Important: docker

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Important: docker

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

feedparser-redos-poc

feedparser ReDoS — syncauthordetail Proof of Concept f...

PT-2026-33212

Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.26 Description An issue exists when parsing crafted multipart/form-data requests containing large preamble or epilogue sections. Two inefficient parsing paths can be abused: the parser handles leading CR...

UBUNTU-CVE-2026-31958

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

OESA-2025-2828 golang security update

. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...

BIT-GOLANG-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

CLSA-2025-1758022908 ruby: Fix of 2 CVEs

CVE-2024-39908: fix performance issue caused by using repeated characters to avoid DoS vulnerabilities when it parses an XML - CVE-2024-43398: improve namespace conflicted attribute check to avoid DoS vulnerability when it parses an XML...

Security update for python-tornado6

This update for python-tornado6 fixes the following issues: CVE-2024-52804: Avoid quadratic performance of cookie parsing bsc1233668. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...

rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...

ruby: ReDoS vulnerability in URI

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...

python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

Regular Expression Denial of Service in marked

Affected versions of marked are vulnerable to Regular Expression Denial of Service ReDoS. The label subrule may significantly degrade parsing performance of malformed input. Recommendation Upgrade to version 0.7.0 or later...

GHSA-CH52-VGQ2-943F Regular Expression Denial of Service in marked

Affected versions of marked are vulnerable to Regular Expression Denial of Service ReDoS. The label subrule may significantly degrade parsing performance of malformed input. Recommendation Upgrade to version 0.7.0 or later...

Regular Expression Denial of Service

Overview Affected versions of marked are vulnerable to Regular Expression Denial of Service ReDoS. The label subrule may significantly degrade parsing performance of malformed input. Recommendation Upgrade to version 0.7.0 or later. References GitHub Advisory...

UBUNTU-CVE-2018-19478

In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file...