Malicious code in @tanstack/valibot-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25062244509cace2232407aaa71ca13d0ca2cf2c113e8e1dd19280694a3475cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3493 Malicious code in @tanstack/valibot-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25062244509cace2232407aaa71ca13d0ca2cf2c113e8e1dd19280694a3475cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Regular Expression Denial Of Service (ReDoS)

Valibot is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient processing in the EMOJIREGEX used by the emoji action, which allows an attacker to supply a crafted input that triggers excessive CPU consumption and causes a denial of service...

CVE-2025-66020

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

GHSA-VQPR-J7V3-HQW9 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Summary The EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU time minutes, leading to a Denial of Service DoS for the application...

@0xfutbol/id (>=2.0.0 <=2.0.200), @0xkamal7/sui-agent (>=1.1.2 <=1.1.5) +1665 more potentially affected by CVE-2025-66020 via valibot (>=0.31.0 <=1.1.0)

valibot NPM version =0.31.0, =2.0.0, =1.1.2, =1.2.0-pre.92, =1.2.0-pre.24, =1.2.0-pre.24, =0.0.1, =0.0.1, =0.0.1, =1.2.0-pre.64, =0.0.1, =0.0.1, =0.5.9, =0.5.18, =0.1.1-beta.1, =4.0.2-beta.0, =9.0.0-beta-bump-wagmi-viem.2 and more Source cves: CVE-2025-66020 Source advisory: OSV:GHSA-VQPR-J7V3-HQ...

EUVD-2025-199685

Valibot has a ReDoS vulnerability in EMOJIREGEX...

Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Summary The EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU time minutes, leading to a Denial of Service DoS for the application...

Regular Expression Denial of Service (ReDoS)

Overview valibot is a The modular and type safe schema library for validating structural data Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the EMOJIREGEX. An attacker can cause excessive CPU consumption and disrupt application availability by...

@0xfutbol/id (>=2.0.0 <=2.0.200), @0xkamal7/sui-agent (>=1.1.2 <=1.1.5) +1669 more potentially affected by CVE-2025-66020 via valibot (>=0.31.0-rc.4 <=1.1.0)

valibot NPM version =0.31.0-rc.4, =2.0.0, =1.1.2, =1.2.0-pre.92, =1.2.0-pre.24, =1.2.0-pre.24, =0.0.1, =0.0.1, =0.0.1, =1.2.0-pre.64, =0.0.1, =0.0.1, =0.5.9, =0.5.18, =0.1.1-beta.1, =4.0.2-beta.0, =9.0.0-beta-bump-wagmi-viem.2 and more Source cves: CVE-2025-66020 Source advisory:...

CVE-2025-66020

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

CVE-2025-66020

Valibot CVE-2025-66020: A ReDoS flaw in the EMOJI_REGEX used by the emoji action affects 0.31.0–1.1.0, caused by catastrophic backtracking in the emoji-related pattern. This can let an attacker craft short input (e.g., under 100 chars) that consumes excessive CPU time, leading to DoS. The issue i...

CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

Valibot 安全漏洞

Valibot is an Open Circle open source library for structured data validation. A security vulnerability exists in Valibot versions 0.31.0 through 1.1.0, which stems from EMOJIREGEX being susceptible to a regular expression denial-of-service attack that could result in a denial of service of the...

Malicious code in botframework-webchat-react-valibot (npm)

The package botframework-webchat-react-valibot was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...