[NEUTRAL] Update dependency fsevents to v1.2.11 #994
Security Report
You have successfully remediated 258 vulnerabilities, but introduced 102 new vulnerabilities in this branch.
❌ New vulnerabilities:
Partial results (42 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2023-37920Path to dependency file: /python/spec/fixtures/projects/pipenv/missing-system-library/Pipfile Path to vulnerable library: /python/spec/fixtures/projects/pipenv/missing-system-library/Pipfile Dependency Hierarchy: -> ❌ certifi-2021.5.30-py2.py3-none-any.whl (Vulnerable Library) |
Critical | 9.8 | certifi-2021.5.30-py2.py3-none-any.whl | Upgrade to version: certifi - 2023.7.22 | None |
CVE-2023-26136Path to dependency file: /npm_and_yarn/spec/fixtures/projects/npm6_and_yarn/diverged_sub_dependency_missing_npm/package.json Path to vulnerable library: /npm_and_yarn/spec/fixtures/projects/npm6_and_yarn/diverged_sub_dependency_missing_npm/package.json,/npm_and_yarn/helpers/package.json Dependency Hierarchy: -> npm-6.14.13.tgz (Root Library) -> request-2.88.0.tgz -> ❌ tough-cookie-2.4.3.tgz (Vulnerable Library) |
Critical | 9.8 | tough-cookie-2.4.3.tgz | Upgrade to version: tough-cookie - 4.1.3 | None |
CVE-2023-26136Path to dependency file: /npm_and_yarn/spec/fixtures/projects/yarn/lockfile_only_change/package.json Path to vulnerable library: /npm_and_yarn/spec/fixtures/projects/yarn/lockfile_only_change/package.json Dependency Hierarchy: -> babel-cli-6.26.0.tgz (Root Library) -> chokidar-1.7.0.tgz -> fsevents-1.1.3.tgz -> node-pre-gyp-0.6.39.tgz -> request-2.81.0.tgz -> ❌ tough-cookie-2.3.3.tgz (Vulnerable Library) |
Critical | 9.8 | tough-cookie-2.3.3.tgz | Upgrade to version: tough-cookie - 4.1.3 | None |
CVE-2023-26136Path to dependency file: /npm_and_yarn/helpers/package.json Path to vulnerable library: /npm_and_yarn/helpers/package.json Dependency Hierarchy: -> yarn-lib-1.21.1.tgz (Root Library) -> request-2.88.2.tgz -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library) |
Critical | 9.8 | tough-cookie-2.5.0.tgz | Upgrade to version: tough-cookie - 4.1.3 | None |
CVE-2023-26136Path to dependency file: /npm_and_yarn/spec/fixtures/projects/yarn/dist_tag/package.json Path to vulnerable library: /npm_and_yarn/spec/fixtures/projects/yarn/dist_tag/package.json,/npm_and_yarn/spec/fixtures/projects/npm6_and_yarn/diverged_sub_dependency_missing_yarn/package.json Dependency Hierarchy: -> request-2.81.0.tgz (Root Library) -> ❌ tough-cookie-2.3.4.tgz (Vulnerable Library) |
Critical | 9.8 | tough-cookie-2.3.4.tgz | Upgrade to version: tough-cookie - 4.1.3 | None |
CVE-2022-22817Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library) |
Critical | 9.8 | Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl | Upgrade to version: Pillow - 9.0.0 | None |
CVE-2022-21797Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ joblib-0.16.0-py3-none-any.whl (Vulnerable Library) |
Critical | 9.8 | joblib-0.16.0-py3-none-any.whl | Upgrade to version: joblib - 1.2.0 | None |
CVE-2021-34552Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library) |
Critical | 9.8 | Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl | Upgrade to version: Pillow-8.3.0 | None |
CVE-2021-25289Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library) |
Critical | 9.8 | Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl | Upgrade to version: 8.1.1 | None |
CVE-2018-20060Path to dependency file: /python/spec/fixtures/projects/pipenv/missing-system-library/Pipfile Path to vulnerable library: /python/spec/fixtures/projects/pipenv/missing-system-library/Pipfile Dependency Hierarchy: -> ❌ urllib3-1.21.1-py2.py3-none-any.whl (Vulnerable Library) |
Critical | 9.8 | urllib3-1.21.1-py2.py3-none-any.whl | Upgrade to version: 1.23 | None |
Critical | 9.8 | james-heinrich/getid3-v1.9.15 | Upgrade to version: v1.9.8 | #153 | |
CVE-2021-32798Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ notebook-6.0.3-py3-none-any.whl (Vulnerable Library) |
Critical | 9.6 | notebook-6.0.3-py3-none-any.whl | Upgrade to version: notebook - 5.7.11, 6.4.1 | None |
CVE-2023-46233Path to dependency file: /npm_and_yarn/spec/fixtures/projects/npm7/git_sub_dep_invalid_from/package.json Path to vulnerable library: /npm_and_yarn/spec/fixtures/projects/npm7/git_sub_dep_invalid_from/package.json,/npm_and_yarn/spec/fixtures/projects/npm6/git_sub_dep_invalid_from/package.json Dependency Hierarchy: -> web3-0.18.4.tgz (Root Library) -> ❌ crypto-js-3.1.8.tgz (Vulnerable Library) |
Critical | 9.1 | crypto-js-3.1.8.tgz | Upgrade to version: crypto-js - 4.2.0 | None |
CVE-2022-24303Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library) |
Critical | 9.1 | Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl | Upgrade to version: Pillow - 9.0.1 | None |
CVE-2021-25288Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library) |
Critical | 9.1 | Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl | Upgrade to version: Pillow - 8.2.0 | None |
CVE-2021-25287Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library) |
Critical | 9.1 | Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl | Upgrade to version: Pillow - 8.2.0 | None |
CVE-2023-45133Path to dependency file: /npm_and_yarn/spec/fixtures/projects/yarn/lockfile_only_change/package.json Path to vulnerable library: /npm_and_yarn/spec/fixtures/projects/yarn/lockfile_only_change/package.json Dependency Hierarchy: -> babel-core-6.26.0.tgz (Root Library) -> ❌ babel-traverse-6.26.0.tgz (Vulnerable Library) |
High | 8.8 | babel-traverse-6.26.0.tgz | Upgrade to version: @babel/traverse - 7.23.2 | None |
High | 8.8 | composer/composer-1.10.22 | Upgrade to version: 1.10.26,2.2.12,2.3.5 | None | |
CVE-2022-21699Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ ipython-7.16.1-py3-none-any.whl (Vulnerable Library) |
High | 8.8 | ipython-7.16.1-py3-none-any.whl | Upgrade to version: ipython - 5.11,7.16.3,7.31.1,8.0.1 | None |
CVE-2020-35654Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library) |
High | 8.8 | Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl | Upgrade to version: 8.1.0 | None |
WS-2018-0028Dependency Hierarchy: -> illuminate/support-v5.2.45 (Root Library) -> ❌ paragonie/random_compat-v1.4.3 (Vulnerable Library) |
High | 8.6 | paragonie/random_compat-v1.4.3 | Upgrade to version: 2.0.0 | #30 |
CVE-2023-43804Path to dependency file: /python/spec/fixtures/projects/pipenv/missing-system-library/Pipfile Path to vulnerable library: /python/spec/fixtures/projects/pipenv/missing-system-library/Pipfile Dependency Hierarchy: -> ❌ urllib3-1.21.1-py2.py3-none-any.whl (Vulnerable Library) |
High | 8.1 | urllib3-1.21.1-py2.py3-none-any.whl | Upgrade to version: urllib3 - 1.26.17,2.0.6 | None |
CVE-2022-31091Dependency Hierarchy: -> longman/telegram-bot-0.50.0 (Root Library) -> ❌ guzzlehttp/guzzle-6.3.0 (Vulnerable Library) |
High | 7.7 | guzzlehttp/guzzle-6.3.0 | Upgrade to version: 6.5.8,7.4.5 | None |
CVE-2022-31090Dependency Hierarchy: -> longman/telegram-bot-0.50.0 (Root Library) -> ❌ guzzlehttp/guzzle-6.3.0 (Vulnerable Library) |
High | 7.7 | guzzlehttp/guzzle-6.3.0 | Upgrade to version: 6.5.8,7.4.5 | None |
WS-2022-0161Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/net40/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library) |
High | 7.5 | Newtonsoft.Json-8.0.3.19514.dll | Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 | #893 |
WS-2022-0161Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/net20/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library) |
High | 7.5 | Newtonsoft.Json-8.0.3.19514.dll | Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 | #893 |
WS-2022-0161Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/portable-net45+wp80+win8+wpa81+dnxcore50/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library) |
High | 7.5 | Newtonsoft.Json-8.0.3.19514.dll | Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 | #893 |
WS-2022-0161Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/portable-net40+sl5+wp80+win8+wpa81/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library) |
High | 7.5 | Newtonsoft.Json-8.0.3.19514.dll | Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 | #893 |
WS-2022-0161Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/net35/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library) |
High | 7.5 | Newtonsoft.Json-8.0.3.19514.dll | Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 | #893 |
WS-2022-0161Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/net45/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library) |
High | 7.5 | Newtonsoft.Json-8.0.3.19514.dll | Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 | #893 |
WS-2022-0161Path to dependency file: /nuget/spec/fixtures/packages_configs/packages.config Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages.config,/nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/Newtonsoft.Json.8.0.3.nupkg Dependency Hierarchy: -> ❌ newtonsoft.json.8.0.3.nupkg (Vulnerable Library) |
High | 7.5 | newtonsoft.json.8.0.3.nupkg | Upgrade to version: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0 | #893 |
WS-2022-0097Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library) |
High | 7.5 | Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl | Upgrade to version: Pillow - 9.0.0 | None |
CVE-2023-44271Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library) |
High | 7.5 | Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl | Upgrade to version: Pillow - 10.0.0 | None |
CVE-2023-29197Dependency Hierarchy: -> longman/telegram-bot-0.50.0 (Root Library) -> guzzlehttp/guzzle-6.3.0 -> ❌ guzzlehttp/psr7-1.4.2 (Vulnerable Library) |
High | 7.5 | guzzlehttp/psr7-1.4.2 | Upgrade to version: 1.9.1,2.4.5 | None |
CVE-2022-45199Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library) |
High | 7.5 | Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl | Upgrade to version: Pillow - 9.3.0 | None |
CVE-2022-45198Path to dependency file: /python/spec/fixtures/projects/unresolvable/requirements.txt Path to vulnerable library: /python/spec/fixtures/projects/unresolvable/requirements.txt Dependency Hierarchy: -> ❌ Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library) |
High | 7.5 | Pillow-7.2.0-cp37-cp37m-manylinux1_x86_64.whl | Upgrade to version: Pillow - 9.2.0 | None |
CVE-2022-32149Path to dependency file: /go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.mod Path to vulnerable library: /go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.mod Dependency Hierarchy: -> github.com/dependabot-fixtures/go-major-mismatch-v1.0.4 (Root Library) -> rsc.io/quote-v1.5.0 -> rsc.io/sampler-v1.3.0 -> ❌ golang.org/x/text-v0.0.0-20170915032832-14c0d48ead0c (Vulnerable Library) |
High | 7.5 | golang.org/x/text-v0.0.0-20170915032832-14c0d48ead0c | Upgrade to version: v0.3.8 | #806 |
CVE-2022-31043Dependency Hierarchy: -> longman/telegram-bot-0.50.0 (Root Library) -> ❌ guzzlehttp/guzzle-6.3.0 (Vulnerable Library) |
High | 7.5 | guzzlehttp/guzzle-6.3.0 | Upgrade to version: 6.5.7,7.4.4 | None |
CVE-2022-31042Dependency Hierarchy: -> longman/telegram-bot-0.50.0 (Root Library) -> ❌ guzzlehttp/guzzle-6.3.0 (Vulnerable Library) |
High | 7.5 | guzzlehttp/guzzle-6.3.0 | Upgrade to version: 6.5.7,7.4.4 | None |
CVE-2022-27191Path to dependency file: /go_modules/helpers/go.mod Path to vulnerable library: /go_modules/helpers/go.mod Dependency Hierarchy: -> golang.org/x/mod-v0.4.2 (Root Library) -> ❌ golang.org/x/crypto-v0.0.0-20191011191535-87dc89f01550 (Vulnerable Library) |
High | 7.5 | golang.org/x/crypto-v0.0.0-20191011191535-87dc89f01550 | Upgrade to version: golang-golang-x-crypto-dev - 1:0.0 |
None |
CVE-2022-25883Path to dependency file: /npm_and_yarn/helpers/package.json Path to vulnerable library: /npm_and_yarn/helpers/package.json Dependency Hierarchy: -> yarn-lib-1.21.1.tgz (Root Library) -> ❌ semver-5.7.1.tgz (Vulnerable Library) |
High | 7.5 | semver-5.7.1.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
CVE-2022-25883Path to dependency file: /npm_and_yarn/spec/fixtures/projects/npm7/git_dependency_local_file/package.json Path to vulnerable library: /npm_and_yarn/spec/fixtures/projects/npm7/git_dependency_local_file/package.json,/npm_and_yarn/spec/fixtures/projects/npm6/git_dependency_local_file/package.json Dependency Hierarchy: -> @segment/analytics.js-integration-facebook-pixel-github:segmentio/analytics.js-integrations#3b1bb80b302c2e552685dc8a029797ec832ea7c9.tgz (Root Library) -> dateformat-1.0.12.tgz -> meow-3.7.0.tgz -> normalize-package-data-2.5.0.tgz -> ❌ semver-5.7.0.tgz (Vulnerable Library) |
High | 7.5 | semver-5.7.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | None |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
WS-2019-0064 | handlebars-4.0.5.tgz |
CVE-2021-32640 | ws-5.2.2.tgz |
CVE-2016-10735 | bootstrap-3.3.5.min.js |
CVE-2022-1365 | cross-fetch-2.2.2.tgz |
CVE-2022-46175 | json5-0.5.1.js |
CVE-2019-1075 | microsoft.aspnetcore.app.2.1.0.nupkg |
CVE-2022-23540 | jsonwebtoken-8.4.0.tgz |
CVE-2022-41721 | github.com/golang/net/http2-853a461950ffd0dac439017081f0f3bd9242bb17 |
CVE-2018-16487 | lodash-4.17.5.tgz |
CVE-2018-8292 | microsoft.netcore.app.2.0.0.nupkg |
CVE-2018-14040 | bootstrap-3.3.4.min.js |
CVE-2022-29248 | guzzlehttp/guzzle-7.3.0 |
CVE-2015-9251 | jquery-1.11.3.min.js |
CVE-2019-10782 | checkstyle-6.18.jar |
CVE-2015-9251 | jquery-1.7.1.min.js |
CVE-2020-15168 | node-fetch-2.3.0.tgz |
CVE-2020-7608 | yargs-parser-11.1.1.tgz |
CVE-2020-7608 | yargs-parser-8.1.0.tgz |
CVE-2018-20677 | bootstrap-3.3.5.min.js |
CVE-2019-10744 | lodash-4.17.11.min.js |
CVE-2019-8331 | bootstrap-3.3.4.min.js |
WS-2018-0590 | diff-1.0.8.tgz |
WS-2022-0161 | newtonsoft.json.10.0.2.nupkg |
CVE-2017-1000487 | plexus-utils-2.0.1.jar |
WS-2019-0425 | mocha-1.8.1.js |
CVE-2019-10744 | lodash-4.17.11.js |
CVE-2021-23337 | lodash-4.17.11.js |
CVE-2018-8409 | microsoft.aspnetcore.app.2.1.0.nupkg |
CVE-2017-16894 | laravel/framework-v5.5.28 |
CVE-2019-20920 | handlebars-4.0.5.tgz |
CVE-2014-0114 | struts-core-1.3.5.jar |
CVE-2021-38561 | github.com/golang/text/internal/language-v0.3.6 |
CVE-2017-1000427 | marked-0.3.6.tgz |
WS-2020-0450 | handlebars-4.1.2.tgz |
WS-2020-0450 | handlebars-4.0.10.tgz |
CVE-2019-11358 | jquery-2.1.4.min.js |
CVE-2019-1010266 | lodash-4.17.5.tgz |
CVE-2020-11023 | jquery-1.11.0.min.js |
CVE-2019-19919 | handlebars-4.1.2.tgz |
CVE-2020-15366 | ajv-6.10.0.tgz |
CVE-2019-19919 | handlebars-4.0.5.tgz |
CVE-2020-7789 | node-notifier-5.4.0.tgz |
WS-2020-0144 | laravel/framework-v5.5.28 |
CVE-2017-18077 | brace-expansion-1.1.6.tgz |
WS-2019-0027 | marked-0.3.6.tgz |
CVE-2020-11022 | jquery-3.1.1.min.js |
WS-2018-0347 | eslint-3.15.0.tgz |
WS-2019-0064 | handlebars-4.0.10.tgz |
CVE-2022-38751 | snakeyaml-1.4.jar |
CVE-2022-32149 | github.com/golang/text/language-v0.3.6 |
CVE-2022-32149 | github.com/golang/text/language-v0.3.7 |
CVE-2020-11023 | jquery-3.1.1.min.js |
CVE-2017-16137 | debug-2.0.0.tgz |
CVE-2020-28500 | lodash-4.17.5.tgz |
CVE-2015-9251 | jquery-2.2.0.min.js |
CVE-2021-23383 | handlebars-4.0.10.tgz |
CVE-2022-37598 | uglify-js-3.5.8.tgz |
CVE-2019-20922 | handlebars-4.0.5.tgz |
CVE-2022-23539 | jsonwebtoken-8.4.0.tgz |
WS-2019-0063 | js-yaml-3.9.1.tgz |
WS-2020-0042 | acorn-6.1.1.js |
CVE-2022-41854 | snakeyaml-1.4.jar |
WS-2016-0075 | moment-2.5.1.min.js |
CVE-2022-4245 | plexus-utils-2.0.1.jar |
CVE-2021-43138 | async-2.5.0.tgz |
CVE-2020-7608 | yargs-parser-7.0.0.tgz |
CVE-2017-20165 | debug-2.6.8.tgz |
CVE-2019-20920 | handlebars-4.0.10.tgz |
CVE-2017-15708 | commons-collections-3.2.1.jar |
CVE-2021-33623 | trim-newlines-2.0.0.tgz |
CVE-2020-15366 | ajv-6.10.0.min.js |
CVE-2019-11358 | jquery-3.1.1.min.js |
CVE-2020-15366 | ajv-6.6.2.tgz |
CVE-2022-31129 | moment-2.20.1.js |
CVE-2022-0235 | node-fetch-2.1.2.tgz |
CVE-2018-20677 | bootstrap-3.3.4.min.js |
CVE-2022-21681 | marked-0.3.6.tgz |
CVE-2016-1182 | struts-core-1.3.5.jar |
CVE-2018-14042 | bootstrap-3.3.7.min.js |
CVE-2019-0564 | microsoft.aspnetcore.app.2.1.0.nupkg |
CVE-2016-10540 | minimatch-0.2.14.tgz |
CVE-2021-37712 | tar-4.4.8.tgz |
CVE-2015-9251 | jquery-1.11.0.min.js |
WS-2022-0161 | newtonsoft.json.10.0.3.nupkg |
CVE-2021-3765 | validator-9.3.0.tgz |
CVE-2015-6420 | commons-collections-3.2.1.jar |
WS-2020-0127 | npm-registry-fetch-3.8.0.tgz |
CVE-2022-38752 | snakeyaml-1.4.jar |
CVE-2022-1471 | snakeyaml-1.4.jar |
CVE-2021-44716 | github.com/golang/net/http2-853a461950ffd0dac439017081f0f3bd9242bb17 |
CVE-2015-9251 | jquery-2.1.4.min.js |
CVE-2020-11023 | jquery-1.11.3.min.js |
WS-2017-3757 | content-type-parser-1.0.1.tgz |
CVE-2020-11023 | jquery-2.2.0.min.js |
CVE-2020-0603 | microsoft.aspnetcore.app.2.1.0.nupkg |
CVE-2022-0235 | node-fetch-2.3.0.tgz |
CVE-2020-11023 | jquery-2.2.4.min.js |
CVE-2022-24785 | moment-2.5.1.min.js |
CVE-2018-20677 | bootstrap-3.1.1.min.js |
CVE-2021-23807 | jsonpointer-4.1.0.tgz |
CVE-2017-16024 | sync-exec-0.6.2.tgz |
CVE-2012-6708 | jquery-1.7.1.min.js |
CVE-2021-37713 | tar-4.4.8.tgz |
CVE-2019-20920 | handlebars-4.1.2.tgz |
CVE-2019-10744 | lodash-4.17.5.tgz |
CVE-2022-24775 | guzzlehttp/psr7-2.0.0 |
CVE-2019-8331 | bootstrap-3.3.5.min.js |
CVE-2015-9251 | jquery-1.9.0.min.js |
WS-2016-7057 | plexus-utils-2.0.1.jar |
CVE-2018-1000210 | yamldotnet.4.2.1.nupkg |
CVE-2020-11023 | jquery-3.3.1.min.js |
CVE-2020-7661 | url-regex-3.2.0.tgz |
CVE-2017-18640 | snakeyaml-1.4.jar |
CVE-2018-20676 | bootstrap-3.3.7.min.js |
CVE-2021-23369 | handlebars-4.0.10.tgz |
CVE-2021-43138 | async-2.6.2.tgz |
WS-2021-0079 | laravel/framework-v5.5.28 |
CVE-2018-14042 | bootstrap-3.1.1.min.js |
CVE-2020-19316 | laravel/framework-v5.5.28 |
WS-2018-0628 | marked-0.3.6.tgz |
WS-2018-0590 | diff-3.3.0.tgz |
CVE-2018-14040 | bootstrap-3.3.5.min.js |
CVE-2020-11022 | jquery-2.1.4.min.js |
CVE-2020-11022 | jquery-1.11.0.min.js |
CVE-2015-4852 | commons-collections-3.2.1.jar |
CVE-2021-23425 | trim-off-newlines-1.0.1.tgz |
WS-2020-0208 | highlight.js-9.9.0.tgz |
WS-2020-0003 | phpunit/phpunit-6.5.5 |
CVE-2019-11358 | jquery-1.11.3.min.js |
CVE-2022-36069 | poetry_core-1.0.3-py2.py3-none-any.whl |
WS-2020-0139 | laravel/framework-v5.5.28 |
CVE-2017-15010 | tough-cookie-2.3.2.tgz |
CVE-2020-11023 | jquery-2.1.4.min.js |
CVE-2019-0820 | system.text.regularexpressions.4.3.0.nupkg |
CVE-2020-11022 | jquery-1.9.0.min.js |
CVE-2016-10735 | bootstrap-3.3.7.min.js |
CVE-2020-11022 | jquery-2.2.0.min.js |
CVE-2020-24941 | laravel/framework-v5.5.28 |
CVE-2019-10744 | lodash.template-4.4.0.tgz |
CVE-2016-1181 | struts-core-1.3.5.jar |
CVE-2015-7501 | commons-collections-3.2.1.jar |
CVE-2021-38561 | github.com/golang/text/language-v0.3.6 |
CVE-2020-4038 | graphql-playground-html-1.6.6.tgz |
CVE-2017-16032 | brace-expansion-1.1.6.tgz |
WS-2018-0607 | microsoft.aspnetcore.app.2.1.0.nupkg |
CVE-2019-10202 | jackson-mapper-asl-1.6.1.jar |
CVE-2015-8315 | ms-0.6.2.tgz |
CVE-2021-43138 | async-2.6.3.tgz |
CVE-2016-4055 | moment-2.5.1.min.js |
CVE-2020-11022 | jquery-2.2.4.min.js |
CVE-2022-4244 | plexus-utils-2.0.1.jar |
CVE-2022-3517 | minimatch-0.2.14.tgz |
CVE-2012-6708 | jquery-1.3.2.min.js |
CVE-2017-16042 | growl-1.8.1.tgz |
WS-2020-0042 | acorn_loose.es-5.5.3.js |
CVE-2021-3807 | ansi-regex-4.0.0.tgz |
CVE-2021-37701 | tar-4.4.8.tgz |
CVE-2022-24785 | moment-2.20.1.js |
CVE-2020-26160 | github.com/dgrijalva/jwt-go-v3.2.1-0.20210628220118-008eba19055c+incompatible |
CVE-2020-1147 | microsoft.aspnetcore.app.2.1.0.nupkg |
CVE-2021-23369 | handlebars-4.1.2.tgz |
CVE-2021-23369 | handlebars-4.0.5.tgz |
WS-2020-0042 | acorn-6.0.4.tgz |
CVE-2022-46175 | json5-2.2.0.tgz |
WS-2019-0025 | marked-0.3.6.tgz |
CVE-2020-11022 | jquery-1.7.1.min.js |
WS-2019-0063 | js-yaml-3.12.0.tgz |
CVE-2015-9251 | jquery-1.3.2.min.js |
CVE-2019-19919 | handlebars-4.0.10.tgz |
CVE-2021-27290 | ssri-6.0.1.tgz |
WS-2020-0042 | acorn.es-5.5.3.js |
CVE-2020-15168 | node-fetch-2.1.2.tgz |
CVE-2020-11022 | jquery-3.4.1.min.js |
CVE-2020-8116 | dot-prop-3.0.0.tgz |
CVE-2019-9658 | checkstyle-6.18.jar |
CVE-2022-23541 | jsonwebtoken-8.4.0.tgz |
CVE-2019-11358 | jquery-2.2.0.min.js |
CVE-2018-20677 | bootstrap-3.3.7.min.js |
CVE-2018-15133 | laravel/framework-v5.5.28 |
CVE-2022-25857 | snakeyaml-1.4.jar |
CVE-2020-28499 | merge-1.2.1.tgz |
CVE-2018-8416 | microsoft.netcore.app.2.0.0.nupkg |
CVE-2020-1045 | microsoft.aspnetcore.app.2.1.0.nupkg |
CVE-2020-7789 | node-notifier-5.3.0.tgz |
CVE-2022-0144 | shelljs-0.7.8.tgz |
CVE-2020-8203 | lodash-4.17.11.js |
CVE-2018-14042 | bootstrap-3.3.4.min.js |
WS-2019-0425 | mocha-1.21.5.tgz |
WS-2016-7062 | plexus-utils-2.0.1.jar |
CVE-2019-8331 | bootstrap-4.1.3.min.js |
CVE-2020-13936 | velocity-1.5.jar |
CVE-2019-0548 | microsoft.aspnetcore.app.2.1.0.nupkg |
CVE-2019-8331 | bootstrap-3.1.1.min.js |
CVE-2020-11023 | jquery-1.9.0.min.js |
CVE-2016-10735 | bootstrap-3.3.4.min.js |
CVE-2023-28155 | request-2.88.0.js |
CVE-2015-0899 | struts-core-1.3.5.jar |
CVE-2018-8292 | system.net.http.4.3.0.nupkg |
CVE-2020-15241 | typo3fluid/fluid-2.5.11 |
CVE-2021-23383 | handlebars-4.1.2.tgz |
CVE-2021-21263 | laravel/framework-v5.5.28 |
WS-2019-0032 | js-yaml-3.12.0.tgz |
CVE-2021-23383 | handlebars-4.0.5.tgz |
CVE-2022-0144 | shelljs-0.7.5.tgz |
WS-2020-0042 | acorn-5.5.3.tgz |
CVE-2018-14042 | bootstrap-3.3.5.min.js |
CVE-2019-11358 | jquery-2.2.4.min.js |
CVE-2019-20922 | handlebars-4.0.10.tgz |
CVE-2020-11022 | jquery-1.11.3.min.js |
WS-2021-0013 | laravel/framework-v5.5.28 |
CVE-2019-11358 | jquery-3.3.1.min.js |
CVE-2018-20676 | bootstrap-3.3.5.min.js |
CVE-2017-20165 | debug-2.0.0.tgz |
CVE-2022-38749 | snakeyaml-1.4.jar |
CVE-2019-13116 | commons-collections-3.2.1.jar |
CVE-2020-8203 | lodash-4.17.5.tgz |
WS-2018-0107 | open-0.0.5.tgz |
CVE-2017-18214 | moment-2.5.1.min.js |
WS-2019-0103 | handlebars-4.0.10.tgz |
CVE-2020-28500 | lodash-4.17.11.js |
CVE-2022-3517 | minimatch-3.0.3.tgz |
CVE-2018-14040 | bootstrap-3.3.7.min.js |
CVE-2017-16114 | marked-0.3.6.tgz |
CVE-2022-24999 | qs-6.5.2.js |
WS-2020-0163 | marked-0.3.6.tgz |
CVE-2020-0602 | microsoft.aspnetcore.app.2.1.0.nupkg |
WS-2019-0032 | js-yaml-3.9.1.tgz |
CVE-2020-4038 | graphql-playground-middleware-express-1.7.8.tgz |
CVE-2020-1108 | microsoft.netcore.app.2.0.0.nupkg |
WS-2018-0590 | diff-1.4.0.tgz |
WS-2020-0042 | acorn-6.1.1.tgz |
CVE-2020-11022 | jquery-3.3.1.min.js |
CVE-2018-14040 | bootstrap-3.1.1.min.js |
CVE-2022-21680 | marked-0.3.6.tgz |
CVE-2019-20922 | handlebars-4.1.2.tgz |
WS-2020-0450 | handlebars-4.0.5.tgz |
CVE-2019-8331 | bootstrap-3.3.7.min.js |
CVE-2021-23337 | lodash-4.17.5.tgz |
CVE-2020-7788 | ini-1.3.4.tgz |
CVE-2022-31129 | moment-2.5.1.min.js |
CVE-2017-16137 | debug-2.6.8.tgz |
WS-2020-0042 | acorn-5.5.3.js |
CVE-2022-38750 | snakeyaml-1.4.jar |
WS-2019-0425 | mocha-2.2.5.js |
WS-2019-0103 | handlebars-4.0.5.tgz |
WS-2020-0042 | acorn_loose-5.5.3.js |
CVE-2019-11358 | jquery-1.11.0.min.js |
CVE-2021-32804 | tar-4.4.8.tgz |
CVE-2018-20676 | bootstrap-3.3.4.min.js |
CVE-2018-8292 | system.net.http.4.3.2.nupkg |
CVE-2019-15657 | eslint-utils-1.3.1.tgz |
CVE-2023-45311 | fsevents-1.2.8.tgz |
CVE-2021-26701 | system.text.encodings.web.4.4.0.nupkg |
CVE-2015-9251 | jquery-2.2.4.min.js |
CVE-2021-32803 | tar-4.4.8.tgz |
WS-2019-0026 | marked-0.3.6.tgz |
MSC-2023-16594 | fsevents-1.2.8.tgz |
CVE-2019-1302 | microsoft.aspnetcore.app.2.1.0.nupkg |
Base branch total remaining vulnerabilities: 555
Base branch commit: null
Total libraries scanned: 2290
Scan token: 63ef15b1f7db491295ad50f556587c67