You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@actions/core <=1.9.0
Severity: moderate
@actions/core has Delimiter Injection Vulnerability in exportVariable - https://github.com/advisories/GHSA-7r3h-m5j6-3q42
fix available via `npm audit fix`
node_modules/@actions/core
@azure/ms-rest-nodeauth <=3.0.9
Severity: high
Depends on vulnerable versions of @azure/ms-rest-js
Improper Privilege Management in Azure ms-rest-nodeauth - https://github.com/advisories/GHSA-qpfw-4m9x-rxx8
Depends on vulnerable versions of adal-node
fix available via `npm audit fix`
node_modules/@azure/ms-rest-nodeauth
tedious 6.3.0 - 6.7.0 || 7.0.0 - 9.2.1
Depends on vulnerable versions of @azure/ms-rest-nodeauth
node_modules/tedious
@babel/traverse <7.23.2
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix`
node_modules/@babel/traverse
async 3.0.0 - 3.2.1
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async
axios <=1.5.1
Severity: high
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
fix available via `npm audit fix`
node_modules/axios
browserslist 4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix`
node_modules/browserslist
decode-uri-component <0.2.1
Severity: high
decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq
fix available via `npm audit fix`
node_modules/decode-uri-component
follow-redirects <=1.15.3
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
fix available via `npm audit fix`
node_modules/follow-redirects
ip *
Severity: high
NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks - https://github.com/advisories/GHSA-78xj-cgh5-2h22
fix available via `npm audit fix`
node_modules/ip
socks 1.0.0 - 2.7.1
Depends on vulnerable versions of ip
node_modules/socks
json-schema <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/jsprim
json5 2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch
minimist 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist
path-parse <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/path-parse
qs 6.5.0 - 6.5.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/qs
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix`
node_modules/request
adal-node <=0.2.2 || >=2.0.0-pre
Depends on vulnerable versions of request
Depends on vulnerable versions of xmldom
node_modules/adal-node
jsdom 0.1.20 || 0.2.0 - 16.5.3
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-native
node_modules/jsdom
request-promise-core *
Depends on vulnerable versions of request
node_modules/request-promise-core
request-promise-native >=1.0.0
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-core
Depends on vulnerable versions of tough-cookie
node_modules/request-promise-native
semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@mapbox/node-pre-gyp/node_modules/semver
node_modules/@npmcli/fs/node_modules/semver
node_modules/jest-snapshot/node_modules/semver
node_modules/node-gyp/node_modules/semver
node_modules/node-notifier/node_modules/semver
node_modules/normalize-package-data/node_modules/semver
node_modules/sane/node_modules/semver
node_modules/semver
node_modules/ts-jest/node_modules/semver
tmpl <1.0.5
Severity: high
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion - https://github.com/advisories/GHSA-jgrx-mgxx-jf9v
fix available via `npm audit fix`
node_modules/tmpl
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix`
node_modules/@azure/ms-rest-js/node_modules/tough-cookie
node_modules/request-promise-native/node_modules/tough-cookie
node_modules/request/node_modules/tough-cookie
node_modules/tough-cookie
@azure/ms-rest-js <=2.6.6
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of xml2js
node_modules/@azure/ms-rest-js
word-wrap <1.2.4
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap
ws 7.0.0 - 7.4.5
Severity: moderate
ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693
fix available via `npm audit fix`
node_modules/ws
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/xml2js
typeorm 0.1.0-alpha.1 - 0.3.14-dev.daf1b47 || >=0.3.21-dev.28a8383
Depends on vulnerable versions of xml2js
node_modules/typeorm
xmldom *
Severity: critical
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q
xmldom allows multiple root nodes in a DOM - https://github.com/advisories/GHSA-crh6-fp67-6883
fix available via `npm audit fix`
node_modules/xmldom
The text was updated successfully, but these errors were encountered:
In addition to #91 flat dependencies are growing long in the tooth.
As of 2024-02-17, there are 32 vulnerabilities (15 moderate, 12 high, 5 critical).
Outdated Modules
Audit Summary
The text was updated successfully, but these errors were encountered: