[SECURITY] Fedora 43 Update: rust-pythonize-0.27.0-1.fc43

Serde Serializer & Deserializer from Rust Python, backed by PyO3...

CVE-2026-24006 Seroval affected by Denial of Service via Deeply Nested Objects

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

serde_dynamo (>=3.0.1 <=4.2.8) potentially affected by unknown CVE via aws-sdk-dynamodbstreams (>=0.10.1 <=0.9.0)

aws-sdk-dynamodbstreams CARGO version =0.10.1, =3.0.1, =4.2.8 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

[SECURITY] Fedora 43 Update: rust-serde_json-1.0.145-1.fc43

A JSON serialization file format...

CVE-2025-60537

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

EUVD-2025-34447

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-60537

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

UI for Apache Kafka 安全漏洞

UI for Apache Kafka is an open source front-end interface for Kafka by Provectus. A security vulnerability exists in UI for Apache Kafka versions v0.6.0 through v0.7.2, which stems from improper validation of inputs to the component /kafka/ui/serdes/CustomSerdeLoader.java, which could lead to the...

CVE-2025-60537

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-60537

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

PT-2025-42165

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-60537

CVE-2025-60537 affects Kafka UI, specifically the component "/kafka/ui/serdes/CustomSerdeLoader.java" in versions v0.6.0 to v0.7.2. The root cause is improper input validation in this loader, allowing attackers to execute arbitrary code when supplied with crafted data. The statements in connected...

EUVD-2024-54825

Malicious code in bioql PyPI...

EUVD-2025-29492

Malicious code in bioql PyPI...

better-config-loader (>=0.1.4 <=0.2.4), brainwires-skills (>=0.2.0 <=0.6.0) +62 more potentially affected by unknown CVE via serde_yml (>=0.0.10 <=0.0.12)

serdeyml CARGO version =0.0.10, =0.1.4, =0.2.0, =0.33.0, =0.3.0, =0.1.5, =0.9.0, =0.3.0, =0.10.0, =0.3.2, =0.1.0, =1.2.0, =1.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-HHW4-XG65-FP2X...

@jill64/svelte-dark-theme (>=2.3.65 <=5.1.7), @jill64/svelte-i18n (>=1.1.27 <=2.2.1) +9 more potentially affected by CVE-2025-57820 via devalue (>=5.0.0 <=5.1.1)

devalue NPM version =5.0.0, =2.3.65, =1.1.27, =1.1.21, =1.2.263, =2.2.3, =0.0.2-dev.84, =1.0.23, =1.0.22, =1.0.0, =1.0.6, =2.1.10, =2.1.15 Source cves: CVE-2025-57820 Source advisory: SNYK:JS-DEVALUE-12205530...

Linux Distros Unpatched Vulnerability : CVE-2019-25001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags. CVE-2019-2500...

CVE-2024-58264

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

GHSA-J87P-GJR6-M4PV Duplicate Advisory: serde-json-wasm stack overflow during recursive JSON parsing

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rr69-rxr6-8qwf. This link is maintained to preserve external references. Original Description The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

Duplicate Advisory: serde-json-wasm stack overflow during recursive JSON parsing

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rr69-rxr6-8qwf. This link is maintained to preserve external references. Original Description The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...