VulnerableCode Package Details - pkg:deb/debian/node-ssri@5.2.4-2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/node-ssri@5.2.4-2

Essentials
History (3)

purl	pkg:deb/debian/node-ssri@5.2.4-2

Next non-vulnerable version	8.0.1-2
Latest non-vulnerable version	8.0.1-2
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-w93e-wkm9-kuex Aliases: CVE-2021-27290 GHSA-vx3p-948g-6vhq	Regular Expression Denial of Service (ReDoS) npm `ssri` 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.	8.0.1-2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T15:28:42.457105+00:00	Debian Oval Importer	Affected by	VCID-w93e-wkm9-kuex	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T15:16:49.105277+00:00	Debian Oval Importer	Affected by	VCID-w93e-wkm9-kuex	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T15:11:35.951889+00:00	Debian Oval Importer	Affected by	VCID-w93e-wkm9-kuex	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0