CVE-2025-65122

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

CVE-2026-10692 johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

GHSA-VPXX-H23G-GXH2 youtube-regex vulnerable to Regex Denial of Service

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

CVE-2025-65122

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

Linux Distros Unpatched Vulnerability : CVE-2026-33079

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can...

Astra Linux - уязвимость в jruby

In Ruby, WEBrick::HTTPAuth::DigestAuth from versions 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 causes a denial-of-service attack due to a regular expression issue related to looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the internet or a trusted...

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.3.1.3 Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific...

CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

EUVD-2026-24021

Signal K Server has an Unauthenticated Regular Expression Denial of Service ReDoS via WebSocket Subscription Paths...

UBUNTU-CVE-2026-33671

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

Linux Distros Unpatched Vulnerability : CVE-2025-10990

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; ...

BIT-GITLAB-2026-1388 Inefficient Regular Expression Complexity in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

CVE-2026-1388

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

CVE-2026-1388

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

CVE-2026-1388

Removed by vendor...

CVE-2026-1388

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

CVE-2026-1388 Inefficient Regular Expression Complexity in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

PT-2026-21994

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.2 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 GitLab CE/EE versions 18.9 through 18.9.0 Description An unauthenticated user could potentially cause a denial of service by sending specially crafted input to ...

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.7.5, 18.8.5, and 18.9.1 containe...

Regular Expression Denial of Service Induced by Backreferences

This paper presents the first systematic study of denial-of-service vulnerabilities in Regular Expressions with Backreferences REwB. We introduce the Two-Phase Memory Automaton 2PMFA, an automaton model that precisely captures REwB semantics. Using this model, we derive necessary conditions under...