What is ReDoS in Python regex ?

ReDoS: regex Denial of Service. Evil input triggers exponential backtracking. Server hangs.

Which Python libraries have dangerous regex patterns?

Aiohttp (_WS_EXT_RE), pytest (expression.py), plus 21 more from top 20 packs. Full list in audit.

I Scanned 20 Top Python Packages — 23 ReDoS Bombs Found Inside

One wrong regex, and your server grinds to a halt — like Cloudflare's infamous 2019 meltdown. I ran the audit on 20 Python heavyweights; 23 ticking bombs remain.

theAIcatchup Apr 08, 2026 3 min read

Exponential time growth graph for vulnerable regex pattern (a+)+

⚡ Key Takeaways

23 ReDoS-vulnerable regex patterns found in runtime code of 20 top Python libraries. 𝕏
Static AST analysis beats dynamic timing tests — detects nested quantifiers at compile time. 𝕏
Atomic groups in Python 3.11+ fix many issues; aiohttp and pytest need fixes. 𝕏

Published by

theAIcatchup

Ship faster. Build smarter.

#Python packages #Python regex #ReDoS #aiohttp #aiohttp vulnerability #python-security #regex vulnerabilities #security audit #security vulnerabilities #static analysis

Worth sharing?

Get the best Developer Tools stories of the week in your inbox — no noise, no spam.

Originally reported by dev.to

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

From 100 Seconds to 2: Async Web Scraping in Python Hits Ludicrous Speed

TradeClaw's 38.8% Win Rate Nets 21.83% Gains in 48 Hours—Trading's Dirty Secret

North Korean Hackers Weaponize GitHub Repos to Infiltrate South Korean Firms

Rust's Borrowing Rules: C++ Pointers, But the Compiler Calls the Shots

Stay in the loop