CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/01/24 12:0 a.m.•1 views

SUSE SLES15 / openSUSE 15 Security Update : python-marshmallow (SUSE-SU-2026:0226-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0226-1 advisory. - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473. Tenable has extracted the preceding...

5.3CVSS5.6AI score0.00106EPSS

OSV•added 2026/01/22 3:55 p.m.•0 views

OPENSUSE-SU-2026:20087-1 Security update for python-marshmallow

This update for python-marshmallow fixes the following issues: - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473...

5.3CVSS5.8AI score0.00106EPSS

OSV•added 2026/01/22 3:46 p.m.•1 views

SUSE-SU-2026:20130-1 Security update for python-marshmallow

This update for python-marshmallow fixes the following issues: - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473...

5.3CVSS6.1AI score0.00106EPSS

SUSE Linux•added 2026/01/22 12:20 p.m.•3 views

Security update for python-marshmallow

This update for python-marshmallow fixes the following issues: CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

6.3CVSS5.4AI score0.00106EPSS

OSV•added 2026/01/22 12:20 p.m.•1 views

SUSE-SU-2026:0226-1 Security update for python-marshmallow

This update for python-marshmallow fixes the following issues: - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473...

5.3CVSS5.8AI score0.00106EPSS

Veracode•added 2026/01/14 7:1 a.m.•4 views

Denial-of-Service (DoS)

Marshmallow is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to inefficient processing in Schema.loaddata, many=True, where moderately sized inputs can trigger excessive CPU consumption, allowing attackers to degrade service availability through crafted requests...

5.3CVSS6.9AI score0.00106EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2025/12/23 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-68480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0...

5.3CVSS6AI score0.00106EPSS

NVD•added 2025/12/22 10:16 p.m.•3 views

CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

5.3CVSS0.00106EPSS

OSV•added 2025/12/22 10:16 p.m.•2 views

DEBIAN-CVE-2025-68480

5.3CVSS5.3AI score0.00106EPSS

Exploits0References1

OSV•added 2025/12/22 10:16 p.m.•1 views

UBUNTU-CVE-2025-68480

5.3CVSS7AI score0.00106EPSS

Exploits0References11

UbuntuCve•added 2025/12/22 10:16 p.m.•1 views

CVE-2025-68480

5.3CVSS6.5AI score0.00106EPSS

Exploits0References10

Cvelist•added 2025/12/22 9:20 p.m.•19 views

CVE-2025-68480 Marshmallow has DoS in Schema.load(many)

5.3CVSS0.00106EPSS

Vulnrichment•added 2025/12/22 9:20 p.m.•1 views

CVE-2025-68480 Marshmallow has DoS in Schema.load(many)

5.3CVSS6.4AI score0.00106EPSS

EUVD•added 2025/12/22 9:20 p.m.•3 views

EUVD-2025-204752

5.3CVSS6.3AI score0.00106EPSS

CVE•added 2025/12/22 9:20 p.m.•7 views

CVE-2025-68480

CVE-2025-68480 affects Marshmallow. In Marshmallow versions 3.0.0rc1–3.26.1 and 4.0.0–4.1.1, Schema.load(data, many=True) is vulnerable to denial of service via crafted requests that can consume excessive CPU time. The issue is mitigated by upgrading to Marshmallow 3.26.2 or 4.1.2 or later, which...

5.3CVSS6.4AI score0.00106EPSS

OSV•added 2025/12/22 9:20 p.m.•1 views

CVE-2025-68480 Marshmallow has DoS in Schema.load(many)

5.3CVSS6.6AI score0.00106EPSS

Github Security Blog•added 2025/12/22 8:20 p.m.•10 views

Marshmallow has DoS in Schema.load(many)

Impact Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. Patches 4.1.2, 3.26.2 Workarounds py Fail fast def loadmanyschema, data, kwargs: if not isinstancedata, list: raise ValidationError'Invalid...

5.3CVSS6.8AI score0.00106EPSS

Exploits0References4Affected Software1

OSV•added 2025/12/22 8:20 p.m.•0 views

GHSA-428G-F7CQ-PGP5 Marshmallow has DoS in Schema.load(many)

5.3CVSS6.1AI score0.00106EPSS

Snyk•added 2025/12/22 8:20 p.m.•1 views

Asymmetric Resource Consumption (Amplification)

Overview Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification via the Schema.load method of the error storage utility, when handling input with the many parameter set to True. An attacker can cause excessive CPU consumption by submitting a moderately...

6.9CVSS6.5AI score0.00106EPSS