json

trentm/json vulnerable to command injection

Malicious code in chai-jsons (npm)

Malicious code in wartsila-application-json (npm)

jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions

@grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling

Malicious code in json-mapping-src (npm)

Verification Bypass in jsonwebtoken

Preact has JSON VNode Injection issue

json-schema-editor-visual vulnerable to prototype pollution

Malicious code in json-specparse (npm)

Content Injection via TileJSON attribute in mapbox.js

SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Regular expression deinal of service (ReDoS) in is-my-json-valid

Prototype Pollution in json-ptr

Prototype Pollution in JSON5 via Parse Method

seroval Affected by Prototype Pollution via JSON Deserialization

SQL Injection via GeoJSON in sequelize

Denial of Service vulnerability with large JSON payloads in fastify

JSONPath Plus allows Remote Code Execution

Prototype pollution in json8-merge-patch

Malicious code in assert-json-not (npm)

Malicious code in jsonauto (npm)

Prototype pollution in json8

Malicious code in @peter_wilson12091/internal-json-test-parser (npm)

seroval Affected by Remote Code Execution via JSON Deserialization

Uncontrolled Resource Consumption in json-bigint

json-logic-js Command Injection vulnerability

Prototype Pollution in json-pointer

JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js

Malicious code in grunt-modify-json (npm)

Malicious code in checkpackagejson (npm)

Json2html vulnerable to cross-site scripting

oRPC has Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify

Malicious code in kiota-serialization-json (npm)

Weak JSON Web Token in yapi-vendor

Malicious code in strip-json-combmentd (npm)

Rosetta-Flash JSONP Vulnerability in hapi

Malicious code in --hiljson (npm)

Malicious code in json-schema-editor-visual-yapi (npm)

Malicious code in deps-json-webpack-plugin (npm)

OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

Prototype Pollution leading to Remote Code Execution in superjson

Sequelize v6 Vulnerable to SQL Injection via JSON Column Cast Type

Malicious code in flammerxdjson (npm)

Downloads Resources over HTTP in unicode-json

Malicious code in @wso-utils/json-mapper (npm)

JSONata expression can pollute the "Object" prototype

tiny-json-http missing SSL certificate validation

Malicious code in discord-json-requests (npm)

Malicious code in json2stringfy (npm)

Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json

deep-parse-json vulnerable to Prototype Pollution

Malicious code in @jsonjoy-com/base64 (npm)

Malicious code in jsonjoy.com (npm)

Malicious code in @clausehq/flows-step-jsontoxml (npm)

Malicious code in json-cookie-csv (npm)

Malicious code in json-mapping-srcs (npm)

CSVTOJSON has a prototype pollution vulnerability

Malicious code in jsonapptoken (npm)

Malicious code in jsonupon (npm)

Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.

Malicious code in jsonspecific (npm)

Malicious code in jsonwebjstoken (npm)

Malicious code in jsonwebauth (npm)

Regular Expression Denial of Service in jsoneditor

Regular Expression Denial of Service in parsejson

Cross-site Scripting in jsoneditor

React Editable Json Tree vulnerable to arbitrary code execution via function parsing

Malicious code in moscova-plural-json-parser (npm)

Content Injection via TileJSON Name in mapbox.js

Malicious code in @adsk-forks/jsonpath (npm)

Malicious code in @voiceflow/npm-package-json-lint-config (npm)

Malicious code in crypto-jsonwebtoken (npm)

Malicious code in korea-administrative-area-geo-json-util (npm)

csvjson vulnerable to prototype injection

Malicious code in simplejsonform (npm)

Arbitrary Code Execution in json-ptr

Cross-site Scripting in jquery.json-viewer

Malicious code in jsonrecap (npm)

Malicious code in discord-json-parser (npm)

Malicious code in bitcoin-json-rpc-adapter (npm)

json-schema-ref-parser Prototype Pollution issue

Malicious code in transform-json-strings (npm)

Nest Affected by DoS via Recursive handleData in JsonSocket (TCP Transport)

Malicious code in plugin-proposal-json-strings (npm)

JSONPath Plus Remote Code Execution (RCE) Vulnerability

Prototype pollution in json-pointer

Malicious code in testherejson (npm)

`@orpc/client` has Prototype Pollution via `StandardRPCJsonSerializer` Deserialization

Malicious code in jsonify-errors (npm)

fastest-json-copy vulnerable to Prototype Pollution

Malicious code in jsons-pack (npm)

Malicious code in json-mapping-source (npm)

Malicious code in jsonpacks (npm)

Malicious code in jsonsecs (npm)

ejson shell parser in MongoDB Compass maybe bypassed

Malicious code in json-map-source (npm)

Malicious code in jsonlogs (npm)

Malicious code in prop2json (npm)

TeleJSON: DOM XSS via unsanitised constructor name in `new Function()`

Malicious code in json-mappings (npm)

Command Injection in geojson2kml

Malicious code in json-bundling (npm)

@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

Malicious code in jsonsurge (npm)

Malicious code in json-spacer (npm)

Malicious code in @bugbounty-automation/deps-json-webpack-plugin (npm)

Malicious code in json-specular (npm)

Malicious code in json-dec (npm)

Malicious code in dr-json (npm)

Malicious code in jsondatatoruby (npm)

Malicious code in jsontostr (npm)

Malicious code in discord-json-scaller (npm)

Malicious code in hiljsonhil (npm)

Malicious code in json-schema-verify (npm)

Malicious code in ng-json-explorer (npm)

Malicious code in sa-docs-to-json (npm)

Malicious code in jsondatahandle (npm)

Malicious code in node-json-converter (npm)

Malicious code in json-lucide (npm)

Malicious code in excel-to-json-test (npm)

Malicious code in package-lock.json-dependency (npm)

Malicious code in jsonwepjoken (npm)

Malicious code in json2double (npm)

Malicious code in turbo-json-parser (npm)

Malicious code in ally-json-threat-protect (npm)

Malicious code in @tiaanduplessis/json (npm)

Malicious code in module-json-validator (npm)

Malicious code in rapidjson (npm)

Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)

Malicious code in json-mapping-token (npm)

Malicious code in @antstackio/json-to-graphql (npm)

Malicious code in jsonpjs (npm)

Malicious code in json-tree-preview (npm)

morgan-json vulnerable to Arbitrary Code Execution

Malicious code in jsonify-settings (npm)

Malicious code in language-jsonnet (npm)

Malicious code in shubholic-test.json (npm)

Prototype Pollution in node-jsonpointer

Malicious code in wm-package-json-validate (npm)

jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin

Malicious code in jsonify-builder (npm)

Validation bypass is possible in Json Pattern Validator

Malicious code in json-rpc-adapter (npm)

Malicious code in json-st7rzingif-safe (npm)

Malicious code in paytm-kapacitor-simplejson-datasource (npm)

Malicious code in jsonstsream (npm)

Malicious code in json-mapping-fetch (npm)

Malicious code in json-mapping-web (npm)

Malicious code in json-panels (npm)

Malicious code in mongoose-to-json (npm)

Malicious code in json-merge-tool (npm)

Malicious code in jsonify-core (npm)

Malicious code in jsonify-parser (npm)

Malicious code in parsejson-pro (npm)

Malicious code in safe-json-parsex (npm)

Malicious code in jsonauth (npm)

Malicious code in jsonauthcap (npm)

Malicious code in nlohmann-json (npm)

Malicious code in jsonify-setting (npm)

Malicious code in n8n-nodes-json-helper (npm)

Malicious code in postman-json (npm)

Malicious code in json-mapping-sources (npm)

Malicious code in json-web-sources (npm)

Malicious code in json-webhooks (npm)

Malicious code in jsonspack-logger (npm)

Malicious code in jsonify-bundler (npm)

Malicious code in json-parse-genie (npm)