VYPR

Thrift

by Apache

Source repositories

CVEs (12)

  • CVE-2026-41604HigApr 28, 2026
    risk 0.46cvss 8.2epss 0.01

    Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2015-3254MedJun 16, 2017
    risk 0.43cvss 6.5epss 0.05

    The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.

  • CVE-2026-41636HigApr 28, 2026
    risk 0.42cvss 7.5epss 0.00

    Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2026-41602HigApr 28, 2026
    risk 0.42cvss 7.5epss 0.01

    Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2025-48431HigApr 28, 2026
    risk 0.42cvss 7.5epss 0.01

    Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an…

  • CVE-2026-41603HigApr 28, 2026
    risk 0.41cvss 7.4epss 0.00

    Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2026-43870HigMay 5, 2026
    risk 0.40cvss 7.3epss 0.00

    Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue…

  • CVE-2026-43869HigMay 5, 2026
    risk 0.40cvss 7.3epss 0.00

    Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2026-41605HigApr 28, 2026
    risk 0.40cvss 7.3epss 0.01

    Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2026-41607MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.01

    Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2026-43868MedMay 5, 2026
    risk 0.27cvss 5.3epss 0.00

    Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2026-41606MedApr 28, 2026
    risk 0.27cvss 5.3epss 0.01

    Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.