Total
295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40660 | 1 Javadelight | 1 Nashorn Sandbox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack. | |||||
| CVE-2021-3842 | 3 Debian, Fedoraproject, Nltk | 3 Debian Linux, Fedora, Nltk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nltk is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3828 | 1 Nltk | 1 Nltk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nltk is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3822 | 1 Jsoneditoronline | 1 Jsoneditor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| jsoneditor is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3820 | 1 Inflect Project | 1 Inflect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| inflect is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3810 | 1 Coder | 1 Code-server | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| code-server is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3807 | 2 Ansi-regex Project, Oracle | 2 Ansi-regex, Communications Cloud Native Core Policy | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| ansi-regex is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3804 | 1 Taro | 1 Taro | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| taro is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3803 | 2 Debian, Nth-check Project | 2 Debian Linux, Nth-check | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nth-check is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3801 | 1 Prismjs | 1 Prism | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| prism is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3795 | 1 Semver-regex Project | 1 Semver-regex | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| semver-regex is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3794 | 1 Vuelidate Project | 1 Vuelidate | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| vuelidate is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3777 | 1 Tmpl Project | 1 Tmpl | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3765 | 1 Validator Project | 1 Validator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| validator.js is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3749 | 3 Axios, Oracle, Siemens | 3 Axios, Goldengate, Sinec Ins | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| axios is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3649 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| chatwoot is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-39940 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent. | |||||
| CVE-2021-39933 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack. | |||||
| CVE-2021-33502 | 1 Normalize-url Project | 1 Normalize-url | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs. | |||||
| CVE-2021-32848 | 1 Octobox Project | 1 Octobox | 2024-11-21 | N/A | 7.5 HIGH |
| Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807. | |||||