Known Vulnerabilities for Opennlp by Apache
Listed below are 4 of the newest known vulnerabilities associated with "Opennlp" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-42440 json | OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.... | Not Provided | 2026-05-04 | 2026-05-05 |
| CVE-2026-42027 json | Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, befo... | Not Provided | 2026-05-04 | 2026-05-05 |
| CVE-2026-40682 json | XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: ... | Not Provided | 2026-05-04 | 2026-05-05 |
| CVE-2017-12620 json | When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a libra... | 9.8 - CRITICAL | 2017-10-03 | 2017-11-02 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Opennlp | 1.8.1 | |||
| Application | Apache | Opennlp | 1.8.0 | |||
| Application | Apache | Opennlp | 1.7.2 | |||
| Application | Apache | Opennlp | 1.7.1 | |||
| Application | Apache | Opennlp | 1.7.0 | |||
| Application | Apache | Opennlp | 1.6.0 | |||
| Application | Apache | Opennlp | 1.5.3 | |||
| Application | Apache | Opennlp | 1.5.2 | |||
| Application | Apache | Opennlp | 1.5.1 | |||
| Application | Apache | Opennlp | 1.5.0 |