Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a...
7.5CVSS
6.5AI Score
0.001EPSS
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input...
7.8CVSS
7.8AI Score
0.0004EPSS
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test()...
7.5CVSS
7.6AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.001EPSS