Apache thrift

This hub aggregates every CVE we track for Apache thrift, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Apache thrift.

• CVE-2026-43868Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern5.3May 5, 2026
• CVE-2026-43870Apache Thrift: Node.js web_server.js multi-vulnerability7.3May 5, 2026
• CVE-2026-43869Apache Thrift: TSSLTransportFactory.java hostname verification7.3May 5, 2026
• CVE-2026-41636Apache Thrift: Node.js skip() recursion7.5Apr 28, 2026
• CVE-2026-41607Apache Thrift: C++ JSON OOB read6.5Apr 28, 2026
• CVE-2026-41606Apache Thrift: c_glib dispatch stack overflow5.3Apr 28, 2026
• CVE-2026-41605Apache Thrift: Swift Compact Protocol integer overflow7.3Apr 28, 2026
• CVE-2026-41604Apache Thrift: Swift Range crash in skip()8.2Apr 28, 2026
• CVE-2026-41603Apache Thrift: Java TSSLTransportFactory hostname verification7.4Apr 28, 2026
• CVE-2026-41602Apache Thrift: Go TFramedTransport uint32 overflow7.5Apr 28, 2026
• CVE-2025-48431Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.7.5Apr 28, 2026
• CVE-2019-0205In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in v...7.5Oct 28, 2019
• CVE-2019-0210In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.7.5Oct 28, 2019
• CVE-2018-1320Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determin...7.5Jan 7, 2019
• CVE-2018-11798The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside ...6.5Jan 7, 2019