Apache Jena
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apache Jena.
By the Year
In 2026 there have been 0 vulnerabilities in Apache Jena. Last year, in 2025 Jena had 2 security vulnerabilities published. Right now, Jena is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 8.15 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 7.10 |
| 2022 | 1 | 9.80 |
| 2021 | 1 | 7.50 |
It may take a day or so for new Jena vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Jena Security Vulnerabilities
Apache Jena <5.4.0: Arbitrary Config Upload via File Access Paths
CVE-2025-50151
8.8 - High
- July 21, 2025
File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.
Improper Input Validation
Apache Jena Fuseki DB File Creation Outside Allowed Area (before 5.5.0)
CVE-2025-49656
7.5 - High
- July 21, 2025
Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.
Directory traversal
Apache Jena <4.8.0 Remote Exec via SPARQL Script Funcs (CVE-2023-32200)
CVE-2023-32200
8.8 - High
- July 12, 2023
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.
EL Injection
Remote JS Exec via SPARQL in Apache Jena <=4.7.0
CVE-2023-22665
5.4 - Medium
- April 25, 2023
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
EL Injection
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved
CVE-2022-28890
9.8 - Critical
- May 05, 2022
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.
XXE
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may
CVE-2021-39239
7.5 - High
- September 16, 2021
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Jena or by Apache? Click the Watch button to subscribe.
