MiracleLinux 8 : python-jinja2-2.10.1-3.el8 (AXSA:2021-2728:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2728:01 advisory. python-jinja2: ReDoS vulnerability due to the sub-pattern CVE-2020-28493 Tenable has extracted the preceding description block directly from the MiracleLinux...

CVE-2024-2800

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking...

UBUNTU-CVE-2025-68142

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...

CVE-2025-68142 PyMdown Extensions has ReDOS bug in Figure Capture extension

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...

PT-2025-51772

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...

EUVD-2021-2537

Malware in sbrugna...

EUVD-2018-0269

Malware in sbrugna...

EUVD-2021-0640

Malware in sbrugna...

EUVD-2022-6131

Malicious code in bioql PyPI...

EUVD-2024-27744

Malicious code in bioql PyPI...

CVE-2021-36716

A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of CPU...

CVE-2021-27405

A ReDoS regular expression denial of service flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js...

Security Bulletin: IBM Business Automation Navigator is affected by a vulnerability in path-to-regexp (CVE-2024-45296)

Summary IBM Business Automation Navigator has addressed the following vulnerability. This does not impact IBM Content Navigator on-prem. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of...

BIT-GITLAB-2024-2800 Uncontrolled Resource Consumption in GitLab

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking...

CVE-2024-2800 Uncontrolled Resource Consumption in GitLab

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking...

PT-2022-24031 · Unknown · Kangax Html-Minifier

Name of the Vulnerable Software and Affected Versions: kangax html-minifier version 4.0.0 Description: A Regular Expression Denial of Service ReDoS flaw was found in the candidate variable in htmlminifier.js. This issue can cause a denial of service. Recommendations: For kangax html-minifier...

DEBIAN-CVE-2022-37599

A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js...

PT-2022-24021 · Webpack +1 · Loader-Utils +1

Name of the Vulnerable Software and Affected Versions: webpack loader-utils version 2.0.0 Description: A Regular expression denial of service ReDoS flaw was found in the interpolateName function in interpolateName.js via the resourcePath variable. This issue could be exploited by sending crafted...

GHSA-J377-2X76-558H Improper Input Validation in is-email

is-email helps validate an email address. A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of...

Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by a ReDoS flaw when processing URLs (CVE-2021-33502)

Summary App Connect Enterprise Certified Container may be vulnerable to a ReDoS regular expression denial of service flaw when processing URLs due to vulnerability CVE-2021-33502 Vulnerability Details CVEID: CVE-2021-33502 DESCRIPTION: Node.js normalize-url module is vulnerable to a denial of...