DevGuard Logo

/Devguard
Project
/devguard-web
Repository

Overview
Compliance
Code Risk-Handling
Dependency Risk-Handling
Dependencies

CVE-2025-5889

A vulnerability was found in juliangruber brace-expansion up to 1.1.11. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to apply a patch to fix this issue.

Fixed
LOW (1.4)
  • T

    Tim Bastin detected CVE-2025-5889 with a risk of 0.36

    main
  • logo

    System detected CVE-2025-5889 with scanner: container-scanning

    main
  • logo

    System removed scanner: sca

    main
  • T

    Tim Bastin fixed CVE-2025-5889

    main
  • logo

    System updated the risk assessment from 0.36 to 1.45

    main

    System recalculated raw risk assessment

Reopen this vulnerability

You can reopen this vuln, if you plan to mitigate the risk now, or accepted this vuln by accident.

Last calculated at:

Affected component

Logo von npm brace-expansion

Installed version:
2.0.1
Fixed in:
2.0.2
Show in dependency graph

Quick Fix

Update all Dependencies
Update only brace-expansion
GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version cbde9ac7c34e11982d14e2cee813d880c1d4db2c