PT-2026-44150

Description SymfonyComponentYamlParser::cleanup strips the optional %YAML directive header, leading comments, and document start/end markers before parsing. The original regexes contained overlapping quantifiers, most notably '^%YAML: d.+. u', whose d.+ and . overlap on the dot, that exhibit...

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

CVE-2025-54365

CVE-2025-54365 concerns the Python package fastapi-guard (3.0.1) where a patched regular-expression length limit fails to catch inputs that bypasses the regex filtering (notably for [removed] attributes), enabling potential ReDoS/back-end resource strain and degraded availability. Multiple connec...

FastAPI Guard has a regex bypass

Summary The regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. Details In version 3.0.1, you can find a commit like the one in the link below, which was made to prevent ReDoS...