VDB
KO
MEDIUM 5.9

PYSEC-2026-909

pymatgen is vulnerable to Regular Expression Denial of Service (ReDoS)

Details

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the `GaussianInput.from_string` method.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pymatgen
Introduced in: 0 Fixed in: 2025.10.7
Fix pip install --upgrade 'pymatgen>=2025.10.7'

References