CVE-2026-25547 Uncontrolled Resource Consumption in @isaacs/brace-expansion

@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, t...

GHSA-7H2J-956F-4VF2 @isaacs/brace-expansion has Uncontrolled Resource Consumption

Summary @isaacs/brace-expansion is vulnerable to a Denial of Service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the...

AZL-25709 CVE-2023-0464 affecting package rust for versions less than 1.68.0-1

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...