14 matches found
CVE-2026-48801
A flaw was found in linkify-it, a library for recognizing links with full Unicode support. The LinkifyIt.prototype.match function, the package's primary public API, has an algorithmic complexity of ON² for inputs containing many fuzzy links or emails. This can be exploited by a remote attacker...
CVE-2026-48801 linkify-it: Quadratic algorithmic complexity in LinkifyIt#match scan loop
linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has ON² algorithmic complexity for inputs containing many fuzzy links or emails because the JavaScript-level scan loop re-slices input and re-runs...
CVE-2026-48801 linkify-it: Quadratic algorithmic complexity in LinkifyIt#match scan loop
linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has ON² algorithmic complexity for inputs containing many fuzzy links or emails because the JavaScript-level scan loop re-slices input and re-runs...
linkify-it: linkify-it: Denial of Service via algorithmic complexity vulnerability
A flaw was found in linkify-it, a library for recognizing links with full Unicode support. The LinkifyIt.prototype.match function, the package's primary public API, has an algorithmic complexity of ON² for inputs containing many fuzzy links or emails. This can be exploited by a remote attacker...
CVE-2026-59887
linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...
CVE-2026-59887
linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...
CVE-2026-59887 linkify-it: Quadratic-complexity DoS via the `mailto:` validator scan-loop on attacker text
linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...
CVE-2026-59887 linkify-it: Quadratic-complexity DoS via the `mailto:` validator scan-loop on attacker text
linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...
CVE-2026-48801
creationtimestamp| type| source ---|---|--- 2026-06-26 22:35:32+00:00| published-proof-of-concept| https://github.com/markdown-it/linkify-it/security/advisories/GHSA-22p9-wv53-3rq4 2026-07-14 23:48:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqnfglsj4s2w...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:linkify-it is a Links recognition library with FULL unicode support Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to quadratic algorithmic complexity in the match function. An attacker can exhaust CPU resources and caus...
Regular Expression Denial of Service (ReDoS)
Overview linkify-it is a Links recognition library with FULL unicode support Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to quadratic algorithmic complexity in the match function. An attacker can exhaust CPU resources and cause significant...
LinkifyIt#match scan loop has quadratic algorithmic complexity
Summary LinkifyIt.prototype.match — the package's primary public API — has ON² algorithmic complexity for inputs containing many fuzzy links or emails. This is not a regex backtrack bug; it's a structural issue in the JS-level scan loop that re-slices the input and re-runs unanchored regex search...
PT-2026-53018
Name of the Vulnerable Software and Affected Versions linkify-it versions prior to 5.0.1 Description LinkifyIt.prototype.match, the primary public API of the library, exhibits ON² algorithmic complexity when processing inputs containing numerous fuzzy links or emails. This occurs because the...
Malicious code in npm_package_dependencies_linkify_it (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 540ac82200adeadb0c42901b9214e03c897e79ee20de2be6a87beb66e45393f6 The OpenSSF Package Analysis project identified 'npmpackagedependencieslinkifyit' @ 4.0.1 npm as malicious. It is considered malicious because: ...