Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json project vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-7766
This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does ...
Json-ptr Project Json-ptr
445
VMScore
CVE-2018-1000539
Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploi...
Json-jwt Project Json-jwt
1 Github repository
NA
CVE-2023-23088
Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an malicious user to execute arbitrary code via the json_value_parse function.
Json-parser Project Json-parser 1.1.0
NA
CVE-2022-38882
The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
D8s-json Project D8s-json 0.1.0
445
VMScore
CVE-2021-31684
A vulnerability exists in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
Json-smart Project Json-smart-v1
Json-smart Project Json-smart-v2
Oracle Utilities Framework 4.4.0.0.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Utilities Framework 4.4.0.3.0
605
VMScore
CVE-2018-1000096
brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middl...
Tiny-json-http Project Tiny-json-http
668
VMScore
CVE-2020-17479
jpv (aka Json Pattern Validator) prior to 2.2.2 does not properly validate input, as demonstrated by a corrupted array.
Json Pattern Validator Project Json Pattern Validator
NA
CVE-2015-10004
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.
Json Web Token Project Json Web Token -
445
VMScore
CVE-2019-19507
In jpv (aka Json Pattern Validator) prior to 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a c...
Json Pattern Validator Project Json Pattern Validator
383
VMScore
CVE-2022-30241
The jquery.json-viewer library up to and including 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.
Jquery Json-viewer Project Jquery Json-viewer
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »