LOW
ajv.js
CVE published 2026-02-11
CVE-2025-69873
The CVE-2025-69873 vulnerability affects the ajv (Another JSON Schema Validator) library before version 8.18.0. This vulnerability is related to a Regular Expression Denial of Service (ReDoS) issue when the $data option is enabled. The pattern keyword in ajv accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. A [truncated]