Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1
purl pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1
Next non-vulnerable version 0.8.1+ds+~0.7.36-3
Latest non-vulnerable version 0.8.1+ds+~0.7.36-3
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-jzj3-ddrr-u7hd
Aliases:
CVE-2022-25927
GHSA-fhg7-m89q-25r3
GMS-2023-120
ReDoS Vulnerability in ua-parser-js version ### Description: A regular expression denial of service (ReDoS) vulnerability has been discovered in `ua-parser-js`. ### Impact: This vulnerability bypass the library's `MAX_LENGTH` input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to get stuck processing for a very long time which results in a denial of service (DoS) condition. ### Affected Versions: From version `0.7.30` to before versions `0.7.33` / `1.0.33`. ### Patches: A patch has been released to remove the vulnerable regular expression, update to version `0.7.33` / `1.0.33` or later. ### References: [Regular expression Denial of Service - ReDoS](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) ### Credits: Thanks to @Snyk who first reported the issue.
0.8.1+ds+~0.7.36-3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-6c98-q4en-3uek ua-parser-js Regular Expression Denial of Service vulnerability The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). CVE-2020-7793
GHSA-394c-5j6w-4xmx
VCID-j1g9-gab7-cbch Regular Expression Denial of Service (ReDoS) in ua-parser-js ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time. CVE-2021-27292
GHSA-78cj-fxph-m83p

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T10:16:34.329312+00:00 Debian Importer Affected by VCID-jzj3-ddrr-u7hd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-15T22:48:47.676611+00:00 Debian Oval Importer Fixing VCID-j1g9-gab7-cbch https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:15:50.813482+00:00 Debian Oval Importer Fixing VCID-6c98-q4en-3uek https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-13T06:54:45.991457+00:00 Debian Importer Affected by VCID-jzj3-ddrr-u7hd https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T22:25:15.068172+00:00 Debian Oval Importer Fixing VCID-j1g9-gab7-cbch https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:59:18.706673+00:00 Debian Oval Importer Fixing VCID-6c98-q4en-3uek https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T22:01:09.186945+00:00 Debian Oval Importer Fixing VCID-j1g9-gab7-cbch https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:43:51.608175+00:00 Debian Oval Importer Fixing VCID-6c98-q4en-3uek https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:35:49.416215+00:00 Debian Importer Affected by VCID-jzj3-ddrr-u7hd https://security-tracker.debian.org/tracker/data/json 38.1.0