Lucene search
K

18 matches found

OSV
OSV
added 2026/06/04 5:30 p.m.5 views

ROOT-APP-NPM-CVE-2025-25290 CVE-2025-25290 in @rootio/octokit__request - Patched by Root

Root has patched CVE-2025-25290 in the @rootio/octokitrequest package for Root:npm. Multiple fixed versions available...

5.3CVSS6.5AI score0.00729EPSS
Exploits0
OSV
OSV
added 2026/06/04 1:48 p.m.3 views

ROOT-APP-NPM-CVE-2025-25289 CVE-2025-25289 in @rootio/octokit__request-error - Patched by Root

Root has patched CVE-2025-25289 in the @rootio/octokitrequest-error package for Root:npm. Multiple fixed versions available...

5.3CVSS6.5AI score0.0058EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-4104

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00729EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-4103

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.0058EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/02/14 8:15 p.m.3 views

CVE-2025-25290

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

5.3CVSS5.5AI score0.00729EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/02/14 8:15 p.m.13 views

CVE-2025-25289

@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...

5.3CVSS0.0058EPSS
Exploits0References3
NVD
NVD
added 2025/02/14 8:15 p.m.33 views

CVE-2025-25290

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

5.3CVSS0.00729EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/02/14 7:37 p.m.21 views

CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

5.3CVSS0.00729EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/02/14 7:37 p.m.12 views

CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

5.3CVSS6.3AI score0.00729EPSS
Exploits0References6
CVE
CVE
added 2025/02/14 7:37 p.m.310 views

CVE-2025-25290

CVE-2025-25290 affects Octokit’s request.js: the code path that parses HTTP Link headers uses an unbounded RegExp (/]+)>; rel="deprecation"/) to match deprecation links. This enables a ReDoS (Regular Expression Denial of Service) by crafted link headers, causing high CPU use and potential serv...

5.3CVSS6.3AI score0.00729EPSS
Exploits0References6
OSV
OSV
added 2025/02/14 7:37 p.m.12 views

CVE-2025-25290 @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regul...

5.3CVSS6.4AI score0.00729EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/02/14 7:35 p.m.9 views

CVE-2025-25289 @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...

5.3CVSS6.9AI score0.0058EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/14 7:35 p.m.13 views

CVE-2025-25289 @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...

5.3CVSS0.0058EPSS
Exploits0References3
CVE
CVE
added 2025/02/14 7:35 p.m.276 views

CVE-2025-25289

CVE-2025-25289 describes a ReDoS vulnerability in the octokit request-error handling. Prior to v6.1.7, an authorization header containing a long sequence of spaces followed by a newline and “@” could cause exponential regular-expression processing, leading to high resource consumption and potenti...

5.3CVSS6.9AI score0.0058EPSS
Exploits0References3
OSV
OSV
added 2025/02/14 7:35 p.m.5 views

CVE-2025-25289 @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...

5.3CVSS6.5AI score0.0058EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2025/02/14 5:58 p.m.5 views

@zendeskgarden/scripts (>=2.1.0 <=2.4.3) potentially affected by CVE-2025-25289 via @octokit/request-error (>=6.1.1 <=6.1.4)

@octokit/request-error NPM version =6.1.1, =2.1.0, =2.4.3 Source cves: CVE-2025-25289 Source advisory: OSV:GHSA-XX4V-PRFH-6CGC...

5.3CVSS6.5AI score0.0058EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.3 views

PT-2025-7072

Name of the Vulnerable Software and Affected Versions: @octokit/request-error versions 1.0.0 through 6.1.6 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...

5.3CVSS6.5AI score0.0058EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.8 views

PT-2025-7073

Name of the Vulnerable Software and Affected Versions: @octokit/request versions 1.0.0 through 9.2.1 Description: The regular expression /+; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS Regular Expression Denial of Service attack. This vulnerability...

5.3CVSS5.4AI score0.00729EPSS
Exploits0References15
Rows per page
Query Builder