CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

RedHat Linux•added 2026/05/04 2:31 p.m.•3 views

ajv: ReDoS via $data reference

A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS Regular Expression Denial of...

7.5CVSS7.2AI score0.00015EPSS

Exploits1References5

IBM Security Bulletins•added 2026/05/04 6:56 a.m.•5 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873.

Summary IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerabl...

7.5CVSS6.6AI score0.00015EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/03/30 3:17 p.m.•4 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873

Summary IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873 Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS...

7.5CVSS6.1AI score0.00015EPSS

Exploits1Affected Software1

Veracode•added 2026/02/18 9:23 a.m.•5 views

Denial Of Service (DoS)

ajv is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to passing attacker-controlled values from $data references directly into the JavaScript RegExp constructor without validation. This allowing malicious regex patterns that trigger catastrophic backtracking a...

7.5CVSS5.6AI score0.00015EPSS

Exploits1References9Affected Software1

RedhatCVE•added 2026/02/12 4:49 p.m.•3 views

CVE-2025-69873

7.5CVSS5.5AI score0.00015EPSS

Exploits1References4

vulnersOsv•added 2026/02/11 9:30 p.m.•4 views

0.8.18-p11 (=0.8.18-p12), 02vue_toast_demo (>=1.0.1 <=1.0.4) +37579 more potentially affected by CVE-2025-69873 via ajv (>=0.2.9 <=6.12.6)

ajv NPM version =0.2.9, =1.0.1, =0.0.1, =1.0.4, =5.0.0, =0.8.4, =0.0.1, =5.4.4, =5.4.4, =1.0.2, =1.0.7 and more Source cves: CVE-2025-69873 Source advisory: OSV:GHSA-2G4F-4PWH-QVX6...

7.5CVSS6.6AI score0.00015EPSS

Exploits1

vulnersOsv•added 2026/02/11 12:0 a.m.•5 views

0.edsql (>=1.0.49 <=1.0.50), 4itech-schematics (>=10.0.2-0 <=11.7.0-5) +9716 more potentially affected by CVE-2025-69873 via ajv (>=7.0.0-beta.0 <=8.17.1)

ajv NPM version =7.0.0-beta.0, =1.0.49, =10.0.2-0, =4.11.2, =0.1.0, =0.1.1, =0.0.1-251008.90016, =1.0.0, =1.4.0, =0.0.2, =2.0.0, =11.7.0, =0.1.0, =0.6.111, =15.0.0, =20.0.0-renovate-fd1892-me5sbqz0 and more Source cves: CVE-2025-69873 Source advisory: SNYK:JS-AJV-15274295...

7.5CVSS6.6AI score0.00015EPSS

Exploits1

Debian CVE•added 2026/02/11 12:0 a.m.•4 views

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

7.5CVSS6.4AI score0.00015EPSS

Exploits1

vulnersOsv•added 2026/02/11 12:0 a.m.•4 views

org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (>=15.2.0-next.3 <=19.2.8) +2 more potentially affected by CVE-2025-69873 via org.webjars.npm:ajv (>=8.12.0 <=8.17.1)

org.webjars.npm:ajv MAVEN version =8.12.0, =15.2.0-next.3, =15.2.0-next.3, =15.2.0-next.3, =19.2.8 Source cves: CVE-2025-69873 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15274296...

7.5CVSS6.4AI score0.00015EPSS

Exploits1

CVE•added 2026/02/11 12:0 a.m.•20 views

CVE-2025-69873

CVE-2025-69873 affects ajv (up to v8.17.1). The pattern keyword using $data accepts runtime data and passes it to JavaScript RegExp() without validation, enabling ReDoS with crafted input (e.g., "^(a|a)*$"). This can cause significant CPU usage per request when dynamic schema validation is used. ...

7.5CVSS6.1AI score0.00015EPSS

Exploits1References6

Vulnrichment•added 2026/02/11 12:0 a.m.•2 views

CVE-2025-69873

2.9CVSS6.1AI score0.00015EPSS

Exploits1References6

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-1195

Malicious code in bioql PyPI...

6.8CVSS7.5AI score0.00331EPSS

Exploits0References18

Positive Technologies•added 2025/01/01 12:0 a.m.•3 views

PT-2026-7637

Name of the Vulnerable Software and Affected Versions ajv versions through 8.17.1 Description ajv Another JSON Schema Validator is susceptible to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data through JSON Pointer syntax $data...

7.5CVSS5.5AI score0.00015EPSS

Exploits1References20

vulnersOsv•added 2022/02/10 11:30 p.m.•5 views

0.8.18-p11 (=0.8.18-p12), 02vue_toast_demo (>=1.0.1 <=1.0.4) +33317 more potentially affected by CVE-2020-15366 via ajv (>=0.2.9 <=6.12.2)

ajv NPM version =0.2.9, =1.0.1, =1.0.4, =5.0.0, =0.8.4, =0.0.1, =5.4.4, =5.4.4, =1.0.2, =2.0.0, =2.0.4 and more Source cves: CVE-2020-15366 Source advisory: OSV:GHSA-V88G-CGMW-V5XW...

6.8CVSS6.8AI score0.00331EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by