Total
                    363 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 | 
|---|---|---|---|---|---|
| CVE-2021-3804 | 1 Taro | 1 Taro | 2024-11-21 | 7.8 HIGH | 7.5 HIGH | 
| taro is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3803 | 2 Debian, Nth-check Project | 2 Debian Linux, Nth-check | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH | 
| nth-check is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3801 | 1 Prismjs | 1 Prism | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM | 
| prism is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3795 | 1 Semver-regex Project | 1 Semver-regex | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH | 
| semver-regex is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3777 | 1 Tmpl Project | 1 Tmpl | 2024-11-21 | 7.8 HIGH | 7.5 HIGH | 
| nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3765 | 1 Validator Project | 1 Validator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH | 
| validator.js is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3749 | 3 Axios, Oracle, Siemens | 3 Axios, Goldengate, Sinec Ins | 2024-11-21 | 7.8 HIGH | 7.5 HIGH | 
| axios is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-3649 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH | 
| chatwoot is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-39940 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM | 
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent. | |||||
| CVE-2021-39933 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM | 
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack. | |||||
| CVE-2021-33502 | 1 Normalize-url Project | 1 Normalize-url | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH | 
| The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs. | |||||
| CVE-2021-32848 | 1 Octobox Project | 1 Octobox | 2024-11-21 | N/A | 7.5 HIGH | 
| Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807. | |||||
| CVE-2021-32837 | 1 Mechanize Project | 1 Mechanize | 2024-11-21 | N/A | 7.5 HIGH | 
| mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue. | |||||
| CVE-2021-32821 | 1 Mootools | 1 Mootools | 2024-11-21 | N/A | 6.2 MEDIUM | 
| MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue. | |||||
| CVE-2021-28092 | 1 Is-svg Project | 1 Is-svg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH | 
| The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. | |||||
| CVE-2021-27291 | 3 Debian, Fedoraproject, Pygments | 3 Debian Linux, Fedora, Pygments | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH | 
| In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. | |||||
| CVE-2021-26813 | 2 Fedoraproject, Markdown2 Project | 2 Fedora, Markdown2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH | 
| markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. | |||||
| CVE-2021-25292 | 1 Python | 1 Pillow | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM | 
| An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. | |||||
| CVE-2021-23490 | 1 Parse-link-header Project | 1 Parse-link-header | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH | 
| The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function. | |||||
| CVE-2021-23446 | 1 Handsontable | 1 Handsontable | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH | 
| The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function. | |||||
