Total
225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2596 | 1 Node-fetch Project | 1 Node-fetch | 2023-07-11 | N/A | 5.9 MEDIUM |
| Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. | |||||
| CVE-2021-3795 | 1 Semver-regex Project | 1 Semver-regex | 2023-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| semver-regex is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3810 | 1 Coder | 1 Code-server | 2023-07-10 | 7.8 HIGH | 7.5 HIGH |
| code-server is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3807 | 2 Ansi-regex Project, Oracle | 2 Ansi-regex, Communications Cloud Native Core Policy | 2023-07-10 | 7.8 HIGH | 7.5 HIGH |
| ansi-regex is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3804 | 1 Taro | 1 Taro | 2023-07-10 | 7.8 HIGH | 7.5 HIGH |
| taro is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3803 | 2 Debian, Nth-check Project | 2 Debian Linux, Nth-check | 2023-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| nth-check is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3765 | 1 Validator Project | 1 Validator | 2023-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| validator.js is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2023-32610 | 1 Synck | 1 Mailform Pro Cgi | 2023-07-07 | N/A | 7.5 HIGH |
| Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition. | |||||
| CVE-2023-2232 | 1 Gitlab | 1 Gitlab | 2023-07-06 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix | |||||
| CVE-2022-42966 | 1 Python-poetry | 1 Cleo | 2023-07-06 | N/A | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method | |||||
| CVE-2022-42964 | 1 Pymatgen | 1 Pymatgen | 2023-07-06 | N/A | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method | |||||
| CVE-2023-33289 | 1 Urlnorm Project | 1 Urlnorm | 2023-06-28 | N/A | 7.5 HIGH |
| The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. | |||||
| CVE-2023-33290 | 1 Git-url-parse Project | 1 Git-url-parse | 2023-06-21 | N/A | 7.5 HIGH |
| The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python). | |||||
| CVE-2021-32837 | 1 Mechanize Project | 1 Mechanize | 2023-06-20 | N/A | 7.5 HIGH |
| mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue. | |||||
| CVE-2023-30608 | 2 Debian, Sqlparse Project | 2 Debian Linux, Sqlparse | 2023-06-14 | N/A | 7.5 HIGH |
| sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-2199 | 1 Gitlab | 1 Gitlab | 2023-06-14 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | |||||
| CVE-2023-2198 | 1 Gitlab | 1 Gitlab | 2023-06-14 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. | |||||
| CVE-2023-2132 | 1 Gitlab | 1 Gitlab | 2023-06-13 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint. | |||||
| CVE-2023-32758 | 2 Coala, Semgrep | 2 Git-url-parse, Semgrep | 2023-06-09 | N/A | 7.5 HIGH |
| giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package. | |||||
| CVE-2023-33950 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2023-05-31 | N/A | 7.5 HIGH |
| Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs. | |||||