CVE-2025-10990

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

EUVD-2021-0208

Malware in sbrugna...

EUVD-2021-0555

Malware in sbrugna...

EUVD-2020-0267

Malware in sbrugna...

EUVD-2025-5081

Malicious code in bioql PyPI...

CVE-2025-58353 Promptcraft Forge Studio: Complete Sanitizer Bypass Enables XSS via Overlapping Patterns

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as replace/javascript:/gi, ''. Because the package uses multi-character tokens and each replacement ...

DEBIAN-CVE-2025-26619

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...

@lume/element (>=0.1.2 <=0.5.6), @lume/variable (>=0.1.1 <=0.6.1) +3 more potentially affected by CVE-2025-27108 via dom-expressions (>=0.19.10 <=0.36.18)

dom-expressions NPM version =0.19.10, =0.1.2, =0.1.1, =0.20.0, =0.29.1 - @xsolid/dom =0.0.0-alpha.0 - webfps =1.4.0 Source cves: CVE-2025-27108 Source advisory: OSV:GHSA-HW62-58PR-7WC5...

CVE-2025-27108

CVE-2025-27108 affects dom-expressions. The vulnerability arises from using JavaScript String.replace with special replacement patterns (notably $' and $�60) when injecting assets into HTML headers via solid-meta, where user-controlled attributes (Meta tags) can be manipulated to achieve XSS. Thi...

CVE-2025-27108 Cross-site Scripting vulnerability due to improper use of string.replace in dom-expressions

dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...

Important: python3.9

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

CVE-2024-54157

In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector...

DataGear 安全漏洞

DataGear is an open source, free data visualization and analysis platform from DataGear, Inc. A security vulnerability exists in DataGear version 5.0.0 and earlier versions, which originates in the function evaluationVariableExpression in the file ConversionSqlParamValueMapper.java that causes...

pygments: ReDoS in pygments

A denial-of-service vulnerability related to regular expressions was discovered in Pygments, specifically in the file pygments/lexers/smithy.py. An attacker could exploit this flaw by sending a carefully crafted request, leading to a denial-of-service situation...

Apache MXNet 安全漏洞

Apache MXNet is an open source deep learning software framework from the Apache Apache Foundation in the United States. It is used for training and deploying deep neural networks. A security vulnerability exists in Apache MXNet incubating versions prior to 1.9.1, which stems from the use of regul...

Remote code execution

angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...

PT-2021-14383 · Unknown · Angular-Expressions

Name of the Vulnerable Software and Affected Versions: angular-expressions versions prior to 1.1.2 Description: The issue allows Remote Code Execution if expressions.compileuserControlledInput is called where userControlledInput is text that comes from user input. The security of the package coul...

@openagenda/agenda-docx (>=1.0.2 <=1.2.2), @patrickkeller/fishy-templater (=1.0.0) +30 more potentially affected by CVE-2020-5219 via angular-expressions (>=0.1.0 <=1.0.0)

angular-expressions NPM version =0.1.0, =1.0.2, =1.8.0, =1.0.0, =1.0.0, =0.5.2, =0.7.6, =1.4.0, =0.1.0, =0.2.1 and more Source cves: CVE-2020-5219 Source advisory: OSV:GHSA-HXHM-96PP-2M43...

PCRE Denial of Service Vulnerability (CNVD-2015-07881)

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A security vulnerability exists in PCRE versions prior to 8.38, which stems from the program's failure to properly handle '?123' and relat...