Known Vulnerabilities for Tika by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Tika" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-59031 | Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. A... | Not Provided | 2026-03-27 | 2026-03-27 |
| CVE-2022-25169 | The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully ... | 5.5 - MEDIUM | 2022-05-16 | 2022-11-09 |
| CVE-2021-33813 | An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | 7.5 - HIGH | 2021-06-16 | 2023-11-07 |
| CVE-2021-28657 | A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Ti... | 5.5 - MEDIUM | 2021-03-31 | 2023-11-07 |
| CVE-2020-9489 | A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also c... | 5.5 - MEDIUM | 2020-04-27 | 2023-11-07 |
| CVE-2020-1951 | A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. | 5.5 - MEDIUM | 2020-03-23 | 2022-10-07 |
| CVE-2020-1950 | A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. | 5.5 - MEDIUM | 2020-03-23 | 2022-10-07 |
| CVE-2019-10094 | A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOv... | 7.8 - HIGH | 2019-08-02 | 2023-11-07 |
| CVE-2019-10093 | In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and... | 6.5 - MEDIUM | 2019-08-02 | 2023-11-07 |
| CVE-2019-10088 | A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users ... | 8.8 - HIGH | 2019-08-02 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Tika | 1.9 | All | All | All |
| Application | Apache | Tika | 1.8 | All | All | All |
| Application | Apache | Tika | 1.7 | All | All | All |
| Application | Apache | Tika | 1.6 | All | All | All |
| Application | Apache | Tika | 1.5 | All | All | All |
| Application | Apache | Tika | 1.4 | All | All | All |
| Application | Apache | Tika | 1.3 | All | All | All |
| Application | Apache | Tika | 1.24 | All | All | All |
| Application | Apache | Tika | 1.23 | All | All | All |
| Application | Apache | Tika | 1.21 | All | All | All |
| Application | Apache | Tika | 1.20 | All | All | All |
| Application | Apache | Tika | 1.2 | All | All | All |
| Application | Apache | Tika | 1.19.1 | All | All | All |
| Application | Apache | Tika | 1.19 | All | All | All |
| Application | Apache | Tika | 1.18 | All | All | All |
| Application | Apache | Tika | 1.17 | All | All | All |
| Application | Apache | Tika | 1.16 | All | All | All |
| Application | Apache | Tika | 1.15 | All | All | All |
| Application | Apache | Tika | 1.14 | All | All | All |
| Application | Apache | Tika | 1.13 | All | All | All |