Every CVE whose affected-product data names Ssri Project Ssri, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-27290 — CVSS 7.5 (high): ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs…
CVE-2018-7651 — CVSS 5.9 (medium): index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode…