Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package devcert, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2020-8186 — CVSS 9.8 (critical): A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input…
CVE-2022-1929 — CVSS 5.9 (medium): An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply…