0 <=2.5.8)

org.apache.opennlp:opennlp-tools MAVEN version =2.0.0, =0.1.0, =0.1.0, =2.12.1, =2.12.1, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =0.0.6, =0.1.1 and more Source cves: CVE-2026-40682 Source advisory: SNYK:JAVA-ORGAPACHEOPENNLP-16419377...

org.apache.opennlp:opennlp-cli (>=3.0.0-M1 <=3.0.0-M2), org.apache.opennlp:opennlp-distr (>=3.0.0-M1 <=3.0.0-M2) +6 more potentially affected by CVE-2026-40682 via org.apache.opennlp:opennlp-runtime (>=3.0.0-M1 <=3.0.0-M2)

org.apache.opennlp:opennlp-runtime MAVEN version =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M2 Source cves: CVE-2026-40682 Source advisory: SNYK:JAVA-ORGAPACHEOPENNLP-16419378...

XML External Entity (XXE) Injection

Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the create method in the DictionaryEntryPersistor class, which initializes a...

ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +817 more potentially affected by CVE-2026-42027 via org.apache.opennlp:opennlp-tools (>=2.0.0 <=2.5.8)

org.apache.opennlp:opennlp-tools MAVEN version =2.0.0, =0.1.0, =0.1.0, =2.12.1, =2.12.1, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =0.0.6, =0.1.1 and more Source cves: CVE-2026-42027 Source advisory: SNYK:JAVA-ORGAPACHEOPENNLP-16419373...

Unsafe Reflection

Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to Unsafe Reflection that leads to arbitrary class instantiation, via the instantiateExtension method in the...

org.apache.opennlp:opennlp-distr (>=3.0.0-M1 <=3.0.0-M2) potentially affected by CVE-2026-42440 via org.apache.opennlp:opennlp-tools (>=3.0.0-M1 <=3.0.0-M2)

org.apache.opennlp:opennlp-tools MAVEN version =3.0.0-M1, =3.0.0-M1, =3.0.0-M2 Source cves: CVE-2026-42440 Source advisory: SNYK:JAVA-ORGAPACHEOPENNLP-16535521...

Memory Allocation with Excessive Size Value

Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the AbstractModelReader class. An attacker can cause the application ...