aiograpi has dependency on vulnerable orjson 3.11.4 (CVE-2025-67221)

Impact aiograpi 0.6.6 / 0.7.0 / 0.7.1 declared orjson==3.11.6 and later ==3.11.8 in requirements.txt but setup.py carried a hard-coded duplicate requirements = ... list that was never updated and still pinned orjson==3.11.4. When setuptools builds the source distribution it reads the metadata fro...

SUSE: Security Advisory (SUSE-SU-2026:20920-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses wheel-0.41.3-py3-none-any.whl, orjson-3.10.14-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, pythonmultipart-0.0.21-py3-none-any.whl, pyasn1-0.6.1.tar.gz, sentencepiece-0.2.0-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, tar-7.4.3.tgz, tar-7.5.2.tgz...

Security update for python-orjson (moderate)

openSUSE security update: security update for python-orjson ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20407-1 Rating: moderate References: bsc1257121 Cross-References: CVE-2025-67221 CVSS scores: CVE-2025-67221 SUSE : 5.9...

OPENSUSE-SU-2026:20407-1 Security update for python-orjson

This update for python-orjson fixes the following issues: - CVE-2025-67221: Fixed write outsize of allocated memory on json dump bsc1257121...

CVE-2025-67221 vulnerabilities

Vulnerabilities for packages: emissary, kserve, datadog-agent...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...