HIGH
ultrajson
CVE published 2026-05-27
CVE-2026-44660
UltraJSON (ujson) versions prior to 5.12.1 contain a memory leak vulnerability in the `ujson.dump()` function. When writing to a file-like object, if the underlying write operation raises an exception, the serialized JSON string object is not properly decremented, causing memory to leak. The leaked memory equals the full size of the serialized payload for each failed write operation. This vulnerability is [truncated]