avro

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting avropage 1 of 1

CVE-2022-36124HIGHCVSS 7.5EG 7.5
2022-08-09
It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users…
CVE-2023-39410HIGHCVSS 7.5EG 7.5✓ Fixed in 1.11.3
2023-09-29
vulnerable: 1.10.0 ... 1.9.2 (31 versions)
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up …
CVE-2025-33042HIGHCVSS 7.3EG 7.3✓ Fixed in 1.11.5
2026-02-13
vulnerable: 1.10.0 ... 1.9.2 (32 versions)
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version…

Check whether avro is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for avro CVEs against the assets you own.

Start Free Scan →