9085 matches found
CVE-2026-2327
Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...
PT-2026-7892
Name of the Vulnerable Software and Affected Versions authentik versions 2021.3.1 through 2025.8.6 authentik versions 2025.10.4 authentik versions 2025.12.4 Description authentik is an open-source identity provider. When using delegated permissions, a user with the permission 'Can view Property...
PT-2026-7818
Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...
Linux Distros Unpatched Vulnerability : CVE-2025-69873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keywor...
GHSA-2G4F-4PWH-QVX6 ajv has ReDoS when using `$data` option
ajv Another JSON Schema Validator through version 8.17.1 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor...
ajv has ReDoS when using `$data` option
ajv Another JSON Schema Validator through version 8.17.1 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor...
DEBIAN-CVE-2025-69873
ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...
UBUNTU-CVE-2025-69873
ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...
CVE-2025-69873
ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...
USN-8027-1: Python-Multipart vulnerabilities
It was discovered that Python-Multipart incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Python-Multipart to consume excessive resources, leading to a regular expression denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2024-24762...
PT-2026-8025
Name of the Vulnerable Software and Affected Versions Milvus versions prior to 2.5.27 Milvus versions prior to 2.6.10 Description Milvus, an open-source vector database for generative AI applications, is affected by an issue that allows authentication bypasses. The software exposes TCP port 9091 ...
CVE-2025-69873
ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...
Regular Expression Denial of Service (ReDoS)
Overview ajv is an Another JSON Schema Validator Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to improper validation of the pattern keyword when combined with $data references. An attacker can cause the application to become unresponsive and...
CVE-2025-69873
ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...
CVE-2025-69873
ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:ajv is an Another JSON Schema Validator Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to improper validation of the pattern keyword when combined with $data references. An attacker can cause the application to become...
CVE-2026-26006
AutoGPT (significant-gravitas/autogpt) before version 0.6.32 is vulnerable in the Code Extraction Block due to two adjacent quantifiers in regex patterns that can cause catastrophic backtracking with long sequences of spaces, leading to DoS. The fix is to upgrade to 0.6.32. If upgrading is not po...
CVE-2026-25478
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, CORSConfig.allowedoriginsregex is constructed using a regex built from configured allowlist values and used with fullmatch for validation. Because metacharacters are not escaped, a malicious origin can match...
CVE-2026-1849
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...
Mongod can run out of stack memory when expressions create deeply nested documents
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...