Every CVE whose affected-product data names Apache Jena, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2022-28890 — CVSS 9.8 (critical): A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache…
CVE-2023-32200 — CVSS 8.8 (high): There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute…
CVE-2025-50151 — CVSS 8.8 (high): File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena…
CVE-2021-39239 — CVSS 7.5 (high): A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE)…
CVE-2025-49656 — CVSS 7.5 (high): Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena…
CVE-2023-22665 — CVSS 5.4 (medium): There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote…