UBUNTU-CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...

PT-2025-7072 · Npm · @Octokit/Request-Error

Name of the Vulnerable Software and Affected Versions: @octokit/request-error versions 1.0.0 through 6.1.6 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 9.0.5 through versions prior to 10.1.3, which stems from a regular expression denial of service ReDoS attack that can be caused by crafting a specific options parameter...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:koa is a Koa web app framework Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parsing of X-Forwarded-Proto and X-Forwarded-Host HTTP headers. Details Denial of Service DoS describes a family of attacks, all aimed at...

Regular Expression Denial of Service (ReDoS)

Overview parse-duration is a package that converts a human readable duration to ms. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker could cause an event loop delay or trigger an out of memory error that would crash a running Node.js...

Regular expression Denial of Service - ReDoS

Description The preprocessstring function in the transformers.testingutils module uses a regular expression to process code blocks in docstrings. This regular expression has the following structure: codeblockpattern = r"?:python|py\s\n\s ?:.?\n?.?" The segment ?:.?\n?.? contains nested quantifier...

SUSE CVE-2024-11831

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are...

EulerOS 2.0 SP11 : python-configobj (EulerOS-SA-2025-1144)

According to the versions of the python-configobj package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-21538)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21538 advisory. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

EulerOS 2.0 SP12 : python-configobj (EulerOS-SA-2025-1196)

According to the versions of the python-configobj package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using...

EulerOS 2.0 SP12 : python-configobj (EulerOS-SA-2025-1180)

According to the versions of the python-configobj package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using...

Azure Linux 3.0 Security Update: ntopng / reaper (CVE-2017-18214)

The version of ntopng / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2017-18214 advisory. - The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via ...

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2024-21538

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attack...

CVE-2020-5219

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

CVE-2020-5245

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...

CVE-2024-41766

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...

CVE-2024-1892

A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...

CVE-2024-51466

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...