org.apache.jena:jena (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.jena:jena, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2022-28890 — CVSS 9.8 (critical): A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache…
CVE-2023-32200 — CVSS 8.8 (high): There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute…
CVE-2025-50151 — CVSS 8.8 (high): File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena…
CVE-2023-22665 — CVSS 5.4 (medium): There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote…