Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how jqlang compares to other vendors in security performance

View Risk Score →

Stedolan jqjq: Stack Overflow in Recursive Object Merge

Risk 36
Severity
6.2
First published (updated )
CVE-2026-43896

Stedolan jqjq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

Risk 29
Severity
4.4
First published (updated )
CVE-2026-43895

JQ jqjq: stack overflow in module loading on mutual `include`

Risk 31
Severity
5.4
First published (updated )
CVE-2026-44777

Stedolan jqjq: Wild stack write via signed-integer overflow in decNumber D2U() macro

Risk 36
Severity
6.2
First published (updated )
CVE-2026-43894

Stedolan jqjq: Embedded NUL truncates top-level jq programs loaded with -f

Risk 31
Severity
5.5
First published (updated )
CVE-2026-41256
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

JQ jqjq: Stack overflow via unbounded recursion in jv_contains

Risk 31
Severity
5.4
First published (updated )
CVE-2026-40612

Stedolan jqjq: Signed-int overflow in `stack_reallocate` (jq VM stack)

Risk 63
Severity
6.4
First published (updated )
CVE-2026-41257

oss-sec7 vulnerabilities disclosed & patched in jq

First published (updated )
https://seclists.org/oss-sec/2026/q2/141

Stedolan jqjq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input

Risk 28
Severity
2.9
First published (updated )
CVE-2026-33948

github/stedolan/jqjq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers

Risk 44
Severity
6.9
First published (updated )
CVE-2026-39979
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

JQ jqjq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure

Risk 43
Severity
6.1
First published (updated )
CVE-2026-39956

JQ jqjq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()

Risk 38
Severity
6.2
First published (updated )
CVE-2026-33947

JQ jqjq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow

Risk 57
Severity
8.2
First published (updated )
CVE-2026-32316

jqlang jqjqlang jq JSON jq_test.c run_jq_tests assertion

Risk 24
Severity
4.8
EPSS
0.04%
First published (updated )
CVE-2025-9403

JQ jqAddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

Risk 31
Severity
7.7
EPSS
0.06%
First published (updated )
CVE-2025-48060
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

JQ jqjq has signed integer overflow in jv.c:jvp_array_write

Risk 37
Severity
6.5
First published (updated )
CVE-2024-23337

JQ jqBuffer Overflow

Risk 69
Severity
8.1
First published (updated )
CVE-2024-53427

jqlang jqjq has stack-based buffer overflow in decNaNs

Risk 37
Severity
6.2
First published (updated )
CVE-2023-50268

jqlang jqjq has heap-buffer-overflow vulnerability in the function decToString in decNumber.c

Risk 37
Severity
6.2
First published (updated )
CVE-2023-50246

jqlang jqdecToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1…

Risk 43
Severity
7.5
First published (updated )
CVE-2023-49355
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203