BIT-DJANGO-2025-64460 Potential denial-of-service vulnerability in XML serializer text extraction

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

CVE-2025-64460

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

PYSEC-2025-109

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

GHSA-HHFG-6HFC-RVXM Regular Expression Denial of Service in jsoneditor

JSON Editor is a web-based tool to view, edit, format, and validate JSON. It has various modes such as a tree editor, a code editor, and a plain text editor. The jsoneditor package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted element a...