Every CVE whose affected-product data names Apache Opennlp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2017-12620 — CVSS 9.8 (critical): When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only…
CVE-2026-42027 — CVSS 9.8 (critical): Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 1.9.5, before 2.5.9, before…
CVE-2026-40682 — CVSS 9.1 (critical): XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9…
CVE-2026-42440 — CVSS 7.5 (high): OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 1.9.5 before 2.5.9…