GHSA-rq2q-4r55-9877: Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check
Summary
The RegexMatching check in giskard-checks has a ReDoS vulnerability (regular expression denial of service, where a specially crafted regex pattern causes the regex engine to hang by backtracking excessively through text). An attacker with write access to check definitions can craft malicious regex patterns that make the testing process hang indefinitely, disrupting automated testing environments like CI/CD pipelines (continuous integration/continuous deployment automation).
Solution / Mitigation
Upgrade to giskard-checks >= 1.0.2b1.
Vulnerability Details
EPSS: 0.0%
Yes
April 14, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://github.com/advisories/GHSA-rq2q-4r55-9877
First tracked: April 14, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%