Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package is-svg, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2021-28092 — CVSS 7.5 (high): The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service…
CVE-2021-29059 — CVSS 7.5 (high): A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if…