github.com/apache/thrift (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/apache/thrift, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2016-5397 — CVSS 8.8 (high): The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting…
CVE-2019-0210 — CVSS 7.5 (high): In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid…
CVE-2026-41602 — CVSS 7.5 (high): Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift…