Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.3 CVE-2026-54899

Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle_CVE-2026-54899

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbol_keys on a reused Oj::P...

ohler55 oj < 3.17.2 CVE
LOW 2.1 CVE-2026-54898

Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation_CVE-2026-54898

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parser#parse is vulnerable to a ...

ohler55 oj < 3.17.2 CVE
LOW 2.1 CVE-2026-54897

Oj : Use-After-Free in Oj::Doc Iterators via Reentrant Close_CVE-2026-54897

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators (each_value, each_child, each...

ohler55 oj < 3.17.2 CVE
LOW 2.1 CVE-2026-54896

Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent_CVE-2026-54896

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vul...

ohler55 oj < 3.17.2 CVE
HIGH 7.5 CVE-2026-54592

Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input_CVE-2026-54592

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_child, when invoked re...

ohler55 oj < 3.17.3 CVE
MEDIUM 6.3 CVE-2026-54502

Oj: Stack Buffer Overflow in Oj.dump via Large Indent_CVE-2026-54502

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.dump is vulnerable to a stack-ba...

ohler55 oj < 3.17.2 CVE
MEDIUM 5.3 CVE-2026-54500

Oj: intern.c form_attr has an uninitialized stack read_CVE-2026-54500

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads unini...

ohler55 oj < 3.17.3 CVE
MEDIUM 6.3 CVE-2026-54903

Oj: Integer Overflow in Oj.load 2GB String Handling_CVE-2026-54903

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corru...

ohler55 oj < 3.17.2 CVE
MEDIUM 6.3 CVE-2026-54902

Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback_CVE-2026-54902

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in...

ohler55 oj < 3.17.2 CVE
MEDIUM 6.3 CVE-2026-54901

Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking_CVE-2026-54901

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not m...

ohler55 oj < 3.17.2 CVE