9190 matches found
CVE-2025-5197 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...
Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
...
PT-2025-32158 · Hugging Face · Huggingface/Transformers
Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions up to 4.51.3 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the convert tf weight name to pt weight name function of the Hugging Face Transformers library. This function,...
glibc: Double free in glibc
A double-free vulnerability has been discovered in glibc GNU C Library. This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could...
Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update
An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...
CVE-2025-54796 Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page
Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...
Regular Expression Denial of Service (ReDoS)
Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the sortahtmltokenizere regex used in the HTML tokenizer due to improperly constraining quoted attribute values ".?",...
Security Bulletin: IBM Storage Ceph is vulnerable to Inefficient Regular Expression Complexity in Babel via Grafana (CVE-2025-27789)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2025-27789 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When...
Age Verification Laws Send VPN Use Soaring—and Threaten the Open Internet
A law requiring UK internet users to verify their age to access adult content has led to a huge surge in VPN downloads—and has experts worried about the future of free expression online...
CVE-2025-8263
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2025-8263
...
CVE-2025-8262
A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...
CVE-2025-8262 yarnpkg Yarn hosted-git-resolver.js explodeHostedGitFragment redos
A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...
CVE-2025-8262
A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...
Regular Expression Denial Of Service (ReDoS)
fastapi-guard is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to incomplete regex filtering due to an insufficient patch that fails to detect...
PT-2025-31054 · Prettier · Prettier
Name of the Vulnerable Software and Affected Versions: prettier versions up to 3.6.2 Description: A vulnerability exists in prettier due to inefficient regular expression complexity within the parseNestedCSS function of the src/language-css/parser-postcss.js file. The manipulation of the node...
PT-2025-31053 · Unknown +1 · Yarnpkg Yarn +1
Name of the Vulnerable Software and Affected Versions: yarnpkg Yarn versions up to 1.22.22 Description: A vulnerability exists in the explodeHostedGitFragment function within the src/resolvers/exotics/hosted-git-resolver.js file. This manipulation results in inefficient regular expression...
NewStart CGSL MAIN 7.02 : python-configobj Vulnerability (NS-SA-2025-0178)
The remote NewStart CGSL host, running version MAIN 7.02, has python-configobj packages installed that are affected by a vulnerability: - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only...
Regular Expression Denial of Service (ReDoS)
Overview calibreweb is a Web app for browsing, reading and downloading eBooks stored in a Calibre database. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the stripwhitespaces function in cps/stringhelper.py file. An attacker can cause the...
PT-2025-30695 · Unknown · Autocaliweb +1
Name of the Vulnerable Software and Affected Versions: Calibre Web version 0.6.24 Nicolette Autocaliweb version 0.7.0 Description: A Regular Expression Denial of Service ReDoS issue exists in the strip whitespaces function within cps/string helper.py. Unauthenticated remote attackers can exploit...