UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...

PT-2026-49551

Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...

CVE-2026-48125

creationtimestamp| type| source ---|---|--- 2026-05-21 15:31:36+00:00| published-proof-of-concept| https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-9h5v-pfqq-x599...

Exploit for Inefficient Regular Expression Complexity in Ua-Parser-Js_Project Ua-Parser-Js

No d...

DoS (Denial of Service) ua-parser-js Dependency in Bitbucket Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.4.12, 10.0.1, and 10.1.1 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...

DoS (Denial of Service) ua-parser-js Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2022-25927 was introduced in versions 5.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, and 11.0.0 of Jira Service Management Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Sco...

EUVD-2021-0991

Malware in sbrugna...

EUVD-2021-0967

Malware in sbrugna...

EUVD-2022-0786

Malicious code in bioql PyPI...

EUVD-2023-0457

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-7793

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...

Linux Distros Unpatched Vulnerability : CVE-2021-27292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ua-parser-js = 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header,...

[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.4.0, 6.4.5 and 6.5.1: SC-202505.1 + SC-202506.1

R1 Stand-alone Security Patches Available for Tenable Security Center versions 6.4.0, 6.4.5 and 6.5.1: SC-202505.1 + SC-202506.1 Arnie Cabral Mon, 06/30/2025 - 11:41 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components...

[R2] Security Center Version 6.6.0 Fixes Multiple Vulnerabilities

R2 Security Center Version 6.6.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 05/06/2025 - 09:44 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components sqlite, ua-parser-js were found to contain vulnerabilities, and updat...

ua-parser-js npm module ReDenial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ua-parser-js npm module ReDoS', 'Description' = %q This module exploits a Regular Expression Denial of Service vulnerability in the npm module...

RHEL 7 : kibana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-ua-parser-js: Regular expression denial of service via the regex CVE-2020-7733 Note that Nessus has not test...

RHEL 7 : nodejs-ua-parser-js (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-ua-parser-js: ReDoS in multiple regexes CVE-2020-7793 - The package ua-parser-js before 0.7.22 are...

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js ua-parser-js

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Node.js ua-parser-js. Vulnerability Details CVEID:CVE-2022-25927 DESCRIPTION: Node.js ua-parser-js module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to the ua-parser-js module (CVE-2022-25927)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to the ua-parser-js module in the electron app CVE-2022-25927. Electron is used for Discovery Connectors in IBM App Connect Enterprise. The latest fixpack includes ua-parser-js =v1.0.33 Vulnerability Details...