Apache Avro

7 CVEs affecting Apache Avro. Latest disclosed: 2026-02-13. Critical: 0, High: 7.

Top CVEs affecting Apache Avro
CVESeverityScorePublishedSummary
CVE-2023-39410High7.52023-09-29When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on…
CVE-2022-36125High7.52022-08-09It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior…
CVE-2022-36124High7.52022-08-09It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications…
CVE-2022-35724High7.52022-08-09It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache A…
CVE-2021-43045High7.52022-01-06A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue a…
CVE-2025-33042High7.32026-02-13Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. …
CVE-2024-47561High7.32024-10-03Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to ver…