[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-39410":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":28,"downstream":29,"duplicates":40,"related":41,"reserved_at":9,"published_at":48,"modified_at":49,"state":50,"summary":51,"references_raw":60,"kevs":110,"epss":111,"epss_history":114,"metrics":377,"affected":387},"CVE-2023-39410","When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2.  Users should update to apache-avro version 1.11.3 which addresses this issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-502","Deserialization of Untrusted Data","The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-586","Object Injection",[],[],[26,27],"PYSEC-2023-188","GHSA-rhrv-645h-fjfh",[],[30,32,34,36,38],{"_key":31},"RHSA-2024:10208",{"_key":33},"RHSA-2024:10207",{"_key":35},"RHSA-2023:7637",{"_key":37},"RHSA-2023:7638",{"_key":39},"RHSA-2023:7639",[],[42,44,46],{"_key":43},"CGA-8Q34-H6RX-RRWJ",{"_key":45},"CGA-X2R8-2M8H-66GJ",{"_key":47},"CGA-FF3H-2V35-524F","2023-09-29T16:23:34.021Z","2025-02-13T17:03:03.075Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":53,"epss_score":54,"severity":55,"severity_score":56,"severity_version":57,"severity_source":58,"severity_vector":59,"severity_status":50},false,"low",0.00072,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[61,72,77,81,85,89,93,98,102,106],{"url":62,"sources":63,"tags":67},"https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds",[64,58,65,66],"cve.org","osv_pypi","osv_maven",[68,69,70,71],"Vendor Advisory","Mailing List","Advisory","WEB",{"url":73,"sources":74,"tags":75},"https://www.openwall.com/lists/oss-security/2023/09/29/6",[64,58,66],[69,76,71],"Third Party Advisory",{"url":78,"sources":79,"tags":80},"https://security.netapp.com/advisory/ntap-20240621-0006/",[64,58],[],{"url":82,"sources":83,"tags":84},"http://www.openwall.com/lists/oss-security/2023/09/29/6",[65,66],[71],{"url":86,"sources":87,"tags":88},"https://nvd.nist.gov/vuln/detail/CVE-2023-39410",[66],[70],{"url":90,"sources":91,"tags":92},"https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828",[66],[71],{"url":94,"sources":95,"tags":96},"https://github.com/apache/avro",[66],[97],"PACKAGE",{"url":99,"sources":100,"tags":101},"https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml",[66],[71],{"url":103,"sources":104,"tags":105},"https://issues.apache.org/jira/browse/AVRO-3819",[66],[71],{"url":107,"sources":108,"tags":109},"https://security.netapp.com/advisory/ntap-20240621-0006",[66],[71],[],{"date":112,"score":54,"percentile":113},"2026-06-04",0.22078,[115,119,122,125,128,131,134,137,140,143,146,149,151,154,157,161,164,167,170,173,176,179,182,185,188,191,194,197,200,203,206,209,212,214,217,220,223,226,229,232,235,238,241,244,247,250,253,256,259,262,264,267,270,272,275,278,281,284,287,290,293,296,299,302,305,308,311,313,316,319,322,325,328,331,334,337,339,341,344,347,350,352,354,357,360,363,366,369,371,374],{"date":116,"score":117,"percentile":118},"2025-11-04",0.00061,0.19029,{"date":120,"score":117,"percentile":121},"2025-11-05",0.1904,{"date":123,"score":117,"percentile":124},"2025-11-06",0.19048,{"date":126,"score":117,"percentile":127},"2025-11-07",0.19061,{"date":129,"score":117,"percentile":130},"2025-11-08",0.19063,{"date":132,"score":117,"percentile":133},"2025-11-09",0.19037,{"date":135,"score":117,"percentile":136},"2025-11-10",0.18993,{"date":138,"score":117,"percentile":139},"2025-11-11",0.18999,{"date":141,"score":117,"percentile":142},"2025-11-12",0.19041,{"date":144,"score":117,"percentile":145},"2025-11-13",0.1907,{"date":147,"score":117,"percentile":148},"2025-11-14",0.19064,{"date":150,"score":117,"percentile":142},"2025-11-15",{"date":152,"score":117,"percentile":153},"2025-11-16",0.18998,{"date":155,"score":117,"percentile":156},"2025-11-17",0.18923,{"date":158,"score":159,"percentile":160},"2025-11-18",0.03978,0.87258,{"date":162,"score":159,"percentile":163},"2025-11-19",0.87262,{"date":165,"score":159,"percentile":166},"2025-11-20",0.87266,{"date":168,"score":117,"percentile":169},"2025-11-21",0.18924,{"date":171,"score":117,"percentile":172},"2025-11-22",0.18927,{"date":174,"score":117,"percentile":175},"2025-11-23",0.18898,{"date":177,"score":117,"percentile":178},"2025-11-24",0.18864,{"date":180,"score":117,"percentile":181},"2025-11-25",0.18853,{"date":183,"score":117,"percentile":184},"2025-11-26",0.18847,{"date":186,"score":117,"percentile":187},"2025-11-27",0.18849,{"date":189,"score":117,"percentile":190},"2025-11-28",0.18833,{"date":192,"score":117,"percentile":193},"2025-11-29",0.18825,{"date":195,"score":117,"percentile":196},"2025-11-30",0.18828,{"date":198,"score":117,"percentile":199},"2025-12-01",0.18867,{"date":201,"score":117,"percentile":202},"2025-12-02",0.18878,{"date":204,"score":117,"percentile":205},"2025-12-03",0.18895,{"date":207,"score":117,"percentile":208},"2025-12-04",0.18858,{"date":210,"score":117,"percentile":211},"2025-12-05",0.18909,{"date":213,"score":117,"percentile":211},"2025-12-06",{"date":215,"score":117,"percentile":216},"2025-12-07",0.18896,{"date":218,"score":117,"percentile":219},"2025-12-08",0.18912,{"date":221,"score":117,"percentile":222},"2025-12-09",0.18979,{"date":224,"score":117,"percentile":225},"2025-12-10",0.19057,{"date":227,"score":117,"percentile":228},"2025-12-11",0.19099,{"date":230,"score":117,"percentile":231},"2025-12-12",0.19129,{"date":233,"score":117,"percentile":234},"2025-12-13",0.19144,{"date":236,"score":117,"percentile":237},"2025-12-14",0.19094,{"date":239,"score":117,"percentile":240},"2025-12-15",0.19075,{"date":242,"score":117,"percentile":243},"2025-12-16",0.19111,{"date":245,"score":117,"percentile":246},"2025-12-17",0.19194,{"date":248,"score":117,"percentile":249},"2025-12-18",0.19284,{"date":251,"score":117,"percentile":252},"2025-12-19",0.19304,{"date":254,"score":117,"percentile":255},"2025-12-20",0.19277,{"date":257,"score":117,"percentile":258},"2025-12-21",0.19238,{"date":260,"score":117,"percentile":261},"2025-12-22",0.19192,{"date":263,"score":117,"percentile":261},"2025-12-23",{"date":265,"score":117,"percentile":266},"2025-12-24",0.19229,{"date":268,"score":117,"percentile":269},"2025-12-25",0.19307,{"date":271,"score":117,"percentile":252},"2025-12-26",{"date":273,"score":117,"percentile":274},"2025-12-27",0.193,{"date":276,"score":117,"percentile":277},"2025-12-28",0.19258,{"date":279,"score":117,"percentile":280},"2025-12-29",0.19213,{"date":282,"score":117,"percentile":283},"2025-12-30",0.19216,{"date":285,"score":117,"percentile":286},"2025-12-31",0.19278,{"date":288,"score":117,"percentile":289},"2026-01-01",0.19369,{"date":291,"score":117,"percentile":292},"2026-01-02",0.19372,{"date":294,"score":117,"percentile":295},"2026-01-03",0.19347,{"date":297,"score":117,"percentile":298},"2026-01-04",0.19244,{"date":300,"score":117,"percentile":301},"2026-01-05",0.19218,{"date":303,"score":117,"percentile":304},"2026-01-06",0.19232,{"date":306,"score":117,"percentile":307},"2026-01-07",0.19262,{"date":309,"score":117,"percentile":310},"2026-01-08",0.19319,{"date":312,"score":117,"percentile":310},"2026-01-09",{"date":314,"score":117,"percentile":315},"2026-01-10",0.19331,{"date":317,"score":117,"percentile":318},"2026-01-11",0.19299,{"date":320,"score":117,"percentile":321},"2026-01-12",0.19261,{"date":323,"score":117,"percentile":324},"2026-01-13",0.19237,{"date":326,"score":117,"percentile":327},"2026-01-14",0.19296,{"date":329,"score":117,"percentile":330},"2026-01-15",0.19301,{"date":332,"score":117,"percentile":333},"2026-01-16",0.19328,{"date":335,"score":117,"percentile":336},"2026-01-17",0.19341,{"date":338,"score":117,"percentile":327},"2026-01-18",{"date":340,"score":117,"percentile":324},"2026-01-19",{"date":342,"score":117,"percentile":343},"2026-01-20",0.19223,{"date":345,"score":117,"percentile":346},"2026-01-21",0.1919,{"date":348,"score":117,"percentile":349},"2026-01-22",0.19132,{"date":351,"score":117,"percentile":304},"2026-01-23",{"date":353,"score":117,"percentile":321},"2026-01-24",{"date":355,"score":117,"percentile":356},"2026-01-25",0.19187,{"date":358,"score":117,"percentile":359},"2026-01-26",0.19087,{"date":361,"score":117,"percentile":362},"2026-01-27",0.19078,{"date":364,"score":117,"percentile":365},"2026-01-28",0.19076,{"date":367,"score":117,"percentile":368},"2026-01-29",0.19045,{"date":370,"score":117,"percentile":225},"2026-01-30",{"date":372,"score":117,"percentile":373},"2026-01-31",0.19062,{"date":375,"score":117,"percentile":376},"2026-02-01",0.19086,[378,383,385],{"source":58,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":379,"cvss_v4_0":9},{"baseScore":56,"baseSeverity":380,"vectorString":59,"impactScore":381,"exploitabilityScore":382},"HIGH",6,10,{"source":65,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":384,"cvss_v4_0":9},{"baseScore":56,"baseSeverity":9,"vectorString":59,"impactScore":381,"exploitabilityScore":382},{"source":66,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":386,"cvss_v4_0":9},{"baseScore":56,"baseSeverity":9,"vectorString":59,"impactScore":381,"exploitabilityScore":382},[388,399,406,415],{"ecosystem":9,"name":389,"vendor":390,"product":391,"cpe_part":392,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":393},"Apache Avro Java SDK","apache software foundation","apache avro java sdk","a",[394],{"version":395,"is_range":396,"range_type":64,"version_start":9,"version_start_type":9,"version_end":397,"version_end_type":398,"fixed_in":9},"\u003C 1.11.3",true,"1.11.3","excluding",{"ecosystem":9,"name":400,"vendor":401,"product":400,"cpe_part":392,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":402},"avro","apache",[403],{"version":404,"is_range":396,"range_type":405,"version_start":9,"version_start_type":9,"version_end":397,"version_end_type":398,"fixed_in":9},"lt1.11.3","cpe",{"ecosystem":407,"name":408,"vendor":409,"product":400,"cpe_part":9,"purl_type":410,"purl_namespace":409,"purl_name":400,"source":9,"versions":411},"Maven","org.apache.avro:avro","org.apache.avro","maven",[412],{"version":413,"is_range":396,"range_type":414,"version_start":9,"version_start_type":9,"version_end":397,"version_end_type":398,"fixed_in":9},"lt1_11_3","ecosystem",{"ecosystem":416,"name":400,"vendor":416,"product":400,"cpe_part":9,"purl_type":417,"purl_namespace":9,"purl_name":400,"source":9,"versions":418},"PyPI","pypi",[419],{"version":413,"is_range":396,"range_type":414,"version_start":9,"version_start_type":9,"version_end":397,"version_end_type":398,"fixed_in":9}]