Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

128 New today

64,732 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 6.5

UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()_CVE-2026-54911

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or ujson.encode()) have a reject_bytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently re...

CVE-2026-54911 ultrajson ultrajson < 5.13.0

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-54281	Nest: Middleware Bypass on Fastify via Trailing Slash_CVE-2026-54281 Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulnerability exists in @nes...	nestjs	nest < 11.1.24	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48517	MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments_CVE-2026-48517 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePa...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48516	MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings_CVE-2026-48516 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with ...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48515	MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions_CVE-2026-48515 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dim...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48514	MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length_CVE-2026-48514 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase.Deserialize reads an attacker-controlled...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48513	MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement_CVE-2026-48513 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionRes...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48512	MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement_CVE-2026-48512 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple re...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48511	MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps_CVE-2026-48511 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.Expa...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-48510	MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths_CVE-2026-48510 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray p...	MessagePack-CSharp	MessagePack-CSharp >= 3.1.7, < 3.1.7	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()_CVE-2026-54911

Recent Advisories

Nest: Middleware Bypass on Fastify via Trailing Slash_CVE-2026-54281

MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments_CVE-2026-48517

MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings_CVE-2026-48516

MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions_CVE-2026-48515

MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length_CVE-2026-48514

MessagePack-CSharp: DynamicUnionResolver generated deserializers miss depth enforcement_CVE-2026-48513

MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement_CVE-2026-48512

MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps_CVE-2026-48511

MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths_CVE-2026-48510

Protect Your Attack Surface with RedGem

Security Intelligence
Feed