SecAlerts
CVE ListPricingSign Up
jqlang logo

jqlang

Security Risk Profile

39
/100
low

Security Risk Score

Comprehensive risk assessment based on 20 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from December 11, 2023 to present

20
Total CVEs
4
Critical+High
0
Exploited
1
Unpatched

Threat Assessment

Avg CVSS
6.1
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
1
Critical/High
Risk Level
39/100
low
📈 7 in Last 30 Days

Severity Distribution

Critical
0
High
4
Medium
14
Low
1

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
2

Age Distribution

Common Weaknesses (CWE)

1
Integer Overflow
4
2
Buffer Overflow
4
3
Input Validation
2
4
Null Pointer Dereference
1

Most Affected Products

1. jqlang jq23
2. JQ jq8
3. Stedolan jq6
4. Microsoft azl3 jq 1.7.1-46
5. Microsoft cbl2 jq 1.6-56

Recent Vulnerabilities

See more →
CVE-2026-43896
CVSS 6.2medium

jq: Stack Overflow in Recursive Object Merge

5/11/2026🔧 No Patch
CVE-2026-43895
CVSS 4.4medium

jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

5/11/2026🔧 No Patch
CVE-2026-44777
CVSS 5.4medium

jq: stack overflow in module loading on mutual `include`

5/11/2026🔧 No Patch
CVE-2026-43894
CVSS 6.2medium

jq: Wild stack write via signed-integer overflow in decNumber D2U() macro

5/11/2026🔧 No Patch
CVE-2026-41256
CVSS 5.5medium

jq: Embedded NUL truncates top-level jq programs loaded with -f

5/11/2026🔧 No Patch
CVE-2026-40612
CVSS 5.4medium

jq: Stack overflow via unbounded recursion in jv_contains

5/11/2026🔧 No Patch
CVE-2026-41257
CVSS 6.4medium

jq: Signed-int overflow in `stack_reallocate` (jq VM stack)

5/11/2026🔧 No Patch
https://seclists.org/oss-sec/2026/q2/141
unknown

7 vulnerabilities disclosed & patched in jq

4/15/2026🔧 No Patch
CVE-2026-33948
CVSS 2.9low

jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input

4/13/2026
CVE-2026-39979
CVSS 6.9medium

jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers

4/13/2026

Monitor jqlang in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

jqlang Security Vulnerabilities & Risk Score | 20 CVEs | SecAlerts - SecAlerts