jmespath CVE Vulnerabilities & CVE List (2)

Products (CPE): — CVEs: 2

jmespath vulnerability overview

This page aggregates publicly disclosed CVE and security risk information related to jmespath, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

Vulnerability distribution trend (last 24 months)

Showing 12 of 2 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-54133 jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when `JmesPath\CompilerRuntime` is used with an attacker-controlled JMESPath expression. The compiler emits parsed JMESPath function names into generated PHP source without sufficient escaping. A crafted expression can cause the generated cache file [email protected] 9.8 0.32% 2026-06-12 2026-06-17
CVE-2022-32511 jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. [email protected] 9.8 2.10% 2022-06-06 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence