If a regular expression is built by a not escaped user-provided value, a user is likely to be able to cause a Denial of Service.

In case user input must compose a regular expression, it should be escaped with functions such as re.escape.

OWASP Regular Expression DoS

SonarSource RSPEC-2631