CVE-2025-7579

A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to th...

CVE-2025-7579 chinese-poetry server.js redos

A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to th...

CVE-2025-7579

Summary: CVE-2025-7579 affects chinese-poetry 0.1, with a vulnerability in the processing of rank/server.js that leads to inefficient regular expression complexity (a redos-type issue). The issue can be triggered remotely and the exploit has been publicly disclosed. Multiple sources (Red Hat, NVD...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a vulnerable regex pattern in the DonutProcessor.token2json method, which allows an attacker to craft malicious input causing excessive CPU consumption through catastrophic backtrackin...

GHSA-37MW-44QP-F5JM Transformers is vulnerable to ReDoS attack through its DonutProcessor class

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.51.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

CVE-2025-3933

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

Cross-Site Scripting (XSS)

@pdfme/common is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of expression evaluation, which allows an attacker to escape the sandbox environment and execute arbitrary code or manipulate object prototypes to perform XSS and other malicious actions...

CVE-2025-3933 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 4.50.3 and earlier, which stems from a regular expression denial of service in the token2json method o...

Security Bulletin: IBM OpenPages fixes cross-spawn package vulnerability

Summary Vulnerability in the cross-spawn package with IBM OpenPages has been addressed in the latest IBM OpenPages fix packs for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

PDFME 安全漏洞

PDFME is an open source PDF generation library built with TypeScript and React by pdfme open source. A security vulnerability exists in PDFME versions 5.2.0 through 5.4.0, which stems from an expression evaluation feature that could lead to a sandbox escape, triggering cross-site scripting and...

Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a vulnerable regular expression pattern config\..\.json in the getconfigurationfile function within the transformers.configurationutils module, which allows an attacker to craft...

Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to a flawed regular expression pattern used in the getimports function to filter try/except blocks, which allows an attacker to craft input strings that cause catastrophic backtracking...

Regular Expression Denial Of Service (ReDoS)

fastapi-guard is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficient regex pattern matching due to use of poorly optimized regular expressions that cause polynomial-time backtracking on crafted inputs, leading to high CPU usage and service...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in cross-spawn-4.0.2.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of cross-spawn-4.0.2.tgz Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due t...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within chat.py, which allows an attacker to exploit exponential backtracking using specially crafted input...

Regular Expression Denial of Service (ReDoS)

Overview fastapi-guard is a Security library for FastAPI to control IPs and more. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the SusPatternsManager class in the suspatternshandler.py file. An attacker can cause excessive resource consumption...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-expression-5.3.24.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-expression-5.3.24.jar Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spri...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in micromatch-4.0.5.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of micromatch-4.0.5.tgz Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.brac...

Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getconfigurationfile function within the transformers.configurationutils module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The...