FYI: JSON for Modern C++ repo being linked to JSON++ (jsonxx) for CVE advisories #4951

docbugger · 2025-10-13T23:33:32Z

docbugger
Oct 13, 2025

FYI: two advisories, CVE-2022-23459 (Critical) and CVE-2022-23460 (High) were updated on Google's Osv.Dev last week to be linked to
https://github.com/nlohmann/json, even though the issues are in the (archived) https://github.com/hjiang/jsonxx.

Per Google:

"Looking into this, it seems that the CPE dictionary we are matching to includes the nlohmann repository as a mapping for this vendor/product combination. This is likely false, but would need NIST to update it."

nlohmann · 2025-10-14T04:35:14Z

nlohmann
Oct 14, 2025
Maintainer

Thanks to the heads up. We share no code with that other than project, so it's an interesting assessment.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

FYI: JSON for Modern C++ repo being linked to JSON++ (jsonxx) for CVE advisories #4951

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

FYI: JSON for Modern C++ repo being linked to JSON++ (jsonxx) for CVE advisories #4951

Uh oh!

docbugger Oct 13, 2025

Replies: 1 comment

Uh oh!

nlohmann Oct 14, 2025 Maintainer

docbugger
Oct 13, 2025

nlohmann
Oct 14, 2025
Maintainer