CVE-2026-40319

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

GHSA-RQ2Q-4R55-9877 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Summary The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs tha...

[SECURITY] Fedora 42 Update: rust-regex-automata-0.4.13-1.fc42

Automata construction and matching using regular expressions...

[SECURITY] Fedora 43 Update: rust-regex-automata-0.4.11-1.fc43

Automata construction and matching using regular expressions...

EUVD-2011-3857

Malware in sbrugna...

[SECURITY] Fedora 41 Update: rust-matchers-0.2.0-1.fc41

Regex matching on character and byte streams...

[SECURITY] Fedora 42 Update: rust-matchers-0.2.0-1.fc42

Regex matching on character and byte streams...

Debian dla-4197 : python3-flask-cors - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4197 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4197-1 [email protected]...

GHSA-7RXF-GVFG-47G4 Flask-CORS improper regex path matching vulnerability

corydolphin/flask-cors version 5.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...

Flask-CORS improper regex path matching vulnerability

corydolphin/flask-cors version 5.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...

CVE-2024-6839

CVE-2024-6839 is a confirmed issue in corydolphin/flask-cors 4.0.1 where improper regex path matching lets less restrictive CORS policies apply to sensitive endpoints due to priority bias toward longer regexes. The vulnerability can enable unauthorized cross-origin access to data or functionality...

PT-2025-12257 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version git f07a845 lunary-ai/lunary versions prior to 1.4.26 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the server, which uses the regex /.?/ to match user-controlled strings. In the...

path-to-regexp outputs backtracking regular expressions

Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...

fonttools XML External Entity Injection (XXE) Vulnerability

Summary As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the...

USN-5944-1 snakeyaml vulnerabilities

It was discovered that SnakeYAML did not limit the maximal nested depth for collections when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resultin...

Envoy 代码问题漏洞

Envoy is an open source distributed proxy server. Envoy suffers from a code issue vulnerability that stems from a crafted request crashing when a CONNECT request is sent to a JWT filter configured with regex matching in the affected version...

Denial Of Service (DoS)

chrono-node is vulnerable to denial of service DoS. The vulnerability exists due to catastrophic backtracking in the regex matching, due to embedded spaces in the parseTimeUnits function...

Open Redirection

rails is vulnerable to open redirection. Inadequate validation and regex matching of URLs allows an attacker to bypass validation checks using a malicious Host header and redirect users to a malicious website...

maltrail

Maltrail is a malicious traffic detection system that utilizes publicly available blacklists containing malicious and/or generally suspicious trails. It also uses optional advanced heuristic mechanisms to help in discovery of unknown threats. The system can be configured to ignore certain events...