ROOT-APP-PYPI-CVE-2025-67221 CVE-2025-67221 in rootio-orjson - Patched by Root

Root has patched CVE-2025-67221 in the rootio-orjson package for Root:PyPI. Multiple fixed versions available...

GHSA-7MW3-79JQ-XC7F aiograpi has dependency on vulnerable orjson 3.11.4 (CVE-2025-67221)

Impact aiograpi 0.6.6 / 0.7.0 / 0.7.1 declared orjson==3.11.6 and later ==3.11.8 in requirements.txt but setup.py carried a hard-coded duplicate requirements = ... list that was never updated and still pinned orjson==3.11.4. When setuptools builds the source distribution it reads the metadata fro...

aiograpi has dependency on vulnerable orjson 3.11.4 (CVE-2025-67221)

Impact aiograpi 0.6.6 / 0.7.0 / 0.7.1 declared orjson==3.11.6 and later ==3.11.8 in requirements.txt but setup.py carried a hard-coded duplicate requirements = ... list that was never updated and still pinned orjson==3.11.4. When setuptools builds the source distribution it reads the metadata fro...

Security Bulletin: Multiple Vulnerabilities in IBM Engineering AI hub.

Summary Multiple vulnerabilities were addressed in IBM Engineering AI Hub version 1.2.0. Vulnerability Details CVEID:CVE-2026-0540 DESCRIPTION: DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to...

SUSE: Security Advisory (SUSE-SU-2026:20920-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses wheel-0.41.3-py3-none-any.whl, orjson-3.10.14-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, pythonmultipart-0.0.21-py3-none-any.whl, pyasn1-0.6.1.tar.gz, sentencepiece-0.2.0-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, tar-7.4.3.tgz, tar-7.5.2.tgz...

Security update for python-orjson (moderate)

openSUSE security update: security update for python-orjson ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20407-1 Rating: moderate References: bsc1257121 Cross-References: CVE-2025-67221 CVSS scores: CVE-2025-67221 SUSE : 5.9...

OPENSUSE-SU-2026:20407-1 Security update for python-orjson

This update for python-orjson fixes the following issues: - CVE-2025-67221: Fixed write outsize of allocated memory on json dump bsc1257121...

SUSE-SU-2026:20920-1 Security update for python-orjson

This update for python-orjson fixes the following issues: - CVE-2025-67221: Fixed write outsize of allocated memory on json dump bsc1257121...

Denial Of Service (DoS)

orjson is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to missing recursion depth limits in orjson.dumps, where deeply nested JSON inputs can cause excessive recursion, leading to stack exhaustion and process crashes...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

OPENSUSE-SU-2026:10103-1 python311-orjson-3.11.5-1.1 on GA media

These are all security issues fixed in the python311-orjson-3.11.5-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

a-mailx (=0.1.0), aaaai (>=0.1.3 <=0.3.0) +334 more potentially affected by CVE-2025-67221 via orjson (>=2.0.11 <=3.11.5)

orjson PYPI version =2.0.11, =0.1.3, =4.8.2, =0.1.3, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.31, =0.0.1, =0.0.3, =0.2.0, =0.5.0 and more Source cves: CVE-2025-67221 Source advisory: OSV:GHSA-HX9Q-6W63-J58V...

orjson does not limit recursion for deeply nested JSON documents

The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...

GHSA-HX9Q-6W63-J58V orjson does not limit recursion for deeply nested JSON documents

The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...

PYSEC-2026-107

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

PYSEC-2026-107

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

a-mailx (=0.1.0), aaaai (>=0.1.3 <=0.3.0) +323 more potentially affected by CVE-2025-67221 via orjson (>=2.0.11 <=3.11.4)

orjson PYPI version =2.0.11, =0.1.3, =4.8.2, =0.1.3, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.31, =0.0.1, =0.0.3, =0.2.0, =0.1.1, =0.6.0.post1 and more Source cves: CVE-2025-67221 Source advisory: OSV:PYSEC-2026-107...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...