Every CVE whose affected-product data names Alibaba Fastjson, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2017-18349 — CVSS 9.8 (critical): parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute…
CVE-2022-25845 — CVSS 8.1 (high): The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType…