ua-parser-js

npm5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ua-parser-jspage 1 of 1

CVE-2020-7733HIGHCVSS 7.5EG 7.5✓ Fixed in 0.7.22
2020-09-16
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
CVE-2020-7793HIGHCVSS 7.5EG 7.5✓ Fixed in 0.7.23
2020-12-11
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
CVE-2021-27292HIGHCVSS 7.5EG 7.5✓ Fixed in 0.7.24
2021-03-17
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
CVE-2021-4229MEDIUMCVSS 5.0EG 5.0✓ Fixed in 1.0.1
2022-05-24
vulnerable: 1.0.0
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this i…
CVE-2022-25927MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.0.33
2023-01-26
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

Check whether ua-parser-js is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ua-parser-js CVEs against the assets you own.

Start Free Scan →