Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/loader-utils@3.1.3
purl pkg:npm/loader-utils@3.1.3
Next non-vulnerable version 3.2.1
Latest non-vulnerable version 3.2.1
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-fn7h-3n1n-9bhr
Aliases:
CVE-2022-37599
GHSA-hhq3-ff78-jv3g
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.
3.2.1
Affected by 0 other vulnerabilities.
VCID-y1np-kma2-ayfn
Aliases:
CVE-2022-37603
GHSA-3rfm-jhwj-7488
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.
3.2.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:12:30.586888+00:00 GitLab Importer Affected by VCID-y1np-kma2-ayfn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37603.yml 38.4.0
2026-04-16T22:12:22.107527+00:00 GitLab Importer Affected by VCID-fn7h-3n1n-9bhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37599.yml 38.4.0
2026-04-11T23:29:23.749368+00:00 GitLab Importer Affected by VCID-y1np-kma2-ayfn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37603.yml 38.3.0
2026-04-11T23:29:14.240432+00:00 GitLab Importer Affected by VCID-fn7h-3n1n-9bhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37599.yml 38.3.0
2026-04-02T23:34:59.353176+00:00 GitLab Importer Affected by VCID-y1np-kma2-ayfn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37603.yml 38.1.0
2026-04-02T23:34:50.437334+00:00 GitLab Importer Affected by VCID-fn7h-3n1n-9bhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37599.yml 38.1.0
2026-04-01T17:57:05.669904+00:00 GitLab Importer Affected by VCID-y1np-kma2-ayfn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37603.yml 38.0.0
2026-04-01T17:56:56.079010+00:00 GitLab Importer Affected by VCID-fn7h-3n1n-9bhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/loader-utils/CVE-2022-37599.yml 38.0.0