Apache poi
This hub aggregates every CVE we track for Apache poi, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
3
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM2HIGH1
Monthly trend
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 3 most recently published vulnerabilities affecting Apache poi.
- CVE-2025-31672Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names5.3
- CVE-2017-12626Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of ...7.5
- CVE-2017-5644Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.5.5
Product normalization is registry-driven with AI assist and human review. How it works