This page lists publicly disclosed CVE vulnerabilities affecting jansson_project jansson (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-36325 | An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification | [email protected] | 7.5 | 1.72% | 2021-04-26 | 2026-06-16 |
| CVE-2016-4425 | Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data. | [email protected] | 6.5 | 1.89% | 2016-05-17 | 2026-06-16 |
| CVE-2013-6401 | Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document. | [email protected] | 5.0 | 1.95% | 2014-03-20 | 2026-06-16 |