Skip to content

Valibot has a ReDoS vulnerability in EMOJI_REGEX #14623

New issue
New issue
Closed
Closed
Valibot has a ReDoS vulnerability in EMOJI_REGEX#14623
Labels
bug
@satispunk

Description

@satispunk
satispunk
opened on Dec 3, 2025

Reproduction

npm audit

System Info

-

Used Package Manager

npm

Expected Behavior

[email protected] seems vulnerability free

Actual Behavior

valibot 0.31.0 - 1.1.0
Severity: high
Valibot has a ReDoS vulnerability in EMOJI_REGEX - GHSA-vqpr-j7v3-hqw9
fix available via npm audit fix
node_modules/valibot

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions