Com.alibaba:fastjson
This hub aggregates every CVE we track for Com.alibaba:fastjson, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
3
CVEs tracked
2
Critical
1
High
0
In CISA KEV
Severity distribution
CRITICAL2HIGH1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 3 most recently published vulnerabilities affecting Com.alibaba:fastjson.
- CVE-2025-70974Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of t...10.0
- CVE-2022-25845Deserialization of Untrusted Data8.1
- CVE-2017-18349parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by...9.8
Product normalization is registry-driven with AI assist and human review. How it works