Every CVE whose affected-product data names Davegamble Cjson, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2025-57052 — CVSS 9.8 (critical): cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote…
CVE-2018-1000217 — CVSS 9.8 (critical): Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible…
CVE-2016-10749 — CVSS 9.8 (critical): parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and…
CVE-2018-1000216 — CVSS 8.8 (high): Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible…
CVE-2023-50471 — CVSS 7.5 (high): cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.
CVE-2018-1000215 — CVSS 7.5 (high): Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS)…
CVE-2023-50472 — CVSS 7.5 (high): cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.
CVE-2019-1010239 — CVSS 7.5 (high): DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so…