Tika
This hub aggregates every CVE we track for Tika, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
25
CVEs tracked
1
Critical
9
High
0
In CISA KEV
Severity distribution
MEDIUM14HIGH9LOW1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
1
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Tika.
- CVE-2025-66516Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected8.4
- CVE-2025-54988Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA8.4
- CVE-2022-33879Incomplete fix and new regex DoS in StandardsExtractingContentHandler3.3
- CVE-2022-30973Missing fix for CVE-2022-30126 in 1.28.25.5
- CVE-2022-30126Apache Tika Regular Expression Denial of Service in Standards Extractor5.5
- CVE-2022-25169Apache Tika BPGParser Memory Usage DoS5.5
- CVE-2021-33813An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.7.5
- CVE-2021-28657Infinite loop in Apache Tika's MP3 parser5.5
- CVE-2020-9489A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP...5.5
- CVE-2020-1951A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.5.5
- CVE-2020-1950A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.5.5
- CVE-2019-10088A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.8.8
- CVE-2019-10094A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21...7.8
- CVE-2019-10093In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or la...6.5
- CVE-2018-17197A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.6.5
Product normalization is registry-driven with AI assist and human review. How it works