github.com/buger/jsonparser (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/buger/jsonparser, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2020-10675 — CVSS 7.5 (high): The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
CVE-2020-35381 — CVSS 7.5 (high): jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.
CVE-2026-32285 — CVSS 7.5 (high): The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a…