CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

CVE-2025-59364

The CVE concerns the express-xss-sanitizer package for Node.js, where the sanitize function in lib/sanitize.js can recurse without depth limit when handling JSON request bodies, potentially enabling denial of service through stack exhaustion. Affected versions include up to 2.0.0; advisories indi...

PT-2025-37434

Name of the Vulnerable Software and Affected Versions express-xss-sanitizer versions through 2.0.0 Description The express-xss-sanitizer package contains an unbounded recursion depth in the sanitize function located in lib/sanitize.js when processing a JSON request body. Recommendations Update to...

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

Linux Distros Unpatched Vulnerability : CVE-2021-41752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new...

eventpoll: Fix semi-unbounded recursion

...

LlamaIndex affected by a Denial of Service (DOS) in JSONReader

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

PT-2025-34665 · Run Llama · Llama Index

Name of the Vulnerable Software and Affected Versions: run-llama/llama index versions prior to 0.12.38 Description: A denial of service issue exists in the JSONReader component. The issue is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting i...

CVE-2025-38614

The CVE-2025-38614 entry describes a Linux kernel vulnerability in eventpoll where recursion depth in ep_loop_check_proc() could form deep trees and trigger semi-unbounded recursion. The root cause involved two shortcomings: (1) the depth checks did not consider upward paths, and (2) multiple dow...

PT-2025-33812

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the eventpoll subsystem that could allow for semi-unbounded recursion. The issue stems from insufficient depth checks when creating graph edges...

Medium: rust

Issue Overview: The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input. CVE-2025-53605 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Security Bulletin: IBM® Db2® federated server is vulnerable to unbounded recursions due to a vulnerability in protobuf-java (CVE-2024-7254).

Summary Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite...

Unbounded recursion in Python Protobuf

...

DEBIAN-CVE-2025-53605

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...

CVE-2025-4565

CVE-2025-4565 affects the Protobuf Python backend (pure-Python) when parsing untrusted data with recursive groups/messages or SGROUP tags, potentially causing denial of service via RecursionError. Public details in connected documents specify a fix path: upgrade to protobuf 6.31.1 or newer (commi...

CVE-2025-4565 Unbounded recursion in Python Protobuf

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...

DEBIAN-CVE-2025-0649

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

Oracle MySQL Connectors CVE-2024-7254 (April 2025 CPU)

The 9.0.0 and 9.2.0 versions of MySQL Connectors installed on the remote host is affected by CVE-2024-7254 as referenced in the April 2025 CPU advisory. - Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted ...

Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2

...