CWE-1333

High likelihood

Inefficient Regular Expression Complexity

Parent: CWE-407 - Inefficient Algorithmic Complexity

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

426 vulnerabilities with CWE-1333
CVE-2025-5890 MEDIUM
actions toolkit <0.5.0 - Info Disclosure
CVSS 4.3
CVE-2025-5889 LOW
juliangruber brace-expansion <1.1.11/2.0.1/3.0.0/4.0.0 - Inefficien...
CVSS 3.1
CVE-2025-49007 MEDIUM
Rack 3.1.0-3.1.15 - Denial of Service via Content-Disposition Header Parsing
CVSS 5.3
CVE-2025-48887 MEDIUM
vLLM 0.6.4-0.8.2 - Regular Expression Denial of Service in Pythonic Tool Parser
CVSS 6.5
CVE-2025-2099 HIGH
huggingface/transformers < 4.48.3 - Regular Expression Denial of Service in preprocess_string()
CVSS 7.5
CVE-2025-4727 LOW
Meteor < 3.2.2 - Inefficient Regular Expression Complexity in Object.assign
CVSS 3.7
CVE-2025-24026 MEDIUM
iTop < 3.2.1 - Denial of Service via Regular Expression Complexity
CVSS 5.3
CVE-2025-4215 LOW
gorhill uBlock Origin <1.63.3b16 - Info Disclosure
CVSS 3.1
CVE-2025-46560 MEDIUM
vllm 0.8.0-0.8.5 - Denial of Service via Inefficient Multimodal Tokenizer Input Processing
CVSS 6.5
CVE-2025-1194 MEDIUM
huggingface/transformers < 4.50.0 - Regular Expression Denial of Service in SubWordJapaneseTokenizer
CVSS 6.5
CVE-2025-3986 MEDIUM
Apereo CAS 5.2.6 - Inefficient Regular Expression Complexity
CVSS 4.3
CVE-2025-3985 LOW
Apereo CAS 5.2.6 - Inefficient Regular Expression Complexity in Query Parameter
CVSS 2.7
CVE-2025-2811 MEDIUM
GL.iNet Various - Path Traversal
CVSS 5.7
CVE-2025-2833 MEDIUM
zhangyd-c OneBlog <2.3.9 - Info Disclosure
CVSS 5.3
CVE-2025-26042 MEDIUM
Uptime Kuma >= 1.23.0 - Regular Expression Denial of Service via Notification String
CVSS 6.0
CVE-2025-27789 MEDIUM
Babel <7.26.10-8.0.0-alpha.17 - Info Disclosure
CVSS 6.2
CVE-2025-27220 MEDIUM
CGI gem < 0.3.5.1 - Regular Expression Denial of Service in Util#escapeElement
CVSS 4.0
CVE-2025-25290 MEDIUM
@octokit/request <9.2.1-8.4.1 - ReDoS
CVSS 5.3
CVE-2025-25289 MEDIUM
@octokit/request-error <6.1.7 - ReDoS
CVSS 5.3
CVE-2025-25288 MEDIUM
@octokit/plugin-paginate-rest <11.4.1 - ReDoS
CVSS 5.3
CVE-2025-25285 MEDIUM
octokit/endpoint 4.1.0-10.1.2 - Regular Expression Denial-of-Service in parse Function
CVSS 5.3
CVE-2025-25283 HIGH
parse-duraton <2.1.3 - Memory Corruption
CVSS 7.5
CVE-2025-25200 HIGH
Koa <0.21.2, 1.7.1, 2.15.4, 3.0.0-alpha.3 - DoS
CVSS 7.5
CVE-2025-0367 MEDIUM
Splunk SA-ldapsearch <3.1.0 - ReDoS
CVSS 6.5
CVE-2024-58340 HIGH
langchain/langchain <= 0.3.1 - Regular Expression Denial-of-Service in MRKLOutputParser.parse()
CVSS 7.5
Details
Vulnerabilities 426
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits