Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-54592

Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input_CVE-2026-54592

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_child, when invoked re...

ohler55 oj < 3.17.3 CVE
MEDIUM 6.3 CVE-2026-54502

Oj: Stack Buffer Overflow in Oj.dump via Large Indent_CVE-2026-54502

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.dump is vulnerable to a stack-ba...

ohler55 oj < 3.17.2 CVE
MEDIUM 5.3 CVE-2026-54500

Oj: intern.c form_attr has an uninitialized stack read_CVE-2026-54500

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads unini...

ohler55 oj < 3.17.3 CVE
MEDIUM 6.3 CVE-2026-54903

Oj: Integer Overflow in Oj.load 2GB String Handling_CVE-2026-54903

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corru...

ohler55 oj < 3.17.2 CVE
MEDIUM 6.3 CVE-2026-54902

Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback_CVE-2026-54902

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in...

ohler55 oj < 3.17.2 CVE
MEDIUM 6.3 CVE-2026-54901

Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking_CVE-2026-54901

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not m...

ohler55 oj < 3.17.2 CVE
CRITICAL 9.4 CVE-2026-53488

containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull_CVE-2026-53488

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from ...

containerd containerd < 1.7.33 CVE
LOW 3.3 CVE-2026-41579

runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations_CVE-2026-41579

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5...

opencontainers runc < 1.3.6 CVE
MEDIUM 4.3 CVE-2026-58450

Invoice Ninja 5.13.26 – Open Redirect in Client Portal Login via intended Parameter_CVE-2026-58450

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect ...

invoiceninja invoiceninja CVE
CRITICAL 9.8 CVE-2026-58449

txtai – Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter_CVE-2026-58449

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolv...

neuml txtai CVE