VulnerableCode Package Details - pkg:npm/papaparse@5.2.0

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-522z-vrxn-k3bx	Duplicate Advisory: PapaParse Inefficient Regular Expression Complexity vulnerability ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qvjc-g5vr-mfgr. This link is maintained to preserve external references. ## Original Description A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.	GHSA-798h-g4j5-5537
VCID-wzfx-wr9a-nqhg	Regular Expression Denial of Service in papaparse Versions of `papaparse` prior to 5.2.0 are vulnerable to Regular Expression Denial of Service (ReDos). The `parse` function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service. ## Recommendation Upgrade to version 5.2.0 or later.	CVE-2020-36649 GHSA-qvjc-g5vr-mfgr

Vulnerability

Summary

Aliases

VCID-522z-vrxn-k3bx

Duplicate Advisory: PapaParse Inefficient Regular Expression Complexity vulnerability ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qvjc-g5vr-mfgr. This link is maintained to preserve external references. ## Original Description A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.

GHSA-798h-g4j5-5537

VCID-wzfx-wr9a-nqhg

Regular Expression Denial of Service in papaparse Versions of `papaparse` prior to 5.2.0 are vulnerable to Regular Expression Denial of Service (ReDos). The `parse` function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service. ## Recommendation Upgrade to version 5.2.0 or later.

CVE-2020-36649
GHSA-qvjc-g5vr-mfgr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T14:34:17.059118+00:00	GHSA Importer	Fixing	VCID-522z-vrxn-k3bx	https://github.com/advisories/GHSA-798h-g4j5-5537	36.1.3
2025-07-01T14:30:34.367700+00:00	GHSA Importer	Fixing	VCID-wzfx-wr9a-nqhg	https://github.com/advisories/GHSA-qvjc-g5vr-mfgr	36.1.3
2025-07-01T12:16:37.707247+00:00	GithubOSV Importer	Fixing	VCID-wzfx-wr9a-nqhg	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-qvjc-g5vr-mfgr/GHSA-qvjc-g5vr-mfgr.json	36.1.3
2025-07-01T12:14:17.113558+00:00	GithubOSV Importer	Fixing	VCID-522z-vrxn-k3bx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-798h-g4j5-5537/GHSA-798h-g4j5-5537.json	36.1.3