Json

This hub aggregates every CVE we track for Json, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 8 most recently published vulnerabilities affecting Json.

• CVE-2026-33210Ruby JSON has a format string injection vulnerability9.1Mar 20, 2026
• CVE-2025-27788Ruby JSON Parser has Out-of-bounds Read7.5Mar 12, 2025
• CVE-2022-23460Stack overflow in Jsonxx5.9Aug 19, 2022
• CVE-2022-23459Double free or Use after Free in Value class of Jsonxx8.1Aug 19, 2022
• CVE-2020-7712Command Injection7.2Aug 30, 2020
• CVE-2020-10663The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269...7.5Apr 28, 2020
• CVE-2018-17072JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y.9.8Sep 16, 2018
• CVE-2013-0269The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection m...7.5Feb 13, 2013