Search for packages
| purl | pkg:deb/debian/node-semver@7.7.4%2B~7.7.1-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1tme-dh4y-a3dq | Regular Expression Denial of Service in semver Versions 4.3.1 and earlier of `semver` are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. |
CVE-2015-8855
GHSA-x6fg-f45m-jf5q |
| VCID-nahx-etfu-qqfq | semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. |
CVE-2022-25883
GHSA-c2qf-rxjj-qqgw |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T09:57:40.194293+00:00 | Debian Importer | Fixing | VCID-1tme-dh4y-a3dq | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-14T12:41:22.816646+00:00 | Debian Importer | Fixing | VCID-nahx-etfu-qqfq | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-13T06:40:19.166297+00:00 | Debian Importer | Fixing | VCID-1tme-dh4y-a3dq | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:47:15.004582+00:00 | Debian Importer | Fixing | VCID-nahx-etfu-qqfq | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:47:14.974272+00:00 | Debian Importer | Fixing | VCID-1tme-dh4y-a3dq | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |