GHSA-8XX9-69P8-7JP3 LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body

Summary The renderLimit option — documented in docs/source/tutorials/dos.md as the mechanism that "mitigates this by limiting the time consumed by each render call" — can be fully bypassed by a % for % or % tablerow % tag whose body is empty. The per-iteration time check is reached only when the...

EUVD-2025-4098

Malicious code in bioql PyPI...

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2025-25283

Summary parse-duration-1.1.0.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2025-25283 DESCRIPTION: parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop...

CVE-2025-25283

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...

GHSA-HCRG-FC28-FCG5 parse-duration has a Regex Denial of Service that results in event loop delay and out of memory

Summary This report finds 2 availability issues due to the regex used in the parse-duration npm package: 1. An event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from 0.01 MB and up to 4.3 MB...

parse-duration has a Regex Denial of Service that results in event loop delay and out of memory

Summary This report finds 2 availability issues due to the regex used in the parse-duration npm package: 1. An event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from 0.01 MB and up to 4.3 MB...

CVE-2025-25283

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...

CVE-2025-25283 parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...

CVE-2025-25283 parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...