Known Vulnerabilities for products from Fasterxml
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Fasterxml".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-54518 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21... | Not Provided | 2026-06-23 | 2026-06-27 |
| CVE-2026-54517 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21... | Not Provided | 2026-06-23 | 2026-06-27 |
| CVE-2026-54516 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21... | Not Provided | 2026-06-23 | 2026-06-27 |
| CVE-2026-54515 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.... | Not Provided | 2026-06-23 | 2026-06-29 |
| CVE-2026-54514 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.... | Not Provided | 2026-06-23 | 2026-06-27 |
| CVE-2026-54513 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10... | Not Provided | 2026-06-23 | 2026-07-09 |
| CVE-2026-54512 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10... | Not Provided | 2026-06-23 | 2026-06-27 |
| CVE-2026-50193 json | jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13... | Not Provided | 2026-06-23 | 2026-06-27 |
| CVE-2026-29062 json | jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Process... | Not Provided | 2026-03-06 | 2026-06-30 |
| CVE-2023-35116 json | ** DISPUTED ** jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via ... | 4.7 - MEDIUM | 2023-06-14 | 2023-12-07 |
| CVE-2023-3894 json | Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser i... | 7.5 - HIGH | 2023-08-08 | 2023-08-15 |
| CVE-2022-42004 json | In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._... | 7.5 - HIGH | 2022-10-02 | 2022-12-02 |
| CVE-2022-42003 json | In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive valu... | 7.5 - HIGH | 2022-10-02 | 2023-12-20 |
| CVE-2022-40152 json | Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the... | 7.5 - HIGH | 2022-09-16 | 2023-02-09 |
| CVE-2021-46877 json | jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (... | 7.5 - HIGH | 2023-03-18 | 2023-08-08 |
| CVE-2021-20190 json | A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and ... | 8.1 - HIGH | 2021-01-19 | 2023-11-07 |
| CVE-2020-36518 json | jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested object... | 7.5 - HIGH | 2022-03-11 | 2022-11-29 |
| CVE-2020-36189 json | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related t... | 8.1 - HIGH | 2021-01-06 | 2023-09-13 |
| CVE-2020-36188 json | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related t... | 8.1 - HIGH | 2021-01-06 | 2023-09-13 |
| CVE-2020-36187 json | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related t... | 8.1 - HIGH | 2021-01-06 | 2023-09-13 |
Known software with vulnerabilities from Fasterxml
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Fasterxml | Jackson | - |
| Application | Fasterxml | Jackson-databind | 2.0.0 |
| Application | Fasterxml | Jackson-dataformat-xml | 2.0.0 |
| Application | Fasterxml | Jackson-mapper-asl | 1.9.0 |
| Application | Fasterxml | Jackson-modules-java8 | 2.10.0 |