249 matches found
CVE-2025-2937 Inefficient Regular Expression Complexity in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site scripting issue in blob viewer impacts GitLab CE/EE Cross-site scripting issue in labels impacts GitLab CE/EE Cross-site scripting issue in Workitem impacts GitLab CE/EE Improper Handling of Permissions issue in project API impacts GitLab CE/EE Incorrect Privilege...
CVE-2025-8263
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2025-8262 yarnpkg Yarn hosted-git-resolver.js explodeHostedGitFragment redos
A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...
CVE-2025-8262
A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...
PT-2025-31054 · Prettier · Prettier
Name of the Vulnerable Software and Affected Versions: prettier versions up to 3.6.2 Description: A vulnerability exists in prettier due to inefficient regular expression complexity within the parseNestedCSS function of the src/language-css/parser-postcss.js file. The manipulation of the node...
CVE-2025-7579
Summary: CVE-2025-7579 affects chinese-poetry 0.1, with a vulnerability in the processing of rank/server.js that leads to inefficient regular expression complexity (a redos-type issue). The issue can be triggered remotely and the exploit has been publicly disclosed. Multiple sources (Red Hat, NVD...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION:...
Security Bulletin: IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789.
Summary IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript...
PT-2025-26809 · Growi · Growi
Name of the Vulnerable Software and Affected Versions: GROWI versions prior to 7.1.6 Description: The issue is related to inefficient regular expression complexity, which can be exploited by a logged-in user to cause a denial of service DoS condition. Recommendations: For versions prior to 7.1.6,...
CVE-2025-6493 CodeMirror Markdown Mode markdown.js redos
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2025-6492 MarkText index.js getRecommendTitleFromMarkdownString redos
A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression complexity. The attack c...
PT-2025-26569 · Marktext · Marktext
Name of the Vulnerable Software and Affected Versions: MarkText versions up to 0.17.1 Description: A vulnerability has been found in MarkText, affecting the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular...
CVE-2025-5897
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...
GHSA-79VF-HF9F-J9Q8 @vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...
@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...
CVE-2025-5896
The CVE-2025-5896 entry concerns taro/taro (up to version 4.1.1). The vulnerability exists in taro/packages/css-to-react-native/src/index.js and arises from inefficient regular-expression handling (ReDoS-like behavior) in that code path. The issue can be triggered remotely and, per sources, upgra...
CVE-2025-5895
A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...
CVE-2025-5895 Metabase dom.js parseDataUri redos
A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...
CVE-2025-5892 RocketChat parseMessage.js parseMessage redos
A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression...