Every CVE whose affected-product data names Apache Avro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-43045 — CVSS 7.5 (high): A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service…
CVE-2022-35724 — CVSS 7.5 (high): It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust…
CVE-2022-36124 — CVSS 7.5 (high): It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue…
CVE-2022-36125 — CVSS 7.5 (high): It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache…
CVE-2023-39410 — CVSS 7.5 (high): When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead…
CVE-2024-47561 — CVSS 7.3 (high): Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are…
CVE-2025-33042 — CVSS 7.3 (high): Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from…