VulnerableCode Package Details - pkg:nuget/JQ.NET@1.5.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:nuget/JQ.NET@1.5.0

Essentials
History (2)

purl	pkg:nuget/JQ.NET@1.5.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-dy9d-mey3-hkee Aliases: CVE-2016-4074	Allocation of Resources Without Limits or Throttling The jv_dump_term function in jq allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jg _rc1-r0.	There are no reported fixed by versions.
VCID-gz7q-2wxq-uuc5 Aliases: CVE-2015-8863	Improper Restriction of Operations within the Bounds of a Memory Buffer Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:36:33.524552+00:00	GitLab Importer	Affected by	VCID-dy9d-mey3-hkee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/JQ.NET/CVE-2016-4074.yml	38.6.0
2026-06-02T04:36:33.485040+00:00	GitLab Importer	Affected by	VCID-gz7q-2wxq-uuc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/JQ.NET/CVE-2015-8863.yml	38.6.0