Ultrajson Project Ultrajson — known CVE vulnerabilities
Every CVE whose affected-product data names Ultrajson Project Ultrajson, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2026-32874 — CVSS 7.5 (high): UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an…
CVE-2022-31116 — CVSS 7.5 (high): UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly…
CVE-2026-32875 — CVSS 7.5 (high): UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable…
CVE-2026-44660 — CVSS 7.5 (high): UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to…
CVE-2026-54911 — CVSS 6.5 (medium): UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or…
CVE-2022-31117 — CVSS 5.9 (medium): UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring…
CVE-2021-45958 — CVSS 5.5 (medium): UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation…