Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-36010
This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e2fddc6f22bc5d8c/src/components/JsonFunctionValue.js). To do this, Javascript...
React Editable Json Tree Project React Editable Json Tree
7.5
CVSSv3
CVE-2016-2537
The is-my-json-valid package prior to 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote malicious users to cause a denial of service (blocked event loop) via a crafted string.
Is My Json Valid Project Is My Json Valid
9.8
CVSSv3
CVE-2021-3918
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Json-schema Project Json-schema
Debian Debian Linux 10.0
3 Github repositories
9.8
CVSSv3
CVE-2023-27849
rails-routes-to-json v1.0.0 exists to contain a remote code execution (RCE) vulnerability via the child_process function.
Rails-routes-to-json Project Rails-routes-to-json 1.0.0
9.8
CVSSv3
CVE-2021-23899
OWASP json-sanitizer prior to 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an malicious user to inject arbitrary HTML or XML into embedding documents.
Owasp Json-sanitizer
1 Github repository
7.5
CVSSv3
CVE-2021-23900
OWASP json-sanitizer prior to 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.
Owasp Json-sanitizer
7.5
CVSSv3
CVE-2018-18853
Lightbend Spray spray-json up to and including 1.3.4 allows remote malicious users to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits.
Lightbend Spray-json
7.5
CVSSv3
CVE-2018-18854
Lightbend Spray spray-json up to and including 1.3.4 allows remote malicious users to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).
Lightbend Spray-json
6.1
CVSSv3
CVE-2020-13973
OWASP json-sanitizer prior to 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element...
Owasp Json-sanitizer
8.1
CVSSv3
CVE-2016-10610
unicode-json is a unicode lookup table. unicode-json prior to 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Unicode Unicode-json
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »