diff --git a/docs/trophies.md b/docs/trophies.md
index 716ee3129..f4d154724 100644
--- a/docs/trophies.md
+++ b/docs/trophies.md
@@ -2,58 +2,60 @@
Jazzer has found the following vulnerabilities and bugs.
-As Jazzer is used to fuzz JVM projects in OSS-Fuzz, further findings are listed [on the OSS-Fuzz issue tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list).
+As Jazzer is used to fuzz JVM projects in OSS-Fuzz, further findings are
+listed [on the OSS-Fuzz issue tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list).
If you find bugs with Jazzer, we would like to hear from you!
Feel free to [open an issue](https://github.com/CodeIntelligenceTesting/jazzer/issues/new) or submit a pull request.
-
-| Project | Bug | Status | CVE | found by |
-|-------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|-------------------------------------------------------------------------|
-| [mysql/mysql-connector-j](https://github.com/mysql/mysql-connector-j) | Remote code execution via abusing connection property propertiesTransform | [fixed](https://github.com/ryenus/hsqldb/commit/b6719c67b41eb9298c2451ad2829bf03b262a941) | [CVE-2023-21971](https://nvd.nist.gov/vuln/detail/CVE-2023-21971) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53464) |
-| [hsqldb](https://hsqldb.org/) | Remote code execution via prepared statement values | [fixed](https://github.com/ryenus/hsqldb/commit/b6719c67b41eb9298c2451ad2829bf03b262a941) | [CVE-2022-41853](https://nvd.nist.gov/vuln/detail/CVE-2022-41853) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212) |
-| [spring-projects/spring-framework](https://github.com/spring-projects/spring-framework) | `OutOfMemoryError` via specially crafted SpEL expressions | fixed | [CVE-2023-20863](https://nvd.nist.gov/vuln/detail/CVE-2023-20863) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55638) |
-| [spring-projects/spring-framework](https://github.com/spring-projects/spring-framework) | `OutOfMemoryError` via specially crafted SpEL expressions | fixed | [CVE-2023-20861](https://nvd.nist.gov/vuln/detail/CVE-2023-20861) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53131) |
-| [protocolbuffers/protobuf](https://github.com/protocolbuffers/protobuf) | Small protobuf messages can consume minutes of CPU time | [fixed](https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2) | [CVE-2022-3171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330) |
-| [OpenJDK](https://github.com/openjdk/jdk) | `OutOfMemoryError` via a small BMP image | [fixed](https://openjdk.java.net/groups/vulnerability/advisories/2022-01-18) | [CVE-2022-21360](https://nvd.nist.gov/vuln/detail/CVE-2022-21360) | [Code Intelligence](https://code-intelligence.com) |
-| [OpenJDK](https://github.com/openjdk/jdk) | `OutOfMemoryError` via a small TIFF image | [fixed](https://openjdk.java.net/groups/vulnerability/advisories/2022-01-18) | [CVE-2022-21366](https://nvd.nist.gov/vuln/detail/CVE-2022-21366) | [Code Intelligence](https://code-intelligence.com) |
-| [protocolbuffers/protobuf](https://github.com/protocolbuffers/protobuf) | Small protobuf messages can consume minutes of CPU time | [fixed](https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67) | [CVE-2021-22569](https://nvd.nist.gov/vuln/detail/CVE-2021-22569) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330) |
-| [jhy/jsoup](https://github.com/jhy/jsoup) | More than 19 Bugs found in HTML and XML parser | [fixed](https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c) | [CVE-2021-37714](https://nvd.nist.gov/vuln/detail/CVE-2021-37714) | [Code Intelligence](https://code-intelligence.com) |
-| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | Infinite loop when loading a crafted 7z | fixed | [CVE-2021-35515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515) | [Code Intelligence](https://code-intelligence.com) |
-| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | `OutOfMemoryError` when loading a crafted 7z | fixed | [CVE-2021-35516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516) | [Code Intelligence](https://code-intelligence.com) |
-| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | Infinite loop when loading a crafted TAR | fixed | [CVE-2021-35517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517) | [Code Intelligence](https://code-intelligence.com) |
-| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | `OutOfMemoryError` when loading a crafted ZIP | fixed | [CVE-2021-36090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090) | [Code Intelligence](https://code-intelligence.com) |
-| [Apache/PDFBox](https://pdfbox.apache.org/) | Infinite loop when loading a crafted PDF | fixed | [CVE-2021-27807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27807) | [Code Intelligence](https://code-intelligence.com) |
-| [Apache/PDFBox](https://pdfbox.apache.org/) | OutOfMemoryError when loading a crafted PDF | fixed | [CVE-2021-27906](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27906) | [Code Intelligence](https://code-intelligence.com) |
-| [netplex/json-smart-v1](https://github.com/netplex/json-smart-v1)
[netplex/json-smart-v2](https://github.com/netplex/json-smart-v2) | `JSONParser#parse` throws an undeclared exception | [fixed](https://github.com/netplex/json-smart-v2/issues/60) | [CVE-2021-27568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27568) | [@GanbaruTobi](https://github.com/GanbaruTobi) |
-| [OWASP/json-sanitizer](https://github.com/OWASP/json-sanitizer) | Output can contain`` and `]]>`, which allows XSS | [fixed](https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0) | [CVE-2021-23899](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23899) | [Code Intelligence](https://code-intelligence.com) |
-| [OWASP/json-sanitizer](https://github.com/OWASP/json-sanitizer) | Output can be invalid JSON and undeclared exceptions can be thrown | [fixed](https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0) | [CVE-2021-23900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23900) | [Code Intelligence](https://code-intelligence.com) |
-| [alibaba/fastjson](https://github.com/alibaba/fastjson) | `JSON#parse` throws undeclared exceptions | [fixed](https://github.com/alibaba/fastjson/issues/3631) | | [Code Intelligence](https://code-intelligence.com) |
-| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | Infinite loop and `OutOfMemoryError` in `TarFile` | [fixed](https://issues.apache.org/jira/browse/COMPRESS-569) | | [Code Intelligence](https://code-intelligence.com) |
-| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | `NullPointerException` in `ZipFile` | [fixed](https://issues.apache.org/jira/browse/COMPRESS-568) | | [Code Intelligence](https://code-intelligence.com) |
-| [Apache/commons-imaging](https://commons.apache.org/proper/commons-imaging/) | Parsers for multiple image formats throw undeclared exceptions | [reported](https://issues.apache.org/jira/browse/IMAGING-279?jql=project%20%3D%20%22Commons%20Imaging%22%20AND%20reporter%20%3D%20Meumertzheim%20) | | [Code Intelligence](https://code-intelligence.com) |
-| [Apache/PDFBox](https://pdfbox.apache.org/) | Various undeclared exceptions | [fixed](https://issues.apache.org/jira/browse/PDFBOX-5108?jql=project%20%3D%20PDFBOX%20AND%20reporter%20in%20(Meumertzheim)) | | [Code Intelligence](https://code-intelligence.com) |
-| [cbeust/klaxon](https://github.com/cbeust/klaxon) | Default parser throws runtime exceptions | [fixed](https://github.com/cbeust/klaxon/pull/330) | | [Code Intelligence](https://code-intelligence.com) |
-| [FasterXML/jackson-dataformats-binary](https://github.com/FasterXML/jackson-dataformats-binary) | `CBORParser` throws an undeclared exception due to missing bounds checks when parsing Unicode | [fixed](https://github.com/FasterXML/jackson-dataformats-binary/issues/236) | | [Code Intelligence](https://code-intelligence.com) |
-| [FasterXML/jackson-dataformats-binary](https://github.com/FasterXML/jackson-dataformats-binary) | `CBORParser` throws an undeclared exception on dangling arrays | [fixed](https://github.com/FasterXML/jackson-dataformats-binary/issues/240) | | [Code Intelligence](https://code-intelligence.com) |
-| [ngageoint/tiff-java](https://github.com/ngageoint/tiff-java) | `readTiff ` Index Out Of Bounds | [fixed](https://github.com/ngageoint/tiff-java/issues/38) | | [@raminfp](https://github.com/raminfp) |
-| [google/re2j](https://github.com/google/re2j) | `NullPointerException` in `Pattern.compile` | [reported](https://github.com/google/re2j/issues/148) | | [@schirrmacher](https://github.com/schirrmacher) |
-| [google/gson](https://github.com/google/gson) | `ArrayIndexOutOfBounds` in `ParseString` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40838) | | [@DavidKorczynski](https://twitter.com/Davkorcz) |
-| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` in `Composer` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024) | [CVE-2022-38749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38749) | [Code Intelligence](https://code-intelligence.com) |
-| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` in `BaseConstructor` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027) | [CVE-2022-38750](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38750) | [Code Intelligence](https://code-intelligence.com) |
-| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` caused by regex parse failure in `java.util.regex` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039) | [CVE-2022-38751](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38751) | [Code Intelligence](https://code-intelligence.com) |
-| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` caused by recursion in `java.util.ArrayList` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081) | [CVE-2022-38752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38752) | [Code Intelligence](https://code-intelligence.com) |
-| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` caused by recursion in `java.util.ArrayList` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355) | [CVE-2022-41854](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41854) | [Code Intelligence](https://code-intelligence.com) |
-| [jettison-json/jettison](https://github.com/jettison-json/jettison/) | `StackOverflowError` in `JSONTokener` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538) | [CVE-2022-40149](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149) | [Code Intelligence](https://code-intelligence.com) |
-| [jettison-json/jettison](https://github.com/jettison-json/jettison/) | `OutOfMemoryError` when parsing json objects | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549) | [CVE-2022-40150](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150) | [Code Intelligence](https://code-intelligence.com) |
-| [x-stream/xstream](https://github.com/x-stream/xstream/) | `StackOverflowError` in `xstream.core` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367) | [CVE-2022-40151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151) | [Code Intelligence](https://code-intelligence.com) |
-| [FasterXML/woodstox](https://github.com/FasterXML/woodstox/) | `StackOverflowError` in `WordResolver` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434) | [CVE-2022-40152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152) | [Code Intelligence](https://code-intelligence.com) |
-| [HtmlUnit/htmlunit](https://github.com/HtmlUnit/htmlunit) | `StackOverflowError` in `DomNode` | [fixed](https://github.com/HtmlUnit/htmlunit/commit/940dc7fd) | [CVE-2023-2798](https://nvd.nist.gov/vuln/detail/CVE-2023-2798) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613) |
-| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `DefaultJSONParser` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32410) | [CVE-2022-40173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40173) | [Code Intelligence](https://code-intelligence.com) |
-| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `JSONPath` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35777) | [CVE-2022-40174](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40174) | [Code Intelligence](https://code-intelligence.com) |
-| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `JSONPath` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47686) | [CVE-2022-40175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40175) | [Code Intelligence](https://code-intelligence.com) |
-| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `DefaultJSONParser` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37313) | [CVE-2022-41855](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41855) | [Code Intelligence](https://code-intelligence.com) |
-| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `SerialContext` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33768) | [CVE-2022-41856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41856) | [Code Intelligence](https://code-intelligence.com) |
-| [Apache/commons-jxpath](https://github.com/apache/commons-jxpath/) | Remote code execution via crafted `XPath` expression | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133) | | [Code Intelligence](https://code-intelligence.com) |
-| [airlift/aircompressor](https://github.com/airlift/aircompressor) | Out-of-bounds memory access through `sun.misc.Unsafe` | fixed | [CVE-2024-36114](https://www.cve.org/CVERecord?id=CVE-2024-36114) | [@Marcono1234](https://github.com/Marcono1234) |
-| [lz4/lz4-java](https://github.com/lz4/lz4-java) | Out-of-bounds memory access through `sun.misc.Unsafe` & JNI | [fixed](https://github.com/yawkat/lz4-java/releases/tag/v1.8.1) | [CVE-2025-12183](https://www.cve.org/CVERecord?id=CVE-2025-12183) | [@yawkat](https://github.com/yawkat), [@Marcono1234](https://github.com/Marcono1234) |
+| Project | Bug | Status | CVE | found by |
+|-------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------|
+| [mysql/mysql-connector-j](https://github.com/mysql/mysql-connector-j) | Remote code execution via abusing connection property propertiesTransform | [fixed](https://github.com/ryenus/hsqldb/commit/b6719c67b41eb9298c2451ad2829bf03b262a941) | [CVE-2023-21971](https://nvd.nist.gov/vuln/detail/CVE-2023-21971) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53464) |
+| [hsqldb](https://hsqldb.org/) | Remote code execution via prepared statement values | [fixed](https://github.com/ryenus/hsqldb/commit/b6719c67b41eb9298c2451ad2829bf03b262a941) | [CVE-2022-41853](https://nvd.nist.gov/vuln/detail/CVE-2022-41853) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212) |
+| [spring-projects/spring-framework](https://github.com/spring-projects/spring-framework) | `OutOfMemoryError` via specially crafted SpEL expressions | fixed | [CVE-2023-20863](https://nvd.nist.gov/vuln/detail/CVE-2023-20863) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55638) |
+| [spring-projects/spring-framework](https://github.com/spring-projects/spring-framework) | `OutOfMemoryError` via specially crafted SpEL expressions | fixed | [CVE-2023-20861](https://nvd.nist.gov/vuln/detail/CVE-2023-20861) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53131) |
+| [protocolbuffers/protobuf](https://github.com/protocolbuffers/protobuf) | Small protobuf messages can consume minutes of CPU time | [fixed](https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2) | [CVE-2022-3171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330) |
+| [OpenJDK](https://github.com/openjdk/jdk) | `OutOfMemoryError` via a small BMP image | [fixed](https://openjdk.java.net/groups/vulnerability/advisories/2022-01-18) | [CVE-2022-21360](https://nvd.nist.gov/vuln/detail/CVE-2022-21360) | [Code Intelligence](https://code-intelligence.com) |
+| [OpenJDK](https://github.com/openjdk/jdk) | `OutOfMemoryError` via a small TIFF image | [fixed](https://openjdk.java.net/groups/vulnerability/advisories/2022-01-18) | [CVE-2022-21366](https://nvd.nist.gov/vuln/detail/CVE-2022-21366) | [Code Intelligence](https://code-intelligence.com) |
+| [protocolbuffers/protobuf](https://github.com/protocolbuffers/protobuf) | Small protobuf messages can consume minutes of CPU time | [fixed](https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67) | [CVE-2021-22569](https://nvd.nist.gov/vuln/detail/CVE-2021-22569) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330) |
+| [jhy/jsoup](https://github.com/jhy/jsoup) | More than 19 Bugs found in HTML and XML parser | [fixed](https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c) | [CVE-2021-37714](https://nvd.nist.gov/vuln/detail/CVE-2021-37714) | [Code Intelligence](https://code-intelligence.com) |
+| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | Infinite loop when loading a crafted 7z | fixed | [CVE-2021-35515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515) | [Code Intelligence](https://code-intelligence.com) |
+| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | `OutOfMemoryError` when loading a crafted 7z | fixed | [CVE-2021-35516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516) | [Code Intelligence](https://code-intelligence.com) |
+| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | Infinite loop when loading a crafted TAR | fixed | [CVE-2021-35517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517) | [Code Intelligence](https://code-intelligence.com) |
+| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | `OutOfMemoryError` when loading a crafted ZIP | fixed | [CVE-2021-36090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090) | [Code Intelligence](https://code-intelligence.com) |
+| [Apache/PDFBox](https://pdfbox.apache.org/) | Infinite loop when loading a crafted PDF | fixed | [CVE-2021-27807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27807) | [Code Intelligence](https://code-intelligence.com) |
+| [Apache/PDFBox](https://pdfbox.apache.org/) | OutOfMemoryError when loading a crafted PDF | fixed | [CVE-2021-27906](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27906) | [Code Intelligence](https://code-intelligence.com) |
+| [netplex/json-smart-v1](https://github.com/netplex/json-smart-v1)
[netplex/json-smart-v2](https://github.com/netplex/json-smart-v2) | `JSONParser#parse` throws an undeclared exception | [fixed](https://github.com/netplex/json-smart-v2/issues/60) | [CVE-2021-27568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27568) | [@GanbaruTobi](https://github.com/GanbaruTobi) |
+| [OWASP/json-sanitizer](https://github.com/OWASP/json-sanitizer) | Output can contain`` and `]]>`, which allows XSS | [fixed](https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0) | [CVE-2021-23899](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23899) | [Code Intelligence](https://code-intelligence.com) |
+| [OWASP/json-sanitizer](https://github.com/OWASP/json-sanitizer) | Output can be invalid JSON and undeclared exceptions can be thrown | [fixed](https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0) | [CVE-2021-23900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23900) | [Code Intelligence](https://code-intelligence.com) |
+| [alibaba/fastjson](https://github.com/alibaba/fastjson) | `JSON#parse` throws undeclared exceptions | [fixed](https://github.com/alibaba/fastjson/issues/3631) | | [Code Intelligence](https://code-intelligence.com) |
+| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | Infinite loop and `OutOfMemoryError` in `TarFile` | [fixed](https://issues.apache.org/jira/browse/COMPRESS-569) | | [Code Intelligence](https://code-intelligence.com) |
+| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | `NullPointerException` in `ZipFile` | [fixed](https://issues.apache.org/jira/browse/COMPRESS-568) | | [Code Intelligence](https://code-intelligence.com) |
+| [Apache/commons-imaging](https://commons.apache.org/proper/commons-imaging/) | Parsers for multiple image formats throw undeclared exceptions | [reported](https://issues.apache.org/jira/browse/IMAGING-279?jql=project%20%3D%20%22Commons%20Imaging%22%20AND%20reporter%20%3D%20Meumertzheim%20) | | [Code Intelligence](https://code-intelligence.com) |
+| [Apache/PDFBox](https://pdfbox.apache.org/) | Various undeclared exceptions | [fixed](https://issues.apache.org/jira/browse/PDFBOX-5108?jql=project%20%3D%20PDFBOX%20AND%20reporter%20in%20(Meumertzheim)) | | [Code Intelligence](https://code-intelligence.com) |
+| [cbeust/klaxon](https://github.com/cbeust/klaxon) | Default parser throws runtime exceptions | [fixed](https://github.com/cbeust/klaxon/pull/330) | | [Code Intelligence](https://code-intelligence.com) |
+| [FasterXML/jackson-dataformats-binary](https://github.com/FasterXML/jackson-dataformats-binary) | `CBORParser` throws an undeclared exception due to missing bounds checks when parsing Unicode | [fixed](https://github.com/FasterXML/jackson-dataformats-binary/issues/236) | | [Code Intelligence](https://code-intelligence.com) |
+| [FasterXML/jackson-dataformats-binary](https://github.com/FasterXML/jackson-dataformats-binary) | `CBORParser` throws an undeclared exception on dangling arrays | [fixed](https://github.com/FasterXML/jackson-dataformats-binary/issues/240) | | [Code Intelligence](https://code-intelligence.com) |
+| [ngageoint/tiff-java](https://github.com/ngageoint/tiff-java) | `readTiff ` Index Out Of Bounds | [fixed](https://github.com/ngageoint/tiff-java/issues/38) | | [@raminfp](https://github.com/raminfp) |
+| [google/re2j](https://github.com/google/re2j) | `NullPointerException` in `Pattern.compile` | [reported](https://github.com/google/re2j/issues/148) | | [@schirrmacher](https://github.com/schirrmacher) |
+| [google/gson](https://github.com/google/gson) | `ArrayIndexOutOfBounds` in `ParseString` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40838) | | [@DavidKorczynski](https://twitter.com/Davkorcz) |
+| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` in `Composer` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024) | [CVE-2022-38749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38749) | [Code Intelligence](https://code-intelligence.com) |
+| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` in `BaseConstructor` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027) | [CVE-2022-38750](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38750) | [Code Intelligence](https://code-intelligence.com) |
+| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` caused by regex parse failure in `java.util.regex` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039) | [CVE-2022-38751](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38751) | [Code Intelligence](https://code-intelligence.com) |
+| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` caused by recursion in `java.util.ArrayList` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081) | [CVE-2022-38752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38752) | [Code Intelligence](https://code-intelligence.com) |
+| [snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src/master/) | `StackOverflowError` caused by recursion in `java.util.ArrayList` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355) | [CVE-2022-41854](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41854) | [Code Intelligence](https://code-intelligence.com) |
+| [jettison-json/jettison](https://github.com/jettison-json/jettison/) | `StackOverflowError` in `JSONTokener` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538) | [CVE-2022-40149](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149) | [Code Intelligence](https://code-intelligence.com) |
+| [jettison-json/jettison](https://github.com/jettison-json/jettison/) | `OutOfMemoryError` when parsing json objects | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549) | [CVE-2022-40150](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150) | [Code Intelligence](https://code-intelligence.com) |
+| [x-stream/xstream](https://github.com/x-stream/xstream/) | `StackOverflowError` in `xstream.core` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47367) | [CVE-2022-40151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151) | [Code Intelligence](https://code-intelligence.com) |
+| [FasterXML/woodstox](https://github.com/FasterXML/woodstox/) | `StackOverflowError` in `WordResolver` | [fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434) | [CVE-2022-40152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152) | [Code Intelligence](https://code-intelligence.com) |
+| [HtmlUnit/htmlunit](https://github.com/HtmlUnit/htmlunit) | `StackOverflowError` in `DomNode` | [fixed](https://github.com/HtmlUnit/htmlunit/commit/940dc7fd) | [CVE-2023-2798](https://nvd.nist.gov/vuln/detail/CVE-2023-2798) | [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613) |
+| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `DefaultJSONParser` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32410) | [CVE-2022-40173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40173) | [Code Intelligence](https://code-intelligence.com) |
+| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `JSONPath` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35777) | [CVE-2022-40174](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40174) | [Code Intelligence](https://code-intelligence.com) |
+| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `JSONPath` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47686) | [CVE-2022-40175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40175) | [Code Intelligence](https://code-intelligence.com) |
+| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `DefaultJSONParser` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37313) | [CVE-2022-41855](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41855) | [Code Intelligence](https://code-intelligence.com) |
+| [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `SerialContext` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33768) | [CVE-2022-41856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41856) | [Code Intelligence](https://code-intelligence.com) |
+| [Apache/commons-jxpath](https://github.com/apache/commons-jxpath/) | Remote code execution via crafted `XPath` expression | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133) | | [Code Intelligence](https://code-intelligence.com) |
+| [airlift/aircompressor](https://github.com/airlift/aircompressor) | Out-of-bounds memory access through `sun.misc.Unsafe` | fixed | [CVE-2024-36114](https://www.cve.org/CVERecord?id=CVE-2024-36114) | [@Marcono1234](https://github.com/Marcono1234) |
+| [lz4/lz4-java](https://github.com/lz4/lz4-java) | Out-of-bounds memory access through `sun.misc.Unsafe` & JNI | [fixed](https://github.com/yawkat/lz4-java/releases/tag/v1.8.1) | [CVE-2025-12183](https://www.cve.org/CVERecord?id=CVE-2025-12183) | [@yawkat](https://github.com/yawkat), [@Marcono1234](https://github.com/Marcono1234) |
+| [lz4/lz4-java](https://github.com/lz4/lz4-java) | Information leak in Java safe decompressor | [fixed](https://github.com/yawkat/lz4-java/releases/tag/v1.10.1) | [CVE-2025-66566](https://www.cve.org/CVERecord?id=CVE-2025-66566) | [Code Intelligence](https://code-intelligence.com) |
+| [airlift/aircompressor](https://github.com/airlift/aircompressor) | Information leak in lz4 and snappy decompressor | [fixed](https://github.com/airlift/aircompressor/releases/tag/3.4) | [CVE-2025-67721](https://www.cve.org/CVERecord?id=CVE-2025-67721) | [Code Intelligence](https://code-intelligence.com) |