semver — CVE history (npm)

semver

1 CVEs affect the semver npm package (highest CVSS 5.3). Latest disclosed: 2023-06-21. Full CVE history sourced from NVD.

Summary

Package
semver (npm)
Total CVEs
1
Actively exploited (CISA KEV)
0
Highest CVSS
5.3
Latest disclosed
2023-06-21

Recent CVEs (top 1)

CVESeverityCVSSKEVPublishedSummary
CVE-2022-25883Medium5.32023-06-21Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

All-time worst (top 1 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2022-25883Medium5.32023-06-21Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.