Low: libxml2

Issue Overview: A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has be...

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2026-1360)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1360 advisory. A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads t...

orjson does not limit recursion for deeply nested JSON documents

The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...

GHSA-HX9Q-6W63-J58V orjson does not limit recursion for deeply nested JSON documents

The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...

PYSEC-2026-107

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

PYSEC-2026-107

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

Orjson security vulnerabilities

orjson is a fast and accurate Python JSON library developed by ijl’s individual developers. Versions of orjson prior to 3.11.4 have security vulnerabilities, which stem from the orjson.dumps function not properly restricting recursion for deeply nested JSON documents...

EUVD-2026-3806

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the dumps function in formatter.rs. An attacker can cause a core dump by supplying a deeply nested JSON document. PoC python import orjson import sys import platform printf'OS: platform.platform' printf'Python...

PT-2026-3955

Name of the Vulnerable Software and Affected Versions orjson versions through 3.11.4 Description The orjson.dumps function does not limit recursion when processing deeply nested JSON documents. This can lead to a denial of service. Recommendations Update to a version of orjson newer than 3.11.4...

CVE-2025-67221

CVE-2025-67221 concerns the orjson library: the orjson.dumps function in orjson up to version 3.11.4 fails to limit recursion for deeply nested JSON documents. The vulnerability is described across multiple sources (Red Hat, NVD, OSV, etc.), consistently stating that deeply nested JSON can trigge...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

Azure Linux 3.0 Security Update: kernel (CVE-2024-44996)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-44996 advisory. - In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive -recvmsg calls Afte...

Prototype Pollution

Overview lodash-amd is a Lodash exported as AMD modules. Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete methods held in properties of global prototypes but cannot overwrite those properties. Details Prototype...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in several products, including Oracle HTTP Server, Oracle WebLogic Server, and Oracle Fusion Middleware. The vulnerabilities in the Oracle products allow unauthenticated attackers to access sensitive data, conduct denial-of-service DoS attacks, and compromise the...