CVE-2026-10691

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

EUVD-2026-33820

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

CVE-2026-3293 snowflakedb snowflake-jdbc JDBC URL SdkProxyRoutePlanner.java SdkProxyRoutePlanner redos

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

CVE-2022-35923

v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the lowercase and uppercase regex which could lead to a denial of service attack. In testing of the lowercase function a payload of 'a' + 'a'.repeati + 'A' wit...

CVE-2025-62484

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access...

EUVD-2023-35201

Malicious code in bioql PyPI...

Turndown 安全漏洞

Turndown is an HTML to Markdown converter open source by mixmark-io. A security vulnerability exists in Turndown 7.2.1 and earlier versions, which stems from a regular expression inefficiency in the file src/commonmark-rules.js that could lead to a denial-of-service attack...

UBUNTU-CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

CVE-2025-7579

A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to th...

CVE-2025-53539 ReDoS in fastapi-guard's penetration attempts detector

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely...

CVE-2025-53539 ReDoS in fastapi-guard's penetration attempts detector

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely...

fastapi-guard 安全漏洞

fastapi-guard is a security library for FastAPI by Renzo F Individual Developer that provides middleware to control IPs, log requests and detect penetration attempts. A security vulnerability exists in fastapi-guard versions prior to 3.0.1, which stems from a regular expression pattern inefficien...

CVE-2025-7074 vercel hyper rimraf-standalone.js ignoreMap redos

A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack...

CVE-2023-30858

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...

PT-2024-39535 · Langflow · Langflow

Name of the Vulnerable Software and Affected Versions: Langflow versions up to 1.0.18 Description: A problematic vulnerability was found in Langflow, affecting an unknown functionality of the file srcbackendbaselangflowinterfaceutils.py of the component HTTP POST Request Handler. The manipulation...

Design/Logic Flaw

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...

CVE-2023-30858 Denosaurs emoji has ReDoS vulnerability in `replace` function

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...

CVE-2023-30858

The CVE-2023-30858 entry describes a ReDoS in the Denosaurs emoji package (Denosaurs emoji) due to the reTrimSpace regex with a 2nd‑degree polynomial inefficiency in versions 0.1.0 through 0.3.0, causing delayed responses on large payloads. The issue is patched in version 0.3.0; a workaround is t...

emoji 安全漏洞

emoji is a simple emoticon from the Denosaurs team that supports the node.js project. A security vulnerability exists in Denosaurs emoji version 0.1.0 up to and including version 0.3.0, which stems from an inefficient second-order polynomial in a regular expression, resulting in a delayed respons...

ReDoS vulnerability in `strip` function

Description The reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. Proof of Concept import as emoji from "https://deno.land/x/[email protected]/mod.ts"; const input = '\x00' + '\t'.repeat154773 + '\t\x00'; const start = performance.now;...