Regular Expression Denial Of Service (ReDoS)

Valibot is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient processing in the EMOJIREGEX used by the emoji action, which allows an attacker to supply a crafted input that triggers excessive CPU consumption and causes a denial of service...

@0xfutbol/id (>=2.0.0 <=2.0.200), @0xkamal7/sui-agent (>=1.1.2 <=1.1.5) +1687 more potentially affected by CVE-2025-66020 via valibot (>=0.31.0 <=1.1.0)

valibot NPM version =0.31.0, =2.0.0, =1.1.2, =1.2.0-pre.92, =1.2.0-pre.24, =1.2.0-pre.24, =0.0.1, =0.0.1, =0.0.1, =1.2.0-pre.64, =0.0.1, =0.0.1, =0.5.9, =0.5.18, =0.0.2-beta.0, =0.1.1-beta.1, =0.2.0 and more Source cves: CVE-2025-66020 Source advisory: OSV:GHSA-VQPR-J7V3-HQW9...

@0xfutbol/id (>=2.0.0 <=2.0.200), @0xkamal7/sui-agent (>=1.1.2 <=1.1.5) +1691 more potentially affected by CVE-2025-66020 via valibot (>=0.31.0-rc.4 <=1.1.0)

valibot NPM version =0.31.0-rc.4, =2.0.0, =1.1.2, =1.2.0-pre.92, =1.2.0-pre.24, =1.2.0-pre.24, =0.0.1, =0.0.1, =0.0.1, =1.2.0-pre.64, =0.0.1, =0.0.1, =0.5.9, =0.5.18, =0.0.2-beta.0, =0.1.1-beta.1, =0.2.0 and more Source cves: CVE-2025-66020 Source advisory: SNYK:JS-VALIBOT-14122017...