PT-2025-53598

Name of the Vulnerable Software and Affected Versions apidoc-core versions 0.2.0 and subsequent versions Description A prototype pollution issue exists in apidoc-core. This allows remote attackers to modify JavaScript object prototypes through malformed data structures, specifically the “define”...

Prototype Pollution

apidoc-core is vulnerable to Prototype Pollution. The vulnerability is due to insufficient input validation in the preProcess function, which allows an attacker to supply a crafted payload and inject properties into the Object.prototype, potentially causing a denial of service DoS or unexpected...

EUVD-2025-31115

Malicious code in bioql PyPI...

CVE-2025-57317

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial ...

GHSA-5Q53-78F2-6GF8 apidoc-core is vulnerable to prototype pollution

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial ...

Prototype Pollution

Overview apidoc-core is a Core parser library to generate apidoc result following the apidoc-spec Affected versions of this package are vulnerable to Prototype Pollution via the preProcess function. An attacker can cause a denial of service by injecting properties into Object.prototype through a...

apidoc-core is vulnerable to prototype pollution

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial ...

CVE-2025-57317

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial ...

CVE-2025-57317

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial ...

CVE-2025-57317

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial ...

CVE-2025-57317

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial ...

apidoc-core 安全漏洞

apidoc-core is an open source parser library from apiDoc. A security vulnerability exists in apidoc-core 0.15.0 and earlier versions, which stems from prototype contamination in the preProcess function, which allows an attacker to inject attributes via a specially crafted payload, potentially...

PT-2025-39384

Name of the Vulnerable Software and Affected Versions apidoc-core versions through 0.15.0 Description apidoc-core is the core parser library used to generate apidoc results based on the apidoc-spec. A flaw exists in the preProcess function that allows for prototype pollution. By providing a...

CVE-2025-57317

CVE-2025-57317 affects apidoc-core (preProcess) up to version 0.15.0, enabling prototype pollution via crafted payloads and causing DoS. Remediation: upgrade to a version later than 0.15.0 (no fixed version stated); multiple sources cite this, including PT-2025-39384 and Red Hat advisories. PoCs ...

Linux Distros Unpatched Vulnerability : CVE-2023-31976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswfpreprocess at /util/makeswfutils.c. CVE-2023-31976 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2021-26929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a...

Regular Expression Denial of Service (ReDoS)

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the preprocessstring function in the transformers.testingutils module. An attacker can cause high CPU usa...

PYSEC-2025-40

A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...

PT-2025-21933 · Hugging Face · Transformers

Name of the Vulnerable Software and Affected Versions: huggingface/transformers version v4.48.3 Description: A vulnerability in the preprocess string function of the transformers.testing utils module allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to...

transformers 安全漏洞

transformers is a Hugging Face open source application for machine learning. A security vulnerability exists in transformers version v4.48.3, which stems from improper handling of regular expressions in the preprocessstring function and could lead to a regular expression denial of service attack...