VulnerableCode Package Details - pkg:npm/ssri@5.2.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-5uh2-dgng-gueb Aliases: CVE-2021-27290 GHSA-vx3p-948g-6vhq	Regular Expression Denial of Service (ReDoS) npm `ssri` 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.	6.0.2 Affected by 0 other vulnerabilities. 7.1.1 Affected by 0 other vulnerabilities. 8.0.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5uh2-dgng-gueb
Aliases:
CVE-2021-27290
GHSA-vx3p-948g-6vhq

Regular Expression Denial of Service (ReDoS) npm `ssri` 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

6.0.2
Affected by 0 other vulnerabilities.

7.1.1
Affected by 0 other vulnerabilities.

8.0.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-aeps-t6yk-m3f1	Regular Expression Denial of Service in ssri Version of `ssri` prior to 5.2.2 are vulnerable to regular expression denial of service (ReDoS) when using strict mode. ## Recommendation Update to version 5.2.2 or later.	CVE-2018-7651 GHSA-325j-24f4-qv5x
VCID-jjtk-sam5-wqbr	ReDoS There is a Regular Expression Denial of Service vulnerability in the strict mode functionality.	GMS-2018-11

Vulnerability

Summary

Aliases

VCID-aeps-t6yk-m3f1

Regular Expression Denial of Service in ssri Version of `ssri` prior to 5.2.2 are vulnerable to regular expression denial of service (ReDoS) when using strict mode. ## Recommendation Update to version 5.2.2 or later.

CVE-2018-7651
GHSA-325j-24f4-qv5x

VCID-jjtk-sam5-wqbr

ReDoS There is a Regular Expression Denial of Service vulnerability in the strict mode functionality.

GMS-2018-11

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T04:35:34.992667+00:00	GitLab Importer	Affected by	VCID-5uh2-dgng-gueb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ssri/CVE-2021-27290.yml	38.6.0
2026-05-29T17:30:01.004704+00:00	GitLab Importer	Fixing	VCID-aeps-t6yk-m3f1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ssri/CVE-2018-7651.yml	38.6.0
2026-05-29T17:29:59.806057+00:00	GitLab Importer	Fixing	VCID-jjtk-sam5-wqbr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ssri/GMS-2018-11.yml	38.6.0
2026-05-29T14:21:47.562543+00:00	GHSA Importer	Fixing	VCID-aeps-t6yk-m3f1	https://github.com/advisories/GHSA-325j-24f4-qv5x	38.6.0
2026-05-29T09:19:41.282754+00:00	GithubOSV Importer	Fixing	VCID-aeps-t6yk-m3f1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-325j-24f4-qv5x/GHSA-325j-24f4-qv5x.json	38.6.0