hsqldb | Remote code execution via prepared statement values | fixed | CVE-2022-41853 | OSS-Fuzz |
protocolbuffers/protobuf | Small protobuf messages can consume minutes of CPU time | fixed | CVE-2022-3171 | OSS-Fuzz |
OpenJDK | OutOfMemoryError via a small BMP image | fixed | CVE-2022-21360 | Code Intelligence |
OpenJDK | OutOfMemoryError via a small TIFF image | fixed | CVE-2022-21366 | Code Intelligence |
protocolbuffers/protobuf | Small protobuf messages can consume minutes of CPU time | fixed | CVE-2021-22569 | OSS-Fuzz |
jhy/jsoup | More than 19 Bugs found in HTML and XML parser | fixed | CVE-2021-37714 | Code Intelligence |
Apache/commons-compress | Infinite loop when loading a crafted 7z | fixed | CVE-2021-35515 | Code Intelligence |
Apache/commons-compress | OutOfMemoryError when loading a crafted 7z | fixed | CVE-2021-35516 | Code Intelligence |
Apache/commons-compress | Infinite loop when loading a crafted TAR | fixed | CVE-2021-35517 | Code Intelligence |
Apache/commons-compress | OutOfMemoryError when loading a crafted ZIP | fixed | CVE-2021-36090 | Code Intelligence |
Apache/PDFBox | Infinite loop when loading a crafted PDF | fixed | CVE-2021-27807 | Code Intelligence |
Apache/PDFBox | OutOfMemoryError when loading a crafted PDF | fixed | CVE-2021-27906 | Code Intelligence |
netplex/json-smart-v1 netplex/json-smart-v2 | JSONParser#parse throws an undeclared exception | fixed | CVE-2021-27568 | @GanbaruTobi |
OWASP/json-sanitizer | Output can contain</script> and ]]> , which allows XSS | fixed | CVE-2021-23899 | Code Intelligence |
OWASP/json-sanitizer | Output can be invalid JSON and undeclared exceptions can be thrown | fixed | CVE-2021-23900 | Code Intelligence |
alibaba/fastjson | JSON#parse throws undeclared exceptions | fixed | | Code Intelligence |
Apache/commons-compress | Infinite loop and OutOfMemoryError in TarFile | fixed | | Code Intelligence |
Apache/commons-compress | NullPointerException in ZipFile | fixed | | Code Intelligence |
Apache/commons-imaging | Parsers for multiple image formats throw undeclared exceptions | reported | | Code Intelligence |
Apache/PDFBox | Various undeclared exceptions | fixed | | Code Intelligence |
cbeust/klaxon | Default parser throws runtime exceptions | fixed | | Code Intelligence |
FasterXML/jackson-dataformats-binary | CBORParser throws an undeclared exception due to missing bounds checks when parsing Unicode | fixed | | Code Intelligence |
FasterXML/jackson-dataformats-binary | CBORParser throws an undeclared exception on dangling arrays | fixed | | Code Intelligence |
ngageoint/tiff-java | readTiff Index Out Of Bounds | fixed | | @raminfp |
google/re2j | NullPointerException in Pattern.compile | reported | | @schirrmacher |
google/gson | ArrayIndexOutOfBounds in ParseString | fixed | | @DavidKorczynski |
snakeyaml | StackOverflowError in Composer | fixed | CVE-2022-38749 | Code Intelligence |
snakeyaml | StackOverflowError in BaseConstructor | fixed | CVE-2022-38750 | Code Intelligence |
snakeyaml | StackOverflowError caused by regex parse failure in java.util.regex | fixed | CVE-2022-38751 | Code Intelligence |
snakeyaml | StackOverflowError caused by recursion in java.util.ArrayList | fixed | CVE-2022-38752 | Code Intelligence |
snakeyaml | StackOverflowError caused by recursion in java.util.ArrayList | fixed | CVE-2022-41854 | Code Intelligence |
jettison-json/jettison | StackOverflowError in JSONTokener | fixed | CVE-2022-40149 | Code Intelligence |
jettison-json/jettison | OutOfMemoryError when parsing json objects | fixed | CVE-2022-40150 | Code Intelligence |
x-stream/xstream | StackOverflowError in xstream.core | fixed | CVE-2022-40151 | Code Intelligence |
FasterXML/woodstox | StackOverflowError in WordResolver | fixed | CVE-2022-40152 | Code Intelligence |
alibaba/fastjson2 | StackOverflowError in DefaultJSONParser | not fixed | CVE-2022-40173 | Code Intelligence |
alibaba/fastjson2 | StackOverflowError in JSONPath | not fixed | CVE-2022-40174 | Code Intelligence |
alibaba/fastjson2 | StackOverflowError in JSONPath | not fixed | CVE-2022-40175 | Code Intelligence |
alibaba/fastjson2 | StackOverflowError in DefaultJSONParser | not fixed | CVE-2022-41855 | Code Intelligence |
alibaba/fastjson2 | StackOverflowError in SerialContext | not fixed | CVE-2022-41856 | Code Intelligence |
Apache/commons-jxpath | Remote code execution via crafted XPath expression | not fixed | | Code Intelligence |