Product
apache arrow
6 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-25087
CVE-2024-52338
CVE-2024-41178
CVE-2019-12410
CVE-2019-12408
CVE-2019-11404
>= 15.0.0 and < 23.0.1
Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be trigg
>= 4.0.0 and < 17.0.0
Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows a
>= 0.5.0 and <= 0.10.1
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (
object_store crate), version 0.10.1 and earlier on>= 0.12.0 and <= 0.14.1
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.
>= 0.14.0 and <= 0.14.1
It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0
< 0.9.0
arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of H