CWE-1333 · Inefficient Regular Expression Complexity
432 CVEs classified under CWE-1333 (Inefficient Regular Expression Complexity). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-52778 | Critical | 9.8 | 2026-06-08 | YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of… |
CVE-2026-35458 | Critical | 9.8 | 2026-04-07 | Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without sett… |
CVE-2023-29486 | Critical | 9.8 | 2023-12-21 | An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary… |
CVE-2023-29487 | Critical | 9.1 | 2023-12-21 | An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service… |
CVE-2023-43646 | High | 8.6 | 2023-09-27 | get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regu… |
CVE-2023-23925 | High | 8.6 | 2023-02-03 | Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST)… |
CVE-2023-23621 | High | 8.6 | 2023-01-28 | Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branche… |
CVE-2025-62484 | High | 8.1 | 2025-11-13 | Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of… |
CVE-2026-52794 | High | 7.5 | 2026-06-24 | Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in S… |
CVE-2026-49851 | High | 7.5 | 2026-06-24 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately… |
CVE-2026-54268 | High | 7.5 | 2026-06-22 | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, a… |
CVE-2026-49293 | High | 7.5 | 2026-06-19 | js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary intege… |
CVE-2026-45617 | High | 7.5 | 2026-06-17 | LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the built-in strip_html filter uses a… |
CVE-2026-44496 | High | 7.5 | 2026-06-11 | Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regula… |
CVE-2026-42567 | High | 7.5 | 2026-06-09 | Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time… |
CVE-2026-8888 | High | 7.5 | 2026-06-03 | Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new R… |
CVE-2026-9496 | High | 7.5 | 2026-05-26 | Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this… |
CVE-2026-8159 | High | 7.5 | 2026-05-12 | multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parse… |
CVE-2026-33079 | High | 7.5 | 2026-05-06 | In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (Regular Expression Denial of Service) vulnerability in `LINK_TITLE_RE` that allows an attacker… |
CVE-2026-41040 | High | 7.5 | 2026-04-23 | GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string. |