ROOT-APP-PYPI-CVE-2026-32874 CVE-2026-32874 in rootio-ujson - Patched by Root

Root has patched CVE-2026-32874 in the rootio-ujson package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-32875 CVE-2026-32875 in rootio-ujson - Patched by Root

Root has patched CVE-2026-32875 in the rootio-ujson package for Root:PyPI. Multiple fixed versions available...

Missing Release of Memory after Effective Lifetime

Overview ujson is an Ultra fast JSON encoder and decoder for Python Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the objToJSONFile function in objToJSON.c, when a write operation to a file-like object fails and raises an exception. An...

GHSA-C38F-WX89-P2XG UltraJSON has a Memory Leak in ujson.dump() on Write Failure

Summary When ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. Code that uses ujson.dumps rather than ujson.dump or...

abdelrahman-obfuscate (>=1.0.0 <=1.0.1), abdo (=2.0.0) +392 more potentially affected by CVE-2026-44660 via ujson (>=1.33.0 <=5.12.0)

ujson PYPI version =1.33.0, =1.0.0, =2.0.0, =0.1.3, =0.1.0, =0.1.0, =1.1.5, =0.1.0, =0.1.1, =0.5.2, =0.1.0, =1.0.0, =1.0.2 and more Source cves: CVE-2026-44660 Source advisory: OSV:GHSA-C38F-WX89-P2XG...

actscene-ocr (>=0.1.3 <=0.1.5), agent-zero (>=0.1.0 <=0.1.2) +78 more potentially affected by CVE-2026-44660 via ujson (>=5.0.0 <=5.12.0)

ujson PYPI version =5.0.0, =0.1.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0a2, =2.2.0, =6.2.0.dev68, =0.1.0, =0.0.23, =0.1.0, =2.0.12, =0.0.59, =0.1.0, =8.124.0, =8.125.0 and more Source cves: CVE-2026-44660 Source advisory: SNYK:PYTHON-UJSON-16643463...

UltraJSON has a Memory Leak in ujson.dump() on Write Failure

Summary When ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. Code that uses ujson.dumps rather than ujson.dump or...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses mlflow-3.1.0-py3-none-any.whl, fast-xml-parser-4.5.3.tgz, nltk-3.9.1-py3-none-any.whl, tar-7.4.3.tgz, tar-7.5.9.tgz, PyJWT-2.10.1-py3-none-any.whl, pyasn1-0.6.2-py3-none-any.whl, fast-xml-parser-5.3.6.tgz, jackson-core-2.19.4.jar,...

Critical Photon OS Security Update - PHSA-2026-4.0-1000

Updates of 'python3-pyOpenSSL', 'python3-ujson', 'python3-pyasn1', 'jq' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2026-5.0-0827

Updates of 'jq', 'python3-ujson' packages of Photon OS have been released...

Mageia: Security Advisory (MGASA-2026-0073)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2026-0073 Updated python-ujson packages fix security vulnerabilities

CVE-2026-32874 ujson 5.4.0 to 5.11.0 inclusive contains an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. ujson 5.4.0 to 5.11.0 has an integer overflow while handling a large indent which leads to a buffer overflow or infinite loop...

Fedora: Security Advisory (FEDORA-2026-0f099ed388)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-bf741e26e4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: python-ujson-5.12.0-1.fc42

UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python...

[SECURITY] Fedora 44 Update: python-ujson-5.12.0-1.fc44

UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python...

Fedora 42 : python-ujson (2026-0f099ed388)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0f099ed388 advisory. Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling...

Fedora 44 : python-ujson (2026-5725d633ec)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5725d633ec advisory. Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling. Tenable has...

Fedora 43 : python-ujson (2026-bf741e26e4)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-bf741e26e4 advisory. Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling...

Missing Release of Memory after Effective Lifetime

Overview ujson is an Ultra fast JSON encoder and decoder for Python Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the ujson.load, ujson.loads, or ujson.decode functions when parsing large integers outside the range -2^63, 2^64 - 1. An...