Skip to content

Merge pull request #17 from luzixiao/whitesource-remediate/victory-36.x

Mend for GitHub.com / Mend Security Check failed Mar 7, 2024 in 9m 10s

Security Report

The Security Check found 381 vulnerabilities.

Partial results (91 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.


CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
WS-2020-0344

Dependency Hierarchy:

-> eslint-4.1.0.tgz (Root Library)

   -> ❌ is-my-json-valid-2.19.0.tgz (Vulnerable Library)

Critical 9.8 is-my-json-valid-2.19.0.tgz Upgrade to version: is-my-json-valid - 2.20.3 #35
MSC-2023-16606

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> ❌ fsevents-1.1.2.tgz (Vulnerable Library)

Critical 9.8 fsevents-1.1.2.tgz #40
MSC-2023-16604

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> webpack-dev-server-2.9.4.tgz

     -> chokidar-1.7.0.tgz

       -> ❌ fsevents-1.1.3.tgz (Vulnerable Library)

Critical 9.8 fsevents-1.1.3.tgz #40
CVE-2023-45311

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> webpack-dev-server-2.9.4.tgz

     -> chokidar-1.7.0.tgz

       -> ❌ fsevents-1.1.3.tgz (Vulnerable Library)

Critical 9.8 fsevents-1.1.3.tgz Upgrade to version: fsevents - 1.2.11 #40
CVE-2023-45311

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> ❌ fsevents-1.1.2.tgz (Vulnerable Library)

Critical 9.8 fsevents-1.1.2.tgz Upgrade to version: fsevents - 1.2.11 #40
CVE-2023-42282

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> webpack-dev-server-2.9.4.tgz

     -> ❌ ip-1.1.5.tgz (Vulnerable Library)

Critical 9.8 ip-1.1.5.tgz Upgrade to version: ip - 2.0.0 #40
CVE-2023-28154

Dependency Hierarchy:

-> ❌ webpack-5.74.0.tgz (Vulnerable Library)

Critical 9.8 webpack-5.74.0.tgz Upgrade to version: webpack - 5.76.0 #61
CVE-2023-26136

Dependency Hierarchy:

-> nodegit-0.18.3.tgz (Root Library)

   -> node-pre-gyp-0.6.36.tgz

     -> request-2.81.0.tgz

       -> ❌ tough-cookie-2.3.2.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-2.3.2.tgz Upgrade to version: tough-cookie - 4.1.3 #70
CVE-2023-26136

Dependency Hierarchy:

-> react-scripts-3.4.1.tgz (Root Library)

   -> jest-environment-jsdom-fourteen-1.0.1.tgz

     -> jsdom-14.1.0.tgz

       -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-2.5.0.tgz Upgrade to version: tough-cookie - 4.1.3 #59
CVE-2023-26136

Dependency Hierarchy:

-> jest-27.5.1.tgz (Root Library)

   -> core-27.5.1.tgz

     -> jest-config-27.5.1.tgz

       -> jest-environment-jsdom-27.5.1.tgz

         -> jsdom-16.7.0.tgz

           -> ❌ tough-cookie-4.0.0.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-4.0.0.tgz Upgrade to version: tough-cookie - 4.1.3 #51
CVE-2023-26136

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> sign-addon-2.0.5.tgz

       -> request-2.88.0.tgz

         -> ❌ tough-cookie-2.4.3.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-2.4.3.tgz Upgrade to version: tough-cookie - 4.1.3 #42
CVE-2023-26136

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> fsevents-1.1.2.tgz

     -> node-pre-gyp-0.6.39.tgz

       -> request-2.81.0.tgz

         -> ❌ tough-cookie-2.3.3.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-2.3.3.tgz Upgrade to version: tough-cookie - 4.1.3 #40
CVE-2023-23623

Dependency Hierarchy:

-> react-devtools-5.0.2.tgz (Root Library)

   -> ❌ electron-23.1.2.tgz (Vulnerable Library)

Critical 9.8 electron-23.1.2.tgz Upgrade to version: electron - 22.3.6, 23.2.3, 24.1.0 #33
CVE-2022-37601

Dependency Hierarchy:

-> react-scripts-3.4.1.tgz (Root Library)

   -> react-dev-utils-10.2.1.tgz

     -> ❌ loader-utils-1.2.3.tgz (Vulnerable Library)

Critical 9.8 loader-utils-1.2.3.tgz Upgrade to version: loader-utils - 1.4.1,2.0.3 #59
CVE-2022-37601

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> html-webpack-plugin-2.29.0.tgz

     -> ❌ loader-utils-0.2.17.tgz (Vulnerable Library)

Critical 9.8 loader-utils-0.2.17.tgz Upgrade to version: loader-utils - 1.4.1,2.0.3 #40
CVE-2022-37601

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> babel-loader-7.1.2.tgz

     -> ❌ loader-utils-1.1.0.tgz (Vulnerable Library)

Critical 9.8 loader-utils-1.1.0.tgz Upgrade to version: loader-utils - 1.4.1,2.0.3 #40
CVE-2022-37601

Dependency Hierarchy:

-> babel-loader-8.1.0.tgz (Root Library)

   -> ❌ loader-utils-1.4.0.tgz (Vulnerable Library)

Critical 9.8 loader-utils-1.4.0.tgz Upgrade to version: loader-utils - 1.4.1,2.0.3 #27
CVE-2022-37598

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> jest-20.0.4.tgz

     -> jest-cli-20.0.4.tgz

       -> istanbul-api-1.2.1.tgz

         -> istanbul-reports-1.1.3.tgz

           -> handlebars-4.5.3.tgz

             -> ❌ uglify-js-3.7.3.tgz (Vulnerable Library)

Critical 9.8 uglify-js-3.7.3.tgz Upgrade to version: uglify-js - 3.13.10 #40
CVE-2022-37598

Dependency Hierarchy:

-> react-scripts-1.1.5.tgz (Root Library)

   -> sw-precache-webpack-plugin-0.11.4.tgz

     -> ❌ uglify-js-3.13.5.tgz (Vulnerable Library)

Critical 9.8 uglify-js-3.13.5.tgz Upgrade to version: uglify-js - 3.13.10 #28
CVE-2022-37598

Dependency Hierarchy:

-> react-scripts-1.1.5.tgz (Root Library)

   -> html-webpack-plugin-2.29.0.tgz

     -> html-minifier-3.5.21.tgz

       -> ❌ uglify-js-3.4.10.tgz (Vulnerable Library)

Critical 9.8 uglify-js-3.4.10.tgz Upgrade to version: uglify-js - 3.13.10 #28
CVE-2022-0691

Dependency Hierarchy:

-> react-scripts-1.0.11.tgz (Root Library)

   -> webpack-dev-server-2.7.1.tgz

     -> sockjs-client-1.1.4.tgz

       -> ❌ url-parse-1.1.9.tgz (Vulnerable Library)

Critical 9.8 url-parse-1.1.9.tgz Upgrade to version: url-parse - 1.5.9 #64
CVE-2022-0691

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> react-dev-utils-4.2.1.tgz

     -> sockjs-client-1.1.4.tgz

       -> ❌ url-parse-1.2.0.tgz (Vulnerable Library)

Critical 9.8 url-parse-1.2.0.tgz Upgrade to version: url-parse - 1.5.9 #40
CVE-2022-0691

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> react-dev-utils-4.2.1.tgz

     -> sockjs-client-1.1.4.tgz

       -> eventsource-0.1.6.tgz

         -> original-1.0.0.tgz

           -> ❌ url-parse-1.0.5.tgz (Vulnerable Library)

Critical 9.8 url-parse-1.0.5.tgz Upgrade to version: url-parse - 1.5.9 #40
CVE-2022-0691

Dependency Hierarchy:

-> react-scripts-1.1.5.tgz (Root Library)

   -> webpack-dev-server-2.11.3.tgz

     -> sockjs-client-1.1.5.tgz

       -> ❌ url-parse-1.5.1.tgz (Vulnerable Library)

Critical 9.8 url-parse-1.5.1.tgz Upgrade to version: url-parse - 1.5.9 #28
CVE-2021-44906

Dependency Hierarchy:

-> ❌ minimist-1.2.5.tgz (Vulnerable Library)

Critical 9.8 minimist-1.2.5.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #71
CVE-2021-44906

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> jest-20.0.4.tgz

     -> jest-cli-20.0.4.tgz

       -> istanbul-api-1.2.1.tgz

         -> istanbul-reports-1.1.3.tgz

           -> handlebars-4.5.3.tgz

             -> optimist-0.6.1.tgz

               -> ❌ minimist-0.0.10.tgz (Vulnerable Library)

Critical 9.8 minimist-0.0.10.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #40
CVE-2021-44906

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> sw-precache-webpack-plugin-0.11.4.tgz

     -> sw-precache-5.2.0.tgz

       -> meow-3.7.0.tgz

         -> ❌ minimist-1.2.0.tgz (Vulnerable Library)

Critical 9.8 minimist-1.2.0.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #40
CVE-2021-44906

Dependency Hierarchy:

-> react-devtools-5.0.2.tgz (Root Library)

   -> ❌ minimist-1.2.3.tgz (Vulnerable Library)

Critical 9.8 minimist-1.2.3.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #33
CVE-2021-44906

Dependency Hierarchy:

-> lighthouse-3.2.1.tgz (Root Library)

   -> mkdirp-0.5.1.tgz

     -> ❌ minimist-0.0.8.tgz (Vulnerable Library)

Critical 9.8 minimist-0.0.8.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #31
CVE-2021-4279

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> addons-linter-1.26.0.tgz

       -> ajv-merge-patch-4.1.0.tgz

         -> ❌ fast-json-patch-2.2.1.tgz (Vulnerable Library)

Critical 9.8 fast-json-patch-2.2.1.tgz Upgrade to version: fast-json-patch - 3.1.1 #42
CVE-2021-42740

Dependency Hierarchy:

-> react-scripts-3.4.1.tgz (Root Library)

   -> react-dev-utils-10.2.1.tgz

     -> ❌ shell-quote-1.7.2.tgz (Vulnerable Library)

Critical 9.8 shell-quote-1.7.2.tgz Upgrade to version: shell-quote - 1.7.3 #59
CVE-2021-42740

Dependency Hierarchy:

-> react-devtools-core-5.0.2.tgz (Root Library)

   -> ❌ shell-quote-1.7.1.tgz (Vulnerable Library)

Critical 9.8 shell-quote-1.7.1.tgz Upgrade to version: shell-quote - 1.7.3 #41
CVE-2021-42740

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> react-dev-utils-4.2.1.tgz

     -> ❌ shell-quote-1.6.1.tgz (Vulnerable Library)

Critical 9.8 shell-quote-1.6.1.tgz Upgrade to version: shell-quote - 1.7.3 #40
CVE-2021-3918

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> fsevents-1.1.2.tgz

     -> node-pre-gyp-0.6.39.tgz

       -> request-2.81.0.tgz

         -> http-signature-1.1.1.tgz

           -> jsprim-1.4.1.tgz

             -> ❌ json-schema-0.2.3.tgz (Vulnerable Library)

Critical 9.8 json-schema-0.2.3.tgz Upgrade to version: json-schema - 0.4.0 #40
CVE-2021-3757

Dependency Hierarchy:

-> react-scripts-3.4.1.tgz (Root Library)

   -> react-dev-utils-10.2.1.tgz

     -> ❌ immer-1.10.0.tgz (Vulnerable Library)

Critical 9.8 immer-1.10.0.tgz Upgrade to version: immer - 9.0.6 #59
CVE-2021-23807

Dependency Hierarchy:

-> eslint-4.1.0.tgz (Root Library)

   -> is-my-json-valid-2.19.0.tgz

     -> ❌ jsonpointer-4.0.1.tgz (Vulnerable Library)

Critical 9.8 jsonpointer-4.0.1.tgz Upgrade to version: jsonpointer - 5.0.0 #35
CVE-2021-23518

Dependency Hierarchy:

-> browserify-13.3.0.tgz (Root Library)

   -> ❌ cached-path-relative-1.0.1.tgz (Vulnerable Library)

Critical 9.8 cached-path-relative-1.0.1.tgz Upgrade to version: cached-path-relative - 1.1.0 #24
CVE-2021-23436

Dependency Hierarchy:

-> react-scripts-3.4.1.tgz (Root Library)

   -> react-dev-utils-10.2.1.tgz

     -> ❌ immer-1.10.0.tgz (Vulnerable Library)

Critical 9.8 immer-1.10.0.tgz Upgrade to version: immer - 9.0.6 #59
CVE-2021-23383

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> jest-20.0.4.tgz

     -> jest-cli-20.0.4.tgz

       -> istanbul-api-1.2.1.tgz

         -> istanbul-reports-1.1.3.tgz

           -> ❌ handlebars-4.5.3.tgz (Vulnerable Library)

Critical 9.8 handlebars-4.5.3.tgz Upgrade to version: handlebars - 4.7.7 #40
CVE-2021-23369

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> jest-20.0.4.tgz

     -> jest-cli-20.0.4.tgz

       -> istanbul-api-1.2.1.tgz

         -> istanbul-reports-1.1.3.tgz

           -> ❌ handlebars-4.5.3.tgz (Vulnerable Library)

Critical 9.8 handlebars-4.5.3.tgz Upgrade to version: com.github.jknack:handlebars:4.2.0, handlebars - 4.7.7 #40
CVE-2020-7788

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> fsevents-1.1.2.tgz

     -> node-pre-gyp-0.6.39.tgz

       -> rc-1.2.2.tgz

         -> ❌ ini-1.3.4.tgz (Vulnerable Library)

Critical 9.8 ini-1.3.4.tgz Upgrade to version: v1.3.6 #40
CVE-2020-7788

Dependency Hierarchy:

-> react-devtools-5.0.2.tgz (Root Library)

   -> update-notifier-2.5.0.tgz

     -> is-installed-globally-0.1.0.tgz

       -> global-dirs-0.1.1.tgz

         -> ❌ ini-1.3.5.tgz (Vulnerable Library)

Critical 9.8 ini-1.3.5.tgz Upgrade to version: v1.3.6 #33
CVE-2020-7774

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> yargs-15.3.1.tgz

       -> ❌ y18n-4.0.0.tgz (Vulnerable Library)

Critical 9.8 y18n-4.0.0.tgz Upgrade to version: 3.2.2, 4.0.1, 5.0.5 #42
CVE-2020-7774

Dependency Hierarchy:

-> lighthouse-3.2.1.tgz (Root Library)

   -> yargs-3.32.0.tgz

     -> ❌ y18n-3.2.1.tgz (Vulnerable Library)

Critical 9.8 y18n-3.2.1.tgz Upgrade to version: 3.2.2, 4.0.1, 5.0.5 #31
CVE-2020-7677

Dependency Hierarchy:

-> react-devtools-extensions-0.0.0.tgz (Root Library)

   -> web-ext-4.3.0.tgz

     -> mz-2.7.0.tgz

       -> thenify-all-1.6.0.tgz

         -> ❌ thenify-3.3.0.tgz (Vulnerable Library)

Critical 9.8 thenify-3.3.0.tgz Upgrade to version: thenify - 3.3.1;org.webjars.npm:thenify:3.3.1 #42
CVE-2020-7645

Dependency Hierarchy:

-> ❌ chrome-launcher-0.10.5.tgz (Vulnerable Library)

Critical 9.8 chrome-launcher-0.10.5.tgz Upgrade to version: chrome-launcher - 0.13.2 #53
CVE-2020-28499

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> jest-20.0.4.tgz

     -> jest-cli-20.0.4.tgz

       -> jest-haste-map-20.0.5.tgz

         -> sane-1.6.0.tgz

           -> exec-sh-0.2.1.tgz

             -> ❌ merge-1.2.0.tgz (Vulnerable Library)

Critical 9.8 merge-1.2.0.tgz Upgrade to version: merge - 2.1.0 #40
CVE-2020-28499

Dependency Hierarchy:

-> react-scripts-1.1.5.tgz (Root Library)

   -> jest-20.0.4.tgz

     -> jest-cli-20.0.4.tgz

       -> jest-haste-map-20.0.5.tgz

         -> sane-1.6.0.tgz

           -> exec-sh-0.2.2.tgz

             -> ❌ merge-1.2.1.tgz (Vulnerable Library)

Critical 9.8 merge-1.2.1.tgz Upgrade to version: merge - 2.1.0 #28
CVE-2020-15256

Dependency Hierarchy:

-> react-scripts-3.4.1.tgz (Root Library)

   -> resolve-url-loader-3.1.1.tgz

     -> adjust-sourcemap-loader-2.0.0.tgz

       -> ❌ object-path-0.11.4.tgz (Vulnerable Library)

Critical 9.8 object-path-0.11.4.tgz Upgrade to version: 0.11.5 #59
CVE-2018-6342

Dependency Hierarchy:

-> react-scripts-1.0.11.tgz (Root Library)

   -> ❌ react-dev-utils-3.1.1.tgz (Vulnerable Library)

Critical 9.8 react-dev-utils-3.1.1.tgz Upgrade to version: react-dev-utils - 1.0.4,2.0.2,3.1.2,4.2.2,5.0.2 #64
CVE-2018-6342

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> ❌ react-dev-utils-4.2.1.tgz (Vulnerable Library)

Critical 9.8 react-dev-utils-4.2.1.tgz Upgrade to version: react-dev-utils - 1.0.4,2.0.2,3.1.2,4.2.2,5.0.2 #40
CVE-2018-3774

Dependency Hierarchy:

-> react-scripts-1.0.11.tgz (Root Library)

   -> webpack-dev-server-2.7.1.tgz

     -> sockjs-client-1.1.4.tgz

       -> ❌ url-parse-1.1.9.tgz (Vulnerable Library)

Critical 9.8 url-parse-1.1.9.tgz Upgrade to version: 1.4.3 #64
CVE-2018-3774

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> react-dev-utils-4.2.1.tgz

     -> sockjs-client-1.1.4.tgz

       -> eventsource-0.1.6.tgz

         -> original-1.0.0.tgz

           -> ❌ url-parse-1.0.5.tgz (Vulnerable Library)

Critical 9.8 url-parse-1.0.5.tgz Upgrade to version: 1.4.3 #40
CVE-2018-3774

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> react-dev-utils-4.2.1.tgz

     -> sockjs-client-1.1.4.tgz

       -> ❌ url-parse-1.2.0.tgz (Vulnerable Library)

Critical 9.8 url-parse-1.2.0.tgz Upgrade to version: 1.4.3 #40
CVE-2018-16492

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> fsevents-1.1.2.tgz

     -> node-pre-gyp-0.6.39.tgz

       -> request-2.81.0.tgz

         -> ❌ extend-3.0.1.tgz (Vulnerable Library)

Critical 9.8 extend-3.0.1.tgz Upgrade to version: extend - v3.0.2,v2.0.2 #40
CVE-2018-13797

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> css-loader-0.28.7.tgz

     -> cssnano-3.10.0.tgz

       -> postcss-filter-plugins-2.0.2.tgz

         -> uniqid-4.1.1.tgz

           -> ❌ macaddress-0.2.8.tgz (Vulnerable Library)

Critical 9.8 macaddress-0.2.8.tgz Upgrade to version: 0.2.9 #40
CVE-2018-1000620

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> fsevents-1.1.2.tgz

     -> node-pre-gyp-0.6.39.tgz

       -> hawk-3.1.3.tgz

         -> ❌ cryptiles-2.0.5.tgz (Vulnerable Library)

Critical 9.8 cryptiles-2.0.5.tgz Upgrade to version: v4.1.2 #40
CVE-2018-1000620

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> jest-20.0.4.tgz

     -> jest-cli-20.0.4.tgz

       -> jest-environment-jsdom-20.0.3.tgz

         -> jsdom-9.12.0.tgz

           -> request-2.83.0.tgz

             -> hawk-6.0.2.tgz

               -> ❌ cryptiles-3.1.2.tgz (Vulnerable Library)

Critical 9.8 cryptiles-3.1.2.tgz Upgrade to version: v4.1.2 #40
CVE-2022-1650

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> react-dev-utils-4.2.1.tgz

     -> sockjs-client-1.1.4.tgz

       -> ❌ eventsource-0.1.6.tgz (Vulnerable Library)

Critical 9.3 eventsource-0.1.6.tgz Upgrade to version: eventsource - 1.1.1,2.0.2 #40
CVE-2022-0686

Dependency Hierarchy:

-> react-scripts-1.0.11.tgz (Root Library)

   -> webpack-dev-server-2.7.1.tgz

     -> sockjs-client-1.1.4.tgz

       -> ❌ url-parse-1.1.9.tgz (Vulnerable Library)

Critical 9.1 url-parse-1.1.9.tgz Upgrade to version: url-parse - 1.5.8 #64
CVE-2022-0686

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> react-dev-utils-4.2.1.tgz

     -> sockjs-client-1.1.4.tgz

       -> eventsource-0.1.6.tgz

         -> original-1.0.0.tgz

           -> ❌ url-parse-1.0.5.tgz (Vulnerable Library)

Critical 9.1 url-parse-1.0.5.tgz Upgrade to version: url-parse - 1.5.8 #40
CVE-2022-0686

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> react-dev-utils-4.2.1.tgz

     -> sockjs-client-1.1.4.tgz

       -> ❌ url-parse-1.2.0.tgz (Vulnerable Library)

Critical 9.1 url-parse-1.2.0.tgz Upgrade to version: url-parse - 1.5.8 #40
CVE-2022-0686

Dependency Hierarchy:

-> react-scripts-1.1.5.tgz (Root Library)

   -> webpack-dev-server-2.11.3.tgz

     -> sockjs-client-1.1.5.tgz

       -> ❌ url-parse-1.5.1.tgz (Vulnerable Library)

Critical 9.1 url-parse-1.5.1.tgz Upgrade to version: url-parse - 1.5.8 #28
CVE-2019-10744

Dependency Hierarchy:

-> nodegit-0.18.3.tgz (Root Library)

   -> ❌ lodash-4.17.4.tgz (Vulnerable Library)

Critical 9.1 lodash-4.17.4.tgz Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 #70
CVE-2019-10744

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> sw-precache-webpack-plugin-0.11.4.tgz

     -> sw-precache-5.2.0.tgz

       -> ❌ lodash.template-4.4.0.tgz (Vulnerable Library)

Critical 9.1 lodash.template-4.4.0.tgz Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 #40
CVE-2019-10744

Dependency Hierarchy:

-> lighthouse-3.2.1.tgz (Root Library)

   -> inquirer-3.3.0.tgz

     -> ❌ lodash-4.17.11.tgz (Vulnerable Library)

Critical 9.1 lodash-4.17.11.tgz Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 #31
CVE-2019-10744

Dependency Hierarchy:

-> dagre-0.7.4.tgz (Root Library)

   -> ❌ lodash-3.10.1.tgz (Vulnerable Library)

Critical 9.1 lodash-3.10.1.tgz Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 #18
CVE-2023-45133

Dependency Hierarchy:

-> webpack-5.5.0.tgz (Root Library)

   -> preset-env-7.18.10.tgz

     -> plugin-proposal-async-generator-functions-7.18.10.tgz

       -> helper-remap-async-to-generator-7.18.9.tgz

         -> helper-wrap-function-7.18.11.tgz

           -> ❌ traverse-7.18.11.tgz (Vulnerable Library)

High 8.8 traverse-7.18.11.tgz Upgrade to version: @babel/traverse - 7.23.2 #65
CVE-2023-45133

Dependency Hierarchy:

-> webpack-5.5.0.tgz (Root Library)

   -> core-7.12.9.tgz

     -> ❌ traverse-7.12.9.tgz (Vulnerable Library)

High 8.8 traverse-7.12.9.tgz Upgrade to version: @babel/traverse - 7.23.2 #65
CVE-2023-45133

Dependency Hierarchy:

-> react-devtools-shared-0.0.0.tgz (Root Library)

   -> preset-env-7.11.0.tgz

     -> plugin-proposal-async-generator-functions-7.10.5.tgz

       -> helper-remap-async-to-generator-7.10.4.tgz

         -> ❌ traverse-7.11.0.tgz (Vulnerable Library)

High 8.8 traverse-7.11.0.tgz Upgrade to version: @babel/traverse - 7.23.2 #63
CVE-2023-45133

Dependency Hierarchy:

-> react-devtools-shared-0.0.0.tgz (Root Library)

   -> ❌ traverse-7.12.5.tgz (Vulnerable Library)

High 8.8 traverse-7.12.5.tgz Upgrade to version: @babel/traverse - 7.23.2 #63
CVE-2023-45133

Dependency Hierarchy:

-> babel-jest-27.5.1.tgz (Root Library)

   -> transform-27.5.1.tgz

     -> core-7.7.2.tgz

       -> ❌ traverse-7.7.2.tgz (Vulnerable Library)

High 8.8 traverse-7.7.2.tgz Upgrade to version: @babel/traverse - 7.23.2 #62
CVE-2023-45133

Dependency Hierarchy:

-> plugin-transform-modules-commonjs-7.10.4.tgz (Root Library)

   -> helper-module-transforms-7.11.0.tgz

     -> helper-replace-supers-7.10.4.tgz

       -> ❌ traverse-7.11.5.tgz (Vulnerable Library)

High 8.8 traverse-7.11.5.tgz Upgrade to version: @babel/traverse - 7.23.2 #54
CVE-2023-45133

Dependency Hierarchy:

-> babel-preset-react-app-10.0.1.tgz (Root Library)

   -> plugin-proposal-decorators-7.22.5.tgz

     -> helper-replace-supers-7.22.5.tgz

       -> ❌ traverse-7.22.5.tgz (Vulnerable Library)

High 8.8 traverse-7.22.5.tgz Upgrade to version: @babel/traverse - 7.23.2 #43
CVE-2023-45133

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> babel-preset-react-app-3.1.0.tgz

     -> babel-preset-env-1.6.1.tgz

       -> babel-plugin-transform-es2015-parameters-6.24.1.tgz

         -> ❌ babel-traverse-6.26.0.tgz (Vulnerable Library)

High 8.8 babel-traverse-6.26.0.tgz Upgrade to version: @babel/traverse - 7.23.2 #40
CVE-2023-45133

Dependency Hierarchy:

-> babel-preset-react-app-10.0.0.tgz (Root Library)

   -> core-7.12.3.tgz

     -> ❌ traverse-7.17.9.tgz (Vulnerable Library)

High 8.8 traverse-7.17.9.tgz Upgrade to version: @babel/traverse - 7.23.2 #38
CVE-2023-45133

Dependency Hierarchy:

-> jest-29.4.1.tgz (Root Library)

   -> jest-cli-29.4.1.tgz

     -> jest-config-29.4.1.tgz

       -> core-7.20.12.tgz

         -> ❌ traverse-7.20.13.tgz (Vulnerable Library)

High 8.8 traverse-7.20.13.tgz Upgrade to version: @babel/traverse - 7.23.2 #36
CVE-2022-46175

Dependency Hierarchy:

-> core-7.18.10.tgz (Root Library)

   -> ❌ json5-2.2.1.tgz (Vulnerable Library)

High 8.8 json5-2.2.1.tgz Upgrade to version: json5 - 2.2.2 #44
CVE-2022-46175

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> babel-loader-7.1.2.tgz

     -> loader-utils-1.1.0.tgz

       -> ❌ json5-0.5.1.tgz (Vulnerable Library)

High 8.8 json5-0.5.1.tgz Upgrade to version: json5 - 2.2.2 #40
CVE-2022-46175

Dependency Hierarchy:

-> core-7.14.3.tgz (Root Library)

   -> ❌ json5-2.1.3.tgz (Vulnerable Library)

High 8.8 json5-2.1.3.tgz Upgrade to version: json5 - 2.2.2 #29
CVE-2022-46175

Dependency Hierarchy:

-> babel-loader-8.1.0.tgz (Root Library)

   -> loader-utils-1.4.2.tgz

     -> ❌ json5-1.0.1.tgz (Vulnerable Library)

High 8.8 json5-1.0.1.tgz Upgrade to version: json5 - 2.2.2 #27
CVE-2018-3728

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> fsevents-1.1.2.tgz

     -> node-pre-gyp-0.6.39.tgz

       -> hawk-3.1.3.tgz

         -> ❌ hoek-2.16.3.tgz (Vulnerable Library)

High 8.8 hoek-2.16.3.tgz Upgrade to version: 4.2.0,5.0.3 #40
CVE-2021-37713

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> fsevents-1.1.2.tgz

     -> node-pre-gyp-0.6.39.tgz

       -> ❌ tar-2.2.1.tgz (Vulnerable Library)

High 8.6 tar-2.2.1.tgz Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 #40
CVE-2021-37712

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> fsevents-1.1.2.tgz

     -> node-pre-gyp-0.6.39.tgz

       -> ❌ tar-2.2.1.tgz (Vulnerable Library)

High 8.6 tar-2.2.1.tgz Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 #40
CVE-2021-37701

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> fsevents-1.1.2.tgz

     -> node-pre-gyp-0.6.39.tgz

       -> ❌ tar-2.2.1.tgz (Vulnerable Library)

High 8.6 tar-2.2.1.tgz Upgrade to version: tar - 4.4.16,5.0.8,6.1.7 #40
CVE-2021-23434

Dependency Hierarchy:

-> react-scripts-3.4.1.tgz (Root Library)

   -> resolve-url-loader-3.1.1.tgz

     -> adjust-sourcemap-loader-2.0.0.tgz

       -> ❌ object-path-0.11.4.tgz (Vulnerable Library)

High 8.6 object-path-0.11.4.tgz Upgrade to version: object-path - 0.11.6 #59
CVE-2023-29198

Dependency Hierarchy:

-> react-devtools-5.0.2.tgz (Root Library)

   -> ❌ electron-23.1.2.tgz (Vulnerable Library)

High 8.5 electron-23.1.2.tgz Upgrade to version: electron - 22.3.6,23.2.3,24.1.0 #33
WS-2020-0345

Dependency Hierarchy:

-> eslint-4.1.0.tgz (Root Library)

   -> is-my-json-valid-2.19.0.tgz

     -> ❌ jsonpointer-4.0.1.tgz (Vulnerable Library)

High 8.2 jsonpointer-4.0.1.tgz Upgrade to version: jsonpointer - 4.1.0 #35
WS-2019-0063

Dependency Hierarchy:

-> react-scripts-1.0.11.tgz (Root Library)

   -> eslint-4.4.1.tgz

     -> ❌ js-yaml-3.9.1.tgz (Vulnerable Library)

High 8.1 js-yaml-3.9.1.tgz Upgrade to version: js-yaml - 3.13.1 #64
WS-2019-0063

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> css-loader-0.28.7.tgz

     -> cssnano-3.10.0.tgz

       -> postcss-svgo-2.1.6.tgz

         -> svgo-0.7.2.tgz

           -> ❌ js-yaml-3.7.0.tgz (Vulnerable Library)

High 8.1 js-yaml-3.7.0.tgz Upgrade to version: js-yaml - 3.13.1 #40
WS-2019-0063

Dependency Hierarchy:

-> react-scripts-1.0.17.tgz (Root Library)

   -> eslint-4.10.0.tgz

     -> ❌ js-yaml-3.10.0.tgz (Vulnerable Library)

High 8.1 js-yaml-3.10.0.tgz Upgrade to version: js-yaml - 3.13.1 #40

Total libraries scanned: 10
Scan token: 13c8803ecf8c4373b85827ba1d1cef17
View more details on Mend for GitHub.com