semver-tags is vulnerable to Command Injection via the getGitTagsRemote function
All versions of the package semver-tags is vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.
Advisories for Npm/Semver-Tags package
2023