Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[NEUTRAL] Update dependency fsevents to v1.2.11 #994

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

chore(deps): update dependency fsevents to v1.2.11

7aa54dc
Select commit
Loading
Failed to load commit list.
Open

[NEUTRAL] Update dependency fsevents to v1.2.11 #994

chore(deps): update dependency fsevents to v1.2.11
7aa54dc
Select commit
Loading
Failed to load commit list.
Mend for github.com / WhiteSource Security Check failed Nov 15, 2023 in 38m 13s

Security Report

You have successfully remediated 258 vulnerabilities, but introduced 102 new vulnerabilities in this branch.

❌ New vulnerabilities:

Partial results (42 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.


CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-37920

Path to dependency file: /python/spec/fixtures/projects/pipenv/missing-system-library/Pipfile

Path to vulnerable library: /python/spec/fixtures/projects/pipenv/missing-system-library/Pipfile

Dependency Hierarchy:

-> ❌ certifi-2021.5.30-py2.py3-none-any.whl (Vulnerable Library)

Critical 9.8 certifi-2021.5.30-py2.py3-none-any.whl Upgrade to version: certifi - 2023.7.22 None
CVE-2023-26136

Path to dependency file: /npm_and_yarn/spec/fixtures/projects/npm6_and_yarn/diverged_sub_dependency_missing_npm/package.json

Path to vulnerable library: /npm_and_yarn/spec/fixtures/projects/npm6_and_yarn/diverged_sub_dependency_missing_npm/package.json,/npm_and_yarn/helpers/package.json

Dependency Hierarchy:

-> npm-6.14.13.tgz (Root Library)

   -> request-2.88.0.tgz

     -> ❌ tough-cookie-2.4.3.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-2.4.3.tgz Upgrade to version: tough-cookie - 4.1.3 None
CVE-2023-26136

Path to dependency file: /npm_and_yarn/spec/fixtures/projects/yarn/lockfile_only_change/package.json

Path to vulnerable library: /npm_and_yarn/spec/fixtures/projects/yarn/lockfile_only_change/package.json

Dependency Hierarchy:

-> babel-cli-6.26.0.tgz (Root Library)

   -> chokidar-1.7.0.tgz

     -> fsevents-1.1.3.tgz

       -> node-pre-gyp-0.6.39.tgz

         -> request-2.81.0.tgz

           -> ❌ tough-cookie-2.3.3.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-2.3.3.tgz Upgrade to version: tough-cookie - 4.1.3 None
CVE-2023-26136

Path to dependency file: /npm_and_yarn/helpers/package.json

Path to vulnerable library: /npm_and_yarn/helpers/package.json

Dependency Hierarchy:

-> yarn-lib-1.21.1.tgz (Root Library)

   -> request-2.88.2.tgz

     -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-2.5.0.tgz Upgrade to version: tough-cookie - 4.1.3 None
CVE-2023-26136

Path to dependency file: /npm_and_yarn/spec/fixtures/projects/yarn/dist_tag/package.json

Path to vulnerable library: /npm_and_yarn/spec/fixtures/projects/yarn/dist_tag/package.json,/npm_and_yarn/spec/fixtures/projects/npm6_and_yarn/diverged_sub_dependency_missing_yarn/package.json

Dependency Hierarchy:

-> request-2.81.0.tgz (Root Library)

   -> ❌ tough-cookie-2.3.4.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-2.3.4.tgz Upgrade to version: tough-cookie - 4.1.3 None
CVE-2022-22817

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

Critical 9.8 Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: Pillow - 9.0.0 None
CVE-2022-21797

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ joblib-0.16.0-py3-none-any.whl (Vulnerable Library)

Critical 9.8 joblib-0.16.0-py3-none-any.whl Upgrade to version: joblib - 1.2.0 None
CVE-2021-34552

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

Critical 9.8 Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: Pillow-8.3.0 None
CVE-2021-25289

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

Critical 9.8 Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: 8.1.1 None
CVE-2018-20060

Path to dependency file: /python/spec/fixtures/projects/pipenv/missing-system-library/Pipfile

Path to vulnerable library: /python/spec/fixtures/projects/pipenv/missing-system-library/Pipfile

Dependency Hierarchy:

-> ❌ urllib3-1.21.1-py2.py3-none-any.whl (Vulnerable Library)

Critical 9.8 urllib3-1.21.1-py2.py3-none-any.whl Upgrade to version: 1.23 None
CVE-2014-9487

Dependency Hierarchy:

-> ❌ james-heinrich/getid3-v1.9.15 (Vulnerable Library)

Critical 9.8 james-heinrich/getid3-v1.9.15 Upgrade to version: v1.9.8 #153
CVE-2021-32798

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ notebook-6.0.3-py3-none-any.whl (Vulnerable Library)

Critical 9.6 notebook-6.0.3-py3-none-any.whl Upgrade to version: notebook - 5.7.11, 6.4.1 None
CVE-2023-46233

Path to dependency file: /npm_and_yarn/spec/fixtures/projects/npm7/git_sub_dep_invalid_from/package.json

Path to vulnerable library: /npm_and_yarn/spec/fixtures/projects/npm7/git_sub_dep_invalid_from/package.json,/npm_and_yarn/spec/fixtures/projects/npm6/git_sub_dep_invalid_from/package.json

Dependency Hierarchy:

-> web3-0.18.4.tgz (Root Library)

   -> ❌ crypto-js-3.1.8.tgz (Vulnerable Library)

Critical 9.1 crypto-js-3.1.8.tgz Upgrade to version: crypto-js - 4.2.0 None
CVE-2022-24303

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

Critical 9.1 Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: Pillow - 9.0.1 None
CVE-2021-25288

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

Critical 9.1 Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: Pillow - 8.2.0 None
CVE-2021-25287

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

Critical 9.1 Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: Pillow - 8.2.0 None
CVE-2023-45133

Path to dependency file: /npm_and_yarn/spec/fixtures/projects/yarn/lockfile_only_change/package.json

Path to vulnerable library: /npm_and_yarn/spec/fixtures/projects/yarn/lockfile_only_change/package.json

Dependency Hierarchy:

-> babel-core-6.26.0.tgz (Root Library)

   -> ❌ babel-traverse-6.26.0.tgz (Vulnerable Library)

High 8.8 babel-traverse-6.26.0.tgz Upgrade to version: @babel/traverse - 7.23.2 None
CVE-2022-24828

Dependency Hierarchy:

-> ❌ composer/composer-1.10.22 (Vulnerable Library)

High 8.8 composer/composer-1.10.22 Upgrade to version: 1.10.26,2.2.12,2.3.5 None
CVE-2022-21699

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ ipython-7.16.1-py3-none-any.whl (Vulnerable Library)

High 8.8 ipython-7.16.1-py3-none-any.whl Upgrade to version: ipython - 5.11,7.16.3,7.31.1,8.0.1 None
CVE-2020-35654

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

High 8.8 Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: 8.1.0 None
WS-2018-0028

Dependency Hierarchy:

-> illuminate/support-v5.2.45 (Root Library)

   -> ❌ paragonie/random_compat-v1.4.3 (Vulnerable Library)

High 8.6 paragonie/random_compat-v1.4.3 Upgrade to version: 2.0.0 #30
CVE-2023-43804

Path to dependency file: /python/spec/fixtures/projects/pipenv/missing-system-library/Pipfile

Path to vulnerable library: /python/spec/fixtures/projects/pipenv/missing-system-library/Pipfile

Dependency Hierarchy:

-> ❌ urllib3-1.21.1-py2.py3-none-any.whl (Vulnerable Library)

High 8.1 urllib3-1.21.1-py2.py3-none-any.whl Upgrade to version: urllib3 - 1.26.17,2.0.6 None
CVE-2022-31091

Dependency Hierarchy:

-> longman/telegram-bot-0.50.0 (Root Library)

   -> ❌ guzzlehttp/guzzle-6.3.0 (Vulnerable Library)

High 7.7 guzzlehttp/guzzle-6.3.0 Upgrade to version: 6.5.8,7.4.5 None
CVE-2022-31090

Dependency Hierarchy:

-> longman/telegram-bot-0.50.0 (Root Library)

   -> ❌ guzzlehttp/guzzle-6.3.0 (Vulnerable Library)

High 7.7 guzzlehttp/guzzle-6.3.0 Upgrade to version: 6.5.8,7.4.5 None
WS-2022-0161

Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/net40/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-8.0.3.19514.dll Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 #893
WS-2022-0161

Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/net20/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-8.0.3.19514.dll Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 #893
WS-2022-0161

Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/portable-net45+wp80+win8+wpa81+dnxcore50/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-8.0.3.19514.dll Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 #893
WS-2022-0161

Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/portable-net40+sl5+wp80+win8+wpa81/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-8.0.3.19514.dll Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 #893
WS-2022-0161

Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/net35/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-8.0.3.19514.dll Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 #893
WS-2022-0161

Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/net45/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-8.0.3.19514.dll Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 #893
WS-2022-0161

Path to dependency file: /nuget/spec/fixtures/packages_configs/packages.config

Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages.config,/nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/Newtonsoft.Json.8.0.3.nupkg

Dependency Hierarchy:

-> ❌ newtonsoft.json.8.0.3.nupkg (Vulnerable Library)

High 7.5 newtonsoft.json.8.0.3.nupkg Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 #893
WS-2022-0097

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

High 7.5 Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: Pillow - 9.0.0 None
CVE-2023-44271

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

High 7.5 Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: Pillow - 10.0.0 None
CVE-2023-29197

Dependency Hierarchy:

-> longman/telegram-bot-0.50.0 (Root Library)

   -> guzzlehttp/guzzle-6.3.0

     -> ❌ guzzlehttp/psr7-1.4.2 (Vulnerable Library)

High 7.5 guzzlehttp/psr7-1.4.2 Upgrade to version: 1.9.1,2.4.5 None
CVE-2022-45199

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

High 7.5 Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: Pillow - 9.3.0 None
CVE-2022-45198

Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt

Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt

Dependency Hierarchy:

-> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

High 7.5 Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: Pillow - 9.2.0 None
CVE-2022-32149

Path to dependency file: /go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.mod

Path to vulnerable library: /go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.mod

Dependency Hierarchy:

-> github.com/dependabot-fixtures/go-major-mismatch-v1.0.4 (Root Library)

   -> rsc.io/quote-v1.5.0

     -> rsc.io/sampler-v1.3.0

       -> ❌ golang.org/x/text-v0.0.0-20170915032832-14c0d48ead0c (Vulnerable Library)

High 7.5 golang.org/x/text-v0.0.0-20170915032832-14c0d48ead0c Upgrade to version: v0.3.8 #806
CVE-2022-31043

Dependency Hierarchy:

-> longman/telegram-bot-0.50.0 (Root Library)

   -> ❌ guzzlehttp/guzzle-6.3.0 (Vulnerable Library)

High 7.5 guzzlehttp/guzzle-6.3.0 Upgrade to version: 6.5.7,7.4.4 None
CVE-2022-31042

Dependency Hierarchy:

-> longman/telegram-bot-0.50.0 (Root Library)

   -> ❌ guzzlehttp/guzzle-6.3.0 (Vulnerable Library)

High 7.5 guzzlehttp/guzzle-6.3.0 Upgrade to version: 6.5.7,7.4.4 None
CVE-2022-27191

Path to dependency file: /go_modules/helpers/go.mod

Path to vulnerable library: /go_modules/helpers/go.mod

Dependency Hierarchy:

-> golang.org/x/mod-v0.4.2 (Root Library)

   -> ❌ golang.org/x/crypto-v0.0.0-20191011191535-87dc89f01550 (Vulnerable Library)

High 7.5 golang.org/x/crypto-v0.0.0-20191011191535-87dc89f01550 Upgrade to version: golang-golang-x-crypto-dev - 1:0.0git20220315.3147a52-1;golang-go.crypto-dev - 1:0.0git20220315.3147a52-1 None
CVE-2022-25883

Path to dependency file: /npm_and_yarn/helpers/package.json

Path to vulnerable library: /npm_and_yarn/helpers/package.json

Dependency Hierarchy:

-> yarn-lib-1.21.1.tgz (Root Library)

   -> ❌ semver-5.7.1.tgz (Vulnerable Library)

High 7.5 semver-5.7.1.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2022-25883

Path to dependency file: /npm_and_yarn/spec/fixtures/projects/npm7/git_dependency_local_file/package.json

Path to vulnerable library: /npm_and_yarn/spec/fixtures/projects/npm7/git_dependency_local_file/package.json,/npm_and_yarn/spec/fixtures/projects/npm6/git_dependency_local_file/package.json

Dependency Hierarchy:

-> @segment/analytics.js-integration-facebook-pixel-github:segmentio/analytics.js-integrations#3b1bb80b302c2e552685dc8a029797ec832ea7c9.tgz (Root Library)

   -> dateformat-1.0.12.tgz

     -> meow-3.7.0.tgz

       -> normalize-package-data-2.5.0.tgz

         -> ❌ semver-5.7.0.tgz (Vulnerable Library)

High 7.5 semver-5.7.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
WS-2019-0064 handlebars-4.0.5.tgz
CVE-2021-32640 ws-5.2.2.tgz
CVE-2016-10735 bootstrap-3.3.5.min.js
CVE-2022-1365 cross-fetch-2.2.2.tgz
CVE-2022-46175 json5-0.5.1.js
CVE-2019-1075 microsoft.aspnetcore.app.2.1.0.nupkg
CVE-2022-23540 jsonwebtoken-8.4.0.tgz
CVE-2022-41721 github.com/golang/net/http2-853a461950ffd0dac439017081f0f3bd9242bb17
CVE-2018-16487 lodash-4.17.5.tgz
CVE-2018-8292 microsoft.netcore.app.2.0.0.nupkg
CVE-2018-14040 bootstrap-3.3.4.min.js
CVE-2022-29248 guzzlehttp/guzzle-7.3.0
CVE-2015-9251 jquery-1.11.3.min.js
CVE-2019-10782 checkstyle-6.18.jar
CVE-2015-9251 jquery-1.7.1.min.js
CVE-2020-15168 node-fetch-2.3.0.tgz
CVE-2020-7608 yargs-parser-11.1.1.tgz
CVE-2020-7608 yargs-parser-8.1.0.tgz
CVE-2018-20677 bootstrap-3.3.5.min.js
CVE-2019-10744 lodash-4.17.11.min.js
CVE-2019-8331 bootstrap-3.3.4.min.js
WS-2018-0590 diff-1.0.8.tgz
WS-2022-0161 newtonsoft.json.10.0.2.nupkg
CVE-2017-1000487 plexus-utils-2.0.1.jar
WS-2019-0425 mocha-1.8.1.js
CVE-2019-10744 lodash-4.17.11.js
CVE-2021-23337 lodash-4.17.11.js
CVE-2018-8409 microsoft.aspnetcore.app.2.1.0.nupkg
CVE-2017-16894 laravel/framework-v5.5.28
CVE-2019-20920 handlebars-4.0.5.tgz
CVE-2014-0114 struts-core-1.3.5.jar
CVE-2021-38561 github.com/golang/text/internal/language-v0.3.6
CVE-2017-1000427 marked-0.3.6.tgz
WS-2020-0450 handlebars-4.1.2.tgz
WS-2020-0450 handlebars-4.0.10.tgz
CVE-2019-11358 jquery-2.1.4.min.js
CVE-2019-1010266 lodash-4.17.5.tgz
CVE-2020-11023 jquery-1.11.0.min.js
CVE-2019-19919 handlebars-4.1.2.tgz
CVE-2020-15366 ajv-6.10.0.tgz
CVE-2019-19919 handlebars-4.0.5.tgz
CVE-2020-7789 node-notifier-5.4.0.tgz
WS-2020-0144 laravel/framework-v5.5.28
CVE-2017-18077 brace-expansion-1.1.6.tgz
WS-2019-0027 marked-0.3.6.tgz
CVE-2020-11022 jquery-3.1.1.min.js
WS-2018-0347 eslint-3.15.0.tgz
WS-2019-0064 handlebars-4.0.10.tgz
CVE-2022-38751 snakeyaml-1.4.jar
CVE-2022-32149 github.com/golang/text/language-v0.3.6
CVE-2022-32149 github.com/golang/text/language-v0.3.7
CVE-2020-11023 jquery-3.1.1.min.js
CVE-2017-16137 debug-2.0.0.tgz
CVE-2020-28500 lodash-4.17.5.tgz
CVE-2015-9251 jquery-2.2.0.min.js
CVE-2021-23383 handlebars-4.0.10.tgz
CVE-2022-37598 uglify-js-3.5.8.tgz
CVE-2019-20922 handlebars-4.0.5.tgz
CVE-2022-23539 jsonwebtoken-8.4.0.tgz
WS-2019-0063 js-yaml-3.9.1.tgz
WS-2020-0042 acorn-6.1.1.js
CVE-2022-41854 snakeyaml-1.4.jar
WS-2016-0075 moment-2.5.1.min.js
CVE-2022-4245 plexus-utils-2.0.1.jar
CVE-2021-43138 async-2.5.0.tgz
CVE-2020-7608 yargs-parser-7.0.0.tgz
CVE-2017-20165 debug-2.6.8.tgz
CVE-2019-20920 handlebars-4.0.10.tgz
CVE-2017-15708 commons-collections-3.2.1.jar
CVE-2021-33623 trim-newlines-2.0.0.tgz
CVE-2020-15366 ajv-6.10.0.min.js
CVE-2019-11358 jquery-3.1.1.min.js
CVE-2020-15366 ajv-6.6.2.tgz
CVE-2022-31129 moment-2.20.1.js
CVE-2022-0235 node-fetch-2.1.2.tgz
CVE-2018-20677 bootstrap-3.3.4.min.js
CVE-2022-21681 marked-0.3.6.tgz
CVE-2016-1182 struts-core-1.3.5.jar
CVE-2018-14042 bootstrap-3.3.7.min.js
CVE-2019-0564 microsoft.aspnetcore.app.2.1.0.nupkg
CVE-2016-10540 minimatch-0.2.14.tgz
CVE-2021-37712 tar-4.4.8.tgz
CVE-2015-9251 jquery-1.11.0.min.js
WS-2022-0161 newtonsoft.json.10.0.3.nupkg
CVE-2021-3765 validator-9.3.0.tgz
CVE-2015-6420 commons-collections-3.2.1.jar
WS-2020-0127 npm-registry-fetch-3.8.0.tgz
CVE-2022-38752 snakeyaml-1.4.jar
CVE-2022-1471 snakeyaml-1.4.jar
CVE-2021-44716 github.com/golang/net/http2-853a461950ffd0dac439017081f0f3bd9242bb17
CVE-2015-9251 jquery-2.1.4.min.js
CVE-2020-11023 jquery-1.11.3.min.js
WS-2017-3757 content-type-parser-1.0.1.tgz
CVE-2020-11023 jquery-2.2.0.min.js
CVE-2020-0603 microsoft.aspnetcore.app.2.1.0.nupkg
CVE-2022-0235 node-fetch-2.3.0.tgz
CVE-2020-11023 jquery-2.2.4.min.js
CVE-2022-24785 moment-2.5.1.min.js
CVE-2018-20677 bootstrap-3.1.1.min.js
CVE-2021-23807 jsonpointer-4.1.0.tgz
CVE-2017-16024 sync-exec-0.6.2.tgz
CVE-2012-6708 jquery-1.7.1.min.js
CVE-2021-37713 tar-4.4.8.tgz
CVE-2019-20920 handlebars-4.1.2.tgz
CVE-2019-10744 lodash-4.17.5.tgz
CVE-2022-24775 guzzlehttp/psr7-2.0.0
CVE-2019-8331 bootstrap-3.3.5.min.js
CVE-2015-9251 jquery-1.9.0.min.js
WS-2016-7057 plexus-utils-2.0.1.jar
CVE-2018-1000210 yamldotnet.4.2.1.nupkg
CVE-2020-11023 jquery-3.3.1.min.js
CVE-2020-7661 url-regex-3.2.0.tgz
CVE-2017-18640 snakeyaml-1.4.jar
CVE-2018-20676 bootstrap-3.3.7.min.js
CVE-2021-23369 handlebars-4.0.10.tgz
CVE-2021-43138 async-2.6.2.tgz
WS-2021-0079 laravel/framework-v5.5.28
CVE-2018-14042 bootstrap-3.1.1.min.js
CVE-2020-19316 laravel/framework-v5.5.28
WS-2018-0628 marked-0.3.6.tgz
WS-2018-0590 diff-3.3.0.tgz
CVE-2018-14040 bootstrap-3.3.5.min.js
CVE-2020-11022 jquery-2.1.4.min.js
CVE-2020-11022 jquery-1.11.0.min.js
CVE-2015-4852 commons-collections-3.2.1.jar
CVE-2021-23425 trim-off-newlines-1.0.1.tgz
WS-2020-0208 highlight.js-9.9.0.tgz
WS-2020-0003 phpunit/phpunit-6.5.5
CVE-2019-11358 jquery-1.11.3.min.js
CVE-2022-36069 poetry_core-1.0.3-py2.py3-none-any.whl
WS-2020-0139 laravel/framework-v5.5.28
CVE-2017-15010 tough-cookie-2.3.2.tgz
CVE-2020-11023 jquery-2.1.4.min.js
CVE-2019-0820 system.text.regularexpressions.4.3.0.nupkg
CVE-2020-11022 jquery-1.9.0.min.js
CVE-2016-10735 bootstrap-3.3.7.min.js
CVE-2020-11022 jquery-2.2.0.min.js
CVE-2020-24941 laravel/framework-v5.5.28
CVE-2019-10744 lodash.template-4.4.0.tgz
CVE-2016-1181 struts-core-1.3.5.jar
CVE-2015-7501 commons-collections-3.2.1.jar
CVE-2021-38561 github.com/golang/text/language-v0.3.6
CVE-2020-4038 graphql-playground-html-1.6.6.tgz
CVE-2017-16032 brace-expansion-1.1.6.tgz
WS-2018-0607 microsoft.aspnetcore.app.2.1.0.nupkg
CVE-2019-10202 jackson-mapper-asl-1.6.1.jar
CVE-2015-8315 ms-0.6.2.tgz
CVE-2021-43138 async-2.6.3.tgz
CVE-2016-4055 moment-2.5.1.min.js
CVE-2020-11022 jquery-2.2.4.min.js
CVE-2022-4244 plexus-utils-2.0.1.jar
CVE-2022-3517 minimatch-0.2.14.tgz
CVE-2012-6708 jquery-1.3.2.min.js
CVE-2017-16042 growl-1.8.1.tgz
WS-2020-0042 acorn_loose.es-5.5.3.js
CVE-2021-3807 ansi-regex-4.0.0.tgz
CVE-2021-37701 tar-4.4.8.tgz
CVE-2022-24785 moment-2.20.1.js
CVE-2020-26160 github.com/dgrijalva/jwt-go-v3.2.1-0.20210628220118-008eba19055c+incompatible
CVE-2020-1147 microsoft.aspnetcore.app.2.1.0.nupkg
CVE-2021-23369 handlebars-4.1.2.tgz
CVE-2021-23369 handlebars-4.0.5.tgz
WS-2020-0042 acorn-6.0.4.tgz
CVE-2022-46175 json5-2.2.0.tgz
WS-2019-0025 marked-0.3.6.tgz
CVE-2020-11022 jquery-1.7.1.min.js
WS-2019-0063 js-yaml-3.12.0.tgz
CVE-2015-9251 jquery-1.3.2.min.js
CVE-2019-19919 handlebars-4.0.10.tgz
CVE-2021-27290 ssri-6.0.1.tgz
WS-2020-0042 acorn.es-5.5.3.js
CVE-2020-15168 node-fetch-2.1.2.tgz
CVE-2020-11022 jquery-3.4.1.min.js
CVE-2020-8116 dot-prop-3.0.0.tgz
CVE-2019-9658 checkstyle-6.18.jar
CVE-2022-23541 jsonwebtoken-8.4.0.tgz
CVE-2019-11358 jquery-2.2.0.min.js
CVE-2018-20677 bootstrap-3.3.7.min.js
CVE-2018-15133 laravel/framework-v5.5.28
CVE-2022-25857 snakeyaml-1.4.jar
CVE-2020-28499 merge-1.2.1.tgz
CVE-2018-8416 microsoft.netcore.app.2.0.0.nupkg
CVE-2020-1045 microsoft.aspnetcore.app.2.1.0.nupkg
CVE-2020-7789 node-notifier-5.3.0.tgz
CVE-2022-0144 shelljs-0.7.8.tgz
CVE-2020-8203 lodash-4.17.11.js
CVE-2018-14042 bootstrap-3.3.4.min.js
WS-2019-0425 mocha-1.21.5.tgz
WS-2016-7062 plexus-utils-2.0.1.jar
CVE-2019-8331 bootstrap-4.1.3.min.js
CVE-2020-13936 velocity-1.5.jar
CVE-2019-0548 microsoft.aspnetcore.app.2.1.0.nupkg
CVE-2019-8331 bootstrap-3.1.1.min.js
CVE-2020-11023 jquery-1.9.0.min.js
CVE-2016-10735 bootstrap-3.3.4.min.js
CVE-2023-28155 request-2.88.0.js
CVE-2015-0899 struts-core-1.3.5.jar
CVE-2018-8292 system.net.http.4.3.0.nupkg
CVE-2020-15241 typo3fluid/fluid-2.5.11
CVE-2021-23383 handlebars-4.1.2.tgz
CVE-2021-21263 laravel/framework-v5.5.28
WS-2019-0032 js-yaml-3.12.0.tgz
CVE-2021-23383 handlebars-4.0.5.tgz
CVE-2022-0144 shelljs-0.7.5.tgz
WS-2020-0042 acorn-5.5.3.tgz
CVE-2018-14042 bootstrap-3.3.5.min.js
CVE-2019-11358 jquery-2.2.4.min.js
CVE-2019-20922 handlebars-4.0.10.tgz
CVE-2020-11022 jquery-1.11.3.min.js
WS-2021-0013 laravel/framework-v5.5.28
CVE-2019-11358 jquery-3.3.1.min.js
CVE-2018-20676 bootstrap-3.3.5.min.js
CVE-2017-20165 debug-2.0.0.tgz
CVE-2022-38749 snakeyaml-1.4.jar
CVE-2019-13116 commons-collections-3.2.1.jar
CVE-2020-8203 lodash-4.17.5.tgz
WS-2018-0107 open-0.0.5.tgz
CVE-2017-18214 moment-2.5.1.min.js
WS-2019-0103 handlebars-4.0.10.tgz
CVE-2020-28500 lodash-4.17.11.js
CVE-2022-3517 minimatch-3.0.3.tgz
CVE-2018-14040 bootstrap-3.3.7.min.js
CVE-2017-16114 marked-0.3.6.tgz
CVE-2022-24999 qs-6.5.2.js
WS-2020-0163 marked-0.3.6.tgz
CVE-2020-0602 microsoft.aspnetcore.app.2.1.0.nupkg
WS-2019-0032 js-yaml-3.9.1.tgz
CVE-2020-4038 graphql-playground-middleware-express-1.7.8.tgz
CVE-2020-1108 microsoft.netcore.app.2.0.0.nupkg
WS-2018-0590 diff-1.4.0.tgz
WS-2020-0042 acorn-6.1.1.tgz
CVE-2020-11022 jquery-3.3.1.min.js
CVE-2018-14040 bootstrap-3.1.1.min.js
CVE-2022-21680 marked-0.3.6.tgz
CVE-2019-20922 handlebars-4.1.2.tgz
WS-2020-0450 handlebars-4.0.5.tgz
CVE-2019-8331 bootstrap-3.3.7.min.js
CVE-2021-23337 lodash-4.17.5.tgz
CVE-2020-7788 ini-1.3.4.tgz
CVE-2022-31129 moment-2.5.1.min.js
CVE-2017-16137 debug-2.6.8.tgz
WS-2020-0042 acorn-5.5.3.js
CVE-2022-38750 snakeyaml-1.4.jar
WS-2019-0425 mocha-2.2.5.js
WS-2019-0103 handlebars-4.0.5.tgz
WS-2020-0042 acorn_loose-5.5.3.js
CVE-2019-11358 jquery-1.11.0.min.js
CVE-2021-32804 tar-4.4.8.tgz
CVE-2018-20676 bootstrap-3.3.4.min.js
CVE-2018-8292 system.net.http.4.3.2.nupkg
CVE-2019-15657 eslint-utils-1.3.1.tgz
CVE-2023-45311 fsevents-1.2.8.tgz
CVE-2021-26701 system.text.encodings.web.4.4.0.nupkg
CVE-2015-9251 jquery-2.2.4.min.js
CVE-2021-32803 tar-4.4.8.tgz
WS-2019-0026 marked-0.3.6.tgz
MSC-2023-16594 fsevents-1.2.8.tgz
CVE-2019-1302 microsoft.aspnetcore.app.2.1.0.nupkg

Base branch total remaining vulnerabilities: 555
Base branch commit: null


Total libraries scanned: 2290

Scan token: 63ef15b1f7db491295ad50f556587c67

View more details on Mend for github.com