Thrift

This hub aggregates every CVE we track for Thrift, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.

Communicationslibrarylibrary

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH21MEDIUM5CRITICAL1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Thrift.

CVE-2026-43868Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern5.3May 5, 2026
CVE-2026-43870Apache Thrift: Node.js web_server.js multi-vulnerability7.3May 5, 2026
CVE-2026-43869Apache Thrift: TSSLTransportFactory.java hostname verification7.3May 5, 2026
CVE-2026-41636Apache Thrift: Node.js skip() recursion7.5Apr 28, 2026
CVE-2026-41607Apache Thrift: C++ JSON OOB read6.5Apr 28, 2026
CVE-2026-41606Apache Thrift: c_glib dispatch stack overflow5.3Apr 28, 2026
CVE-2026-41605Apache Thrift: Swift Compact Protocol integer overflow7.3Apr 28, 2026
CVE-2026-41604Apache Thrift: Swift Range crash in skip()8.2Apr 28, 2026
CVE-2026-41603Apache Thrift: Java TSSLTransportFactory hostname verification7.4Apr 28, 2026
CVE-2026-41602Apache Thrift: Go TFramedTransport uint32 overflow7.5Apr 28, 2026
CVE-2025-48431Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.7.5Apr 28, 2026
CVE-2021-24028An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift pri...9.8Apr 13, 2021
CVE-2020-13949In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.7.5Feb 12, 2021
CVE-2019-11939Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would re...7.5Mar 18, 2020
CVE-2019-3553C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would resul...7.5Mar 10, 2020

Product normalization is registry-driven with AI assist and human review. How it works