CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Security Advisory: express-xss-sanitizer Overview A vulnerability was discovered in express-xss-sanitizer that allowed unbounded recursion depth during sanitization of nested objects. Affected Versions - All versions prior to 2.0.1 Patched Versions - 2.0.1 and later Description The sanitize...

5.3CVSS7.2AI score0.00419EPSS

Exploits0References10Affected Software1

Veracode•added 2025/09/23 7:15 a.m.•5 views

Denial Of Service (DoS)

llamaindexcore is vulnerable to Denial of Service DoS. The vulnerability is due to uncontrolled recursion when parsing deeply nested JSON files, which allows an attacker to cause high resource consumption and potential crashes of the Python process...

8.6CVSS8.5AI score0.0026EPSS

Exploits0References4Affected Software1

Cvelist•added 2025/08/25 3:3 p.m.•7 views

CVE-2025-5302 Denial of Service (DOS) in JSONReader in run-llama/llama_index

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

8.6CVSS0.0026EPSS

Exploits0References2

RedhatCVE•added 2025/07/29 12:12 a.m.•12 views

CVE-2024-58264

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

7.5CVSS6.4AI score0.00346EPSS

Exploits0References1

OSV•added 2025/07/27 9:15 p.m.•2 views

CVE-2024-58264

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

7.5CVSS5.8AI score0.00346EPSS

Exploits0References3

CNNVD•added 2025/07/27 12:0 a.m.•1 views

serde-json-wasm crate 安全漏洞

serde-json-wasm crate is a Rust library open-sourced by CosmWasm. A security vulnerability exists in serde-json-wasm crate versions prior to 1.0.1, which stems from deeply nested JSON data that may lead to stack consumption...

7.5CVSS6.4AI score0.00346EPSS

Exploits0References4

Cvelist•added 2025/07/27 12:0 a.m.•7 views

CVE-2024-58264

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

3.2CVSS0.00346EPSS

Exploits0References3

OSV•added 2025/07/11 3:16 a.m.•3 views

UBUNTU-CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

5.8CVSS6.9AI score0.00806EPSS

Exploits0References5

CNNVD•added 2025/07/11 12:0 a.m.•3 views

Connect2id Nimbus JOSE + JWT 安全漏洞

Connect2id Nimbus JOSE + JWT is a Java library from Connect2id. A security vulnerability exists in Connect2id Nimbus JOSE + JWT versions prior to 10.0.2, which stems from improper handling of nested JSON objects and could lead to a denial of service attack...

5.8CVSS6.5AI score0.00806EPSS

Exploits0References8

CVE•added 2025/07/11 12:0 a.m.•238 views

CVE-2025-53864

CVE-2025-53864 is described as a denial of service vulnerability in Nimbus JOSE + JWT where a deeply nested JSON object in a JWT claim set can trigger uncontrolled recursion. IBM security notices cite affected product lines and versions, for example IBM API Connect (OnPrem) v12.1.0.0 and Jazz Fou...

5.8CVSS6.9AI score0.00806EPSS

Exploits0References5

Snyk•added 2025/07/07 10:44 a.m.•5 views

Uncontrolled Recursion

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONReader process. An attacker can cause the application to crash by submitting deeply nested JSON structures, resulting in a stack overflow and...

7.1CVSS7.2AI score0.00338EPSS

Exploits1References2

Positive Technologies•added 2025/07/02 12:0 a.m.•3 views

PT-2025-27665 · Unknown · Llama Index

Name of the Vulnerable Software and Affected Versions: llama index versions prior to 0.12.28 llama index version 0.12.28 Description: The JSONReader in the affected software is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This allows attackers to trigger a Denial of...

6.5CVSS6.5AI score0.00338EPSS

Exploits1References10

Huntr•added 2025/05/27 3:2 p.m.•6 views

Denial of Service(DOS) in JSONReader

Description There exists a denial of service vulnerabilityDOS that occurs by python hitting max recursion depth while parsing a deeply nested json file using JSONReader. Vulnerable piece of code...

8.6CVSS7.1AI score0.0026EPSS

Exploits0

Snyk•added 2025/02/06 6:31 a.m.•3 views

Denial of Service (DoS)

Overview net.minidev:json-smart is a Java JSON parser. Affected versions of this package are vulnerable to Denial of Service DoS. An attacker can cause a stack exhaustion and subsequent service disruption by providing JSON input with an excessive number of nested . Note: This issue exists because...

8.7CVSS7.7AI score0.01119EPSS

Exploits1References2

OSV•added 2024/07/17 3:30 p.m.•2 views

GHSA-2RWM-XV5J-777P Eclipse Parsson stack overflow when parsing deeply nested input

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...

9.2CVSS7.1AI score0.00588EPSS

Exploits1References6

OSV•added 2024/02/26 6:30 p.m.•2 views

GHSA-PWR2-4V36-6QPR orjson does not limit recursion for deeply nested JSON documents

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

7.5CVSS7.1AI score0.01187EPSS

Exploits1References7

OSV•added 2024/02/26 4:28 p.m.•3 views

DEBIAN-CVE-2024-27454

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

7.5CVSS7.3AI score0.01187EPSS

Exploits1References1