Semver
This hub aggregates every CVE we track for Semver, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
2
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
HIGH1MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 2 most recently published vulnerabilities affecting Semver.
- CVE-2022-25883Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. 5.3
- CVE-2015-8855The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."7.5
Product normalization is registry-driven with AI assist and human review. How it works