CVE-2024-10550 Denial of Service by ReDOS in h2oai/h2o-3

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...

CVE-2024-12388 Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic

A vulnerability in binary-husky/gptacademic version 310122f allows for a Regular Expression Denial of Service ReDoS attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small...

CVE-2024-12388

CVE-2024-12388 concerns a Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic (version 310122f). The vulnerability arises from a regex used to parse user input, whose matching time can grow polynomially for crafted inputs, potentially rendering the server unresponsive and un...

CVE-2024-8763

The vulnerability CVE-2024-8763 affects lunary-ai/lunary (version git be54057) in the compileTextTemplate function. The issue is a ReDoS caused by the regex /{{(.*?)}}/g, which can trigger second-degree polynomial time complexity when processing input with many braces, causing the server to hang ...

CVE-2024-7779 ReDoS (Regular Expression Denial of Service) in danswer-ai/danswer

A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service ReDoS by manipulating regular expressions. This can significantly slow down the application's response time and potentially render it completely unusable...

CVE-2024-7779

CVE-2024-7779 affects the danswer-ai/danswer project, version 1, where an attacker can trigger a Regular Expression Denial of Service (ReDoS) by manipulating regular expressions. The vulnerability can significantly slow response times and potentially render the application unusable. The provided ...

CVE-2024-7779 ReDoS (Regular Expression Denial of Service) in danswer-ai/danswer

A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service ReDoS by manipulating regular expressions. This can significantly slow down the application's response time and potentially render it completely unusable...

PT-2025-12141 · Hugging Face · Huggingface/Transformers

Name of the Vulnerable Software and Affected Versions: huggingface/transformers version v4.46.3 Description: A Regular Expression Denial of Service ReDoS issue was identified in the huggingface/transformers library, specifically in the file tokenization nougat fast.py. The issue occurs in the pos...

Lunary 资源管理错误漏洞

lunary is lunary open source a production toolkit for LLM . A denial of service vulnerability exists in lunary that stems from the use of an insecure regular expression in the compileTextTemplate function. An attacker can exploit this vulnerability to cause a denial of service...

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0.1, which stems from the use of a user-specified regular expression in the /3/ParseSetup endpoint, which could lead to a denial of service...

H2O 资源管理错误漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A resource management error vulnerability exists in H2O version 3.46.0.1, which stems from the use of a user-specified regular expression in the /3/Parse endpoint and could lead to a denial of service...

ChuanhuChatGPT 资源管理错误漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT suffers from a denial of service vulnerability that stems from the use of an insecure regular expression. An attacker can...

GPT Academic 安全漏洞

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a denial of service vulnerability that can be exploited by an attacker to cause a regular expression denial of service attack...

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version v4.46.3, which stems from improper regular expression handling and could lead to a regular expression...

H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...

Gradio 资源管理错误漏洞

Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. A resource management error vulnerability exists in Gradio version 98cbcae, which stems from a regular expression used by the gr.Datetime componen...

CBL Mariner 2.0 Security Update: ruby (CVE-2025-27220)

The version of ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27220 advisory. - In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the...

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

...

CVE-2025-26042

Uptime Kuma == 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through the web service. If a string is provided it triggers catastrophic backtracking in the regular expression, leading to a ReDoS attack...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsdf" const doc = new jsPDF; const payload =...