Security Report
The Security Check found 381 vulnerabilities.
Partial results (91 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
WS-2020-0344Dependency Hierarchy: -> eslint-4.1.0.tgz (Root Library) -> ❌ is-my-json-valid-2.19.0.tgz (Vulnerable Library) |
Critical | 9.8 | is-my-json-valid-2.19.0.tgz | Upgrade to version: is-my-json-valid - 2.20.3 | #35 |
MSC-2023-16606Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> ❌ fsevents-1.1.2.tgz (Vulnerable Library) |
Critical | 9.8 | fsevents-1.1.2.tgz | #40 | |
MSC-2023-16604Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> webpack-dev-server-2.9.4.tgz -> chokidar-1.7.0.tgz -> ❌ fsevents-1.1.3.tgz (Vulnerable Library) |
Critical | 9.8 | fsevents-1.1.3.tgz | #40 | |
CVE-2023-45311Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> webpack-dev-server-2.9.4.tgz -> chokidar-1.7.0.tgz -> ❌ fsevents-1.1.3.tgz (Vulnerable Library) |
Critical | 9.8 | fsevents-1.1.3.tgz | Upgrade to version: fsevents - 1.2.11 | #40 |
CVE-2023-45311Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> ❌ fsevents-1.1.2.tgz (Vulnerable Library) |
Critical | 9.8 | fsevents-1.1.2.tgz | Upgrade to version: fsevents - 1.2.11 | #40 |
CVE-2023-42282Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> webpack-dev-server-2.9.4.tgz -> ❌ ip-1.1.5.tgz (Vulnerable Library) |
Critical | 9.8 | ip-1.1.5.tgz | Upgrade to version: ip - 2.0.0 | #40 |
Critical | 9.8 | webpack-5.74.0.tgz | Upgrade to version: webpack - 5.76.0 | #61 | |
CVE-2023-26136Dependency Hierarchy: -> nodegit-0.18.3.tgz (Root Library) -> node-pre-gyp-0.6.36.tgz -> request-2.81.0.tgz -> ❌ tough-cookie-2.3.2.tgz (Vulnerable Library) |
Critical | 9.8 | tough-cookie-2.3.2.tgz | Upgrade to version: tough-cookie - 4.1.3 | #70 |
CVE-2023-26136Dependency Hierarchy: -> react-scripts-3.4.1.tgz (Root Library) -> jest-environment-jsdom-fourteen-1.0.1.tgz -> jsdom-14.1.0.tgz -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library) |
Critical | 9.8 | tough-cookie-2.5.0.tgz | Upgrade to version: tough-cookie - 4.1.3 | #59 |
CVE-2023-26136Dependency Hierarchy: -> jest-27.5.1.tgz (Root Library) -> core-27.5.1.tgz -> jest-config-27.5.1.tgz -> jest-environment-jsdom-27.5.1.tgz -> jsdom-16.7.0.tgz -> ❌ tough-cookie-4.0.0.tgz (Vulnerable Library) |
Critical | 9.8 | tough-cookie-4.0.0.tgz | Upgrade to version: tough-cookie - 4.1.3 | #51 |
CVE-2023-26136Dependency Hierarchy: -> react-devtools-extensions-0.0.0.tgz (Root Library) -> web-ext-4.3.0.tgz -> sign-addon-2.0.5.tgz -> request-2.88.0.tgz -> ❌ tough-cookie-2.4.3.tgz (Vulnerable Library) |
Critical | 9.8 | tough-cookie-2.4.3.tgz | Upgrade to version: tough-cookie - 4.1.3 | #42 |
CVE-2023-26136Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> fsevents-1.1.2.tgz -> node-pre-gyp-0.6.39.tgz -> request-2.81.0.tgz -> ❌ tough-cookie-2.3.3.tgz (Vulnerable Library) |
Critical | 9.8 | tough-cookie-2.3.3.tgz | Upgrade to version: tough-cookie - 4.1.3 | #40 |
CVE-2023-23623Dependency Hierarchy: -> react-devtools-5.0.2.tgz (Root Library) -> ❌ electron-23.1.2.tgz (Vulnerable Library) |
Critical | 9.8 | electron-23.1.2.tgz | Upgrade to version: electron - 22.3.6, 23.2.3, 24.1.0 | #33 |
CVE-2022-37601Dependency Hierarchy: -> react-scripts-3.4.1.tgz (Root Library) -> react-dev-utils-10.2.1.tgz -> ❌ loader-utils-1.2.3.tgz (Vulnerable Library) |
Critical | 9.8 | loader-utils-1.2.3.tgz | Upgrade to version: loader-utils - 1.4.1,2.0.3 | #59 |
CVE-2022-37601Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> html-webpack-plugin-2.29.0.tgz -> ❌ loader-utils-0.2.17.tgz (Vulnerable Library) |
Critical | 9.8 | loader-utils-0.2.17.tgz | Upgrade to version: loader-utils - 1.4.1,2.0.3 | #40 |
CVE-2022-37601Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> babel-loader-7.1.2.tgz -> ❌ loader-utils-1.1.0.tgz (Vulnerable Library) |
Critical | 9.8 | loader-utils-1.1.0.tgz | Upgrade to version: loader-utils - 1.4.1,2.0.3 | #40 |
CVE-2022-37601Dependency Hierarchy: -> babel-loader-8.1.0.tgz (Root Library) -> ❌ loader-utils-1.4.0.tgz (Vulnerable Library) |
Critical | 9.8 | loader-utils-1.4.0.tgz | Upgrade to version: loader-utils - 1.4.1,2.0.3 | #27 |
CVE-2022-37598Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> jest-20.0.4.tgz -> jest-cli-20.0.4.tgz -> istanbul-api-1.2.1.tgz -> istanbul-reports-1.1.3.tgz -> handlebars-4.5.3.tgz -> ❌ uglify-js-3.7.3.tgz (Vulnerable Library) |
Critical | 9.8 | uglify-js-3.7.3.tgz | Upgrade to version: uglify-js - 3.13.10 | #40 |
CVE-2022-37598Dependency Hierarchy: -> react-scripts-1.1.5.tgz (Root Library) -> sw-precache-webpack-plugin-0.11.4.tgz -> ❌ uglify-js-3.13.5.tgz (Vulnerable Library) |
Critical | 9.8 | uglify-js-3.13.5.tgz | Upgrade to version: uglify-js - 3.13.10 | #28 |
CVE-2022-37598Dependency Hierarchy: -> react-scripts-1.1.5.tgz (Root Library) -> html-webpack-plugin-2.29.0.tgz -> html-minifier-3.5.21.tgz -> ❌ uglify-js-3.4.10.tgz (Vulnerable Library) |
Critical | 9.8 | uglify-js-3.4.10.tgz | Upgrade to version: uglify-js - 3.13.10 | #28 |
CVE-2022-0691Dependency Hierarchy: -> react-scripts-1.0.11.tgz (Root Library) -> webpack-dev-server-2.7.1.tgz -> sockjs-client-1.1.4.tgz -> ❌ url-parse-1.1.9.tgz (Vulnerable Library) |
Critical | 9.8 | url-parse-1.1.9.tgz | Upgrade to version: url-parse - 1.5.9 | #64 |
CVE-2022-0691Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> react-dev-utils-4.2.1.tgz -> sockjs-client-1.1.4.tgz -> ❌ url-parse-1.2.0.tgz (Vulnerable Library) |
Critical | 9.8 | url-parse-1.2.0.tgz | Upgrade to version: url-parse - 1.5.9 | #40 |
CVE-2022-0691Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> react-dev-utils-4.2.1.tgz -> sockjs-client-1.1.4.tgz -> eventsource-0.1.6.tgz -> original-1.0.0.tgz -> ❌ url-parse-1.0.5.tgz (Vulnerable Library) |
Critical | 9.8 | url-parse-1.0.5.tgz | Upgrade to version: url-parse - 1.5.9 | #40 |
CVE-2022-0691Dependency Hierarchy: -> react-scripts-1.1.5.tgz (Root Library) -> webpack-dev-server-2.11.3.tgz -> sockjs-client-1.1.5.tgz -> ❌ url-parse-1.5.1.tgz (Vulnerable Library) |
Critical | 9.8 | url-parse-1.5.1.tgz | Upgrade to version: url-parse - 1.5.9 | #28 |
Critical | 9.8 | minimist-1.2.5.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #71 | |
CVE-2021-44906Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> jest-20.0.4.tgz -> jest-cli-20.0.4.tgz -> istanbul-api-1.2.1.tgz -> istanbul-reports-1.1.3.tgz -> handlebars-4.5.3.tgz -> optimist-0.6.1.tgz -> ❌ minimist-0.0.10.tgz (Vulnerable Library) |
Critical | 9.8 | minimist-0.0.10.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #40 |
CVE-2021-44906Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> sw-precache-webpack-plugin-0.11.4.tgz -> sw-precache-5.2.0.tgz -> meow-3.7.0.tgz -> ❌ minimist-1.2.0.tgz (Vulnerable Library) |
Critical | 9.8 | minimist-1.2.0.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #40 |
CVE-2021-44906Dependency Hierarchy: -> react-devtools-5.0.2.tgz (Root Library) -> ❌ minimist-1.2.3.tgz (Vulnerable Library) |
Critical | 9.8 | minimist-1.2.3.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #33 |
CVE-2021-44906Dependency Hierarchy: -> lighthouse-3.2.1.tgz (Root Library) -> mkdirp-0.5.1.tgz -> ❌ minimist-0.0.8.tgz (Vulnerable Library) |
Critical | 9.8 | minimist-0.0.8.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #31 |
CVE-2021-4279Dependency Hierarchy: -> react-devtools-extensions-0.0.0.tgz (Root Library) -> web-ext-4.3.0.tgz -> addons-linter-1.26.0.tgz -> ajv-merge-patch-4.1.0.tgz -> ❌ fast-json-patch-2.2.1.tgz (Vulnerable Library) |
Critical | 9.8 | fast-json-patch-2.2.1.tgz | Upgrade to version: fast-json-patch - 3.1.1 | #42 |
CVE-2021-42740Dependency Hierarchy: -> react-scripts-3.4.1.tgz (Root Library) -> react-dev-utils-10.2.1.tgz -> ❌ shell-quote-1.7.2.tgz (Vulnerable Library) |
Critical | 9.8 | shell-quote-1.7.2.tgz | Upgrade to version: shell-quote - 1.7.3 | #59 |
CVE-2021-42740Dependency Hierarchy: -> react-devtools-core-5.0.2.tgz (Root Library) -> ❌ shell-quote-1.7.1.tgz (Vulnerable Library) |
Critical | 9.8 | shell-quote-1.7.1.tgz | Upgrade to version: shell-quote - 1.7.3 | #41 |
CVE-2021-42740Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> react-dev-utils-4.2.1.tgz -> ❌ shell-quote-1.6.1.tgz (Vulnerable Library) |
Critical | 9.8 | shell-quote-1.6.1.tgz | Upgrade to version: shell-quote - 1.7.3 | #40 |
CVE-2021-3918Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> fsevents-1.1.2.tgz -> node-pre-gyp-0.6.39.tgz -> request-2.81.0.tgz -> http-signature-1.1.1.tgz -> jsprim-1.4.1.tgz -> ❌ json-schema-0.2.3.tgz (Vulnerable Library) |
Critical | 9.8 | json-schema-0.2.3.tgz | Upgrade to version: json-schema - 0.4.0 | #40 |
CVE-2021-3757Dependency Hierarchy: -> react-scripts-3.4.1.tgz (Root Library) -> react-dev-utils-10.2.1.tgz -> ❌ immer-1.10.0.tgz (Vulnerable Library) |
Critical | 9.8 | immer-1.10.0.tgz | Upgrade to version: immer - 9.0.6 | #59 |
CVE-2021-23807Dependency Hierarchy: -> eslint-4.1.0.tgz (Root Library) -> is-my-json-valid-2.19.0.tgz -> ❌ jsonpointer-4.0.1.tgz (Vulnerable Library) |
Critical | 9.8 | jsonpointer-4.0.1.tgz | Upgrade to version: jsonpointer - 5.0.0 | #35 |
CVE-2021-23518Dependency Hierarchy: -> browserify-13.3.0.tgz (Root Library) -> ❌ cached-path-relative-1.0.1.tgz (Vulnerable Library) |
Critical | 9.8 | cached-path-relative-1.0.1.tgz | Upgrade to version: cached-path-relative - 1.1.0 | #24 |
CVE-2021-23436Dependency Hierarchy: -> react-scripts-3.4.1.tgz (Root Library) -> react-dev-utils-10.2.1.tgz -> ❌ immer-1.10.0.tgz (Vulnerable Library) |
Critical | 9.8 | immer-1.10.0.tgz | Upgrade to version: immer - 9.0.6 | #59 |
CVE-2021-23383Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> jest-20.0.4.tgz -> jest-cli-20.0.4.tgz -> istanbul-api-1.2.1.tgz -> istanbul-reports-1.1.3.tgz -> ❌ handlebars-4.5.3.tgz (Vulnerable Library) |
Critical | 9.8 | handlebars-4.5.3.tgz | Upgrade to version: handlebars - 4.7.7 | #40 |
CVE-2021-23369Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> jest-20.0.4.tgz -> jest-cli-20.0.4.tgz -> istanbul-api-1.2.1.tgz -> istanbul-reports-1.1.3.tgz -> ❌ handlebars-4.5.3.tgz (Vulnerable Library) |
Critical | 9.8 | handlebars-4.5.3.tgz | Upgrade to version: com.github.jknack:handlebars:4.2.0, handlebars - 4.7.7 | #40 |
CVE-2020-7788Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> fsevents-1.1.2.tgz -> node-pre-gyp-0.6.39.tgz -> rc-1.2.2.tgz -> ❌ ini-1.3.4.tgz (Vulnerable Library) |
Critical | 9.8 | ini-1.3.4.tgz | Upgrade to version: v1.3.6 | #40 |
CVE-2020-7788Dependency Hierarchy: -> react-devtools-5.0.2.tgz (Root Library) -> update-notifier-2.5.0.tgz -> is-installed-globally-0.1.0.tgz -> global-dirs-0.1.1.tgz -> ❌ ini-1.3.5.tgz (Vulnerable Library) |
Critical | 9.8 | ini-1.3.5.tgz | Upgrade to version: v1.3.6 | #33 |
CVE-2020-7774Dependency Hierarchy: -> react-devtools-extensions-0.0.0.tgz (Root Library) -> web-ext-4.3.0.tgz -> yargs-15.3.1.tgz -> ❌ y18n-4.0.0.tgz (Vulnerable Library) |
Critical | 9.8 | y18n-4.0.0.tgz | Upgrade to version: 3.2.2, 4.0.1, 5.0.5 | #42 |
CVE-2020-7774Dependency Hierarchy: -> lighthouse-3.2.1.tgz (Root Library) -> yargs-3.32.0.tgz -> ❌ y18n-3.2.1.tgz (Vulnerable Library) |
Critical | 9.8 | y18n-3.2.1.tgz | Upgrade to version: 3.2.2, 4.0.1, 5.0.5 | #31 |
CVE-2020-7677Dependency Hierarchy: -> react-devtools-extensions-0.0.0.tgz (Root Library) -> web-ext-4.3.0.tgz -> mz-2.7.0.tgz -> thenify-all-1.6.0.tgz -> ❌ thenify-3.3.0.tgz (Vulnerable Library) |
Critical | 9.8 | thenify-3.3.0.tgz | Upgrade to version: thenify - 3.3.1;org.webjars.npm:thenify:3.3.1 | #42 |
Critical | 9.8 | chrome-launcher-0.10.5.tgz | Upgrade to version: chrome-launcher - 0.13.2 | #53 | |
CVE-2020-28499Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> jest-20.0.4.tgz -> jest-cli-20.0.4.tgz -> jest-haste-map-20.0.5.tgz -> sane-1.6.0.tgz -> exec-sh-0.2.1.tgz -> ❌ merge-1.2.0.tgz (Vulnerable Library) |
Critical | 9.8 | merge-1.2.0.tgz | Upgrade to version: merge - 2.1.0 | #40 |
CVE-2020-28499Dependency Hierarchy: -> react-scripts-1.1.5.tgz (Root Library) -> jest-20.0.4.tgz -> jest-cli-20.0.4.tgz -> jest-haste-map-20.0.5.tgz -> sane-1.6.0.tgz -> exec-sh-0.2.2.tgz -> ❌ merge-1.2.1.tgz (Vulnerable Library) |
Critical | 9.8 | merge-1.2.1.tgz | Upgrade to version: merge - 2.1.0 | #28 |
CVE-2020-15256Dependency Hierarchy: -> react-scripts-3.4.1.tgz (Root Library) -> resolve-url-loader-3.1.1.tgz -> adjust-sourcemap-loader-2.0.0.tgz -> ❌ object-path-0.11.4.tgz (Vulnerable Library) |
Critical | 9.8 | object-path-0.11.4.tgz | Upgrade to version: 0.11.5 | #59 |
CVE-2018-6342Dependency Hierarchy: -> react-scripts-1.0.11.tgz (Root Library) -> ❌ react-dev-utils-3.1.1.tgz (Vulnerable Library) |
Critical | 9.8 | react-dev-utils-3.1.1.tgz | Upgrade to version: react-dev-utils - 1.0.4,2.0.2,3.1.2,4.2.2,5.0.2 | #64 |
CVE-2018-6342Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> ❌ react-dev-utils-4.2.1.tgz (Vulnerable Library) |
Critical | 9.8 | react-dev-utils-4.2.1.tgz | Upgrade to version: react-dev-utils - 1.0.4,2.0.2,3.1.2,4.2.2,5.0.2 | #40 |
CVE-2018-3774Dependency Hierarchy: -> react-scripts-1.0.11.tgz (Root Library) -> webpack-dev-server-2.7.1.tgz -> sockjs-client-1.1.4.tgz -> ❌ url-parse-1.1.9.tgz (Vulnerable Library) |
Critical | 9.8 | url-parse-1.1.9.tgz | Upgrade to version: 1.4.3 | #64 |
CVE-2018-3774Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> react-dev-utils-4.2.1.tgz -> sockjs-client-1.1.4.tgz -> eventsource-0.1.6.tgz -> original-1.0.0.tgz -> ❌ url-parse-1.0.5.tgz (Vulnerable Library) |
Critical | 9.8 | url-parse-1.0.5.tgz | Upgrade to version: 1.4.3 | #40 |
CVE-2018-3774Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> react-dev-utils-4.2.1.tgz -> sockjs-client-1.1.4.tgz -> ❌ url-parse-1.2.0.tgz (Vulnerable Library) |
Critical | 9.8 | url-parse-1.2.0.tgz | Upgrade to version: 1.4.3 | #40 |
CVE-2018-16492Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> fsevents-1.1.2.tgz -> node-pre-gyp-0.6.39.tgz -> request-2.81.0.tgz -> ❌ extend-3.0.1.tgz (Vulnerable Library) |
Critical | 9.8 | extend-3.0.1.tgz | Upgrade to version: extend - v3.0.2,v2.0.2 | #40 |
CVE-2018-13797Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> css-loader-0.28.7.tgz -> cssnano-3.10.0.tgz -> postcss-filter-plugins-2.0.2.tgz -> uniqid-4.1.1.tgz -> ❌ macaddress-0.2.8.tgz (Vulnerable Library) |
Critical | 9.8 | macaddress-0.2.8.tgz | Upgrade to version: 0.2.9 | #40 |
CVE-2018-1000620Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> fsevents-1.1.2.tgz -> node-pre-gyp-0.6.39.tgz -> hawk-3.1.3.tgz -> ❌ cryptiles-2.0.5.tgz (Vulnerable Library) |
Critical | 9.8 | cryptiles-2.0.5.tgz | Upgrade to version: v4.1.2 | #40 |
CVE-2018-1000620Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> jest-20.0.4.tgz -> jest-cli-20.0.4.tgz -> jest-environment-jsdom-20.0.3.tgz -> jsdom-9.12.0.tgz -> request-2.83.0.tgz -> hawk-6.0.2.tgz -> ❌ cryptiles-3.1.2.tgz (Vulnerable Library) |
Critical | 9.8 | cryptiles-3.1.2.tgz | Upgrade to version: v4.1.2 | #40 |
CVE-2022-1650Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> react-dev-utils-4.2.1.tgz -> sockjs-client-1.1.4.tgz -> ❌ eventsource-0.1.6.tgz (Vulnerable Library) |
Critical | 9.3 | eventsource-0.1.6.tgz | Upgrade to version: eventsource - 1.1.1,2.0.2 | #40 |
CVE-2022-0686Dependency Hierarchy: -> react-scripts-1.0.11.tgz (Root Library) -> webpack-dev-server-2.7.1.tgz -> sockjs-client-1.1.4.tgz -> ❌ url-parse-1.1.9.tgz (Vulnerable Library) |
Critical | 9.1 | url-parse-1.1.9.tgz | Upgrade to version: url-parse - 1.5.8 | #64 |
CVE-2022-0686Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> react-dev-utils-4.2.1.tgz -> sockjs-client-1.1.4.tgz -> eventsource-0.1.6.tgz -> original-1.0.0.tgz -> ❌ url-parse-1.0.5.tgz (Vulnerable Library) |
Critical | 9.1 | url-parse-1.0.5.tgz | Upgrade to version: url-parse - 1.5.8 | #40 |
CVE-2022-0686Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> react-dev-utils-4.2.1.tgz -> sockjs-client-1.1.4.tgz -> ❌ url-parse-1.2.0.tgz (Vulnerable Library) |
Critical | 9.1 | url-parse-1.2.0.tgz | Upgrade to version: url-parse - 1.5.8 | #40 |
CVE-2022-0686Dependency Hierarchy: -> react-scripts-1.1.5.tgz (Root Library) -> webpack-dev-server-2.11.3.tgz -> sockjs-client-1.1.5.tgz -> ❌ url-parse-1.5.1.tgz (Vulnerable Library) |
Critical | 9.1 | url-parse-1.5.1.tgz | Upgrade to version: url-parse - 1.5.8 | #28 |
CVE-2019-10744Dependency Hierarchy: -> nodegit-0.18.3.tgz (Root Library) -> ❌ lodash-4.17.4.tgz (Vulnerable Library) |
Critical | 9.1 | lodash-4.17.4.tgz | Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 | #70 |
CVE-2019-10744Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> sw-precache-webpack-plugin-0.11.4.tgz -> sw-precache-5.2.0.tgz -> ❌ lodash.template-4.4.0.tgz (Vulnerable Library) |
Critical | 9.1 | lodash.template-4.4.0.tgz | Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 | #40 |
CVE-2019-10744Dependency Hierarchy: -> lighthouse-3.2.1.tgz (Root Library) -> inquirer-3.3.0.tgz -> ❌ lodash-4.17.11.tgz (Vulnerable Library) |
Critical | 9.1 | lodash-4.17.11.tgz | Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 | #31 |
CVE-2019-10744Dependency Hierarchy: -> dagre-0.7.4.tgz (Root Library) -> ❌ lodash-3.10.1.tgz (Vulnerable Library) |
Critical | 9.1 | lodash-3.10.1.tgz | Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 | #18 |
CVE-2023-45133Dependency Hierarchy: -> webpack-5.5.0.tgz (Root Library) -> preset-env-7.18.10.tgz -> plugin-proposal-async-generator-functions-7.18.10.tgz -> helper-remap-async-to-generator-7.18.9.tgz -> helper-wrap-function-7.18.11.tgz -> ❌ traverse-7.18.11.tgz (Vulnerable Library) |
High | 8.8 | traverse-7.18.11.tgz | Upgrade to version: @babel/traverse - 7.23.2 | #65 |
CVE-2023-45133Dependency Hierarchy: -> webpack-5.5.0.tgz (Root Library) -> core-7.12.9.tgz -> ❌ traverse-7.12.9.tgz (Vulnerable Library) |
High | 8.8 | traverse-7.12.9.tgz | Upgrade to version: @babel/traverse - 7.23.2 | #65 |
CVE-2023-45133Dependency Hierarchy: -> react-devtools-shared-0.0.0.tgz (Root Library) -> preset-env-7.11.0.tgz -> plugin-proposal-async-generator-functions-7.10.5.tgz -> helper-remap-async-to-generator-7.10.4.tgz -> ❌ traverse-7.11.0.tgz (Vulnerable Library) |
High | 8.8 | traverse-7.11.0.tgz | Upgrade to version: @babel/traverse - 7.23.2 | #63 |
CVE-2023-45133Dependency Hierarchy: -> react-devtools-shared-0.0.0.tgz (Root Library) -> ❌ traverse-7.12.5.tgz (Vulnerable Library) |
High | 8.8 | traverse-7.12.5.tgz | Upgrade to version: @babel/traverse - 7.23.2 | #63 |
CVE-2023-45133Dependency Hierarchy: -> babel-jest-27.5.1.tgz (Root Library) -> transform-27.5.1.tgz -> core-7.7.2.tgz -> ❌ traverse-7.7.2.tgz (Vulnerable Library) |
High | 8.8 | traverse-7.7.2.tgz | Upgrade to version: @babel/traverse - 7.23.2 | #62 |
CVE-2023-45133Dependency Hierarchy: -> plugin-transform-modules-commonjs-7.10.4.tgz (Root Library) -> helper-module-transforms-7.11.0.tgz -> helper-replace-supers-7.10.4.tgz -> ❌ traverse-7.11.5.tgz (Vulnerable Library) |
High | 8.8 | traverse-7.11.5.tgz | Upgrade to version: @babel/traverse - 7.23.2 | #54 |
CVE-2023-45133Dependency Hierarchy: -> babel-preset-react-app-10.0.1.tgz (Root Library) -> plugin-proposal-decorators-7.22.5.tgz -> helper-replace-supers-7.22.5.tgz -> ❌ traverse-7.22.5.tgz (Vulnerable Library) |
High | 8.8 | traverse-7.22.5.tgz | Upgrade to version: @babel/traverse - 7.23.2 | #43 |
CVE-2023-45133Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> babel-preset-react-app-3.1.0.tgz -> babel-preset-env-1.6.1.tgz -> babel-plugin-transform-es2015-parameters-6.24.1.tgz -> ❌ babel-traverse-6.26.0.tgz (Vulnerable Library) |
High | 8.8 | babel-traverse-6.26.0.tgz | Upgrade to version: @babel/traverse - 7.23.2 | #40 |
CVE-2023-45133Dependency Hierarchy: -> babel-preset-react-app-10.0.0.tgz (Root Library) -> core-7.12.3.tgz -> ❌ traverse-7.17.9.tgz (Vulnerable Library) |
High | 8.8 | traverse-7.17.9.tgz | Upgrade to version: @babel/traverse - 7.23.2 | #38 |
CVE-2023-45133Dependency Hierarchy: -> jest-29.4.1.tgz (Root Library) -> jest-cli-29.4.1.tgz -> jest-config-29.4.1.tgz -> core-7.20.12.tgz -> ❌ traverse-7.20.13.tgz (Vulnerable Library) |
High | 8.8 | traverse-7.20.13.tgz | Upgrade to version: @babel/traverse - 7.23.2 | #36 |
CVE-2022-46175Dependency Hierarchy: -> core-7.18.10.tgz (Root Library) -> ❌ json5-2.2.1.tgz (Vulnerable Library) |
High | 8.8 | json5-2.2.1.tgz | Upgrade to version: json5 - 2.2.2 | #44 |
CVE-2022-46175Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> babel-loader-7.1.2.tgz -> loader-utils-1.1.0.tgz -> ❌ json5-0.5.1.tgz (Vulnerable Library) |
High | 8.8 | json5-0.5.1.tgz | Upgrade to version: json5 - 2.2.2 | #40 |
CVE-2022-46175Dependency Hierarchy: -> core-7.14.3.tgz (Root Library) -> ❌ json5-2.1.3.tgz (Vulnerable Library) |
High | 8.8 | json5-2.1.3.tgz | Upgrade to version: json5 - 2.2.2 | #29 |
CVE-2022-46175Dependency Hierarchy: -> babel-loader-8.1.0.tgz (Root Library) -> loader-utils-1.4.2.tgz -> ❌ json5-1.0.1.tgz (Vulnerable Library) |
High | 8.8 | json5-1.0.1.tgz | Upgrade to version: json5 - 2.2.2 | #27 |
CVE-2018-3728Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> fsevents-1.1.2.tgz -> node-pre-gyp-0.6.39.tgz -> hawk-3.1.3.tgz -> ❌ hoek-2.16.3.tgz (Vulnerable Library) |
High | 8.8 | hoek-2.16.3.tgz | Upgrade to version: 4.2.0,5.0.3 | #40 |
CVE-2021-37713Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> fsevents-1.1.2.tgz -> node-pre-gyp-0.6.39.tgz -> ❌ tar-2.2.1.tgz (Vulnerable Library) |
High | 8.6 | tar-2.2.1.tgz | Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 | #40 |
CVE-2021-37712Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> fsevents-1.1.2.tgz -> node-pre-gyp-0.6.39.tgz -> ❌ tar-2.2.1.tgz (Vulnerable Library) |
High | 8.6 | tar-2.2.1.tgz | Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 | #40 |
CVE-2021-37701Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> fsevents-1.1.2.tgz -> node-pre-gyp-0.6.39.tgz -> ❌ tar-2.2.1.tgz (Vulnerable Library) |
High | 8.6 | tar-2.2.1.tgz | Upgrade to version: tar - 4.4.16,5.0.8,6.1.7 | #40 |
CVE-2021-23434Dependency Hierarchy: -> react-scripts-3.4.1.tgz (Root Library) -> resolve-url-loader-3.1.1.tgz -> adjust-sourcemap-loader-2.0.0.tgz -> ❌ object-path-0.11.4.tgz (Vulnerable Library) |
High | 8.6 | object-path-0.11.4.tgz | Upgrade to version: object-path - 0.11.6 | #59 |
CVE-2023-29198Dependency Hierarchy: -> react-devtools-5.0.2.tgz (Root Library) -> ❌ electron-23.1.2.tgz (Vulnerable Library) |
High | 8.5 | electron-23.1.2.tgz | Upgrade to version: electron - 22.3.6,23.2.3,24.1.0 | #33 |
WS-2020-0345Dependency Hierarchy: -> eslint-4.1.0.tgz (Root Library) -> is-my-json-valid-2.19.0.tgz -> ❌ jsonpointer-4.0.1.tgz (Vulnerable Library) |
High | 8.2 | jsonpointer-4.0.1.tgz | Upgrade to version: jsonpointer - 4.1.0 | #35 |
WS-2019-0063Dependency Hierarchy: -> react-scripts-1.0.11.tgz (Root Library) -> eslint-4.4.1.tgz -> ❌ js-yaml-3.9.1.tgz (Vulnerable Library) |
High | 8.1 | js-yaml-3.9.1.tgz | Upgrade to version: js-yaml - 3.13.1 | #64 |
WS-2019-0063Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> css-loader-0.28.7.tgz -> cssnano-3.10.0.tgz -> postcss-svgo-2.1.6.tgz -> svgo-0.7.2.tgz -> ❌ js-yaml-3.7.0.tgz (Vulnerable Library) |
High | 8.1 | js-yaml-3.7.0.tgz | Upgrade to version: js-yaml - 3.13.1 | #40 |
WS-2019-0063Dependency Hierarchy: -> react-scripts-1.0.17.tgz (Root Library) -> eslint-4.10.0.tgz -> ❌ js-yaml-3.10.0.tgz (Vulnerable Library) |
High | 8.1 | js-yaml-3.10.0.tgz | Upgrade to version: js-yaml - 3.13.1 | #40 |
Total libraries scanned: 10
Scan token: 13c8803ecf8c4373b85827ba1d1cef17