PatchSiren

ajv.js CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW ajv.js CVE published 2026-02-11

CVE-2025-69873

The CVE-2025-69873 vulnerability affects the ajv (Another JSON Schema Validator) library before version 8.18.0. This vulnerability is related to a Regular Expression Denial of Service (ReDoS) issue when the $data option is enabled. The pattern keyword in ajv accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. A [truncated]