diff --git a/lib/parse.js b/lib/parse.js
index 98efbee..88c34d4 100644
--- a/lib/parse.js
+++ b/lib/parse.js
@@ -1,5 +1,5 @@
 /*jshint -W030 */
-var tagRE = /(?:<!--[\S\s]*?-->|<(?:"[^"]*"['"]*|'[^']*'['"]*|[^'">])+>)/g;
+var tagRE = /<[a-zA-Z0-9\-\!\/](?:"[^"]*"|'[^']*'|[^'">])*>/g;
 var parseTag = require('./parse-tag');
 // re-used obj for quick lookups of components
 var empty = Object.create ? Object.create(null) : {};
diff --git a/package.json b/package.json
index 30f6770..101bc22 100644
--- a/package.json
+++ b/package.json
@@ -7,7 +7,7 @@
     "url": "https://github.com/rayd/html-parse-stringify2/issues"
   },
   "dependencies": {
-    "void-elements": "^2.0.1"
+    "void-elements": "^3.1.0"
   },
   "devDependencies": {
     "jshint": "^2.5.10",
diff --git a/test/parse.js b/test/parse.js
index bc88d71..611d533 100644
--- a/test/parse.js
+++ b/test/parse.js
@@ -534,3 +534,20 @@ test('simple speed sanity check', function (t) {
 
     t.end();
 });
+
+test('ReDoS vulnerability reported by Sam Sanoop of Snyk', function (t) {
+    var start = Date.now();
+    // reported problematic string
+    /*jshint -W110 */
+    HTML.parse(
+        "<!''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''!"
+    );
+    // other variant
+    HTML.parse(
+        '<!""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""!'
+    );
+    var duration = Date.now() - start;
+
+    t.ok(duration < 100, 'should not hang');
+    t.end();
+});