An open index of dependabot pull requests across open source projects.

oj

Ecosystem:
rubygems
Package URL:
pkg:gem/oj
Total PRs:
158 Dependabot PRs
Latest PR:
25 days ago
Unique Repositories:
83 repositories
Unique Repos (30 days):
4 repositories
Security Advisories
Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input
GHSA-3m6q-jj5j-38c9 CVE-2026-54592 HIGH published 25 days ago • updated 13 days ago
### Summary `Oj::Doc#each_child`, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the ...
Oj: Stack Buffer Overflow in Oj.dump via Large Indent
GHSA-3v45-f3vh-wg7m CVE-2026-54502 HIGH published 25 days ago • updated 13 days ago
### Summary `Oj.dump` is vulnerable to a stack-based buffer overflow when a large `:indent` value is provided by the developer. `fill_indent` in `...
Oj: Integer Overflow in Oj.load 2GB String Handling
GHSA-475m-ph3x-64gp CVE-2026-54903 HIGH published 25 days ago • updated 13 days ago
### Summary `Oj.load` is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in `buf_append_string` (`b...
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
GHSA-m578-w5vf-rfcm CVE-2026-54902 HIGH published 25 days ago • updated 13 days ago
### Summary `Oj::Parser` in SAJ mode does not protect cached object keys (≥ 35 bytes) from garbage collection. A Ruby callback that triggers GC in...
Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling
GHSA-9cv6-qcjw-4grx CVE-2026-54900 HIGH published 25 days ago • updated 13 days ago
### Summary `Oj::Parser#parse` in usual mode with `create_id` enabled is vulnerable to heap corruption via a negative-size `memcpy`. When a JSON o...
Recent PRs
Bump oj from 3.16.13 to 3.16.14

wyeworks/nucore-open #5973

3.16.13 → 3.16.14 Patch PR
Closed 5 months ago 1 comment
wyeworks
Bump oj from 3.16.13 to 3.16.14

ledermann/pingcrm #3872

3.16.13 → 3.16.14 Patch PR
Closed 5 months ago 1 comment
ledermann
Bump oj from 3.16.13 to 3.16.14

lightward/lightward-ai #1855

3.16.13 → 3.16.14 Patch PR
Open 5 months ago 3 comments
lightward
Package Details
Name: oj
Ecosystem: rubygems
PURL Type: gem
Package URL: pkg:gem/oj
JSON API: View JSON
Security Advisories

11

Active advisories
HIGH 10
MODERATE 1
View All gem Advisories
Package Information
Description:

The fastest JSON parser and object serializer.

Repository: https://github.com/ohler55/oj
Homepage: http://www.ohler.com/oj/
Latest Release: 3.16.11
about 1 year ago
Dependent Repos: 13,067
Dependent Packages: 965
Downloads: 243,943,047
Ranking: Top 0.3016% by dependent repos Top 0.092% by downloads Top 0.0496% by dependent pkgs
PR Status
Open 63 (39.9%)
Merged 26 (16.5%)
Closed 52 (32.9%)
PR Types
Minor 27 (17.1%)
Patch 114 (72.2%)