Every CVE whose affected-product data names Apache Fory, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-61622 — CVSS 9.8 (critical): Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through…
CVE-2026-48207 — CVSS 9.8 (critical): Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation…
CVE-2026-50076 — CVSS 9.1 (critical): Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms…
CVE-2025-59328 — CVSS 6.5 (medium): A vulnerability in Apache Fory allows a remote attacker to cause a Denial of Service (DoS). The issue stems from the insecure…