npm/node-semver
GitHub
Releases117
Frequency1 month 2 weeks
Last Release
Stars5.43K
The semver parser for node (the one npm uses)
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 5.3 MEDIUM | — | ||
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. | |||