Advisories for Npm/Semver package

Versions of the package semver before 7.5.2 is vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

semver is vulnerable to regular expression denial of service when extremely long version strings are parsed.