semver — CVE history (npm)
semver
1 CVEs affect the semver npm package (highest CVSS 5.3). Latest disclosed: 2023-06-21. Full CVE history sourced from NVD.
Summary
- Package
semver(npm)- Total CVEs
1- Actively exploited (CISA KEV)
- 0
- Highest CVSS
5.3- Latest disclosed
- 2023-06-21
Recent CVEs (top 1)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-25883 | Medium | 5.3 | — | 2023-06-21 | Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. |
All-time worst (top 1 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-25883 | Medium | 5.3 | — | 2023-06-21 | Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. |