An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
{ "github_reviewed_at": "2022-06-03T22:26:33Z", "severity": "LOW", "cwe_ids": [ "CWE-1333" ], "github_reviewed": true, "nvd_published_at": "2022-06-02T14:15:00Z" }