EUVD-2026-32581

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list...

Malicious code in json-dec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de1db9ce26e4c5f4788ebbf809fede48364dd0741a8f4d0aa5580fac4b199f59 The package json-dec was found to contain malicious code. Source: ghsa-malware ad7f787412af0259dfcb2bcbb7429600fcb3c8a92510c70699961455caddd9ad Any...

Uncontrolled Recursion

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONTaggedDecoder.decodeobj function in jsontags.py. An attacker can cause the application to crash by submittin...

CVE-2026-25790 Wazuh has Stack-Based Buffer Overflow in Security Configuration Assessment JSON Parser

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment SCA decoder wazuh-analysisd. The use of sprintf with a...

PT-2026-6627

Name of the Vulnerable Software and Affected Versions Versions prior to 2026-1301 Description A specially crafted JSON message can cause a heap overflow in the PubSub JSON decoder before authentication. This can lead to a process crash and memory corruption. The issue occurs in builds with PubSub...

SUSE-SU-2025:20900-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2025-11230: Fixed mjson JSON decoder excessive resource consumption bsc1250983...

SUSE-SU-2025:20872-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2025-11230: Fixed mjson JSON decoder excessive resource consumption bsc1250983...

Security update for haproxy

This update for haproxy fixes the following issues: CVE-2025-11230: Fixed mjson JSON decoder excessive resource consumption bsc1250983 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

openSUSE Security Advisory (SUSE-SU-2025:03587-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for haproxy

This update for haproxy fixes the following issues: CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let to excessive resource consumption when processing numbers with large exponents bsc1250983. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2025:03589-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let to excessive resource consumption when processing numbers with large exponents bsc1250983...

Security update for haproxy

This update for haproxy fixes the following issues: CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let to excessive resource consumption when processing numbers with large exponents bsc1250983. Patch Instructions: To install this SUSE update use the SUSE recommended...

EUVD-2021-26829

Malware in sbrugna...

[SECURITY] Fedora 43 Update: perl-Cpanel-JSON-XS-4.40-1.fc43

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

UltraJSON: Multiple Vulnerabilities

Background UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python 3.8+. Description Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded...

GLSA-202403-03 : UltraJSON: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202403-03 UltraJSON: Multiple Vulnerabilities - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that...

Ubuntu 20.04 LTS : UltraJSON vulnerabilities (USN-6629-3)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6629-3 advisory. USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. Tenable has extracted the preceding...

[SECURITY] Fedora 35 Update: golang-github-francoispqt-gojay-1.2.13-7.fc35

GoJay is a performant JSON encoder/decoder for Golang currently the most performant, see benchmarks. It has a simple API and doesn't use reflection. It relies on small interfaces to decode/encode structures and slices. Gojay also comes with powerful stream decoding features and an even faster...

CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...

CVE-2022-31116

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...