CVE-2026-24006 Seroval affected by Denial of Service via Deeply Nested Objects

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

EUVD-2026-4134

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

CVE-2026-24006 Seroval affected by Denial of Service via Deeply Nested Objects

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

Orjson security vulnerabilities

orjson is a fast and accurate Python JSON library developed by ijl’s individual developers. Versions of orjson prior to 3.11.4 have security vulnerabilities, which stem from the orjson.dumps function not properly restricting recursion for deeply nested JSON documents...

EUVD-2026-3806

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

PT-2026-3955

Name of the Vulnerable Software and Affected Versions orjson versions through 3.11.4 Description The orjson.dumps function does not limit recursion when processing deeply nested JSON documents. This can lead to a denial of service. Recommendations Update to a version of orjson newer than 3.11.4...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37789)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37789 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length...

CVE-2025-67221

CVE-2025-67221 concerns the orjson library: the orjson.dumps function in orjson up to version 3.11.4 fails to limit recursion for deeply nested JSON documents. The vulnerability is described across multiple sources (Red Hat, NVD, OSV, etc.), consistently stating that deeply nested JSON can trigge...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-12084)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-12084 advisory. - When building nested elements using xml.dom.minidom methods such as appendChild that have a...

Azure Linux 3.0 Security Update: kernel (CVE-2025-23141)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23141 advisory. - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVMGETMPSTATE ...

Azure Linux 3.0 Security Update: kernel (CVE-2024-57916)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57916 advisory. - In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kerne...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

Regular Expression Denial Of Service (ReDoS)

@modelcontextprotocol/sdk is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficiently constructed regular expressions with nested quantifiers in the UriTemplate class, which allows an attacker to supply a crafted URI that triggers catastrophic backtracki...

SUSE CVE-2026-23949

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the jaraco.context.tarball function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract file...

Amazon Linux 2 : python, --advisory ALAS2-2026-3128 (ALAS-2026-3128)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3128 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorith...

Medium: python

Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 Affected Packages: python Note: This advisory ...

DEBIAN-CVE-2026-23949

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the jaraco.context.tarball function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract file...