VYPR

Opennlp

by Apache

Source repositories

CVEs (4)

  • CVE-2026-42027CriMay 4, 2026
    risk 0.64cvss 9.8epss 0.01

    Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description:  The ExtensionLoader.instantiateExtension(Class, String) method loads a class by its fully-qualified name via…

  • CVE-2017-12620CriOct 3, 2017
    risk 0.64cvss 9.8epss 0.03

    When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to…

  • CVE-2026-40682CriMay 4, 2026
    risk 0.59cvss 9.1epss 0.00

    XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling…

  • CVE-2026-42440HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader  Versions Affected:  before 2.5.9 before 3.0.0-M3  Description: The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and getPredicates() each read a 32-bit signed…