Apache Avro
7 CVEs affecting Apache Avro. Latest disclosed: 2026-02-13. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-39410 | High | 7.5 | 2023-09-29 | When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on… |
CVE-2022-36125 | High | 7.5 | 2022-08-09 | It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior… |
CVE-2022-36124 | High | 7.5 | 2022-08-09 | It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications… |
CVE-2022-35724 | High | 7.5 | 2022-08-09 | It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache A… |
CVE-2021-43045 | High | 7.5 | 2022-01-06 | A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue a… |
CVE-2025-33042 | High | 7.3 | 2026-02-13 | Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. … |
CVE-2024-47561 | High | 7.3 | 2024-10-03 | Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to ver… |