CVE-2026-11478

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

CVE-2026-10691

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

EUVD-2026-33820

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

CVE-2026-3293 snowflakedb snowflake-jdbc JDBC URL SdkProxyRoutePlanner.java SdkProxyRoutePlanner redos

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

CVE-2022-35923

v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the lowercase and uppercase regex which could lead to a denial of service attack. In testing of the lowercase function a payload of 'a' + 'a'.repeati + 'A' wit...

CVE-2025-62484

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access...

EUVD-2023-35201

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

CVE-2025-7579

A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to th...

CVE-2025-53539 ReDoS in fastapi-guard's penetration attempts detector

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely...

CVE-2025-53539 ReDoS in fastapi-guard's penetration attempts detector

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely...

fastapi-guard 安全漏洞

fastapi-guard is a security library for FastAPI by Renzo F Individual Developer that provides middleware to control IPs, log requests and detect penetration attempts. A security vulnerability exists in fastapi-guard versions prior to 3.0.1, which stems from a regular expression pattern inefficien...

CVE-2025-7074 vercel hyper rimraf-standalone.js ignoreMap redos

A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack...

CVE-2023-30858

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...

The vulnerability of the configobj program for reading and writing INI files lies in the use of a regular expression c, which has an inefficient computational cost. This allows attackers to trigger a service failure.

The vulnerability of the configobj program for reading and writing INI files is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the modular interface between web servers and web applications in Rack, related to the inefficient complexity of regular expressions, allows attackers to trigger service failures.

The vulnerability of the modular interface between web servers and web applications in Rack relates to the processing of input data, which can take an unexpected amount of time. Exploiting this vulnerability allows a malicious actor to cause service failures...

Design/Logic Flaw

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...

CVE-2023-30858

The CVE-2023-30858 entry describes a ReDoS in the Denosaurs emoji package (Denosaurs emoji) due to the reTrimSpace regex with a 2nd‑degree polynomial inefficiency in versions 0.1.0 through 0.3.0, causing delayed responses on large payloads. The issue is patched in version 0.3.0; a workaround is t...

CVE-2023-30858 Denosaurs emoji has ReDoS vulnerability in `replace` function

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...

emoji 安全漏洞

emoji is a simple emoticon from the Denosaurs team that supports the node.js project. A security vulnerability exists in Denosaurs emoji version 0.1.0 up to and including version 0.3.0, which stems from an inefficient second-order polynomial in a regular expression, resulting in a delayed respons...