Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

jqlang — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting jqlang. AI-powered Chinese analysis, POCs, and references for each vulnerability.

jqlang is a query language primarily used for data extraction and manipulation in JSON structures. Historically, it has been associated with vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure deserialization. The project has recorded 13 CVEs, with notable issues including arbitrary code execution through crafted queries and server-side template injection. Security researchers have identified consistent patterns of insufficient sanitization in parsing functions, leading to multiple RCE flaws in versions prior to 2022. While recent versions have addressed some concerns, the language's dynamic nature continues to present potential attack surfaces for complex query-based applications.

Found 13 results / 13Clear Filters
Top products by jqlang: jq
CVE IDTitleCVSSSeverityPublished
CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input — jqCWE-170 9.8 -2026-04-13
CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed — jqCWE-328 7.5 High2026-04-13
CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers — jqCWE-125 9.8 -2026-04-13
CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure — jqCWE-125 6.1 Medium2026-04-13
CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted() — jqCWE-674 6.2 Medium2026-04-13
CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow — jqCWE-122 8.2 High2026-04-13
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion — jqCWE-617 3.3 Low2025-08-25
CVE-2025-49014 jq heap use after free vulnerability in f_strflocaltime — jqCWE-416 9.8AICriticalAI2025-06-19
CVE-2025-48060 AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt) — jqCWE-121 6.5AIMediumAI2025-05-21
CVE-2024-23337 jq has signed integer overflow in jv.c:jvp_array_write — jqCWE-190 4.3 Medium2025-05-21
CVE-2024-53427 jq 安全漏洞 — jqCWE-843 8.1 High2025-02-26
CVE-2023-50268 jq has stack-based buffer overflow in decNaNs — jqCWE-121 6.2 Medium2023-12-13
CVE-2023-50246 jq has heap-buffer-overflow vulnerability in the function decToString in decNumber.c — jqCWE-122 6.2 Medium2023-12-13

This page lists every published CVE security advisory associated with jqlang. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.