Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when multiple wildcards are used in combination with at least one parameter. An attacker can cause excessive resource consumption and application unresponsiveness by supplying specially crafted...

CVE-2026-27903

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...

CVE-2026-27903 minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...

PT-2022-23131 · Unknown · Nitrado.Js

Name of the Vulnerable Software and Affected Versions: nitrado.js versions prior to 0.2.5 Description: The issue is related to a possible ReDoS Regular expression Denial of Service with lib input of and with many repetitions of |. This can cause a denial of service. There are currently no known...

CVE-2016-10551

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's like, contains, startsWith, or endsWith will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in...

CVE-2016-5394

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities...