CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-19555

Malicious code in bioql PyPI...

7CVSS6.4AI score0.00329EPSS

Exploits1References4

RedhatCVE•added 2025/07/02 12:16 a.m.•3 views

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

7CVSS7.5AI score0.00329EPSS

Exploits1References1

Github Security Blog•added 2025/06/30 6:31 p.m.•5 views

string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

7CVSS6.7AI score0.00329EPSS

Exploits1References5Affected Software1

OSV•added 2025/06/30 6:31 p.m.•1 views

GHSA-994J-5C83-R424 string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

3.7CVSS5.9AI score0.00329EPSS

Exploits1References5

vulnersOsv•added 2025/06/30 6:31 p.m.•3 views

@devsoutinho/alfred-currency-converter (>=2.0.0 <=2.1.1), @felixcatto/ui (>=0.0.14 <=0.0.32) +13 more potentially affected by CVE-2025-45143 via string-math (=1.2.2)

string-math NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on string-math and may be impacted: - @devsoutinho/alfred-currency-converter =2.0.0, =0.0.14, =0.4.0-beta.2, =1.5.12, =0.1.47, =0.0.32, =2.0.0, =4.0.0, =1.0.0, =1.2.0, =1.0.8,...

7CVSS5.8AI score0.00329EPSS

Exploits1

OSV•added 2025/06/30 5:15 p.m.•3 views

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

7CVSS5.8AI score

Exploits0References3

NVD•added 2025/06/30 5:15 p.m.•1 views

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

7CVSS0.00329EPSS

Exploits1References3

Positive Technologies•added 2025/06/30 12:0 a.m.•1 views

PT-2025-27455 · Unknown · String-Math

Name of the Vulnerable Software and Affected Versions: string-math version 1.2.2 Description: The issue is a Regex Denial of Service ReDoS that can be exploited via a crafted input. Recommendations: For string-math version 1.2.2, consider validating and sanitizing all inputs to prevent crafted...

7CVSS7AI score0.00329EPSS

Exploits1References9

CVE•added 2025/06/30 12:0 a.m.•16 views

CVE-2025-45143

CVE-2025-45143 affects the JavaScript library string-math v1.2.2. Multiple sources consistently describe a Regex Denial of Service (ReDoS) caused by inefficient regular expression handling, exploitable via crafted input. The CVSSBase score is 7.0 (HIGH), with network attack vector, high attack co...

7CVSS7.3AI score0.00329EPSS

Exploits1References3Affected Software1

Cvelist•added 2025/06/30 12:0 a.m.•4 views

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

0.00329EPSS

Exploits1References3

CNNVD•added 2025/06/30 12:0 a.m.•1 views

string-math 安全漏洞

string-math is a module function for calculating results based on arithmetic formulas by the Polish individual developer devrafalko. A security vulnerability exists in string-math version 1.2.2, which stems from improper handling of regular expressions and could lead to a regular expression denia...

7CVSS6.3AI score0.00329EPSS

Exploits1References4