Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9190 matches found

Snyk
Snykadded 2025/08/21 4:2 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview yarn is a package for dependency management. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the setOptions function in the src/util/request-manager.js file. An attacker can cause resource exhaustion by supplying crafted input that...

5.5CVSS4.4AI score0.00032EPSS
Exploits1References2
Snyk
Snykadded 2025/08/21 4:2 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:yarn is a package for dependency management. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the setOptions function in the src/util/request-manager.js file. An attacker can cause resource exhaustion by supplying crafted...

5.5CVSS6.8AI score0.00032EPSS
Exploits1References2
CVE
CVEadded 2025/08/21 4:2 p.m.28 views

CVE-2025-9308

CVE-2025-9308 affects yarnpkg Yarn up to 1.22.22. The vulnerability is in the function setOptions of src/util/request-manager.js, where manipulation leads to inefficient regular expression complexity. Local access is required. The advisory consistently indicates the issue affects products that ar...

5.5CVSS7.1AI score0.00032EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinuxadded 2025/08/21 4:2 p.m.3 views

CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

5.5CVSS7.2AI score0.00032EPSS
Exploits1References4
Debian CVE
Debian CVEadded 2025/08/21 4:2 p.m.5 views

CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

5.5CVSS4.1AI score0.00032EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2025/08/21 1:25 p.m.7 views

CVE-2025-4690

A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a Regular expression Denial of Service ReDoS...

4.3CVSS6.8AI score0.00024EPSS
Exploits0References1
Veracode
Veracodeadded 2025/08/21 6:38 a.m.4 views

Regular Expression Denial Of Service (ReDoS)

copyparty is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to allowing arbitrary RegEx inputs in the filter parameter of the "Recent Uploads" page, which allows an attacker to craft a malicious regex that deadlocks the server...

7.5CVSS7AI score0.00319EPSS
Exploits1References5Affected Software1
CNNVD
CNNVDadded 2025/08/21 12:0 a.m.2 views

Yarn 安全漏洞

Yarn is an open source package installation, management tool from Yarn Open Source. A security vulnerability exists in Yarn 1.22.22 and earlier versions that stems from insufficient regular expression complexity...

5.5CVSS4.2AI score0.00032EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2025/08/20 2:28 p.m.5 views

CVE-2025-33090

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cause excessive resource consumption...

7.5CVSS7.4AI score0.00125EPSS
Exploits0References1
OSV
OSVadded 2025/08/20 3:30 a.m.0 views

GHSA-XH9H-692F-MMG4 Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module

Withdrawn Advisory This advisory has been withdrawn because the attack surface of this vulnerability is outside of Knack's intended functionality. The maintainer states the following: These CVEs are invalid. Knack is a CLI framework used by Azure CLI. It's a local library, not a web service. In...

5.1CVSS5.7AI score0.00661EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2025/08/20 3:30 a.m.4 views

Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module

Withdrawn Advisory This advisory has been withdrawn because the attack surface of this vulnerability is outside of Knack's intended functionality. The maintainer states the following: These CVEs are invalid. Knack is a CLI framework used by Azure CLI. It's a local library, not a web service. In...

6.9CVSS6.4AI score0.00661EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2025/08/20 3:30 a.m.5 views

Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module

Withdrawn Advisory This advisory has been withdrawn because the attack surface of this vulnerability is outside of Knack's intended functionality. The maintainer states the following: These CVEs are invalid. Knack is a CLI framework used by Azure CLI. It's a local library, not a web service. In...

6.9CVSS6.4AI score0.00697EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2025/08/20 3:30 a.m.0 views

GHSA-6FXP-P9MG-Q64W Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module

Withdrawn Advisory This advisory has been withdrawn because the attack surface of this vulnerability is outside of Knack's intended functionality. The maintainer states the following: These CVEs are invalid. Knack is a CLI framework used by Azure CLI. It's a local library, not a web service. In...

5.1CVSS5.7AI score0.00697EPSS
Exploits0References5
OSV
OSVadded 2025/08/20 3:15 a.m.2 views

CVE-2025-54363

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...

6.9CVSS6AI score
Exploits0References3
NVD
NVDadded 2025/08/20 3:15 a.m.2 views

CVE-2025-54363

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...

6.9CVSS0.00697EPSS
Exploits0References3
OSV
OSVadded 2025/08/20 3:15 a.m.1 views

DEBIAN-CVE-2025-54364

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...

6.9CVSS5.4AI score0.00661EPSS
Exploits0References1
NVD
NVDadded 2025/08/20 3:15 a.m.2 views

CVE-2025-54364

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...

6.9CVSS0.00661EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/08/20 12:0 a.m.2 views

CVE-2025-54363

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...

6.9CVSS6AI score0.00697EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-32723

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service ReDoS. When Prism is used to highlig...

7.4CVSS6.9AI score0.00373EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-20861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide...

6.5CVSS6.8AI score0.00542EPSS
Exploits1References3
Rows per page
Query Builder