VulnerableCode Package Details - pkg:maven/org.typelevel/jawn-parser

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.typelevel/jawn-parser_2.13@1.3.2

purl	pkg:maven/org.typelevel/jawn-parser_2.13@1.3.2

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-hh75-nhsu-pba8	Hash collision in typelevel jawn Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack. Most applications do not implement these traits directly, but inherit from a library: Affected implementations include: * `org.http4s` :: `http4s-play-json` * `org.typelevel :: jawn-ast` (< 0.8.0) * `org.typelevel :: jawn-play` (discontinued) * `org.typelevel :: jawn-rojoma` (discontinued) * `org.typelevel :: jawn-spray` (discontinued) Unaffected implementations include: * `io.argonaut :: argonaut-jawn` * `io.circe :: circe-parser` * `org.typelevel :: jawn-ast` (>= 0.8.0) * `org.typelevel :: jawn-json4s` (discontinued) * `org.typelevel :: jawn-argonaut` (discontinued)	CVE-2022-21653 GHSA-vc89-hccf-rq55

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:40:50.835829+00:00	GitLab Importer	Fixing	VCID-hh75-nhsu-pba8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.typelevel/jawn-parser_2.13/CVE-2022-21653.yml	38.6.0