GHSA-7MW3-79JQ-XC7F aiograpi has dependency on vulnerable orjson 3.11.4 (CVE-2025-67221)

Impact aiograpi 0.6.6 / 0.7.0 / 0.7.1 declared orjson==3.11.6 and later ==3.11.8 in requirements.txt but setup.py carried a hard-coded duplicate requirements = ... list that was never updated and still pinned orjson==3.11.4. When setuptools builds the source distribution it reads the metadata fro...

aiograpi has dependency on vulnerable orjson 3.11.4 (CVE-2025-67221)

Impact aiograpi 0.6.6 / 0.7.0 / 0.7.1 declared orjson==3.11.6 and later ==3.11.8 in requirements.txt but setup.py carried a hard-coded duplicate requirements = ... list that was never updated and still pinned orjson==3.11.4. When setuptools builds the source distribution it reads the metadata fro...

Security Bulletin: Multiple Vulnerabilities in IBM Engineering AI hub.

Summary Multiple vulnerabilities were addressed in IBM Engineering AI Hub version 1.2.0. Vulnerability Details CVEID:CVE-2026-0540 DESCRIPTION: DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to...

ROOT-APP-PYPI-CVE-2025-67221 CVE-2025-67221 in rootio-orjson - Patched by Root

Root has patched CVE-2025-67221 in the rootio-orjson package for Root:PyPI. Multiple fixed versions available...

SUSE: Security Advisory (SUSE-SU-2026:20920-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses wheel-0.41.3-py3-none-any.whl, orjson-3.10.14-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, pythonmultipart-0.0.21-py3-none-any.whl, pyasn1-0.6.1.tar.gz, sentencepiece-0.2.0-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, tar-7.4.3.tgz, tar-7.5.2.tgz...

Security update for python-orjson (moderate)

openSUSE security update: security update for python-orjson ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20407-1 Rating: moderate References: bsc1257121 Cross-References: CVE-2025-67221 CVSS scores: CVE-2025-67221 SUSE : 5.9...

OPENSUSE-SU-2026:20407-1 Security update for python-orjson

This update for python-orjson fixes the following issues: - CVE-2025-67221: Fixed write outsize of allocated memory on json dump bsc1257121...

SUSE-SU-2026:20920-1 Security update for python-orjson

This update for python-orjson fixes the following issues: - CVE-2025-67221: Fixed write outsize of allocated memory on json dump bsc1257121...

Denial Of Service (DoS)

orjson is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to missing recursion depth limits in orjson.dumps, where deeply nested JSON inputs can cause excessive recursion, leading to stack exhaustion and process crashes...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

OPENSUSE-SU-2026:10103-1 python311-orjson-3.11.5-1.1 on GA media

These are all security issues fixed in the python311-orjson-3.11.5-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

orjson does not limit recursion for deeply nested JSON documents

The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...

a-mailx (=0.1.0), aaaai (>=0.1.3 <=0.3.0) +347 more potentially affected by CVE-2025-67221 via orjson (>=2.0.11 <=3.11.5)

orjson PYPI version =2.0.11, =0.1.3, =4.8.2, =0.1.3, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.31, =0.0.1, =0.0.3, =0.2.0, =0.5.0 and more Source cves: CVE-2025-67221 Source advisory: OSV:GHSA-HX9Q-6W63-J58V...

GHSA-HX9Q-6W63-J58V orjson does not limit recursion for deeply nested JSON documents

The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...

PYSEC-2026-107

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

a-mailx (=0.1.0), aaaai (>=0.1.3 <=0.3.0) +335 more potentially affected by CVE-2025-67221 via orjson (>=2.0.11 <=3.11.4)

orjson PYPI version =2.0.11, =0.1.3, =4.8.2, =0.1.3, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.31, =0.0.1, =0.0.3, =0.2.0, =0.1.1, =0.6.0.post1 and more Source cves: CVE-2025-67221 Source advisory: OSV:PYSEC-2026-107...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...