Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-redos-security

List of RegEx DoS (ReDoS) CVEs and resources
https://github.com/engn33r/awesome-redos-security

Last synced: 5 days ago
JSON representation

  • ReDoS CVEs

    • this list - bugs-reported-trophy) from Doyensec.
    • NVD CVE database
    • CVE-2022-21680 - rrrm-qjm4-v8hf) |
    • CVE-2022-24713 - lang/regex) | Rust | [ae70b41](https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e) | | [Advisory](https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8) |
    • CVE-2021-3733 - lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8) |
    • CVE-2021-21254 - hgmg-hhc8-g5wr) |
    • CVE-2021-21267 - inspector](https://github.com/schema-inspector/schema-inspector) | JavaScript | [PR #92](https://github.com/schema-inspector/schema-inspector/pull/92/files) | | [Advisory](https://github.com/schema-inspector/schema-inspector/security/advisories/GHSA-f38p-c2gq-4pmr) |
    • CVE-2021-21306 - 4r62-v4vq-hr96) |
    • CVE-2021-21317 - core](https://github.com/ua-parser/uap-core) | JavaScript | [dc9925d](https://github.com/ua-parser/uap-core/commit/dc9925d458214cfe87b93e35346980612f6ae96c) | | [Advisory](https://github.com/ua-parser/uap-core/security/advisories/GHSA-p4pj-mg4r-x6v4) |
    • CVE-2021-21391 - 3rh3-wfr4-76mj) |
    • CVE-2021-22880 - 8hc4-xxm3-5ppp) |
    • CVE-2021-23341 - h4hr-7fg3-h35w) |
    • CVE-2021-23343 - parse](https://github.com/jbgutierrez/path-parse) | JavaScript | [Fork PR](https://github.com/jbgutierrez/path-parse/pull/10/files) | [Issue #8](https://github.com/jbgutierrez/path-parse/issues/8) | |
    • CVE-2021-23346 - parse-stringify](https://github.com/HenrikJoreteg/html-parse-stringify) | JavaScript | [c7274a4](https://github.com/HenrikJoreteg/html-parse-stringify/commit/c7274a48e59c92b2b7e906fedf9065159e73fe12) | | [Advisory](https://github.com/advisories/GHSA-545q-3fg6-48m7) |
    • CVE-2021-23354 - printf) | JavaScript | [PR #32](https://github.com/adaltas/node-printf/pull/32) | | [Advisory](https://github.com/advisories/GHSA-xfhp-gmh8-r8v2) |
    • CVE-2021-23362 - git-info](https://github.com/npm/hosted-git-info) | JavaScript | [29adfe5](https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7) | [PR #76](https://github.com/npm/hosted-git-info/pull/76) | |
    • CVE-2021-23364 - w8qv-6jwh-64r5) |
    • CVE-2021-23368 - css](https://github.com/postcss/postcss) | JavaScript | [8682b1e](https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4) [b6f3e4d](https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5) | | [Advisory](https://github.com/advisories/GHSA-hwj9-h5mp-3pm3) |
    • CVE-2021-23371 - hpmr-g4pq-jhgp) |
    • CVE-2021-23382
    • CVE-2021-23388 - c56f-grv3-gpfr) |
    • CVE-2021-23425 - off-newlines](https://github.com/stevemao/trim-off-newlines/) | JavaScript | [PR #3](https://github.com/stevemao/trim-off-newlines/pull/3) | | |
    • CVE-2021-23437 - pillow/Pillow) | Python | [9e08eb8](https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b) | | |
    • CVE-2021-23446 - c56f-grv3-gpfr) |
    • CVE-2021-23490 - link-header](https://github.com/thlorenz/parse-link-header) | JavaScript | [72f05c7](https://github.com/thlorenz/parse-link-header/commit/72f05c717b3f129c5331a07bf300ed8886eb8ae1) | | |
    • CVE-2021-25292 - pillow/Pillow) | Python | [3bce145](https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c) [cbdce6c](https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a) | | [Advisory](https://github.com/advisories/GHSA-9hx2-hgq2-2g4f) |
    • CVE-2021-27290 - redos.pdf) | [Advisory](https://github.com/advisories/GHSA-vx3p-948g-6vhq) |
    • CVE-2021-27291 - pq64-v7f5-gqh8) |
    • CVE-2021-27292 - parser-js](https://github.com/faisalman/ua-parser-js) | JavaScript | [809439e](https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566) | [Gist](https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76) | [Advisory](https://github.com/advisories/GHSA-78cj-fxph-m83p) |
    • CVE-2021-28092 - svg](https://github.com/sindresorhus/is-svg) | JavaScript | [01f8a08](https://github.com/sindresorhus/is-svg/commit/01f8a087fab8a69c3ac9085fbb16035907ab6a5b) | | [Advisory](https://github.com/advisories/GHSA-7r28-3m3f-r2pr) |
    • CVE-2021-29469 - redis](https://github.com/NodeRedis/node-redis) | JavaScript | [PR #1595](https://github.com/NodeRedis/node-redis/pull/1595/files) | | [Advisory](https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3) |
    • CVE-2021-32640 - 6fc8-4gx4-v693) |
    • CVE-2021-32740 - jxhc-q857-3j6g) |
    • CVE-2021-33587 - what](https://github.com/fb55/css-what) | JavaScript | [4cdaacf](https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655) | | [Advisory](https://github.com/advisories/GHSA-q8pj-2vqx-8ggc) |
    • CVE-2021-33502 - url](https://github.com/sindresorhus/normalize-url) | JavaScript | [b1fdb51](https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103) | | [Advisory](https://github.com/advisories/GHSA-px4h-xg32-q955) |
    • CVE-2021-33503 - q2q7-5pp4-w6pg) |
    • CVE-2021-41817 - lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/) | |
    • CVE-2021-42836
    • CVE-2021-43854 - f8m6-h2c7-8h9x) |
    • CVE-2021-44686
    • SNYK-PYTHON-MARKDOWN2-1321158 - markdown2/commit/d6a56f4d438a74234f795a5a2b9b749342b3c362) | [PR #402](https://github.com/trentm/python-markdown2/pull/402) | [Advisory](https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg) |
    • SNYK-JS-STRINGKIT-1567201 - kit](https://github.com/cronvel/string-kit) | JavaScript | [9cac4c2](https://github.com/cronvel/string-kit/commit/9cac4c298ee92c1695b0695951f1488884a7ca73) | [Issue #3](https://github.com/cronvel/string-kit/issues/3) | |
    • CVE-2020-1920 - native](https://github.com/facebook/react-native) | JavaScript | [ca09ae8](https://github.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf84ba891c7) | | [Advisory](https://securitylab.github.com/advisories/GHSL-2020-293-redos-react-native/) |
    • CVE-2020-5236 - 73m2-3pwg-5fgc) |
    • CVE-2020-5243 - core](https://github.com/ua-parser/uap-core) | JavaScript | [0afd61e](https://github.com/ua-parser/uap-core/commit/0afd61ed85396a3b5316f18bfd1edfaadf8e88e1) | | [Advisory](https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p) |
    • CVE-2020-6817 - vqhp-cxgc-6wmm) |
    • CVE-2020-7661 - regex](https://github.com/kevva/url-regex) | JavaScript | [Fork PR](https://github.com/418sec/url-regex/pull/1/files) | | |
    • CVE-2020-7662 - extensions](https://github.com/faye/websocket-extensions-node) | JavaScript | [29496f6](https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237) | | [Advisory](https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv) |
    • CVE-2020-7733 - parser-js](https://github.com/faisalman/ua-parser-js) | JavaScript | [233d3ba](https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d) | | |
    • CVE-2020-7754 - user-validate](https://github.com/npm/npm-user-validate) | JavaScript | [PR #15](https://github.com/npm/npm-user-validate/pull/15/files) | | [Advisory](https://github.com/npm/npm-user-validate/security/advisories/GHSA-xgh6-85xh-479p) |
    • CVE-2020-7755
    • CVE-2020-7760
    • CVE-2020-7761
    • CVE-2020-7793 - parser-js](https://github.com/faisalman/ua-parser-js) | JavaScript | [6d1f26d](https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18) | | |
    • CVE-2020-8492 - urllib.request) | Python | [PR #18284](https://github.com/python/cpython/pull/18284) | | |
    • CVE-2020-13333 - org/gitlab) | Ruby | [2e39d006](https://gitlab.com/gitlab-org/gitlab/-/commit/2e39d006cc0171301fb92870920f285afa5bc199) [ad6de575](https://gitlab.com/gitlab-org/gitlab/-/commit/ad6de575fcfba4a3388c7daf9609f591680e67e4) | | |
    • CVE-2020-26256 - csv](https://github.com/C2FO/fast-csv) | JavaScript | [4bbd39f](https://github.com/C2FO/fast-csv/commit/4bbd39f26a8cd7382151ab4f5fb102234b2f829e) | [Semmle query](https://lgtm.com/query/8609731774537641779/) | [Advisory](https://github.com/C2FO/fast-csv/security/advisories/GHSA-8cv5-p934-3hwp) |
    • CVE-2020-28493
    • CVE-2020-28496
    • CVE-2020-28469 - parent](https://github.com/gulpjs/glob-parent) | JavaScript | [PR #36](https://github.com/gulpjs/glob-parent/pull/36/files) | [Issue #32](https://github.com/gulpjs/glob-parent/issues/32) | |
    • CVE-2020-28500
    • CVE-2020-28501 - crawler-detect](https://github.com/JefferyHus/es6-crawler-detect) | JavaScript | [PR #27](https://github.com/JefferyHus/es6-crawler-detect/pull/27/files) | | |
    • CVE-2020-29651 - dev/py) | Python | [PR #257](https://github.com/pytest-dev/py/pull/257/files) | [Issue #256](https://github.com/pytest-dev/py/issues/256) | |
    • CVE-2020-36066
    • CVE-2018-20164 - core](https://github.com/ua-parser/uap-core) | JavaScript | [947f80b](https://github.com/ua-parser/uap-php/commit/947f80b39130c83a3d1c75900ac1b58828ed8aef) | [Issue #332](https://github.com/ua-parser/uap-core/issues/332) | |
    • CVE-2017-15010 - cookie](https://github.com/salesforce/tough-cookie) | JavaScript | [PR #97](https://github.com/salesforce/tough-cookie/pull/97) | [PoC](https://github.com/sola-da/ReDoS-vulnerabilities/blob/master/test-though-cookie.js) | |
    • CVE-2017-16098 - modules/charset) | JavaScript | [PR #11](https://github.com/node-modules/charset/pull/11) | [PoC](https://github.com/sola-da/ReDoS-vulnerabilities/blob/master/test-charset.js) | |
    • CVE-2017-16100 - sync](https://github.com/skoranga/node-dns-sync) | JavaScript | [Fork PR](https://github.com/418sec/node-dns-sync/pull/1) | [PoC](https://github.com/sola-da/ReDoS-vulnerabilities/blob/master/test-dns-sync.js) | |
    • CVE-2017-16113 - da/ReDoS-vulnerabilities/blob/master/test-parsejson.js) | [Advisory](https://github.com/advisories/GHSA-q75g-2496-mxpp) |
    • CVE-2017-16114 - da/ReDoS-vulnerabilities/blob/master/test-marked.js) | |
    • CVE-2017-16115 - da/ReDoS-vulnerabilities/blob/master/test-timespan.js) | |
    • CVE-2017-16116 - da/ReDoS-vulnerabilities/blob/master/test-string.js) | |
    • CVE-2017-16117 - slug) | JavaScript | [PR #91](https://github.com/dodo/node-slug/pull/91) | [PoC](https://github.com/sola-da/ReDoS-vulnerabilities/blob/master/test-slug.js) | |
    • CVE-2017-16137 - da/ReDoS-vulnerabilities/blob/master/test-debug.js) | [Advisory](https://github.com/advisories/GHSA-gxpj-cx7g-858c) |
    • CVE-2017-16138 - da/ReDoS-vulnerabilities/blob/master/test-mime.js) | [Advisory](https://github.com/advisories/GHSA-wrvr-8mpx-r7pp) |
    • CVE-2017-18214 - da/ReDoS-vulnerabilities/blob/master/test-moment.js) | |
    • CVE-2016-4055
    • CVE-2016-10527
    • CVE-2016-10540
    • CVE-2014-3538
    • npm:underscore.string:20170908 - da/ReDoS-vulnerabilities/blob/master/test-underscore-string.js) | |
    • npm:mobile-detect:20170907 - detect](https://github.com/hgoebl/mobile-detect.js) | JavaScript | [7222f6e](https://github.com/hgoebl/mobile-detect.js/commit/7222f6e75cf8cd90e1dc53e445716203eaf79d8a) | [PoC](https://github.com/sola-da/ReDoS-vulnerabilities/blob/master/test-mobile-detect.js) | |
    • SNYK-JS-ISMOBILEJS-72624 - da/ReDoS-vulnerabilities/blob/master/test-ismobilejs.js) | |
Programming Languages
JavaScript 1
Categories
ReDoS CVEs 83
Sub Categories