CVE-2026-48506

The CVE-2026-48506 entry concerns MessagePack-CSharp: MessagePackReader.TrySkip() can recurse without incrementing depth checks, bypassing MaximumObjectGraphDepth and risking unbounded recursion leading to StackOverflow. Affected: MessagePack-CSharp (reader Skip usage in nested arrays/maps). Root...

Astra Linux – Vulnerability in Golang-1.15

In Go, encoding/xml in versions before 1.15.9 and 1.16.x before 1.16.1 may lead to an infinite loop if a custom TokenReader used for xml.NewTokenDecoder returns EOF midway through an element. This issue can occur in the Decode, DecodeElement, or Skip methods...

CVE-2026-41636 Apache Thrift: Node.js skip() recursion

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

AZL-79104 CVE-2021-27918 affecting package golang 1.25.7-1

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

Design/Logic Flaw

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...