GHSA-7MW3-79JQ-XC7F aiograpi has dependency on vulnerable orjson 3.11.4 (CVE-2025-67221)

Impact aiograpi 0.6.6 / 0.7.0 / 0.7.1 declared orjson==3.11.6 and later ==3.11.8 in requirements.txt but setup.py carried a hard-coded duplicate requirements = ... list that was never updated and still pinned orjson==3.11.4. When setuptools builds the source distribution it reads the metadata fro...

aiograpi has dependency on vulnerable orjson 3.11.4 (CVE-2025-67221)

Impact aiograpi 0.6.6 / 0.7.0 / 0.7.1 declared orjson==3.11.6 and later ==3.11.8 in requirements.txt but setup.py carried a hard-coded duplicate requirements = ... list that was never updated and still pinned orjson==3.11.4. When setuptools builds the source distribution it reads the metadata fro...

a-mailx (=0.1.0), aaaai (>=0.1.3 <=0.3.0) +347 more potentially affected by CVE-2025-67221 via orjson (>=2.0.11 <=3.11.5)

orjson PYPI version =2.0.11, =0.1.3, =4.8.2, =0.1.3, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.31, =0.0.1, =0.0.3, =0.2.0, =0.5.0 and more Source cves: CVE-2025-67221 Source advisory: OSV:GHSA-HX9Q-6W63-J58V...

a-mailx (=0.1.0), aaaai (>=0.1.3 <=0.3.0) +335 more potentially affected by CVE-2025-67221 via orjson (>=2.0.11 <=3.11.4)

orjson PYPI version =2.0.11, =0.1.3, =4.8.2, =0.1.3, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.31, =0.0.1, =0.0.3, =0.2.0, =0.1.1, =0.6.0.post1 and more Source cves: CVE-2025-67221 Source advisory: OSV:PYSEC-2026-107...

CVE-2024-27454

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...