JSONPath Plus < 10.3.0 - Remote Code Execution

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

ROOT-APP-NPM-CVE-2025-1302 CVE-2025-1302 in @rootio/jsonpath-plus - Patched by Root

Root has patched CVE-2025-1302 in the @rootio/jsonpath-plus package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2024-21534 CVE-2024-21534 in @rootio/jsonpath-plus - Patched by Root

Root has patched CVE-2024-21534 in the @rootio/jsonpath-plus package for Root:npm. Multiple fixed versions available...

GHSA-WC3V-3457-C8CM OpenMeter: SQL injection through meter creation

Summary An authenticated tenant can inject arbitrary SQL through the valueProperty or groupBy fields of POST /api/v1/meters. The injection passes the application's JSONPath validation check and executes against the shared ClickHouse database, which contains event data for all tenants with no...

Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS

Description The JsonPath component's match and search filter functions compile a caller-supplied pattern straight into pregmatch: php 'match' = @pregmatch\sprintf'/^%s$/u', $this-transformJsonPathRegex$argList1, $value, 'search' = @pregmatch"/$this-transformJsonPathRegex$argList1/u", $value,...

GHSA-8V8V-G73J-492J Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS

Description The JsonPath component's match and search filter functions compile a caller-supplied pattern straight into pregmatch: php 'match' = @pregmatch\sprintf'/^%s$/u', $this-transformJsonPathRegex$argList1, $value, 'search' = @pregmatch"/$this-transformJsonPathRegex$argList1/u", $value,...

PT-2026-44728

Description The JsonPath component's match and search filter functions compile a caller-supplied pattern straight into preg match: php 'match' = @preg matchsprintf'/^%s$/u', $this-transformJsonPathRegex$argList1, $value, 'search' = @preg match"/$this-transformJsonPathRegex$argList1/u", $value,...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Arbitrary Code Injection due to Node js module jsonpath (CVE-2026-1615)

Summary IBM App Connect Enterprise runtime is vulnerable to Arbitrary Code Injection due to Node js module jsonpath. Vulnerability Details CVEID:CVE-2026-1615 DESCRIPTION: Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-suppli...

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus: CVE-2026-27606: Fix arbitrary file write via path traversal in rollup bsc1258893 Bump rollup to version 4.59.0 Drop SLE 12 support jscPED-15474 CVE-2026-25547: Fix unbounded brace range expansion leading to excessive CPU...

Spring AI 1.0.x < 1.0.4 / 1.1.x < 1.1.3 Multiple Vulnerabilities

The version of Spring AI installed on the remote host is 1.0.x prior to 1.0.4 or 1.1.x prior to 1.1.3. It is, therefore, affected by multiple vulnerabilities: - A JSONPath injection vulnerability in AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access...

python311-jsonpath-ng-1.8.0-1.1 on GA media (moderate)

python311-jsonpath-ng-1.8.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10418-1 Rating: moderate Cross-References: CVE-2025-56005 CVSS scores: CVE-2025-56005 SUSE : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-56005 SUSE : 8.5...

CVE-2026-22729

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to remote code execution (CVE-2026-1615)

Summary Node.js module jsonpath is used by IBM App Connect Enterprise Certified Container for processing JSON data. IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in...

OPENSUSE-SU-2026:10418-1 python311-jsonpath-ng-1.8.0-1.1 on GA media

These are all security issues fixed in the python311-jsonpath-ng-1.8.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-30873

A flaw was found in the jsonpath component of the OpenWrt Project. The jpgettoken function, which processes input expressions, contains a memory leak vulnerability. This occurs when dynamically allocated memory used for extracting string literals, field labels, or regular expressions is not...

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

CVE-2026-30873

CVE-2026-30873 affects OpenWrt Project’s jsonpath component, specifically the jp_get_token function used during lexical analysis. In OpenWrt releases prior to 24.10.6 and 25.12.1, memory allocated for strings, field labels, and regular expressions is copied to a new jp_opcode object without freei...

GHSA-RP9G-QX29-88CP JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

CVE-2026-22729

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...