Browse all 4 CVE security advisories affecting ultrajson. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ultrajson is a high-performance JSON encoder/decoder library primarily used for fast serialization and deserialization in Python applications. Historically, it has been susceptible to remote code execution vulnerabilities due to unsafe evaluation of untrusted input and improper handling of malicious data. Other common issues include cross-site scripting flaws through improper output encoding and privilege escalation via insecure deserialization. The library has faced several critical CVEs, including RCE flaws in versions prior to 4.0, where crafted JSON payloads could allow arbitrary code execution. While newer versions have addressed many concerns, developers should remain vigilant about input validation and use the latest stable releases to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32875 | UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop — ultrajsonCWE-190 | 7.5 | High | 2026-03-20 |
| CVE-2026-32874 | UltraJSON has a Memory Leak parsing large integers allows DoS — ultrajsonCWE-401 | 7.5 | High | 2026-03-20 |
| CVE-2022-31116 | Incorrect handling of invalid surrogate pair characters in ujson — ultrajsonCWE-670 | 7.5 | High | 2022-07-05 |
| CVE-2022-31117 | Double free of buffer during string decoding in ujson — ultrajsonCWE-415 | 5.9 | Medium | 2022-07-05 |
This page lists every published CVE security advisory associated with ultrajson. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.