GHSA-RRF6-PXG8-684G FastAPI Guard has a regex bypass

Summary The regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. Details In version 3.0.1, you can find a commit like the one in the link below, which was made to prevent ReDoS...

PT-2025-30607 · Unknown · Fastapi Guard

Name of the Vulnerable Software and Affected Versions: fastapi-guard versions 3.0.1 Description: The regular expression patch intended to mitigate a ReDoS vulnerability failed to adequately limit input string length. Specifically, the patch did not account for cases where the attributes within a...

IBM Engineering Requirements Management DOORS 9.7.2.9 < 9.7.2.10 Multiple Vulnerabilities (7238992)

The version of IBM Engineering Requirements Management DOORS formerly IBM Rational DOORS installed on the remote host is 9.7.2.9 prior to 9.7.2.10. It is, therefore, affected by multiple vulnerabilities as referenced in the 7238992 advisory. - CKEditor4 is an open source WYSIWYG HTML editor. In...

RHEL 8 : pcs (RHSA-2025:11047)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:11047 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rexml: REXML ReDoS...

Transformers is vulnerable to ReDoS attack through its DonutProcessor class

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.51.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

CVE-2025-3933

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

CVE-2025-3933

CVE-2025-3933 (Hugging Face Transformers) A ReDoS vulnerability exists in the DonutProcessor.token2json() implementation where the regex pattern (and a similar pattern in later mention) can cause catastrophic backtracking and high CPU usage. Affected: Transformers versions 4.50.3 and earlier. Im...

CVE-2025-3933 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

PT-2025-29223 · Hugging Face · Huggingface/Transformers

Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions 4.50.3 and earlier Hugging Face Transformers version 4.52.1 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically within the...

GHSA-J47Q-RC62-W448 fastapi-guard is vulnerable to ReDoS through inefficient regex

Summary fastapi-guard detects penetration attempts by using regex patterns to scan incoming requests. However, some of the regex patterns used in detection are extremely inefficient and can cause polynomial complexity backtracks when handling specially crafted inputs. It is not as severe as...

fastapi-guard is vulnerable to ReDoS through inefficient regex

Summary fastapi-guard detects penetration attempts by using regex patterns to scan incoming requests. However, some of the regex patterns used in detection are extremely inefficient and can cause polynomial complexity backtracks when handling specially crafted inputs. It is not as severe as...

CVE-2025-53539 ReDoS in fastapi-guard's penetration attempts detector

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely...

Transformers vulnerable to ReDoS attack through its get_imports() function

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getimports function within dynamicmoduleutils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...

Transformers vulnerable to ReDoS attack through its SETTING_RE variable

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...

GHSA-489J-G2VX-39WF Transformers vulnerable to ReDoS attack through its SETTING_RE variable

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...

GHSA-JJPH-296X-MRCR Transformers vulnerable to ReDoS attack through its get_imports() function

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getimports function within dynamicmoduleutils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...

GHSA-Q2WP-RJMX-X6X9 Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getconfigurationfile function within the transformers.configurationutils module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The...

CVE-2025-3263

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getconfigurationfile function within the transformers.configurationutils module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The...

CVE-2025-3263

CVE-2025-3263 in Hugging Face Transformers (get_configuration_file in transformers.configuration_utils) is a RegEx Denial of Service triggered by the pattern config.(.*).json. The issue affects v4.49.0 and is resolved in v4.51.0. Exploitation can cause high CPU usage, potentially disrupting model...

PT-2025-28152 · Hugging Face · Huggingface/Transformers

Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions 4.49.0 through 4.50.0 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically within the get imports function of dynamic module...