Lucene search
+L

75 matches found

Github Security Blog
Github Security Blog
added 2025/07/27 9:32 p.m.9 views

Duplicate Advisory: serde-json-wasm stack overflow during recursive JSON parsing

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rr69-rxr6-8qwf. This link is maintained to preserve external references. Original Description The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

7.5CVSS7.1AI score0.00362EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/07/27 9:15 p.m.5 views

CVE-2024-58264

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

7.5CVSS5.8AI score0.00362EPSS
Exploits0References3
NVD
NVD
added 2025/07/27 9:15 p.m.8 views

CVE-2024-58264

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

7.5CVSS0.00362EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/27 12:0 a.m.10 views

CVE-2024-58264

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

3.2CVSS0.00362EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/27 12:0 a.m.6 views

serde-json-wasm crate 安全漏洞

serde-json-wasm crate is a Rust library open-sourced by CosmWasm. A security vulnerability exists in serde-json-wasm crate versions prior to 1.0.1, which stems from deeply nested JSON data that may lead to stack consumption...

7.5CVSS6.4AI score0.00362EPSS
Exploits0References4
Snyk
Snyk
added 2025/06/19 2:29 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the com.powsybl.commons.xml.XmlReader class. An attacker can access sensitive files or internal resources by submitting specially crafted XML input. Note: This is only exploitable if untrusted users...

6.9CVSS7AI score0.00371EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/06/19 2:29 p.m.10 views

com.farao-community.farao:csa-runner-api (>=2.1.0 <=2.6.1), com.farao-community.farao:csa-runner-app (>=1.2.1 <=2.6.1) +146 more potentially affected by CVE-2025-47293 via com.powsybl:powsybl-iidm-serde (>=6.1.0-alpha-1 <=6.7.1)

com.powsybl:powsybl-iidm-serde MAVEN version =6.1.0-alpha-1, =2.1.0, =1.2.1, =4.20.0, =4.20.0, =4.31.0 - com.farao-community.farao:farao-distribution =5.0.0 - com.farao-community.farao:farao-flowbased-computation-impl =5.0.0 - com.farao-community.farao:farao-glsk-virtual-hubs =5.0.0 -...

6.9CVSS5.8AI score0.00371EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:43 a.m.9 views

CVE-2019-25001

An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...

7.5CVSS6.8AI score0.0143EPSS
Exploits1References1
OSV
OSV
added 2025/04/28 12:0 p.m.12 views

RUSTSEC-2025-0025 rustc-serialize is unmaintained

rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...

7.2AI score
Exploits0References3
RustSec
RustSec
added 2025/04/28 12:0 p.m.9 views

rustc-serialize is unmaintained

rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/28 12:0 a.m.9 views

PT-2025-19690 · Crates.Io · Rustc-Serialize

rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...

7.3AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.7 views

The vulnerability of the serde.py component in the BentoML library allows a hacker to execute arbitrary code on the server.

The vulnerability of the serde.py component in the BentoML library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code on the server...

10CVSS8.6AI score0.3592EPSS
Exploits5References5Affected Software1
OSV
OSV
added 2024/10/16 12:51 p.m.5 views

MAL-2024-9604 Malicious code in eventstream-serde-config-resolver (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 12:51 p.m.4 views

Malicious code in eventstream-serde-config-resolver (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 12:51 p.m.4 views

Malicious code in eventstream-serde-universal (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 12:51 p.m.4 views

MAL-2024-9605 Malicious code in eventstream-serde-universal (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 12:51 p.m.4 views

Malicious code in eventstream-serde-browser (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 12:51 p.m.5 views

MAL-2024-9603 Malicious code in eventstream-serde-browser (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
added 2024/07/25 4:38 p.m.5 views

GHSA-CX7H-H87R-JPGR The kstring integration in gix-attributes is unsound

gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...

7AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/07/25 4:38 p.m.15 views

The kstring integration in gix-attributes is unsound

gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...

7AI score
Exploits0References5Affected Software1
Rows per page
Query Builder