VulnerableCode Package Details - pkg:deb/debian/node-semver@7.3.4-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-nahx-etfu-qqfq Aliases: CVE-2022-25883 GHSA-c2qf-rxjj-qqgw	semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.	7.5.4+~7.5.0-1 Affected by 0 other vulnerabilities. 7.6.1+~7.5.8-2 Affected by 0 other vulnerabilities. 7.7.4+~7.7.1-1 Affected by 0 other vulnerabilities. 7.7.4+~cs9.7.4-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-nahx-etfu-qqfq
Aliases:
CVE-2022-25883
GHSA-c2qf-rxjj-qqgw

semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

7.5.4+~7.5.0-1
Affected by 0 other vulnerabilities.

7.6.1+~7.5.8-2
Affected by 0 other vulnerabilities.

7.7.4+~7.7.1-1
Affected by 0 other vulnerabilities.

7.7.4+~cs9.7.4-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1tme-dh4y-a3dq	Regular Expression Denial of Service in semver Versions 4.3.1 and earlier of `semver` are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.	CVE-2015-8855 GHSA-x6fg-f45m-jf5q

Vulnerability

Summary

Aliases

VCID-1tme-dh4y-a3dq

Regular Expression Denial of Service in semver Versions 4.3.1 and earlier of `semver` are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.

CVE-2015-8855
GHSA-x6fg-f45m-jf5q

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T22:44:25.560583+00:00	Debian Importer	Affected by	VCID-nahx-etfu-qqfq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:57:40.173509+00:00	Debian Importer	Fixing	VCID-1tme-dh4y-a3dq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-14T12:41:22.813219+00:00	Debian Importer	Affected by	VCID-nahx-etfu-qqfq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:40:19.148932+00:00	Debian Importer	Fixing	VCID-1tme-dh4y-a3dq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:47:14.996560+00:00	Debian Importer	Affected by	VCID-nahx-etfu-qqfq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:47:14.966361+00:00	Debian Importer	Fixing	VCID-1tme-dh4y-a3dq	https://security-tracker.debian.org/tracker/data/json	38.1.0