Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package semver, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2015-8855 — CVSS 7.5 (high): The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka…
CVE-2022-25883 — CVSS 5.3 (medium): Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when…