Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/91456?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "type": "deb", "namespace": "debian", "name": "cjson", "version": "1.7.15-1+deb12u4", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.7.17-1", "latest_non_vulnerable_version": "1.7.19-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64985?format=api", "vulnerability_id": "VCID-2v1m-ct5n-2kft", "summary": "parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {\"1\":1, with no trailing newline if cJSON_ParseWithLength is called.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53154.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-53154.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-53154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25336", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25447", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25433", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25384", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25327", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-53154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53154" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368279", "reference_id": "2368279", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368279" }, { "reference_url": "https://github.com/DaveGamble/cJSON/issues/800", "reference_id": "800", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:41:47Z/" } ], "url": "https://github.com/DaveGamble/cJSON/issues/800" }, { "reference_url": "https://usn.ubuntu.com/7973-1/", "reference_id": "USN-7973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7973-1/" }, { "reference_url": "https://github.com/DaveGamble/cJSON/compare/v1.7.17...v1.7.18", "reference_id": "v1.7.17...v1.7.18", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-23T15:41:47Z/" } ], "url": "https://github.com/DaveGamble/cJSON/compare/v1.7.17...v1.7.18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91459?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91470?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91469?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91474?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91461?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91460?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-53154" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2v1m-ct5n-2kft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64984?format=api", "vulnerability_id": "VCID-3qdv-97bd-duf9", "summary": "cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {\"a\": true, \"b\": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26819.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26819.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26819", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1648", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16452", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16559", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16517", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16436", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16563", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26819" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26819", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26819" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103687", "reference_id": "1103687", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103687" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361186", "reference_id": "2361186", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361186" }, { "reference_url": "https://github.com/boofish/json_bugs/tree/main/cjson", "reference_id": "cjson", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T15:08:15Z/" } ], "url": "https://github.com/boofish/json_bugs/tree/main/cjson" }, { "reference_url": "https://usn.ubuntu.com/7973-1/", "reference_id": "USN-7973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91459?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91470?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91469?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91471?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91461?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91460?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-26819" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qdv-97bd-duf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64981?format=api", "vulnerability_id": "VCID-4pa8-jjrm-2uew", "summary": "DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1010239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00658", "scoring_system": "epss", "scoring_elements": "0.71446", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00658", "scoring_system": "epss", "scoring_elements": "0.7149", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00658", "scoring_system": "epss", "scoring_elements": "0.71496", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00658", "scoring_system": "epss", "scoring_elements": "0.71472", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00658", "scoring_system": "epss", "scoring_elements": "0.71457", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00658", "scoring_system": "epss", "scoring_elements": "0.7148", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1010239" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010239" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91467?format=api", "purl": "pkg:deb/debian/cjson@1.7.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91459?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91461?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91460?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-1010239" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4pa8-jjrm-2uew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64980?format=api", "vulnerability_id": "VCID-6hn6-zutz-mqak", "summary": "Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network interface then can be exploited over a network, otherwise just local.. This vulnerability appears to have been fixed in 1.7.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60827", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60876", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60883", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60871", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60853", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60868", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000217" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91458?format=api", "purl": "pkg:deb/debian/cjson@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91459?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91461?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91460?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1000217" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hn6-zutz-mqak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46661?format=api", "vulnerability_id": "VCID-85p3-m9en-3ybb", "summary": "NULL Pointer Dereference\ncJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50471.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50471.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45189", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45193", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45173", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45144", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45157", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50471" }, { "reference_url": "https://github.com/DaveGamble/cJSON/issues/802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/DaveGamble/cJSON/issues/802" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059287", "reference_id": "1059287", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059287" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254641", "reference_id": "2254641", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254641" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50471", "reference_id": "CVE-2023-50471", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9838", "reference_id": "RHSA-2025:9838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9838" }, { "reference_url": "https://usn.ubuntu.com/6784-1/", "reference_id": "USN-6784-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6784-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91459?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91472?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91473?format=api", "purl": "pkg:deb/debian/cjson@1.7.17-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.17-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91461?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91460?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-50471" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-85p3-m9en-3ybb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64977?format=api", "vulnerability_id": "VCID-8qn8-4wv3-u7h4", "summary": "Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64672", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64714", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64723", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64712", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64701", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.6472", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000215" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91463?format=api", "purl": "pkg:deb/debian/cjson@1.7.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91459?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91461?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91460?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1000215" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qn8-4wv3-u7h4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64983?format=api", "vulnerability_id": "VCID-eeh2-nujt-73ak", "summary": "cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70756", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70798", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70805", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70788", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70776", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70799", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11835" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928726", "reference_id": "928726", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928726" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91468?format=api", "purl": "pkg:deb/debian/cjson@1.7.10-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.10-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91459?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91461?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91460?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-11835" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eeh2-nujt-73ak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46667?format=api", "vulnerability_id": "VCID-f49s-6bjz-7yak", "summary": "NULL Pointer Dereference\ncJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50472.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50472.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2657", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2656", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26467", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26518", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26462", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50472" }, { "reference_url": "https://github.com/DaveGamble/cJSON/issues/803", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-28T14:11:27Z/" } ], "url": "https://github.com/DaveGamble/cJSON/issues/803" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059287", "reference_id": "1059287", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059287" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254643", "reference_id": "2254643", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254643" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50472", "reference_id": "CVE-2023-50472", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9838", "reference_id": "RHSA-2025:9838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9838" }, { "reference_url": "https://usn.ubuntu.com/6784-1/", "reference_id": "USN-6784-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6784-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91459?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91472?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91473?format=api", "purl": "pkg:deb/debian/cjson@1.7.17-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.17-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91461?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91460?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-50472" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f49s-6bjz-7yak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64986?format=api", "vulnerability_id": "VCID-jkv7-twgn-7ugj", "summary": "cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31755.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31755.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31755", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02707", "scoring_system": "epss", "scoring_elements": "0.86184", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02707", "scoring_system": "epss", "scoring_elements": "0.86197", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02707", "scoring_system": "epss", "scoring_elements": "0.862", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02707", "scoring_system": "epss", "scoring_elements": "0.86196", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-31755" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31755" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071742", "reference_id": "1071742", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071742" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277268", "reference_id": "2277268", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277268" }, { "reference_url": "https://github.com/DaveGamble/cJSON/issues/839", "reference_id": "839", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T19:00:03Z/" } ], "url": "https://github.com/DaveGamble/cJSON/issues/839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9022", "reference_id": "RHSA-2025:9022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9203", "reference_id": "RHSA-2025:9203", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9838", "reference_id": "RHSA-2025:9838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9838" }, { "reference_url": "https://usn.ubuntu.com/6784-1/", "reference_id": "USN-6784-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6784-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91459?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91475?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91474?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91461?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91460?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-31755" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jkv7-twgn-7ugj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64988?format=api", "vulnerability_id": "VCID-mn2f-4m5m-a3cv", "summary": "cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57052.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57052.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50896", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5093", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5091", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50879", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50925", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57052" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114757", "reference_id": "1114757", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114757" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392894", "reference_id": "2392894", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392894" }, { "reference_url": "https://x-0r.com/posts/cJSON-Array-Index-Parsing-Vulnerability", "reference_id": "cJSON-Array-Index-Parsing-Vulnerability", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-09-03T17:36:03Z/" } ], "url": "https://x-0r.com/posts/cJSON-Array-Index-Parsing-Vulnerability" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17606", "reference_id": "RHSA-2025:17606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17613", "reference_id": "RHSA-2025:17613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17614", "reference_id": "RHSA-2025:17614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17614" }, { "reference_url": "https://usn.ubuntu.com/7973-1/", "reference_id": "USN-7973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91459?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91476?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91461?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91477?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91460?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-57052" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mn2f-4m5m-a3cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64976?format=api", "vulnerability_id": "VCID-mqyb-4jac-qyh1", "summary": "parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a \" character and ends with a \\ character.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67931", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.6797", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67978", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67968", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67955", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00539", "scoring_system": "epss", "scoring_elements": "0.67971", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10749" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91458?format=api", "purl": "pkg:deb/debian/cjson@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91459?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91461?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91460?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-10749" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mqyb-4jac-qyh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64978?format=api", "vulnerability_id": "VCID-r79m-ct1g-f3hm", "summary": "Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59519", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59569", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59572", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59562", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59544", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000216" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91458?format=api", "purl": "pkg:deb/debian/cjson@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91459?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91461?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91460?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1000216" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r79m-ct1g-f3hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64982?format=api", "vulnerability_id": "VCID-zeyz-1ygx-g3be", "summary": "cJSON before 1.7.11 allows out-of-bounds access, related to \\x00 in a string literal.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11834", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69449", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69488", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69496", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69486", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69474", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69494", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11834" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928726", "reference_id": "928726", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928726" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91468?format=api", "purl": "pkg:deb/debian/cjson@1.7.10-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.10-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91459?format=api", "purl": "pkg:deb/debian/cjson@1.7.14-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.14-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91456?format=api", "purl": "pkg:deb/debian/cjson@1.7.15-1%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91461?format=api", "purl": "pkg:deb/debian/cjson@1.7.18-3.1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.18-3.1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/91460?format=api", "purl": "pkg:deb/debian/cjson@1.7.19-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.19-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-11834" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zeyz-1ygx-g3be" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cjson@1.7.15-1%252Bdeb12u4%3Fdistro=trixie" }