Merge pull request #50 from JoshRDemo/revert-18-whitesource-remediate…
Security Report
| CVE | Severity |  CVSS Score |
Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|---|---|
MSC-2023-16609Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> ❌ fsevents-1.2.9.tgz (Vulnerable Library) |
 Critical |
9.8 | High | fsevents-1.2.9.tgz | #4 | ||
CVE-2023-45311Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> ❌ fsevents-1.2.9.tgz (Vulnerable Library) |
Critical |
9.8 | fsevents-1.2.9.tgz | Upgrade to version: fsevents - 1.2.11 | #4 | ||
CVE-2021-44906Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> optimist-0.6.1.tgz -> ❌ minimist-0.0.10.tgz (Vulnerable Library) |
Critical |
9.8 | 0.4% | minimist-0.0.10.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #4 | |
CVE-2021-44906Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> rc-1.2.8.tgz -> ❌ minimist-1.2.0.tgz (Vulnerable Library) |
Critical |
9.8 | 0.4% | minimist-1.2.0.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #4 | |
CVE-2021-44906Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> mkdirp-0.5.1.tgz -> ❌ minimist-0.0.8.tgz (Vulnerable Library) |
Critical |
9.8 | 0.4% | minimist-0.0.8.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #4 | |
CVE-2021-44906Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> prettyjson-1.2.1.tgz -> ❌ minimist-1.2.5.tgz (Vulnerable Library) |
Critical |
9.8 | 0.4% | minimist-1.2.5.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | #4 | |
CVE-2021-23440Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> ❌ set-value-2.0.0.tgz (Vulnerable Library) |
Critical |
9.8 | 6.7000003% | set-value-2.0.0.tgz | Upgrade to version: set-value - 2.0.1,4.0.1 | #4 | |
CVE-2021-23440Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> union-value-1.0.0.tgz -> ❌ set-value-0.4.3.tgz (Vulnerable Library) |
Critical |
9.8 | 6.7000003% | set-value-0.4.3.tgz | Upgrade to version: set-value - 2.0.1,4.0.1 | #4 | |
CVE-2020-7788Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> rc-1.2.8.tgz -> ❌ ini-1.3.5.tgz (Vulnerable Library) |
Critical |
9.8 | 0.5% | ini-1.3.5.tgz | Upgrade to version: v1.3.6 | #4 | |
CVE-2020-7774Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> nconf-0.10.0.tgz -> yargs-3.32.0.tgz -> ❌ y18n-3.2.1.tgz (Vulnerable Library) |
Critical |
9.8 | 44.3% | y18n-3.2.1.tgz | Upgrade to version: 3.2.2, 4.0.1, 5.0.5 | #4 | |
CVE-2020-7610Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> mongodb-2.2.36.tgz (Root Library) -> mongodb-core-2.1.20.tgz -> ❌ bson-1.0.9.tgz (Vulnerable Library) |
Critical |
9.8 | 0.3% | bson-1.0.9.tgz | Upgrade to version: bson - 1.1.4 | #6 | |
CVE-2019-10747Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> union-value-1.0.0.tgz -> ❌ set-value-0.4.3.tgz (Vulnerable Library) |
Critical |
9.8 | 0.4% | set-value-0.4.3.tgz | Upgrade to version: 2.0.1,3.0.1 | #4 | |
CVE-2019-10747Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> ❌ set-value-2.0.0.tgz (Vulnerable Library) |
Critical |
9.8 | 0.4% | set-value-2.0.0.tgz | Upgrade to version: 2.0.1,3.0.1 | #4 | |
CVE-2019-10746Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> ❌ mixin-deep-1.3.1.tgz (Vulnerable Library) |
Critical |
9.8 | 0.3% | mixin-deep-1.3.1.tgz | Upgrade to version: 1.3.2,2.0.1 | #4 | |
CVE-2021-37713Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
 High |
8.6 | 0.1% | tar-4.4.8.tgz | Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 | #4 | |
CVE-2021-37712Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
High |
8.6 | 0.1% | tar-4.4.8.tgz | Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 | #4 | |
CVE-2021-37701Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
High |
8.6 | 0.1% | tar-4.4.8.tgz | Upgrade to version: tar - 4.4.16,5.0.8,6.1.7 | #4 | |
CVE-2021-32804Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
High |
8.1 | 1.7% | tar-4.4.8.tgz | Upgrade to version: tar - 3.2.2, 4.4.14, 5.0.6, 6.1.1 | #4 | |
CVE-2021-32803Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.8.tgz (Vulnerable Library) |
High |
8.1 | 0.9% | tar-4.4.8.tgz | Upgrade to version: tar - 3.2.3, 4.4.15, 5.0.7, 6.1.2 | #4 | |
WS-2018-0148Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> broadway-0.3.6.tgz -> ❌ utile-0.2.1.tgz (Vulnerable Library) |
High |
7.5 | utile-0.2.1.tgz | Upgrade to version: JetBrains.Rider.Frontend5 - 213.0.20211008.154703-eap03 | #4 | ||
WS-2018-0148Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> ❌ utile-0.3.0.tgz (Vulnerable Library) |
High |
7.5 | utile-0.3.0.tgz | Upgrade to version: JetBrains.Rider.Frontend5 - 213.0.20211008.154703-eap03 | #4 | ||
CVE-2022-38900Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> source-map-resolve-0.5.2.tgz -> ❌ decode-uri-component-0.2.0.tgz (Vulnerable Library) |
High |
7.5 | 0.1% | decode-uri-component-0.2.0.tgz | Upgrade to version: decode-uri-component - 0.2.1 | #4 | |
CVE-2022-3517Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> ❌ minimatch-3.0.4.tgz (Vulnerable Library) |
High |
7.5 | 0.1% | minimatch-3.0.4.tgz | Upgrade to version: minimatch - 3.0.5 | #4 | |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> mongodb-2.2.36.tgz (Root Library) -> mongodb-core-2.1.20.tgz -> require_optional-1.0.1.tgz -> ❌ semver-5.6.0.tgz (Vulnerable Library) |
High |
7.5 | 0.1% | semver-5.6.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | #6 | |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ semver-5.7.0.tgz (Vulnerable Library) |
High |
7.5 | 0.1% | semver-5.7.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | #4 | |
CVE-2022-24999Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> body-parser-1.18.3.tgz (Root Library) -> ❌ qs-6.5.2.tgz (Vulnerable Library) |
High |
7.5 | 0.4% | qs-6.5.2.tgz | Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 | #9 | |
CVE-2022-21803Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> ❌ nconf-0.10.0.tgz (Vulnerable Library) |
High |
7.5 | 0.1% | nconf-0.10.0.tgz | Upgrade to version: nconf - 0.11.4 | #4 | |
CVE-2022-21803Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> broadway-0.3.6.tgz -> ❌ nconf-0.6.9.tgz (Vulnerable Library) |
High |
7.5 | 0.1% | nconf-0.6.9.tgz | Upgrade to version: nconf - 0.11.4 | #4 | |
CVE-2022-21681Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ marked-0.3.5.tgz (Vulnerable Library) |
High |
7.5 | 0.1% | marked-0.3.5.tgz | Upgrade to version: marked - 4.0.10 | #3 | |
CVE-2022-21680Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ marked-0.3.5.tgz (Vulnerable Library) |
High |
7.5 | 0.1% | marked-0.3.5.tgz | Upgrade to version: marked - 4.0.10 | #3 | |
CVE-2021-3820Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> utile-0.3.0.tgz -> ❌ i-0.3.6.tgz (Vulnerable Library) |
High |
7.5 | 0.1% | i-0.3.6.tgz | Upgrade to version: i - 0.3.7 | #4 | |
CVE-2020-28469Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> ❌ glob-parent-3.1.0.tgz (Vulnerable Library) |
High |
7.5 | 1.1% | glob-parent-3.1.0.tgz | Upgrade to version: glob-parent - 5.1.2 | #4 | |
CVE-2019-20149Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> readdirp-2.2.1.tgz -> micromatch-3.1.10.tgz -> ❌ kind-of-6.0.2.tgz (Vulnerable Library) |
High |
7.5 | 0.1% | kind-of-6.0.2.tgz | Upgrade to version: 6.0.3 | #4 | |
CVE-2017-20165Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> helmet-2.3.0.tgz (Root Library) -> connect-3.4.1.tgz -> ❌ debug-2.2.0.tgz (Vulnerable Library) |
High |
7.5 | 0.2% | debug-2.2.0.tgz | Upgrade to version: debug - 2.6.9,3.1.0 | #8 | |
CVE-2021-23358Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ underscore-1.9.1.tgz (Vulnerable Library) |
High |
7.2 | 0.4% | underscore-1.9.1.tgz | Upgrade to version: underscore - 1.12.1,1.13.0-2 | #5 | |
WS-2018-0031Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ marked-0.3.5.tgz (Vulnerable Library) |
High |
7.1 | marked-0.3.5.tgz | Upgrade to version: 0.3.6 | #3 | ||
WS-2019-0311Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ mongodb-2.2.36.tgz (Vulnerable Library) |
 Medium |
6.5 | mongodb-2.2.36.tgz | Upgrade to version: mongodb - 3.1.13 | #6 | ||
WS-2019-0289Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> helmet-2.3.0.tgz (Root Library) -> ❌ helmet-csp-1.2.2.tgz (Vulnerable Library) |
Medium |
6.1 | helmet-csp-1.2.2.tgz | Upgrade to version: 2.9.1 | #8 | ||
WS-2019-0026Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ marked-0.3.5.tgz (Vulnerable Library) |
Medium |
6.1 | marked-0.3.5.tgz | Upgrade to version: 0.3.9 | #3 | ||
WS-2019-0025Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ marked-0.3.5.tgz (Vulnerable Library) |
Medium |
6.1 | marked-0.3.5.tgz | Upgrade to version: 0.3.9 | #3 | ||
WS-2020-0163Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ marked-0.3.5.tgz (Vulnerable Library) |
Medium |
5.9 | marked-0.3.5.tgz | Upgrade to version: marked - 1.1.1 | #3 | ||
CVE-2020-7598Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> optimist-0.6.1.tgz -> ❌ minimist-0.0.10.tgz (Vulnerable Library) |
Medium |
5.6 | 0.1% | minimist-0.0.10.tgz | Upgrade to version: minimist - 0.2.1,1.2.3 | #4 | |
CVE-2020-7598Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> mkdirp-0.5.1.tgz -> ❌ minimist-0.0.8.tgz (Vulnerable Library) |
Medium |
5.6 | 0.1% | minimist-0.0.8.tgz | Upgrade to version: minimist - 0.2.1,1.2.3 | #4 | |
CVE-2020-7598Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> forever-2.0.0.tgz (Root Library) -> forever-monitor-2.0.0.tgz -> chokidar-2.1.8.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> rc-1.2.8.tgz -> ❌ minimist-1.2.0.tgz (Vulnerable Library) |
Medium |
5.6 | 0.1% | minimist-1.2.0.tgz | Upgrade to version: minimist - 0.2.1,1.2.3 | #4 | |
CVE-2017-16137Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> helmet-2.3.0.tgz (Root Library) -> connect-3.4.1.tgz -> ❌ debug-2.2.0.tgz (Vulnerable Library) |
Medium |
5.5 | 0.3% | debug-2.2.0.tgz | Upgrade to version: 2.6.9 | #8 | |
CVE-2017-16114Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ marked-0.3.5.tgz (Vulnerable Library) |
Medium |
5.5 | 0.1% | marked-0.3.5.tgz | Upgrade to version: 0.3.9 | #3 | |
CVE-2016-10531Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ marked-0.3.5.tgz (Vulnerable Library) |
Medium |
5.5 | 0.1% | marked-0.3.5.tgz | Upgrade to version: 0.3.6 | #3 | |
CVE-2015-8858Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> swig-1.4.2.tgz (Root Library) -> ❌ uglify-js-2.4.24.tgz (Vulnerable Library) |
Medium |
5.5 | 0.3% | uglify-js-2.4.24.tgz | Upgrade to version: v2.6.0 | #7 | |
CVE-2019-2391Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> mongodb-2.2.36.tgz (Root Library) -> mongodb-core-2.1.20.tgz -> ❌ bson-1.0.9.tgz (Vulnerable Library) |
Medium |
5.4 | 0.1% | bson-1.0.9.tgz | Upgrade to version: bson - 1.1.4 | #6 | |
WS-2019-0027Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ marked-0.3.5.tgz (Vulnerable Library) |
Medium |
5.3 | marked-0.3.5.tgz | Upgrade to version: 0.3.18 | #3 | ||
WS-2018-0628Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ marked-0.3.5.tgz (Vulnerable Library) |
Medium |
5.3 | marked-0.3.5.tgz | Upgrade to version: marked - 0.4.0 | #3 | ||
CVE-2017-20162Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> helmet-2.3.0.tgz (Root Library) -> connect-3.4.1.tgz -> debug-2.2.0.tgz -> ❌ ms-0.7.1.tgz (Vulnerable Library) |
Medium |
5.3 | 0.1% | ms-0.7.1.tgz | Upgrade to version: ms - 2.0.0 | #8 | |
CVE-2017-1000427Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ marked-0.3.5.tgz (Vulnerable Library) |
 Low |
3.7 | 0.1% | marked-0.3.5.tgz | Upgrade to version: 0.3.7 | #3 |
Total libraries scanned: 379
Scan token: df90a686e0484c8b991645709ee45351