111 matches found
CVE-2025-8262 yarnpkg Yarn hosted-git-resolver.js explodeHostedGitFragment redos
A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...
CVE-2025-8262
The IBM Watsonx BI bulletin confirms CVE-2025-8262 affects yarnpkg Yarn up to 1.22.22, specifically the function explodeHostedGitFragment in src/resolvers/exotics/hosted-git-resolver.js. The issue arises from inefficient regular expression complexity, enabling a remote attack. A patch exists (com...
CVE-2025-7579 chinese-poetry server.js redos
A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to th...
chinese-poetry 安全漏洞
chinese-poetry is chinese-poetry open source a database of ancient Chinese poems. A security vulnerability exists in chinese-poetry version 0.1, which stems from an insufficient regular expression complexity due to a misbehavior in the file rank/server.js...
PT-2025-29429 · Pypi · Chinese-Poetry
Name of the Vulnerable Software and Affected Versions: chinese-poetry version 0.1 Description: A problematic issue exists due to inefficient regular expression complexity in the processing of the file rank/server.js. This issue can be initiated remotely. The exploit for this issue has been public...
CVE-2025-3262
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...
CVE-2025-7074
A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack...
hyper 安全漏洞
hyper is a fast, correct HTTP implementation of Rust in the hyperium open source. A security vulnerability exists in hyper 3.4.1 and earlier versions, which stems from a regular expression complexity deficiency in the function expand/braceExpand/ignoreMap in the file hyper/bin/rimraf-standalone.j...
CVE-2025-6492
A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression complexity. The attack c...
CVE-2025-6493
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2025-6493
CVE-2025-6493 affects CodeMirror (Markdown Mode) up to 5.65.20. An unknown function in file mode/markdown/markdown.js can cause inefficient regular expression complexity, enabling a remote attack. IBM/Consoles describe the vulnerability and advise upgrading the affected component to CodeMirror 6 ...
CVE-2025-6492 MarkText index.js getRecommendTitleFromMarkdownString redos
A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression complexity. The attack c...
CVE-2025-5891
A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to th...
CVE-2025-5892
A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression...
CVE-2025-5891 Unitech pm2 Config.js redos
A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to th...
CVE-2025-5890 actions toolkit glob internal-pattern.ts globEscape redos
A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate...
CVE-2025-5890
The CVE-2025-5890 entry concerns actions toolkit 0.5.0, specifically the glob component’s globEscape function in toolkit/packages/glob/src/internal-pattern.ts. The vulnerability is described as causing inefficient regular expression complexity (a Regular Expression Denial of Service, DoS risk). I...
PT-2025-24558 · Metabase · Metabase
Name of the Vulnerable Software and Affected Versions: Metabase version 54.10 Description: A problematic issue was found in the function parseDataUri of the file frontend/src/metabase/lib/dom.js. This issue leads to inefficient regular expression complexity and can be initiated remotely...
PT-2025-24561 · Taro · Taro
Name of the Vulnerable Software and Affected Versions: tarojs versions up to 4.1.1 Description: A vulnerability exists in tarojs that has been identified as problematic. The issue affects unknown code within the file taro/packages/css-to-react-native/src/index.js, leading to inefficient regular...
CVE-2024-9277
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...