Lucene search
K

48 matches found

OSV
OSV
added 2026/06/30 10:16 a.m.11 views

UBUNTU-CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 8:30 a.m.66 views

CVE-2026-13149

The CVE-2026-13149 entry concerns the library brace-expansion up to version 5.0.6. The vulnerability is in the expand() function, which exhibits exponential-time complexity proportional to the number of consecutive non-expanding '{}' brace groups. This allows an attacker to craft input that cause...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 8:30 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750

Summary IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33750...

7.5CVSS5.9AI score0.0043EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/10 11:53 a.m.7 views

SUSE-SU-2026:21024-1 Security update for cockpit-machines

This update for cockpit-machines fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards...

9.2CVSS5.8AI score0.00519EPSS
Exploits1References5
OSV
OSV
added 2026/04/10 11:42 a.m.4 views

SUSE-SU-2026:21166-1 Security update for cockpit

This update for cockpit fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed ...

9.2CVSS7.1AI score0.00519EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/09 1:4 p.m.5 views

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.8AI score0.26356EPSS
Exploits2References10
SUSE Linux
SUSE Linux
added 2026/04/09 10:47 a.m.4 views

Security update for cockpit

This update for cockpit fixes the following issues: CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process bsc1257836. CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards...

8.7CVSS6.6AI score0.00519EPSS
Exploits1References8
Rockylinux
Rockylinux
added 2026/04/09 12:1 a.m.6 views

nodejs:22 security update

An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS6.9AI score0.26356EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:6 p.m.11 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2026-25547 in package @isaacs/brace-expansion

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2026-25547 in package @isaacs/brace-expansion. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-25547 DESCRIPTION: @isaacs/brace-expansion is a hybrid CJS/ESM...

9.2CVSS5.8AI score0.00481EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.18 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1484)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1484 advisory. A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js...

8.6CVSS5AI score0.00459EPSS
Exploits3References8
vulnersOsv
vulnersOsv
added 2026/03/26 6:29 p.m.6 views

@algolia/coquille (>=0.0.2 <=0.0.13), @candlelabs/sdk (>=1.0.1 <=1.0.2) +21 more potentially affected by CVE-2026-33750 via brace-expansion (>=0.0.0 <=1.1.11)

brace-expansion NPM version =0.0.0, =0.0.2, =1.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =0.0.0, =1.1.1, =1.1.1-dev.20200708T085824Z.de039d8.FLUID-6524 and more Source cves: CVE-2026-33750 Source advisory: OSV:GHSA-F886-M6HF-6M8V...

7.5CVSS6.2AI score0.0043EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/26 6:29 p.m.10 views

@activepieces/piece-google-gemini (=0.1.6), @activepieces/piece-google-vertexai (=0.1.2) +9 more potentially affected by CVE-2026-33750 via brace-expansion (>=2.0.0 <=2.0.2)

brace-expansion NPM version =2.0.0, =0.2.1, =1.16.0, =1.0.1, =0.0.20, =15.0.0 - fluid-webdriver =1.1.2 - nx-cargo =1.0.0-alpha.2 Source cves: CVE-2026-33750 Source advisory: OSV:GHSA-F886-M6HF-6M8V...

7.5CVSS6.2AI score0.0043EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/13 2:35 p.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses brace-expansion dependency which is vulnerable to CVE-2026-25547.

Summary IBM Maximo Application Suite - Visual Inspection Component uses brace-expansion dependency which is vulnerable to CVE-2026-25547. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-25547 DESCRIPTION:...

9.2CVSS5.7AI score0.00481EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2026/03/05 12:0 a.m.7 views

Important: nodejs22

Issue Overview: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be...

8.8CVSS5AI score0.00459EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 5:42 a.m.10 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service

Summary IBM Event Streams is vulnerable to a denial of service due to excessive regular expression complexity in brace‑expansion CVE-2025-5889 Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has be...

3.1CVSS5.2AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 3:28 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889.

Summary IBM Maximo Application Suite - Monitor Component uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber...

3.1CVSS3.3AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 3:27 a.m.7 views

Security Bulletin: IBM Edge Data Collector uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889.

Summary IBM Edge Data Collector uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to...

3.1CVSS3.2AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 1:46 p.m.8 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-5889)

Summary IBM Security SOAR uses an older version of brace-expansion that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to version 51.0.7.1 or later. Vulnerability Details CVEID:CVE-2025-5889...

3.1CVSS5.6AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/11 5:33 p.m.11 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in brace-expansion nodejs nodejs-docs nodejs-full-i18n npm

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in brace-expansion nodejs nodejs-docs nodejs-full-i18n npm Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0...

3.1CVSS3.2AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:12 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in brace-expansion-1.1.11.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in brace-expansion-1.1.11.tgz Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as...

3.1CVSS3.2AI score0.00459EPSS
Exploits0Affected Software1
Rows per page
Query Builder