Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/semver@5.7.2

Type npm

Namespace

Name semver

Version 5.7.2

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 6.3.1

Latest_non_vulnerable_version 7.5.2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-hu38-keee-9uaz

vulnerability_id VCID-hu38-keee-9uaz

summary

semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25883.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25883.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25883

reference_id

reference_type

scores

value	0.00598
scoring_system	epss
scoring_elements	0.69774
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25883

reference_url

https://github.com/npm/node-semver

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver

reference_url

https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104

reference_url

https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104

reference_url

https://github.com/npm/node-semver/blob/main/internal/re.js%23L138

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/blob/main/internal/re.js%23L138

reference_url

https://github.com/npm/node-semver/blob/main/internal/re.js%23L160

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/blob/main/internal/re.js%23L160

reference_url

https://github.com/npm/node-semver/blob/main/internal/re.js#L138

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/blob/main/internal/re.js#L138

reference_url

https://github.com/npm/node-semver/blob/main/internal/re.js#L160

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/blob/main/internal/re.js#L160

reference_url

https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0

reference_url

https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441

reference_url

https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c

reference_url

https://github.com/npm/node-semver/pull/564

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/pull/564

reference_url

https://github.com/npm/node-semver/pull/585

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/pull/585

reference_url

https://github.com/npm/node-semver/pull/593

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/node-semver/pull/593

reference_url

https://security.netapp.com/advisory/ntap-20241025-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241025-0004

reference_url

https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2216475
reference_id	2216475
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2216475

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25883

reference_id

CVE-2022-25883

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25883

reference_url	https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
reference_id	GHSA-c2qf-rxjj-qqgw
reference_type
scores
url	https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

reference_url	https://access.redhat.com/errata/RHSA-2023:4341
reference_id	RHSA-2023:4341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4341

reference_url	https://access.redhat.com/errata/RHSA-2023:5360
reference_id	RHSA-2023:5360
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5360

reference_url	https://access.redhat.com/errata/RHSA-2023:5361
reference_id	RHSA-2023:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5361

reference_url	https://access.redhat.com/errata/RHSA-2023:5362
reference_id	RHSA-2023:5362
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5362

reference_url	https://access.redhat.com/errata/RHSA-2023:5363
reference_id	RHSA-2023:5363
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5363

reference_url	https://access.redhat.com/errata/RHSA-2023:5379
reference_id	RHSA-2023:5379
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5379

reference_url	https://access.redhat.com/errata/RHSA-2023:7222
reference_id	RHSA-2023:7222
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7222

reference_url	https://access.redhat.com/errata/RHSA-2024:0719
reference_id	RHSA-2024:0719
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0719

reference_url	https://access.redhat.com/errata/RHSA-2024:5955
reference_id	RHSA-2024:5955
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5955

reference_url	https://access.redhat.com/errata/RHSA-2024:6044
reference_id	RHSA-2024:6044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6044

reference_url	https://access.redhat.com/errata/RHSA-2025:19094
reference_id	RHSA-2025:19094
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19094

fixed_packages

url	pkg:npm/semver@5.7.2
purl	pkg:npm/semver@5.7.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/semver@5.7.2

url	pkg:npm/semver@6.3.1
purl	pkg:npm/semver@6.3.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/semver@6.3.1

url	pkg:npm/semver@7.5.2
purl	pkg:npm/semver@7.5.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/semver@7.5.2

aliases CVE-2022-25883, GHSA-c2qf-rxjj-qqgw

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hu38-keee-9uaz

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semver@5.7.2

Package Instance