Amazon Linux 2023 : cargo-c (ALAS2023-2025-1180)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1180 advisory. tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence...

gadgetinspector

This is a Java-based tool for finding deserialization gadget chains in Java applications. The tool is called "Gadget Inspector" and is presented as a project that was showcased at Black Hat USA 2018. The tool is designed to automatically discover possible gadget chains in an application's...

GHSA-RCV9-QM8P-9P6J Hugging Face Transformers library has Regular Expression Denial of Service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

Hugging Face Transformers library has Regular Expression Denial of Service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

Regular Expression Denial of Service (ReDoS)

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the normalizenumbers function of the EnglishNormalizer class. An attacker can cause excessive CPU...

CVE-2025-6051

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

CVE-2025-6051

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

CVE-2025-6051

CVE-2025-6051 is a ReDoS in Hugging Face Transformers’ EnglishNormalizer.normalize_numbers(), affecting versions up to 4.52.4 and fixed in 4.53.0. The issue arises from numeric string handling, enabling crafted inputs with long digit sequences to cause excessive CPU usage, impacting text-to-speec...

CVE-2025-6051 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

CVE-2025-6051 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

CVE-2025-6454

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...

PT-2025-37422

Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions up to 4.52.4 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the normalize numbers method of the EnglishNormalizer class. This issue arises from the method's handling of...

CVE-2025-9918

A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server versions 6.3.54.0, 6.3.53.2, and all prior versions allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution RCE via uploading a malicious ZIP archive...

Exploit for Race Condition in Openbsd Openssh

NO REGRESSH - Enhanced CVE-2024-6387 Framework A complete Pyt...

OESA-2025-2250 python-h2 security update

This repository contains a pure-Python implementation of a HTTP/2 protocol stack. It is written from the ground up to be embeddable in whatever program you choose to use, ensuring that you can speak HTTP/2 regardless of your programming paradigm. Security Fixes: A vulnerability was found in...

CVE-2025-41714

The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write...

CVE-2025-6454

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...

CVE-2025-6454 Server-Side Request Forgery (SSRF) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...

CVE-2025-6454

CVE-2025-6454 affects GitLab CE/EE: authenticated users can trigger Server-Side Request Forgery by injecting crafted sequences to make unintended internal requests through proxy environments. Impacted versions are 16.11 up to 18.1.5, 18.2 up to 18.2.5, and 18.3 up to 18.3.1 (i.e., before 18.1.6, ...

CVE-2025-6454 Server-Side Request Forgery (SSRF) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...