[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-21538":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":27,"downstream":28,"duplicates":57,"related":58,"reserved_at":9,"published_at":93,"modified_at":94,"state":95,"summary":96,"references_raw":105,"kevs":147,"epss":148,"epss_history":151,"metrics":419,"affected":435},"CVE-2024-21538","Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-1333","Inefficient Regular Expression Complexity","The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.","weakness","Draft","Base","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-492","Regular Expression Exponential Blowup",[],[],[26],"GHSA-3xgq-45jj-v275",[],[29,31,33,35,37,39,41,43,45,47,49,51,53,55],{"_key":30},"SUSE-SU-2024:4286-1",{"_key":32},"SUSE-SU-2024:4301-1",{"_key":34},"OPENSUSE-SU-2024:14550-1",{"_key":36},"SUSE-SU-2024:4272-1",{"_key":38},"SUSE-SU-2024:4300-1",{"_key":40},"SUSE-SU-2025:3744-1",{"_key":42},"OPENSUSE-SU-2024:14553-1",{"_key":44},"OPENSUSE-SU-2024:14558-1",{"_key":46},"OPENSUSE-SU-2024:14559-1",{"_key":48},"OPENSUSE-SU-2024:14560-1",{"_key":50},"OPENSUSE-SU-2024:14561-1",{"_key":52},"OPENSUSE-SU-2025:14615-1",{"_key":54},"OPENSUSE-SU-2025:14663-1",{"_key":56},"OPENSUSE-SU-2025:15802-1",[],[59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,75,77,79,81,83,85,87,89,91],{"_key":30},{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},{"_key":50},{"_key":52},{"_key":54},{"_key":56},{"_key":74},"CGA-3WMJ-Q542-X56G",{"_key":76},"CGA-49X5-FP72-PVGG",{"_key":78},"CGA-56F7-WQ2J-GQHC",{"_key":80},"CGA-58MW-HM95-X9XV",{"_key":82},"CGA-7C7P-R8CV-2PJ4",{"_key":84},"CGA-8HPC-G49M-34CC",{"_key":86},"CGA-8J64-28X2-GGXV",{"_key":88},"CGA-8RV2-6965-GRC6",{"_key":90},"CGA-M347-MH8C-RHF4",{"_key":92},"CGA-4MJP-R4MW-QQ36","2024-11-08T05:00:04.695Z","2025-05-20T14:38:35.942Z","Deferred",{"cisa_kev":97,"cisa_ransomware":97,"cisa_vendor":9,"epss_severity":98,"epss_score":99,"severity":100,"severity_score":101,"severity_version":102,"severity_source":103,"severity_vector":104,"severity_status":95},false,"low",0.00069,"high",8.7,"v4.0","cve.org","CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",[106,113,117,121,125,129,134,138,142],{"url":107,"sources":108,"tags":111},"https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230",[103,109,110],"nvd","osv_npm",[112],"WEB",{"url":114,"sources":115,"tags":116},"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8366349",[103,109,110],[112],{"url":118,"sources":119,"tags":120},"https://github.com/moxystudio/node-cross-spawn/pull/160",[103,109,110],[112],{"url":122,"sources":123,"tags":124},"https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f",[103,109,110],[112],{"url":126,"sources":127,"tags":128},"https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff",[103,109,110],[112],{"url":130,"sources":131,"tags":132},"https://nvd.nist.gov/vuln/detail/CVE-2024-21538",[110],[133],"Advisory",{"url":135,"sources":136,"tags":137},"https://github.com/moxystudio/node-cross-spawn/issues/165",[110],[112],{"url":139,"sources":140,"tags":141},"https://github.com/moxystudio/node-cross-spawn/commit/d35c865b877d2f9ded7c1ed87521c2fdb689c8dd",[110],[112],{"url":143,"sources":144,"tags":145},"https://github.com/moxystudio/node-cross-spawn",[110],[146],"PACKAGE",[],{"date":149,"score":99,"percentile":150},"2026-06-04",0.21347,[152,156,159,161,164,167,170,173,176,179,182,185,188,191,194,198,201,204,207,209,212,215,218,221,224,227,230,233,236,239,242,245,248,251,254,257,259,262,265,268,271,274,277,280,284,287,290,292,295,298,301,304,307,310,313,316,319,322,325,328,331,334,337,340,343,346,349,352,355,358,360,363,365,368,371,374,377,380,383,386,389,392,395,398,401,404,407,410,413,416],{"date":153,"score":154,"percentile":155},"2025-11-04",0.00129,0.33076,{"date":157,"score":154,"percentile":158},"2025-11-05",0.33057,{"date":160,"score":154,"percentile":158},"2025-11-06",{"date":162,"score":154,"percentile":163},"2025-11-07",0.33074,{"date":165,"score":154,"percentile":166},"2025-11-08",0.33073,{"date":168,"score":154,"percentile":169},"2025-11-09",0.33049,{"date":171,"score":154,"percentile":172},"2025-11-10",0.32996,{"date":174,"score":154,"percentile":175},"2025-11-11",0.33021,{"date":177,"score":154,"percentile":178},"2025-11-12",0.33067,{"date":180,"score":154,"percentile":181},"2025-11-13",0.33082,{"date":183,"score":154,"percentile":184},"2025-11-14",0.33086,{"date":186,"score":154,"percentile":187},"2025-11-15",0.33084,{"date":189,"score":154,"percentile":190},"2025-11-16",0.33054,{"date":192,"score":154,"percentile":193},"2025-11-17",0.33028,{"date":195,"score":196,"percentile":197},"2025-11-18",0.00568,0.65964,{"date":199,"score":196,"percentile":200},"2025-11-19",0.65973,{"date":202,"score":196,"percentile":203},"2025-11-20",0.65967,{"date":205,"score":154,"percentile":206},"2025-11-21",0.33069,{"date":208,"score":154,"percentile":163},"2025-11-22",{"date":210,"score":154,"percentile":211},"2025-11-23",0.33041,{"date":213,"score":154,"percentile":214},"2025-11-24",0.33015,{"date":216,"score":154,"percentile":217},"2025-11-25",0.33013,{"date":219,"score":154,"percentile":220},"2025-11-26",0.33011,{"date":222,"score":154,"percentile":223},"2025-11-27",0.33019,{"date":225,"score":154,"percentile":226},"2025-11-28",0.32999,{"date":228,"score":154,"percentile":229},"2025-11-29",0.32984,{"date":231,"score":154,"percentile":232},"2025-11-30",0.32959,{"date":234,"score":154,"percentile":235},"2025-12-01",0.33051,{"date":237,"score":154,"percentile":238},"2025-12-02",0.3306,{"date":240,"score":154,"percentile":241},"2025-12-03",0.33058,{"date":243,"score":154,"percentile":244},"2025-12-04",0.32958,{"date":246,"score":154,"percentile":247},"2025-12-05",0.32989,{"date":249,"score":154,"percentile":250},"2025-12-06",0.32993,{"date":252,"score":154,"percentile":253},"2025-12-07",0.32971,{"date":255,"score":154,"percentile":256},"2025-12-08",0.32981,{"date":258,"score":154,"percentile":193},"2025-12-09",{"date":260,"score":154,"percentile":261},"2025-12-10",0.33088,{"date":263,"score":154,"percentile":264},"2025-12-11",0.33112,{"date":266,"score":154,"percentile":267},"2025-12-12",0.33144,{"date":269,"score":154,"percentile":270},"2025-12-13",0.33128,{"date":272,"score":154,"percentile":273},"2025-12-14",0.33103,{"date":275,"score":154,"percentile":276},"2025-12-15",0.33053,{"date":278,"score":154,"percentile":279},"2025-12-16",0.33077,{"date":281,"score":282,"percentile":283},"2025-12-17",0.00067,0.20954,{"date":285,"score":282,"percentile":286},"2025-12-18",0.21039,{"date":288,"score":282,"percentile":289},"2025-12-19",0.21057,{"date":291,"score":282,"percentile":286},"2025-12-20",{"date":293,"score":282,"percentile":294},"2025-12-21",0.20984,{"date":296,"score":282,"percentile":297},"2025-12-22",0.20953,{"date":299,"score":282,"percentile":300},"2025-12-23",0.20949,{"date":302,"score":282,"percentile":303},"2025-12-24",0.20974,{"date":305,"score":282,"percentile":306},"2025-12-25",0.2106,{"date":308,"score":282,"percentile":309},"2025-12-26",0.21055,{"date":311,"score":282,"percentile":312},"2025-12-27",0.21059,{"date":314,"score":282,"percentile":315},"2025-12-28",0.21017,{"date":317,"score":282,"percentile":318},"2025-12-29",0.2098,{"date":320,"score":282,"percentile":321},"2025-12-30",0.2096,{"date":323,"score":282,"percentile":324},"2025-12-31",0.21022,{"date":326,"score":282,"percentile":327},"2026-01-01",0.21112,{"date":329,"score":282,"percentile":330},"2026-01-02",0.21113,{"date":332,"score":282,"percentile":333},"2026-01-03",0.211,{"date":335,"score":282,"percentile":336},"2026-01-04",0.21006,{"date":338,"score":282,"percentile":339},"2026-01-05",0.20997,{"date":341,"score":282,"percentile":342},"2026-01-06",0.21008,{"date":344,"score":282,"percentile":345},"2026-01-07",0.21044,{"date":347,"score":282,"percentile":348},"2026-01-08",0.21094,{"date":350,"score":282,"percentile":351},"2026-01-09",0.21088,{"date":353,"score":282,"percentile":354},"2026-01-10",0.2107,{"date":356,"score":282,"percentile":357},"2026-01-11",0.21042,{"date":359,"score":282,"percentile":336},"2026-01-12",{"date":361,"score":282,"percentile":362},"2026-01-13",0.20985,{"date":364,"score":282,"percentile":345},"2026-01-14",{"date":366,"score":282,"percentile":367},"2026-01-15",0.21048,{"date":369,"score":282,"percentile":370},"2026-01-16",0.21077,{"date":372,"score":282,"percentile":373},"2026-01-17",0.21084,{"date":375,"score":282,"percentile":376},"2026-01-18",0.21036,{"date":378,"score":282,"percentile":379},"2026-01-19",0.20991,{"date":381,"score":282,"percentile":382},"2026-01-20",0.20971,{"date":384,"score":282,"percentile":385},"2026-01-21",0.2093,{"date":387,"score":282,"percentile":388},"2026-01-22",0.20908,{"date":390,"score":282,"percentile":391},"2026-01-23",0.21001,{"date":393,"score":282,"percentile":394},"2026-01-24",0.2102,{"date":396,"score":282,"percentile":397},"2026-01-25",0.20942,{"date":399,"score":282,"percentile":400},"2026-01-26",0.20835,{"date":402,"score":282,"percentile":403},"2026-01-27",0.20827,{"date":405,"score":282,"percentile":406},"2026-01-28",0.20826,{"date":408,"score":282,"percentile":409},"2026-01-29",0.20786,{"date":411,"score":282,"percentile":412},"2026-01-30",0.20789,{"date":414,"score":282,"percentile":415},"2026-01-31",0.20795,{"date":417,"score":282,"percentile":418},"2026-02-01",0.20825,[420,423,432],{"source":103,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":421},{"baseScore":101,"baseSeverity":422,"vectorString":104,"impactScore":9,"exploitabilityScore":9},"HIGH",{"source":109,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":424,"cvss_v4_0":429},{"baseScore":425,"baseSeverity":422,"vectorString":426,"impactScore":427,"exploitabilityScore":428},7.5,"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",6,10,{"baseScore":430,"baseSeverity":422,"vectorString":431,"impactScore":9,"exploitabilityScore":9},7.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",{"source":110,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":433,"cvss_v4_0":434},{"baseScore":425,"baseSeverity":9,"vectorString":426,"impactScore":427,"exploitabilityScore":428},{"baseScore":101,"baseSeverity":9,"vectorString":104,"impactScore":9,"exploitabilityScore":9},[436],{"ecosystem":437,"name":438,"vendor":437,"product":438,"cpe_part":9,"purl_type":439,"purl_namespace":9,"purl_name":438,"source":9,"versions":440},"Npm","cross-spawn","npm",[441,449],{"version":442,"is_range":443,"range_type":444,"version_start":445,"version_start_type":446,"version_end":447,"version_end_type":448,"fixed_in":9},"gte7_0_0_lt7_0_5",true,"semver","7.0.0","including","7.0.5","excluding",{"version":450,"is_range":443,"range_type":444,"version_start":9,"version_start_type":9,"version_end":451,"version_end_type":448,"fixed_in":9},"lt6_0_6","6.0.6"]