CVE-2022-39280

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...

CVE-2022-44315

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall...

CVE-2022-36064

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the...

CVE-2022-24891

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...

CVE-2021-43805

Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential...

CVE-2021-29506

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:...

CVE-2021-32674

Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL...

CVE-2021-32763

OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...

CVE-2021-33580

User controlled request.getHeader"Referer", request.getRequestURL and request.getQueryString are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the...

CVE-2021-39938

A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted...

CVE-2021-39917

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking...

CVE-2021-3820

inflect is vulnerable to Inefficient Regular Expression Complexity...

CVE-2021-3822

jsoneditor is vulnerable to Inefficient Regular Expression Complexity...

CVE-2021-3810

code-server is vulnerable to Inefficient Regular Expression Complexity...

CVE-2021-31158

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access...

CVE-2021-29061

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs...

CVE-2021-22168

A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8...

CVE-2021-21479

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system...

CVE-2021-40899

A Regular Expression Denial of Service ReDOS vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories...

CVE-2021-3804

taro is vulnerable to Inefficient Regular Expression Complexity...