CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

ROS-20260327-73-0003

A vulnerability in the expand function of the juliangruber/brace-expansion library of the Node.js software platform involves uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2025-71134 mm/page_alloc: change all pageblocks migrate type on coalescing

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible. When the buddy page migrate type differs, it is expected to be updated to matc...

EUVD-2025-9700

Malicious code in bioql PyPI...

OESA-2025-1645 nodejs-brace-expansion security update

Brace expansion as known from sh/bash Security Fixes: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular...

AZL-63689 CVE-2025-5889 affecting package js-jquery 3.5.0-4

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

AZL-63707 CVE-2025-5889 affecting package nodejs-nodemon 2.0.3-4

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

AZL-63692 CVE-2025-5889 affecting package nodejs-nodemon 2.0.3-5

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

CVE-2025-5889 juliangruber brace-expansion index.js expand redos

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

brace-expansion 安全漏洞

brace-expansion is a Brace extension in JavaScript by the individual developer Julian Gruber. A security vulnerability exists in brace-expansion version 1.1.11 and earlier, which stems from an inefficient regular expression complexity in the function expand...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the expand function, which is prone to catastrophic backtracking on very long malicious inputs. PoC js import index from...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bowergithub.juliangruber:brace-expansion is a bower github webjar of the brace-expansion package Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the expand function, which is prone to catastrophic backtracking on very long...

CVE-2025-3197

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

expand-object Vulnerable to Prototype Pollution via the expand() Function

Versions of the package expand-object from 0.0.0 to 0.4.2 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

GHSA-4VJR-HFPP-2M7W expand-object Vulnerable to Prototype Pollution via the expand() Function

Versions of the package expand-object from 0.0.0 to 0.4.2 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

CVE-2025-3197

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

CVE-2025-3197

CVE-2025-3197 concerns the expand-object library. Reports across multiple sources confirm a Prototype Pollution flaw in the expand() function (index.js) that turns a string into an object without filtering keys like proto . Affected: expand-object versions 0.0.0 and later. Potential impact descri...

expand-object 安全漏洞

expand-object is a library by Jon Schlinkert, a personal developer, that uses simple symbols to expand strings into JavaScript objects. A security vulnerability exists in expand-object that stems from prototype contamination in the expand function...

PT-2025-14841 · Unknown · Expand-Object

Name of the Vulnerable Software and Affected Versions: expand-object versions 0.0.0 and later Description: The issue concerns a Prototype Pollution flaw in the expand function located in index.js. This function is used to expand a given string into an object, but it does not check the provided ke...

PT-2026-2895

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained an issue in the mm/page alloc component where the migration type of page blocks was not consistently updated during page coalescing. Specifically, when a page...