{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T07:14:16.865","vulnerabilities":[{"cve":{"id":"CVE-2026-23956","sourceIdentifier":"security-advisories@github.com","published":"2026-01-22T02:15:52.310","lastModified":"2026-02-27T19:33:23.097","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0\nand below, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS (Regular Expression Denial of Service). This issue has been fixed in version 1.4.1."},{"lang":"es","value":"seroval facilita la serialización de valores JS, incluyendo estructuras complejas que van más allá de las capacidades de JSON.stringify. En las versiones 1.4.0 y anteriores, la anulación de la serialización de RegExp con patrones extremadamente grandes puede agotar la memoria en tiempo de ejecución de JavaScript durante la deserialización. Además, la anulación de la serialización de RegExp con patrones que desencadenan un retroceso catastrófico puede conducir a ReDoS (Denegación de Servicio por Expresiones Regulares). Este problema ha sido solucionado en la versión 1.4.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lxsmnsyc:seroval:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.4.1","matchCriteriaId":"85760E40-9AB1-40EB-98A1-D1A4411AAFC5"}]}]}],"references":[{"url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-hx9m-jf43-8ffr","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}}]}