Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json project json vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2022-29080
The npm-dependency-versions package up to and including 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.
Npm-dependency-versions Project Npm-dependency-versions
605
VMScore
CVE-2020-24807
The socket.io-file package up to and including 2.0.31 for Node.js relies on client-side validation of file types, which allows remote malicious users to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects pr...
Socket.io-file Project Socket.io-file
445
VMScore
CVE-2017-16516
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of s...
Yajl-ruby Project Yajl-ruby 1.3.0
Debian Debian Linux 7.0
312
VMScore
CVE-2021-33483
An issue exists in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an malicious user to add an XSS payload to the JSON request that will execute when users visit the page with the comment.
Onyaktech Comments Pro Project Onyaktech Comments Pro 3.8
383
VMScore
CVE-2020-10187
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an malicious user to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to reque...
Doorkeeper Project Doorkeeper
445
VMScore
CVE-2021-43801
Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8.10.0 to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed in https://github.com/mercuri...
Mercurius Project Mercurius
NA
CVE-2022-41713
deep-object-diff version 1.1.0 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited.
Deep-object-diff Project Deep-object-diff 1.1.0
NA
CVE-2022-45685
A stack overflow in Jettison before v1.5.2 allows malicious users to cause a Denial of Service (DoS) via crafted JSON data.
Jettison Project Jettison
Debian Debian Linux 10.0
Debian Debian Linux 11.0
312
VMScore
CVE-2016-10537
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and pre...
Backbone Project Backbone
605
VMScore
CVE-2018-1000216
Dave Gamble cJSON version 1.7.2 and previous versions contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON...
Cjson Project Cjson
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »