VulnerableCode Package Details - pkg:deb/debian/golang-github-buger-jsonparser@1.2.0-1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/golang-github-buger-jsonparser@1.2.0-1?distro=trixie

purl	pkg:deb/debian/golang-github-buger-jsonparser@1.2.0-1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-6gj4-t3v3-gyhp	Denial of service in github.com/buger/jsonparser The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.	CVE-2026-32285 GHSA-6g7g-w4f8-9c9x
VCID-rd6j-u6sd-c3f6	Denial of Service in jsonparser jsonparser before 1.1.1 allows attackers to cause a denial of service via a GET call.	CVE-2020-35381 GHSA-8vrw-m3j9-j27c
VCID-xur8-yfek-dkgd	Infinite Loop in jsonparser The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.	CVE-2020-10675 GHSA-rmh2-65xw-9m6q

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-06T19:20:55.946774+00:00	Debian Importer	Fixing	VCID-6gj4-t3v3-gyhp	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:20:55.913777+00:00	Debian Importer	Fixing	VCID-rd6j-u6sd-c3f6	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:20:55.877497+00:00	Debian Importer	Fixing	VCID-xur8-yfek-dkgd	https://security-tracker.debian.org/tracker/data/json	38.6.0