Regular Expression Denial of Service (ReDoS)

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the flatten function. An attacker can cause excessive processing times by providing ...

CVE-2014-4720

Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service CPU consumption via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477...

CVE-2022-37262

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js...

CVE-2022-31781

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service ReDoS in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on...

CVE-2022-26650

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matchesconditionData.getParamValue, realData to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2021-41137

Minio is a Kubernetes native application for cloud storage. All users on release RELEASE.2021-10-10T16-53-30Z are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid should return owner true for rootCreds. In the affected version, poli...

CVE-2026-21868

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2024-41655

TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...

CVE-2026-22041 loggingredactor converts non-string types to string types in logs

Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The problem has been patched in version 0.0.6. No...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parsePatch and applyPatch functions if the user input passed without sanitisation. An attacker can cause the proce...

Regular Expression Denial of Service (ReDoS)

Overview diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parsePatch and applyPatch functions if the user input passed without sanitisation. An attacker can cause the process to enter an...

CVE-2026-0668

A flaw was found in Wikimedia Foundation MediaWiki - VisualData Extension. A remote attacker could exploit an inefficient regular expression, leading to a Regular Expression Denial of Service ReDoS. This vulnerability allows an attacker to provide specially crafted input that causes the regular...

CVE-2026-21868

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2026-21868

CVE-2026-21868 affects Flag Forge, specifically versions 2.3.2 and earlier. The vulnerability is a Regular Expression Denial of Service (ReDoS) in the user profile API endpoint /api/user/[username], where the application builds a regex dynamically from the unescaped username input. An attacker ca...

EUVD-2026-1664

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

PT-2026-2108

Name of the Vulnerable Software and Affected Versions Flag Forge versions 2.3.2 and below Description Flag Forge is a Capture The Flag CTF platform susceptible to a Regular Expression Denial of Service ReDoS condition. The issue resides in the user profile API endpoint, /api/user/username. The...

CVE-2026-0668

Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45...