VYPR

Avro Java SDK

by Apache

Source repositories

CVEs (3)

  • CVE-2025-33042Feb 13, 2026
    risk 0.00cvss epss 0.01

    Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to…

  • CVE-2024-47561Oct 3, 2024
    risk 0.00cvss epss 0.03

    Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.

  • CVE-2023-39410Sep 29, 2023
    risk 0.00cvss epss 0.02

    When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should…