VulnerableCode Package Details - pkg:npm/semver@2.0.0-alpha

Search for packages

Vulnerability	Summary	Fixed by
VCID-hu38-keee-9uaz Aliases: CVE-2022-25883 GHSA-c2qf-rxjj-qqgw	semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.	5.7.2 Affected by 0 other vulnerabilities. 6.3.1 Affected by 0 other vulnerabilities. 7.5.2 Affected by 0 other vulnerabilities.
VCID-rjwg-cp2a-kfg8 Aliases: CVE-2015-8855 GHSA-x6fg-f45m-jf5q	Regular Expression Denial of Service semver is vulnerable to regular expression denial of service ([ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS)) when extremely long version strings are parsed. "The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression to enter these extreme situations and then hang for a very long time." [1]	4.3.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-vj74-sbhb-bbfp Aliases: GMS-2015-9	Regular Expression Denial of Service semver is vulnerable to regular expression denial of service when extremely long version strings are parsed.	4.3.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-hu38-keee-9uaz
Aliases:
CVE-2022-25883
GHSA-c2qf-rxjj-qqgw

semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

5.7.2
Affected by 0 other vulnerabilities.

6.3.1
Affected by 0 other vulnerabilities.

7.5.2
Affected by 0 other vulnerabilities.

VCID-rjwg-cp2a-kfg8
Aliases:
CVE-2015-8855
GHSA-x6fg-f45m-jf5q

Regular Expression Denial of Service semver is vulnerable to regular expression denial of service ([ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS)) when extremely long version strings are parsed. "The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression to enter these extreme situations and then hang for a very long time." [1]

4.3.2
Affected by 1 other vulnerability.

VCID-vj74-sbhb-bbfp
Aliases:
GMS-2015-9

Regular Expression Denial of Service semver is vulnerable to regular expression denial of service when extremely long version strings are parsed.

4.3.2
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:10:00.809065+00:00	GitLab Importer	Affected by	VCID-rjwg-cp2a-kfg8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/semver/CVE-2015-8855.yml	38.6.0
2026-06-04T20:04:48.149398+00:00	GitLab Importer	Affected by	VCID-vj74-sbhb-bbfp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/semver/GMS-2015-9.yml	38.6.0
2026-06-02T04:45:09.057482+00:00	GitLab Importer	Affected by	VCID-hu38-keee-9uaz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/semver/CVE-2022-25883.yml	38.6.0