VulnerableCode Package Details - pkg:npm/ssri@6.0.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/ssri@6.0.2

Essentials
History (3)

purl	pkg:npm/ssri@6.0.2

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-w93e-wkm9-kuex	Regular Expression Denial of Service (ReDoS) npm `ssri` 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.	CVE-2021-27290 GHSA-vx3p-948g-6vhq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T16:56:15.978427+00:00	GHSA Importer	Fixing	VCID-w93e-wkm9-kuex	https://github.com/advisories/GHSA-vx3p-948g-6vhq	38.1.0
2026-04-02T12:38:02.319063+00:00	GitLab Importer	Fixing	VCID-w93e-wkm9-kuex	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ssri/CVE-2021-27290.yml	38.0.0
2026-04-01T13:01:57.492038+00:00	GithubOSV Importer	Fixing	VCID-w93e-wkm9-kuex	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-vx3p-948g-6vhq/GHSA-vx3p-948g-6vhq.json	38.0.0