52298 matches found
orjson does not limit recursion for deeply nested JSON documents
The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...
GHSA-HX9Q-6W63-J58V orjson does not limit recursion for deeply nested JSON documents
The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...
PYSEC-2026-107
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
Path Traversal
mindsdb is vulnerable to a path traversal. The vulnerability is due to improper handling of user-controlled file paths in the file upload API when JSON requests are used, which allows an unauthenticated attacker to exploit directory traversal and read arbitrary files from the server filesystem an...
CVE-2026-23737
A flaw was found in seroval, a JavaScript library designed to convert complex data into a string format. This vulnerability exists within the library's JSON deserialization process, which is responsible for converting string data back into usable objects. A remote attacker can exploit improper...
CVE-2026-23991
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...
AZL-75186 CVE-2026-23991 affecting package gh 2.62.0-10
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...
CVE-2026-23991 go-tuf affected by client DoS via malformed server response
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...
CVE-2026-23958
Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation allows an attacker to brute-force the admin’s password by exploiting unmonitored API endpoints...
CVE-2026-23958 DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Password that Enables Full Account Takeover
Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation allows an attacker to brute-force the admin’s password by exploiting unmonitored API endpoints...
CVE-2026-23958 DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Password that Enables Full Account Takeover
Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation allows an attacker to brute-force the admin’s password by exploiting unmonitored API endpoints...
CVE-2026-23958
DataEase (open-source data visualization tool) prior to version 2.10.19 uses the MD5 hash of the user password as the JWT signing secret. This deterministic secret derivation allows an attacker to brute-force the admin password by abusing unmonitored API endpoints that verify JWT tokens. The vuln...
CVE-2026-23958
Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation allows an attacker to brute-force the admin’s password by exploiting unmonitored API endpoints...
[SECURITY] Fedora 43 Update: rpki-client-9.7-1.fc43
The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...
CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-11230)
The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-11230 advisory. - Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial...
Orjson security vulnerabilities
orjson is a fast and accurate Python JSON library developed by ijl’s individual developers. Versions of orjson prior to 3.11.4 have security vulnerabilities, which stem from the orjson.dumps function not properly restricting recursion for deeply nested JSON documents...
CVE-2025-67221
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
PT-2026-3955
Name of the Vulnerable Software and Affected Versions orjson versions through 3.11.4 Description The orjson.dumps function does not limit recursion when processing deeply nested JSON documents. This can lead to a denial of service. Recommendations Update to a version of orjson newer than 3.11.4...
CVE-2025-67221
CVE-2025-67221 concerns the orjson library: the orjson.dumps function in orjson up to version 3.11.4 fails to limit recursion for deeply nested JSON documents. The vulnerability is described across multiple sources (Red Hat, NVD, OSV, etc.), consistently stating that deeply nested JSON can trigge...
Azure Linux 3.0 Security Update: libglvnd (CVE-2023-26819)
The version of libglvnd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-26819 advisory. - cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as a: true, b:...