Releases119
Frequency1 month 2 weeks
Last Release
The semantic version parser used by npm.

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 5.7.2, >= 6.0.0, < 6.3.1, = *, >= 7.0.0, < 7.5.35.3 MEDIUM

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.