ROS-20260420-73-0038

Vulnerability in nodejs-minimatch related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Giskard Has A Regular Expression Denial Of Service (ReDoS) In RegexMatching Check

Summary The RegexMatching check in the "giskard-checks" package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs...

CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

CVE-2026-40319

CVE-2026-40319 affects Giskard’s giskard-checks RegexMatching, where a user-supplied regex pattern is passed to Python's re.search() without a timeout or complexity guard in versions prior to 1.0.2b1. This can cause catastrophic backtracking (ReDoS) and potentially hang the process. Exploitation ...

Regular Expression Denial Of Service

fast-jwt is vulnerable to Regular Expression Denial of Service. The vulnerability is due to the library allowing regular expressions in claim validation, where a crafted JWT can trigger catastrophic backtracking in the JavaScript regex engine, resulting in significant CPU consumption during...

[SECURITY] Fedora 43 Update: podman-5.8.2-1.fc43

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Giskard 安全漏洞

Giskard is an open-source evaluation and testing framework for artificial intelligence systems developed by Giskard. Versions of Giskard prior to 1.0.2b1 contained security vulnerabilities. These vulnerabilities stemmed from the direct passing of user-provided regular expressions to the re.search...

ROS-20260417-73-0021

Vulnerability in python-PyPDF2 related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Summary The authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query paramete...

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

Regular Expression Denial of Service (ReDoS)

Overview giskard-checks is an Add your description here Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the re.search file. An attacker can cause the process to hang and impact system availability by supplying a crafted regular expression pattern ...

GHSA-RQ2Q-4R55-9877 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Summary The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs tha...

Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Summary The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs tha...

JLSEC-2026-101

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

OPENSUSE-SU-2026:20532-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258637...

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

PT-2026-32983

Name of the Vulnerable Software and Affected Versions Giskard versions prior to 1.0.2b1 Description The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to the Python re.search function without a timeout, complexity guard, or pattern...

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...