Security

Report a vulnerability

SECURITY.md

How to report security vulnerabilities in `jq`

GitHub has a mechanism for private disclosure of vulnerabilities to repository owners and authorized persons such as maintainers. The jqlang/jq repository now has this feature enabled.

Reporting a Vulnerability

See Privately Reporting a Security Vulnerability. Click on jqlang/jq's Security page and click on Report a vulnerability. This will notify the owners and maintainers. After submitting you'll get an option to start a private clone of jqlang/jq for collaboration with the maintainers.

[oss-fuzz] Issue 64771: jq:jq_fuzz_execute: Stack-buffer-overflow in decNaNs
GHSA-7hmr-442f-qc8j published Dec 13, 2023 by emanuele6

High
heap-buffer-overflow exists in the function decToString in decNumber.c
GHSA-686w-5m7m-54vc published Dec 13, 2023 by emanuele6

High

Learn more about advisories related to jqlang/jq in the GitHub Advisory Database