ROOT-APP-NPM-CVE-2025-69873 CVE-2025-69873 in @rootio/ajv - Patched by Root

Root has patched CVE-2025-69873 in the @rootio/ajv package for Root:npm. Multiple fixed versions available...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.10.0 Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is...

ajv: ReDoS via $data reference

A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS Regular Expression Denial of...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873.

Summary IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerabl...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873

Summary IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873 Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS...

Denial Of Service (DoS)

ajv is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to passing attacker-controlled values from $data references directly into the JavaScript RegExp constructor without validation. This allowing malicious regex patterns that trigger catastrophic backtracking a...

CVE-2025-69873

A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS Regular Expression Denial of...

0.8.18-p11 (=0.8.18-p12), 02vue_toast_demo (>=1.0.1 <=1.0.4) +37579 more potentially affected by CVE-2025-69873 via ajv (>=0.2.9 <=6.12.6)

ajv NPM version =0.2.9, =1.0.1, =0.0.1, =1.0.4, =5.0.0, =0.8.4, =0.0.1, =5.4.4, =5.4.4, =1.0.2, =1.0.7 and more Source cves: CVE-2025-69873 Source advisory: OSV:GHSA-2G4F-4PWH-QVX6...

0.edsql (>=1.0.49 <=1.0.50), 4itech-schematics (>=10.0.2-0 <=11.7.0-5) +9716 more potentially affected by CVE-2025-69873 via ajv (>=7.0.0-beta.0 <=8.17.1)

ajv NPM version =7.0.0-beta.0, =1.0.49, =10.0.2-0, =4.11.2, =0.1.0, =0.1.1, =0.0.1-251008.90016, =1.0.0, =1.4.0, =0.0.2, =2.0.0, =11.7.0, =0.1.0, =0.6.111, =15.0.0, =20.0.0-renovate-fd1892-me5sbqz0 and more Source cves: CVE-2025-69873 Source advisory: SNYK:JS-AJV-15274295...

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (>=15.2.0-next.3 <=19.2.8) +2 more potentially affected by CVE-2025-69873 via org.webjars.npm:ajv (>=8.12.0 <=8.17.1)

org.webjars.npm:ajv MAVEN version =8.12.0, =15.2.0-next.3, =15.2.0-next.3, =15.2.0-next.3, =19.2.8 Source cves: CVE-2025-69873 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15274296...

CVE-2025-69873

CVE-2025-69873 affects ajv (up to v8.17.1). The pattern keyword using $data accepts runtime data and passes it to JavaScript RegExp() without validation, enabling ReDoS with crafted input (e.g., "^(a|a)*$"). This can cause significant CPU usage per request when dynamic schema validation is used. ...

MiracleLinux 7 : rh-nodejs12-nodejs-12.19.1-2.el7 (AXSA:2020-959:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-959:05 advisory. nodejs-y18n: prototype pollution vulnerability CVE-2020-7774 c-ares: aresparsea,aaaareply insufficient naddrttls validation DoS CVE-2020-8277...

MiracleLinux 8 : nodejs:12 (AXSA:2021-1495:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1495:01 advisory. nodejs-mixin-deep: prototype pollution in function mixin-deep CVE-2019-10746 nodejs-set-value: prototype pollution in function set-value...

MiracleLinux 7 : rh-nodejs14-nodejs-14.15.4-2.el7 (AXSA:2021-1397:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1397:01 advisory. nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS CVE-2020-7754 nodejs-y18n: prototype pollution...

EUVD-2022-1195

Malicious code in bioql PyPI...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

PT-2026-7637

Name of the Vulnerable Software and Affected Versions ajv versions through 8.17.1 Description ajv Another JSON Schema Validator is susceptible to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data through JSON Pointer syntax $data...

MAL-2024-1739 Malicious code in ajv-8.11.0 (npm)

--- -= Per source details. Do not edit below this line.=-...