Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GHSA-q75g-2496-mxpp

GitHub Security Advisory

Regular Expression Denial of Service in parsejson

✓ GitHub Reviewed HIGH Has CVE

Advisory Details

Affected versions of `parsejson` are vulnerable to a regular expression denial of service when parsing untrusted user input.

## Recommendation

The `parsejson` package has not been functionally updated since it was initially released.

Additionally, it provides functionality which is natively included in Node.js, and therefore the native `JSON.parse()` should be used, for both performance and security reasons.

Affected Packages

npm parsejson

Affected versions: 0 (last affected: 0.0.3)

Related CVEs

CVE-2017-16113

Key Information

GHSA ID

GHSA-q75g-2496-mxpp

Published

July 24, 2018 8:11 PM

Last Modified

August 31, 2020 6:26 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

parsejson

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 2, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.