jq

Security Risk Profile

/100

low

Security Risk Score

Comprehensive risk assessment based on 11 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from December 15, 2023 to present

Total CVEs

Critical+High

Exploited

Unpatched

Threat Assessment

Avg CVSS

6.2

Base severity

Avg EPSS

Exploit probability

Unpatched

Critical/High

Risk Level

39/100

low

📈 2 in Last 30 Days

Severity Distribution

Critical

High

Medium

Low

Exploit Likelihood

>50% chance

20-50%

5-20%

<5%

Age Distribution

Common Weaknesses (CWE)

Integer Overflow

Buffer Overflow

Null Pointer Dereference

Most Affected Products

1. JQ jq11

2. jqlang jq8

3. Microsoft azl3 jq 1.7.1-44

4. Microsoft cbl2 jq 1.6-53

5. Microsoft cbl2 jq 1.6-41

Recent Vulnerabilities

See more →

CVE-2026-44777

CVSS 5.4medium

jq: stack overflow in module loading on mutual `include`

5/11/2026🔧 No Patch

CVE-2026-40612

CVSS 5.4medium

jq: Stack overflow via unbounded recursion in jv_contains

5/11/2026🔧 No Patch

CVE-2026-39956

CVSS 6.1medium

jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure

4/13/2026

CVE-2026-33947

CVSS 6.2medium

jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()

4/13/2026

CVE-2026-32316

CVSS 8.2high

jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow

AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

jq has signed integer overflow in jv.c:jvp_array_write

Monitor jq in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free Trial Book a Demo

jq

Security Risk Score

Threat Assessment

Severity Distribution

Exploit Likelihood

Age Distribution

Common Weaknesses (CWE)

Most Affected Products

Recent Vulnerabilities

Monitor jq in Real-Time

Monitor Your Software Stack in Real-Time