Regular Expression Denial of Service (ReDoS)

Overview symfony/json-path is an Eases JSON navigation using the JSONPath syntax as described in RFC 9535 Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the match and search filter functions in the JsonPath component. An attacker can cause denia...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...

GHSA-65X3-RW7Q-GX94 multiparty vulnerable to ReDoS via filename parsing

Impact [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A multipart upload with a long header value containing !filename="1 repeated can cause regex matching to take seconds, blocking...

Regular Expression Denial of Service (ReDoS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the svelte:element tag validation process. An attacker can cause significant performance degradation by supplying specially crafted ta...

Security Bulletin: IBM Edge Data Collector uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672.

Summary IBM Edge Data Collector uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior t...

Regular Expression Denial of Service (ReDoS)

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the contextMatcher and pathMatcher functions. An attacker can cause the server to become unresponsive and exhaust CPU...

CVE-2026-29856

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...

Regular Expression Denial of Service (ReDoS)

Overview langchain-classic is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parse function in the MRKLOutputParser class. An attacker can cause excessive CPU consumption and significan...

Regular Expression Denial of Service (ReDoS)

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the flatten function. An attacker can cause excessive processing times by providing ...

PT-2026-28674

Name of the Vulnerable Software and Affected Versions path-to-regexp versions prior to 8.4.0 Description The software is susceptible to a Regular Expression Denial of Service ReDoS condition when handling multiple wildcard characters combined with at least one parameter. This issue arises because...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the validatequery routine used for FTS5 query validation. The regular expression used to tokenize user-supplied search strings contains nested repetition, allowing crafted input to trigger...

EUVD-2017-10572

Malware in sbrugna...

EUVD-2025-18856

Malicious code in bioql PyPI...

CVE-2025-10630

Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via...

CVE-2025-6638 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's removelanguagecode method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from...

Linux Distros Unpatched Vulnerability : CVE-2018-3737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. CVE-2018-3737 Note that Nessus relies on the presence of the package as reported by the...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

Regular Expression Denial of Service (ReDoS)

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the getimports function in dynamicmoduleutils.py. An attacker can cause excessive resource consumption by...

CVE-2024-3114

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...

CVE-2023-6682

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS...