CWE-1333 · Inefficient Regular Expression Complexity

432 CVEs classified under CWE-1333 (Inefficient Regular Expression Complexity). Browse by severity and year.

Top CVEs for CWE-1333
CVESeverityScorePublishedSummary
CVE-2026-52778Critical9.82026-06-08YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of…
CVE-2026-35458Critical9.82026-04-07Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without sett…
CVE-2023-29486Critical9.82023-12-21An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary…
CVE-2023-29487Critical9.12023-12-21An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service…
CVE-2023-43646High8.62023-09-27get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regu…
CVE-2023-23925High8.62023-02-03Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST)…
CVE-2023-23621High8.62023-01-28Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branche…
CVE-2025-62484High8.12025-11-13Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of…
CVE-2026-52794High7.52026-06-24Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in S…
CVE-2026-49851High7.52026-06-24Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately…
CVE-2026-54268High7.52026-06-22Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, a…
CVE-2026-49293High7.52026-06-19js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary intege…
CVE-2026-45617High7.52026-06-17LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the built-in strip_html filter uses a…
CVE-2026-44496High7.52026-06-11Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regula…
CVE-2026-42567High7.52026-06-09Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time…
CVE-2026-8888High7.52026-06-03Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new R…
CVE-2026-9496High7.52026-05-26Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this…
CVE-2026-8159High7.52026-05-12multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parse…
CVE-2026-33079High7.52026-05-06In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (Regular Expression Denial of Service) vulnerability in `LINK_TITLE_RE` that allows an attacker…
CVE-2026-41040High7.52026-04-23GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.