Package impact
npm / semver
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-25883 | high | — | 8.0 | 3y ago | Important: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2015-8855 | high | 7.5 | 7.5 | 10y ago | The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." |