From 52bbd4d9d86a2eb6fc22009e4c326d6e4db7cd1d Mon Sep 17 00:00:00 2001
From: Joshua Feingold <jfeingold35@gmail.com>
Date: Fri, 1 Dec 2023 13:20:12 -0600
Subject: [PATCH] CHANGE (CodeAnalyzer): @W-14573340@: Updated RetireJS and
 versioning for v3.19.0.

---
 package.json                 |    2 +-
 retire-js/RetireJsVulns.json | 2920 +++++++++++++++++++---------------
 2 files changed, 1618 insertions(+), 1304 deletions(-)

diff --git a/package.json b/package.json
index 86fc1ac50..3c8832829 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
 	"name": "@salesforce/sfdx-scanner",
 	"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
-	"version": "3.18.0",
+	"version": "3.19.0",
 	"author": "ISV SWAT",
 	"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
 	"dependencies": {
diff --git a/retire-js/RetireJsVulns.json b/retire-js/RetireJsVulns.json
index b8b1f771b..669d6720c 100644
--- a/retire-js/RetireJsVulns.json
+++ b/retire-js/RetireJsVulns.json
@@ -8,11 +8,11 @@
           "CWE-477"
         ],
         "identifiers": {
+          "summary": "bug summary",
           "CVE": [
             "CVE-XXXX-XXXX"
           ],
-          "bug": "1234",
-          "summary": "bug summary"
+          "bug": "1234"
         },
         "info": [
           "http://github.com/eoftedal/retire.js/"
@@ -44,16 +44,16 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "XSS with location.hash",
           "CVE": [
             "CVE-2011-4969"
           ],
-          "summary": "XSS with location.hash",
           "githubID": "GHSA-579v-mp3v-rrw5"
         },
         "info": [
-          "https://nvd.nist.gov/vuln/detail/CVE-2011-4969",
           "http://research.insecurelabs.org/jquery/test/",
-          "https://bugs.jquery.com/ticket/9521"
+          "https://bugs.jquery.com/ticket/9521",
+          "https://nvd.nist.gov/vuln/detail/CVE-2011-4969"
         ]
       },
       {
@@ -62,19 +62,19 @@
           "CWE-64",
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
+          "summary": "Selector interpreted as HTML",
           "CVE": [
             "CVE-2012-6708"
           ],
           "bug": "11290",
-          "summary": "Selector interpreted as HTML",
           "githubID": "GHSA-2pqj-h3vj-pqgw"
         },
-        "severity": "medium",
         "info": [
           "http://bugs.jquery.com/ticket/11290",
-          "https://nvd.nist.gov/vuln/detail/CVE-2012-6708",
-          "http://research.insecurelabs.org/jquery/test/"
+          "http://research.insecurelabs.org/jquery/test/",
+          "https://nvd.nist.gov/vuln/detail/CVE-2012-6708"
         ]
       },
       {
@@ -82,14 +82,14 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
+          "summary": "Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.\n\n\n## Recommendation\n\nUpgrade to version 1.9.0 or later.",
           "CVE": [
             "CVE-2020-7656"
           ],
-          "summary": "Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.\n\n\n## Recommendation\n\nUpgrade to version 1.9.0 or later.",
           "githubID": "GHSA-q4m3-2j7h-f7xw"
         },
-        "severity": "medium",
         "info": [
           "https://github.com/advisories/GHSA-q4m3-2j7h-f7xw",
           "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
@@ -101,84 +101,108 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
-          "issue": "2432",
           "summary": "3rd party CORS request may execute",
+          "issue": "2432",
           "CVE": [
             "CVE-2015-9251"
           ],
           "githubID": "GHSA-rmxg-73gg-4p98"
         },
-        "severity": "medium",
         "info": [
-          "https://github.com/jquery/jquery/issues/2432",
           "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
-          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
-          "http://research.insecurelabs.org/jquery/test/"
+          "http://research.insecurelabs.org/jquery/test/",
+          "https://bugs.jquery.com/ticket/11974",
+          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
+          "https://github.com/jquery/jquery/issues/2432",
+          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
         ]
       },
       {
-        "atOrAbove": "1.12.3",
-        "below": "3.0.0-beta1",
+        "atOrAbove": "1.8.0",
+        "below": "1.12.0",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
-          "issue": "2432",
           "summary": "3rd party CORS request may execute",
+          "issue": "2432",
           "CVE": [
             "CVE-2015-9251"
           ],
           "githubID": "GHSA-rmxg-73gg-4p98"
         },
-        "severity": "medium",
         "info": [
-          "https://github.com/jquery/jquery/issues/2432",
           "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
-          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
-          "http://research.insecurelabs.org/jquery/test/"
+          "http://research.insecurelabs.org/jquery/test/",
+          "https://bugs.jquery.com/ticket/11974",
+          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
+          "https://github.com/jquery/jquery/issues/2432",
+          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
         ]
       },
       {
-        "atOrAbove": "1.8.0",
-        "below": "1.12.0",
+        "atOrAbove": "1.12.2",
+        "below": "2.2.0",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
+          "summary": "3rd party CORS request may execute",
+          "issue": "2432",
           "CVE": [
             "CVE-2015-9251"
           ],
-          "issue": "11974",
-          "summary": "parseHTML() executes scripts in event handlers",
           "githubID": "GHSA-rmxg-73gg-4p98"
         },
-        "severity": "medium",
         "info": [
+          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
+          "http://research.insecurelabs.org/jquery/test/",
           "https://bugs.jquery.com/ticket/11974",
-          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
-          "http://research.insecurelabs.org/jquery/test/"
+          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
+          "https://github.com/jquery/jquery/issues/2432",
+          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
         ]
       },
       {
-        "atOrAbove": "1.12.2",
-        "below": "2.2.0",
+        "below": "2.999.999",
+        "cwe": [
+          "CWE-1104"
+        ],
+        "severity": "low",
+        "identifiers": {
+          "summary": "jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates",
+          "retid": "73"
+        },
+        "info": [
+          "https://github.com/jquery/jquery.com/issues/162"
+        ]
+      },
+      {
+        "atOrAbove": "1.12.3",
+        "below": "3.0.0-beta1",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
+          "summary": "3rd party CORS request may execute",
+          "issue": "2432",
           "CVE": [
             "CVE-2015-9251"
           ],
-          "issue": "11974",
-          "summary": "parseHTML() executes scripts in event handlers",
           "githubID": "GHSA-rmxg-73gg-4p98"
         },
-        "severity": "medium",
         "info": [
+          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
+          "http://research.insecurelabs.org/jquery/test/",
           "https://bugs.jquery.com/ticket/11974",
-          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
-          "http://research.insecurelabs.org/jquery/test/"
+          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
+          "https://github.com/jquery/jquery/issues/2432",
+          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
         ]
       },
       {
@@ -187,19 +211,22 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
+          "summary": "3rd party CORS request may execute",
+          "issue": "2432",
           "CVE": [
             "CVE-2015-9251"
           ],
-          "issue": "11974",
-          "summary": "parseHTML() executes scripts in event handlers",
           "githubID": "GHSA-rmxg-73gg-4p98"
         },
-        "severity": "medium",
         "info": [
+          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
+          "http://research.insecurelabs.org/jquery/test/",
           "https://bugs.jquery.com/ticket/11974",
-          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
-          "http://research.insecurelabs.org/jquery/test/"
+          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
+          "https://github.com/jquery/jquery/issues/2432",
+          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
         ]
       },
       {
@@ -208,14 +235,14 @@
         "cwe": [
           "CWE-400"
         ],
+        "severity": "high",
         "identifiers": {
+          "summary": "Denial of Service in jquery",
           "CVE": [
             "CVE-2016-10707"
           ],
-          "summary": "Denial of Service in jquery",
           "githubID": "GHSA-mhpp-875w-9cpv"
         },
-        "severity": "high",
         "info": [
           "https://nvd.nist.gov/vuln/detail/CVE-2016-10707"
         ]
@@ -227,73 +254,58 @@
           "CWE-1321",
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
+          "summary": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution",
           "CVE": [
             "CVE-2019-11358"
           ],
           "PR": "4333",
-          "summary": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution",
           "githubID": "GHSA-6c3j-c64m-qhgq"
         },
-        "severity": "medium",
         "info": [
           "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
-          "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
-          "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
+          "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b",
+          "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
         ]
       },
       {
+        "atOrAbove": "1.0.3",
         "below": "3.5.0",
-        "atOrAbove": "1.2.0",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
+          "summary": "passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.",
           "CVE": [
-            "CVE-2020-11022"
+            "CVE-2020-11023"
           ],
-          "issue": "4642",
-          "summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS",
-          "githubID": "GHSA-gxr4-xjj5-5px2"
+          "issue": "4647",
+          "githubID": "GHSA-jpcq-cgw6-v4j6"
         },
-        "severity": "medium",
         "info": [
           "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
         ]
       },
       {
+        "atOrAbove": "1.2.0",
         "below": "3.5.0",
-        "atOrAbove": "1.0.3",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
+          "summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS",
           "CVE": [
-            "CVE-2020-11023",
-            "CVE-2020-23064"
+            "CVE-2020-11022"
           ],
-          "issue": "4647",
-          "summary": "passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.",
-          "githubID": "GHSA-jpcq-cgw6-v4j6"
+          "issue": "4642",
+          "githubID": "GHSA-gxr4-xjj5-5px2"
         },
-        "severity": "medium",
         "info": [
           "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
         ]
-      },
-      {
-        "below": "2.999.999",
-        "cwe": [
-          "CWE-1104"
-        ],
-        "identifiers": {
-          "retid": "73",
-          "summary": "jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates"
-        },
-        "severity": "low",
-        "info": [
-          "https://github.com/jquery/jquery.com/issues/162"
-        ]
       }
     ],
     "extractors": {
@@ -329,9 +341,9 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "cross-site-scripting",
           "issue": "36",
-          "release": "jQuery Migrate 1.2.0 Released",
-          "summary": "cross-site-scripting"
+          "release": "jQuery Migrate 1.2.0 Released"
         },
         "info": [
           "http://blog.jquery.com/2013/05/01/jquery-migrate-1-2-0-released/",
@@ -345,8 +357,8 @@
           "CWE-79"
         ],
         "identifiers": {
-          "bug": "11290",
-          "summary": "Selector interpreted as HTML"
+          "summary": "Selector interpreted as HTML",
+          "bug": "11290"
         },
         "info": [
           "http://bugs.jquery.com/ticket/11290",
@@ -372,21 +384,20 @@
     ],
     "vulnerabilities": [
       {
-        "below": "1.19.5",
+        "below": "1.19.3",
         "severity": "high",
         "cwe": [
-          "CWE-1333"
+          "CWE-400"
         ],
         "identifiers": {
+          "summary": "Regular Expression Denial of Service vulnerability",
           "CVE": [
-            "CVE-2022-31147"
+            "CVE-2021-21252"
           ],
-          "summary": "ReDoS vulnerability in url and URL2 validation",
-          "githubID": "GHSA-ffmh-x56j-9rc3"
+          "githubID": "GHSA-jxwx-85vp-gvwm"
         },
         "info": [
-          "https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd",
-          "https://github.com/advisories/GHSA-ffmh-x56j-9rc3"
+          "https://github.com/jquery-validation/jquery-validation/blob/master/changelog.md#1193--2021-01-09"
         ]
       },
       {
@@ -396,11 +407,11 @@
           "CWE-1333"
         ],
         "identifiers": {
+          "summary": "ReDoS vulnerability in URL2 validation",
           "CVE": [
             "CVE-2021-43306"
           ],
           "issue": "2428",
-          "summary": "ReDoS vulnerability in URL2 validation",
           "githubID": "GHSA-j9m2-h2pv-wvph"
         },
         "info": [
@@ -408,20 +419,21 @@
         ]
       },
       {
-        "below": "1.19.3",
+        "below": "1.19.5",
         "severity": "high",
         "cwe": [
-          "CWE-400"
+          "CWE-1333"
         ],
         "identifiers": {
+          "summary": "ReDoS vulnerability in url and URL2 validation",
           "CVE": [
-            "CVE-2021-21252"
+            "CVE-2022-31147"
           ],
-          "summary": "Regular Expression Denial of Service vulnerability",
-          "githubID": "GHSA-jxwx-85vp-gvwm"
+          "githubID": "GHSA-ffmh-x56j-9rc3"
         },
         "info": [
-          "https://github.com/jquery-validation/jquery-validation/blob/master/changelog.md#1193--2021-01-09"
+          "https://github.com/advisories/GHSA-ffmh-x56j-9rc3",
+          "https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd"
         ]
       }
     ],
@@ -450,41 +462,41 @@
     ],
     "vulnerabilities": [
       {
-        "below": "1.0RC2",
+        "below": "1.0.1",
         "severity": "high",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "osvdb": [
-            "94563",
-            "93562",
-            "94316",
-            "94561",
-            "94560"
+            "94317"
           ]
         },
         "info": [
-          "http://osvdb.org/show/osvdb/94563",
-          "http://osvdb.org/show/osvdb/94562",
-          "http://osvdb.org/show/osvdb/94316",
-          "http://osvdb.org/show/osvdb/94561",
-          "http://osvdb.org/show/osvdb/94560"
+          "http://osvdb.org/show/osvdb/94317"
         ]
       },
       {
-        "below": "1.0.1",
+        "below": "1.0RC2",
         "severity": "high",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "osvdb": [
-            "94317"
+            "94563",
+            "93562",
+            "94316",
+            "94561",
+            "94560"
           ]
         },
         "info": [
-          "http://osvdb.org/show/osvdb/94317"
+          "http://osvdb.org/show/osvdb/94316",
+          "http://osvdb.org/show/osvdb/94560",
+          "http://osvdb.org/show/osvdb/94561",
+          "http://osvdb.org/show/osvdb/94562",
+          "http://osvdb.org/show/osvdb/94563"
         ]
       },
       {
@@ -494,12 +506,12 @@
           "CWE-79"
         ],
         "identifiers": {
-          "issue": "4787",
-          "release": "http://jquerymobile.com/changelog/1.1.2/",
-          "summary": "location.href cross-site scripting"
+          "summary": "location.href cross-site scripting",
+          "issue": "4787"
         },
         "info": [
           "http://jquerymobile.com/changelog/1.1.2/",
+          "http://jquerymobile.com/changelog/1.2.0/",
           "https://github.com/jquery/jquery-mobile/issues/4787"
         ]
       },
@@ -510,9 +522,8 @@
           "CWE-79"
         ],
         "identifiers": {
-          "issue": "4787",
-          "release": "http://jquerymobile.com/changelog/1.2.0/",
-          "summary": "location.href cross-site scripting"
+          "summary": "location.href cross-site scripting",
+          "issue": "4787"
         },
         "info": [
           "http://jquerymobile.com/changelog/1.2.0/",
@@ -520,34 +531,34 @@
         ]
       },
       {
-        "below": "100.0.0",
+        "below": "1.3.0",
         "severity": "high",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "blog": "sirdarckcat/unpatched-0day-jquery-mobile-xss",
-          "summary": "open redirect leads to cross site scripting",
-          "githubID": "GHSA-fj93-7wm4-8x2g"
+          "summary": "Endpoint that reflect user input leads to cross site scripting",
+          "gist": "jupenur/e5d0c6f9b58aa81860bf74e010cf1685"
         },
         "info": [
-          "http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html",
-          "https://github.com/jquery/jquery-mobile/issues/8640",
-          "https://snyk.io/vuln/SNYK-JS-JQUERYMOBILE-174599"
+          "https://gist.github.com/jupenur/e5d0c6f9b58aa81860bf74e010cf1685"
         ]
       },
       {
-        "below": "1.3.0",
+        "below": "100.0.0",
         "severity": "high",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "gist": "jupenur/e5d0c6f9b58aa81860bf74e010cf1685",
-          "summary": "Endpoint that reflect user input leads to cross site scripting"
+          "summary": "open redirect leads to cross site scripting",
+          "blog": "sirdarckcat/unpatched-0day-jquery-mobile-xss",
+          "githubID": "GHSA-fj93-7wm4-8x2g"
         },
         "info": [
-          "https://gist.github.com/jupenur/e5d0c6f9b58aa81860bf74e010cf1685"
+          "http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html",
+          "https://github.com/jquery/jquery-mobile/issues/8640",
+          "https://snyk.io/vuln/SNYK-JS-JQUERYMOBILE-174599"
         ]
       }
     ],
@@ -572,24 +583,21 @@
     "npmname": "jquery-ui",
     "vulnerabilities": [
       {
-        "below": "1.13.2",
+        "below": "1.13.0",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "XSS when refreshing checkboxes if usercontrolled data in labels",
-          "issue": "2101",
+          "summary": "XSS in the `altField` option of the Datepicker widget",
           "CVE": [
-            "CVE-2022-31160"
+            "CVE-2021-41182"
           ],
-          "githubID": "GHSA-h6gj-6jjq-h8g9"
+          "githubID": "GHSA-9gj3-hwp5-pmwc"
         },
         "info": [
-          "https://github.com/jquery/jquery-ui/issues/2101",
-          "https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9",
-          "https://github.com/advisories/GHSA-h6gj-6jjq-h8g9",
-          "https://nvd.nist.gov/vuln/detail/CVE-2022-31160"
+          "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc",
+          "https://nvd.nist.gov/vuln/detail/CVE-2021-41182"
         ]
       },
       {
@@ -599,10 +607,10 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "XSS in the `of` option of the `.position()` util",
           "CVE": [
             "CVE-2021-41184"
           ],
-          "summary": "XSS in the `of` option of the `.position()` util",
           "githubID": "GHSA-gpqq-952q-5327"
         },
         "info": [
@@ -617,11 +625,11 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "XSS Vulnerability on text options of jQuery UI datepicker",
           "CVE": [
             "CVE-2021-41183"
           ],
           "bug": "15284",
-          "summary": "XSS Vulnerability on text options of jQuery UI datepicker",
           "githubID": "GHSA-j7qv-pgf6-hvh4"
         },
         "info": [
@@ -629,24 +637,6 @@
           "https://nvd.nist.gov/vuln/detail/CVE-2021-41183"
         ]
       },
-      {
-        "below": "1.13.0",
-        "severity": "medium",
-        "cwe": [
-          "CWE-79"
-        ],
-        "identifiers": {
-          "CVE": [
-            "CVE-2021-41182"
-          ],
-          "summary": "XSS in the `altField` option of the Datepicker widget",
-          "githubID": "GHSA-9gj3-hwp5-pmwc"
-        },
-        "info": [
-          "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc",
-          "https://nvd.nist.gov/vuln/detail/CVE-2021-41182"
-        ]
-      },
       {
         "below": "1.13.2",
         "severity": "medium",
@@ -654,14 +644,17 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "XSS when refreshing a checkboxradio with an HTML-like initial text label ",
           "CVE": [
             "CVE-2022-31160"
           ],
-          "summary": "XSS when refreshing a checkboxradio with an HTML-like initial text label ",
+          "issue": "2101",
           "githubID": "GHSA-h6gj-6jjq-h8g9"
         },
         "info": [
-          "https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9",
+          "https://github.com/advisories/GHSA-h6gj-6jjq-h8g9",
+          "https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9",
+          "https://github.com/jquery/jquery-ui/issues/2101",
           "https://nvd.nist.gov/vuln/detail/CVE-2022-31160"
         ]
       }
@@ -692,11 +685,11 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "Title cross-site scripting vulnerability",
           "CVE": [
             "CVE-2010-5312"
           ],
           "bug": "6016",
-          "summary": "Title cross-site scripting vulnerability",
           "githubID": "GHSA-wcm2-9c89-wmfm"
         },
         "info": [
@@ -711,11 +704,11 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "XSS Vulnerability on closeText option",
           "CVE": [
             "CVE-2016-7103"
           ],
           "bug": "281",
-          "summary": "XSS Vulnerability on closeText option",
           "githubID": "GHSA-hpcf-8vf9-q4gj"
         },
         "info": [
@@ -767,11 +760,11 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip",
           "CVE": [
             "CVE-2012-6662"
           ],
           "bug": "8859",
-          "summary": "Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip",
           "githubID": "GHSA-qqxp-xp9v-vvx6"
         },
         "info": [
@@ -820,8 +813,8 @@
           "issue": "149"
         },
         "info": [
-          "https://github.com/scaron/prettyphoto/issues/149",
-          "https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto"
+          "https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto",
+          "https://github.com/scaron/prettyphoto/issues/149"
         ]
       }
     ],
@@ -953,57 +946,57 @@
     "npmname": "jplayer",
     "vulnerabilities": [
       {
-        "below": "2.3.1",
+        "below": "2.2.20",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component",
           "CVE": [
-            "CVE-2013-2023"
+            "CVE-2013-1942"
           ],
-          "release": "2.3.1",
-          "summary": "XSS vulnerability in actionscript/Jplayer.as in the Flash SWF component"
+          "release": "2.2.20"
         },
         "info": [
           "http://jplayer.org/latest/release-notes/",
-          "https://nvd.nist.gov/vuln/detail/CVE-2013-2023"
+          "https://nvd.nist.gov/vuln/detail/CVE-2013-1942"
         ]
       },
       {
-        "below": "2.3.23",
+        "below": "2.3.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "XSS vulnerability in actionscript/Jplayer.as in the Flash SWF component",
           "CVE": [
-            "CVE-2013-2022"
+            "CVE-2013-2023"
           ],
-          "release": "2.3.23",
-          "summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component"
+          "release": "2.3.1"
         },
         "info": [
           "http://jplayer.org/latest/release-notes/",
-          "https://nvd.nist.gov/vuln/detail/CVE-2013-2022"
+          "https://nvd.nist.gov/vuln/detail/CVE-2013-2023"
         ]
       },
       {
-        "below": "2.2.20",
+        "below": "2.3.23",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component",
           "CVE": [
-            "CVE-2013-1942"
+            "CVE-2013-2022"
           ],
-          "release": "2.2.20",
-          "summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component"
+          "release": "2.3.23"
         },
         "info": [
           "http://jplayer.org/latest/release-notes/",
-          "https://nvd.nist.gov/vuln/detail/CVE-2013-1942"
+          "https://nvd.nist.gov/vuln/detail/CVE-2013-2022"
         ]
       }
     ],
@@ -1024,8 +1017,8 @@
           "CWE-79"
         ],
         "identifiers": {
-          "issue": "1244",
           "summary": "XSS injection point in attr name binding for browser IE7 and older",
+          "issue": "1244",
           "CVE": [
             "CVE-2019-14862"
           ],
@@ -1058,8 +1051,8 @@
           "CWE-79"
         ],
         "identifiers": {
-          "tenable": "98645",
-          "summary": "Unsanitized data passed to eval()"
+          "summary": "Unsanitized data passed to eval()",
+          "tenable": "98645"
         },
         "info": [
           "http://www.thomasfrank.se/sessionvars.html"
@@ -1131,28 +1124,28 @@
         ]
       },
       {
-        "below": "4.2.4",
+        "below": "4.2.0",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "xss issues with media plugin not properly filtering out some script attributes.",
-          "retid": "61"
+          "summary": "FIXED so script elements gets removed by default to prevent possible XSS issues in default config implementations",
+          "retid": "62"
         },
         "info": [
           "https://www.tinymce.com/docs/changelog/"
         ]
       },
       {
-        "below": "4.2.0",
+        "below": "4.2.4",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "FIXED so script elements gets removed by default to prevent possible XSS issues in default config implementations",
-          "retid": "62"
+          "summary": "xss issues with media plugin not properly filtering out some script attributes.",
+          "retid": "61"
         },
         "info": [
           "https://www.tinymce.com/docs/changelog/"
@@ -1179,16 +1172,20 @@
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.",
-          "githubID": "GHSA-p7j5-4mwm-hv86"
+          "summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
+          "githubID": "GHSA-27gm-ghr9-4v95",
+          "CVE": [
+            "CVE-2020-17480",
+            "CVE-2020-23066"
+          ]
         },
         "info": [
-          "https://github.com/tinymce/tinymce/security/advisories/GHSA-p7j5-4mwm-hv86"
+          "https://github.com/advisories/GHSA-27gm-ghr9-4v95",
+          "https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95"
         ]
       },
       {
-        "below": "5.1.4",
-        "atOrAbove": "5.0.0",
+        "below": "4.9.7",
         "severity": "high",
         "cwe": [
           "CWE-79"
@@ -1198,6 +1195,7 @@
           "githubID": "GHSA-p7j5-4mwm-hv86"
         },
         "info": [
+          "https://github.com/advisories/GHSA-p7j5-4mwm-hv86",
           "https://github.com/tinymce/tinymce/security/advisories/GHSA-p7j5-4mwm-hv86"
         ]
       },
@@ -1215,24 +1213,7 @@
           ]
         },
         "info": [
-          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
-        ]
-      },
-      {
-        "atOrAbove": "5.0.0",
-        "below": "5.2.2",
-        "severity": "medium",
-        "cwe": [
-          "CWE-79"
-        ],
-        "identifiers": {
-          "summary": "cross-site scripting (XSS) vulnerability was discovered in: the core parser and `media` plugin. ",
-          "githubID": "GHSA-c78w-2gw7-gjv3",
-          "CVE": [
-            "CVE-2019-1010091"
-          ]
-        },
-        "info": [
+          "https://github.com/advisories/GHSA-c78w-2gw7-gjv3",
           "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
         ]
       },
@@ -1250,30 +1231,13 @@
           ]
         },
         "info": [
+          "https://github.com/advisories/GHSA-vrv8-v4w8-f95h",
           "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
         ]
       },
       {
-        "below": "5.4.1",
         "atOrAbove": "5.0.0",
-        "severity": "medium",
-        "cwe": [
-          "CWE-79"
-        ],
-        "identifiers": {
-          "summary": "Cross-site scripting vulnerability in TinyMCE",
-          "githubID": "GHSA-vrv8-v4w8-f95h",
-          "CVE": [
-            "CVE-2020-12648"
-          ]
-        },
-        "info": [
-          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
-        ]
-      },
-      {
         "below": "5.1.4",
-        "atOrAbove": "5.0.0",
         "severity": "high",
         "cwe": [
           "CWE-79"
@@ -1282,28 +1246,29 @@
           "summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
           "githubID": "GHSA-27gm-ghr9-4v95",
           "CVE": [
-            "CVE-2020-17480"
+            "CVE-2020-17480",
+            "CVE-2020-23066"
           ]
         },
         "info": [
+          "https://github.com/advisories/GHSA-27gm-ghr9-4v95",
           "https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95"
         ]
       },
       {
-        "below": "4.9.7",
+        "atOrAbove": "5.0.0",
+        "below": "5.1.4",
         "severity": "high",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
-          "githubID": "GHSA-27gm-ghr9-4v95",
-          "CVE": [
-            "CVE-2020-17480"
-          ]
+          "summary": "TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.",
+          "githubID": "GHSA-p7j5-4mwm-hv86"
         },
         "info": [
-          "https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95"
+          "https://github.com/advisories/GHSA-p7j5-4mwm-hv86",
+          "https://github.com/tinymce/tinymce/security/advisories/GHSA-p7j5-4mwm-hv86"
         ]
       },
       {
@@ -1334,6 +1299,25 @@
           "https://www.tiny.cloud/docs/release-notes/release-notes522/"
         ]
       },
+      {
+        "atOrAbove": "5.0.0",
+        "below": "5.2.2",
+        "severity": "medium",
+        "cwe": [
+          "CWE-79"
+        ],
+        "identifiers": {
+          "summary": "cross-site scripting (XSS) vulnerability was discovered in: the core parser and `media` plugin. ",
+          "githubID": "GHSA-c78w-2gw7-gjv3",
+          "CVE": [
+            "CVE-2019-1010091"
+          ]
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-c78w-2gw7-gjv3",
+          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
+        ]
+      },
       {
         "below": "5.4.0",
         "severity": "low",
@@ -1349,18 +1333,22 @@
         ]
       },
       {
-        "below": "5.6.0",
+        "atOrAbove": "5.0.0",
+        "below": "5.4.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "security issue where URLs in attributes weren’t correctly sanitized. security issue in the codesample plugin",
-          "retid": "67",
-          "githubID": "GHSA-w7jx-j77m-wp65"
+          "summary": "Cross-site scripting vulnerability in TinyMCE",
+          "githubID": "GHSA-vrv8-v4w8-f95h",
+          "CVE": [
+            "CVE-2020-12648"
+          ]
         },
         "info": [
-          "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes"
+          "https://github.com/advisories/GHSA-vrv8-v4w8-f95h",
+          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
         ]
       },
       {
@@ -1377,6 +1365,21 @@
           "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes"
         ]
       },
+      {
+        "below": "5.6.0",
+        "severity": "medium",
+        "cwe": [
+          "CWE-79"
+        ],
+        "identifiers": {
+          "summary": "security issue where URLs in attributes weren’t correctly sanitized. security issue in the codesample plugin",
+          "retid": "67",
+          "githubID": "GHSA-w7jx-j77m-wp65"
+        },
+        "info": [
+          "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes"
+        ]
+      },
       {
         "below": "5.7.1",
         "severity": "medium",
@@ -1430,84 +1433,131 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "A cross-site scripting (XSS) vulnerability in TinyMCE alerts which allowed arbitrary JavaScript execution was found and fixed.",
           "CVE": [
             "CVE-2022-23494"
           ],
-          "summary": "A cross-site scripting (XSS) vulnerability in TinyMCE alerts which allowed arbitrary JavaScript execution was found and fixed.",
           "githubID": "GHSA-gg8r-xjwq-4w92"
         },
         "info": [
-          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06",
-          "https://www.cve.org/CVERecord?id=CVE-2022-23494"
+          "https://github.com/advisories/GHSA-gg8r-xjwq-4w92",
+          "https://www.cve.org/CVERecord?id=CVE-2022-23494",
+          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06"
         ]
       },
       {
-        "below": "6.3.1",
-        "atOrAbove": "6.0.0",
+        "below": "5.10.8",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "TinyMCE XSS vulnerability in notificationManager.open API",
           "CVE": [
-            "CVE-2022-23494"
+            "CVE-2023-45819"
           ],
-          "summary": "A cross-site scripting (XSS) vulnerability in TinyMCE alerts which allowed arbitrary JavaScript execution was found and fixed.",
-          "githubID": "GHSA-gg8r-xjwq-4w92"
+          "githubID": "GHSA-hgqx-r2hp-jr38"
         },
         "info": [
-          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06",
-          "https://www.cve.org/CVERecord?id=CVE-2022-23494"
+          "https://github.com/advisories/GHSA-hgqx-r2hp-jr38",
+          "https://www.cve.org/CVERecord?id=CVE-2022-23494",
+          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06"
+        ]
+      },
+      {
+        "below": "5.10.8",
+        "severity": "medium",
+        "cwe": [
+          "CWE-79"
+        ],
+        "identifiers": {
+          "summary": "TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin",
+          "CVE": [
+            "CVE-2023-45818"
+          ],
+          "githubID": "GHSA-v65r-p3vv-jjfv"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-v65r-p3vv-jjfv"
+        ]
+      },
+      {
+        "atOrAbove": "0",
+        "below": "5.10.9",
+        "cwe": [
+          "CWE-79"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes",
+          "CVE": [
+            "CVE-2023-48219"
+          ],
+          "githubID": "GHSA-v626-r774-j7f8"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-v626-r774-j7f8",
+          "https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8",
+          "https://nvd.nist.gov/vuln/detail/CVE-2023-48219",
+          "https://github.com/tinymce/tinymce",
+          "https://github.com/tinymce/tinymce/releases/tag/5.10.9",
+          "https://github.com/tinymce/tinymce/releases/tag/6.7.3",
+          "https://tiny.cloud/docs/release-notes/release-notes5109/",
+          "https://tiny.cloud/docs/tinymce/6/6.7.3-release-notes/"
         ]
       },
       {
-        "below": "6.7.1",
         "atOrAbove": "6.0.0",
+        "below": "6.3.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "A cross-site scripting (XSS) vulnerability in TinyMCE alerts which allowed arbitrary JavaScript execution was found and fixed.",
           "CVE": [
-            "CVE-2023-45819"
+            "CVE-2022-23494"
           ],
-          "summary": "TinyMCE XSS vulnerability in notificationManager.open API",
-          "githubID": "GHSA-hgqx-r2hp-jr38"
+          "githubID": "GHSA-gg8r-xjwq-4w92"
         },
         "info": [
-          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06",
-          "https://www.cve.org/CVERecord?id=CVE-2022-23494"
+          "https://github.com/advisories/GHSA-gg8r-xjwq-4w92",
+          "https://www.cve.org/CVERecord?id=CVE-2022-23494",
+          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06"
         ]
       },
       {
-        "below": "5.10.8",
+        "atOrAbove": "6.0.0",
+        "below": "6.7.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "TinyMCE XSS vulnerability in notificationManager.open API",
           "CVE": [
             "CVE-2023-45819"
           ],
-          "summary": "TinyMCE XSS vulnerability in notificationManager.open API",
           "githubID": "GHSA-hgqx-r2hp-jr38"
         },
         "info": [
-          "https://github.com/advisories/GHSA-hgqx-r2hp-jr38"
+          "https://github.com/advisories/GHSA-hgqx-r2hp-jr38",
+          "https://www.cve.org/CVERecord?id=CVE-2022-23494",
+          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06"
         ]
       },
       {
-        "below": "6.7.1",
         "atOrAbove": "6.0.0",
+        "below": "6.7.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin",
           "CVE": [
             "CVE-2023-45818"
           ],
-          "summary": "TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin",
           "githubID": "GHSA-v65r-p3vv-jjfv"
         },
         "info": [
@@ -1515,20 +1565,28 @@
         ]
       },
       {
-        "below": "5.10.8",
-        "severity": "medium",
+        "atOrAbove": "6.0.0",
+        "below": "6.7.3",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
+          "summary": "TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes",
           "CVE": [
-            "CVE-2023-45818"
+            "CVE-2023-48219"
           ],
-          "summary": "TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin",
-          "githubID": "GHSA-v65r-p3vv-jjfv"
+          "githubID": "GHSA-v626-r774-j7f8"
         },
         "info": [
-          "https://github.com/advisories/GHSA-v65r-p3vv-jjfv"
+          "https://github.com/advisories/GHSA-v626-r774-j7f8",
+          "https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8",
+          "https://nvd.nist.gov/vuln/detail/CVE-2023-48219",
+          "https://github.com/tinymce/tinymce",
+          "https://github.com/tinymce/tinymce/releases/tag/5.10.9",
+          "https://github.com/tinymce/tinymce/releases/tag/6.7.3",
+          "https://tiny.cloud/docs/release-notes/release-notes5109/",
+          "https://tiny.cloud/docs/tinymce/6/6.7.3-release-notes/"
         ]
       }
     ],
@@ -1554,73 +1612,70 @@
     "npmname": "yui",
     "vulnerabilities": [
       {
-        "atOrAbove": "3.5.0",
-        "below": "3.9.2",
+        "atOrAbove": "2.4.0",
+        "below": "2.8.2",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2013-4942"
+            "CVE-2010-4207"
           ]
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2013-4942/"
+          "http://www.cvedetails.com/cve/CVE-2010-4207/"
         ]
       },
       {
-        "atOrAbove": "3.2.0",
-        "below": "3.9.2",
+        "atOrAbove": "2.5.0",
+        "below": "2.8.2",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2013-4941"
+            "CVE-2010-4208"
           ]
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2013-4941/"
+          "http://www.cvedetails.com/cve/CVE-2010-4208/"
         ]
       },
       {
-        "atOrAbove": "3.0.0",
-        "below": "3.10.3",
+        "atOrAbove": "2.8.0",
+        "below": "2.8.2",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2013-4940"
+            "CVE-2010-4209"
           ]
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2013-4940/"
+          "http://www.cvedetails.com/cve/CVE-2010-4209/"
         ]
       },
       {
-        "atOrAbove": "3.0.0",
-        "below": "3.10.3",
+        "below": "2.9.0",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2013-4939"
-          ],
-          "githubID": "GHSA-mj87-8xf8-fp4w"
+            "CVE-2010-4710"
+          ]
         },
         "info": [
-          "https://clarle.github.io/yui3/support/20130515-vulnerability/",
-          "http://www.cvedetails.com/cve/CVE-2013-4939/"
+          "http://www.cvedetails.com/cve/CVE-2010-4710/"
         ]
       },
       {
-        "atOrAbove": "2.8.0",
+        "atOrAbove": "2.4.0",
         "below": "2.9.1",
         "severity": "medium",
         "cwe": [
@@ -1628,11 +1683,11 @@
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2012-5883"
+            "CVE-2012-5881"
           ]
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2012-5883/"
+          "http://www.cvedetails.com/cve/CVE-2012-5881/"
         ]
       },
       {
@@ -1652,7 +1707,7 @@
         ]
       },
       {
-        "atOrAbove": "2.4.0",
+        "atOrAbove": "2.8.0",
         "below": "2.9.1",
         "severity": "medium",
         "cwe": [
@@ -1660,74 +1715,77 @@
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2012-5881"
+            "CVE-2012-5883"
           ]
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2012-5881/"
+          "http://www.cvedetails.com/cve/CVE-2012-5883/"
         ]
       },
       {
-        "below": "2.9.0",
+        "atOrAbove": "3.2.0",
+        "below": "3.9.2",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2010-4710"
+            "CVE-2013-4941"
           ]
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2010-4710/"
+          "http://www.cvedetails.com/cve/CVE-2013-4941/"
         ]
       },
       {
-        "atOrAbove": "2.8.0",
-        "below": "2.8.2",
+        "atOrAbove": "3.5.0",
+        "below": "3.9.2",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2010-4209"
+            "CVE-2013-4942"
           ]
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2010-4209/"
+          "http://www.cvedetails.com/cve/CVE-2013-4942/"
         ]
       },
       {
-        "atOrAbove": "2.5.0",
-        "below": "2.8.2",
+        "atOrAbove": "3.0.0",
+        "below": "3.10.3",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2010-4208"
-          ]
+            "CVE-2013-4939"
+          ],
+          "githubID": "GHSA-mj87-8xf8-fp4w"
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2010-4208/"
+          "http://www.cvedetails.com/cve/CVE-2013-4939/",
+          "https://clarle.github.io/yui3/support/20130515-vulnerability/"
         ]
       },
       {
-        "atOrAbove": "2.4.0",
-        "below": "2.8.2",
+        "atOrAbove": "3.0.0",
+        "below": "3.10.3",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2010-4207"
+            "CVE-2013-4940"
           ]
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2010-4207/"
+          "http://www.cvedetails.com/cve/CVE-2013-4940/"
         ]
       }
     ],
@@ -1750,8 +1808,7 @@
     ],
     "vulnerabilities": [
       {
-        "atOrAbove": "1.6.0",
-        "below": "1.6.0.2",
+        "below": "1.5.1.2",
         "severity": "high",
         "cwe": [
           "CWE-942"
@@ -1762,12 +1819,13 @@
           ]
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2008-7220/",
-          "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/"
+          "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/",
+          "http://www.cvedetails.com/cve/CVE-2008-7220/"
         ]
       },
       {
-        "below": "1.5.1.2",
+        "atOrAbove": "1.6.0",
+        "below": "1.6.0.2",
         "severity": "high",
         "cwe": [
           "CWE-942"
@@ -1778,8 +1836,8 @@
           ]
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2008-7220/",
-          "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/"
+          "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/",
+          "http://www.cvedetails.com/cve/CVE-2008-7220/"
         ]
       }
     ],
@@ -1800,226 +1858,204 @@
   "ember": {
     "vulnerabilities": [
       {
-        "atOrAbove": "4.9.0-alpha.1",
-        "below": "4.9.0-beta.3",
-        "severity": "high",
-        "cwe": [
-          "CWE-1321"
-        ],
-        "identifiers": {
-          "summary": "Prototype pollution",
-          "retid": "55"
-        },
-        "info": [
-          "https://blog.emberjs.com/ember-4-8-1-released/"
-        ]
-      },
-      {
-        "atOrAbove": "4.5.0",
-        "below": "4.8.1",
-        "severity": "high",
-        "cwe": [
-          "CWE-1321"
-        ],
-        "identifiers": {
-          "summary": "Prototype pollution",
-          "retid": "56"
-        },
-        "info": [
-          "https://blog.emberjs.com/ember-4-8-1-released/"
-        ]
-      },
-      {
-        "atOrAbove": "4.0.0",
-        "below": "4.4.4",
+        "below": "0.9.7",
         "severity": "high",
         "cwe": [
-          "CWE-1321"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "Prototype pollution",
-          "retid": "57"
+          "summary": "Bound attributes aren't escaped properly",
+          "bug": "699"
         },
         "info": [
-          "https://blog.emberjs.com/ember-4-8-1-released/"
+          "https://github.com/emberjs/ember.js/issues/699"
         ]
       },
       {
-        "atOrAbove": "3.25.0",
-        "below": "3.28.10",
-        "severity": "high",
+        "below": "0.9.7.1",
+        "severity": "low",
         "cwe": [
-          "CWE-1321"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "Prototype pollution",
-          "retid": "58"
+          "summary": "More rigorous XSS escaping from bindAttr",
+          "retid": "60"
         },
         "info": [
-          "https://blog.emberjs.com/ember-4-8-1-released/"
+          "https://github.com/emberjs/ember.js/blob/master/CHANGELOG.md"
         ]
       },
       {
-        "below": "3.24.7",
-        "severity": "high",
+        "atOrAbove": "1.0.0-rc.1",
+        "below": "1.0.0-rc.1.1",
+        "severity": "medium",
         "cwe": [
-          "CWE-1321"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "Prototype pollution",
-          "retid": "59"
+          "CVE": [
+            "CVE-2013-4170"
+          ]
         },
         "info": [
-          "https://blog.emberjs.com/ember-4-8-1-released/"
+          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
         ]
       },
       {
-        "atOrAbove": "1.8.0",
-        "below": "1.11.4",
+        "atOrAbove": "1.0.0-rc.2",
+        "below": "1.0.0-rc.2.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2015-7565"
+            "CVE-2013-4170"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
+          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
         ]
       },
       {
-        "atOrAbove": "1.12.0",
-        "below": "1.12.2",
+        "atOrAbove": "1.0.0-rc.3",
+        "below": "1.0.0-rc.3.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2015-7565"
+            "CVE-2013-4170"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
+          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
         ]
       },
       {
-        "atOrAbove": "1.13.0",
-        "below": "1.13.12",
+        "atOrAbove": "1.0.0-rc.4",
+        "below": "1.0.0-rc.4.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2015-7565"
+            "CVE-2013-4170"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
+          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
         ]
       },
       {
-        "atOrAbove": "2.0.0",
-        "below": "2.0.3",
+        "atOrAbove": "1.0.0-rc.5",
+        "below": "1.0.0-rc.5.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2015-7565"
+            "CVE-2013-4170"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
+          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
         ]
       },
       {
-        "atOrAbove": "2.1.0",
-        "below": "2.1.2",
+        "atOrAbove": "1.0.0-rc.6",
+        "below": "1.0.0-rc.6.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2015-7565"
+            "CVE-2013-4170"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
+          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
         ]
       },
       {
-        "atOrAbove": "2.2.0",
-        "below": "2.2.1",
-        "severity": "medium",
+        "atOrAbove": "1.0.0",
+        "below": "1.0.1",
+        "severity": "low",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2015-7565"
+            "CVE-2014-0013",
+            "CVE-2014-0014"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
+          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
+          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
         ]
       },
       {
-        "below": "1.5.0",
+        "atOrAbove": "1.1.0",
+        "below": "1.1.3",
         "severity": "low",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2014-0046"
-          ],
-          "summary": "ember-routing-auto-location can be forced to redirect to another domain"
+            "CVE-2014-0013",
+            "CVE-2014-0014"
+          ]
         },
         "info": [
-          "https://github.com/emberjs/ember.js/blob/v1.5.0/CHANGELOG.md"
+          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
+          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
         ]
       },
       {
-        "atOrAbove": "1.3.0-*",
-        "below": "1.3.2",
+        "atOrAbove": "1.2.0",
+        "below": "1.2.1",
         "severity": "low",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2014-0046"
+            "CVE-2014-0013",
+            "CVE-2014-0014"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
+          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
+          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
         ]
       },
       {
-        "atOrAbove": "1.2.0-*",
+        "atOrAbove": "1.2.0",
         "below": "1.2.2",
         "severity": "low",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "ember-routing-auto-location can be forced to redirect to another domain",
           "CVE": [
             "CVE-2014-0046"
           ]
         },
         "info": [
+          "https://github.com/emberjs/ember.js/blob/v1.5.0/CHANGELOG.md",
           "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
         ]
       },
       {
-        "atOrAbove": "1.4.0-*",
-        "below": "1.4.0-beta.2",
+        "atOrAbove": "1.3.0",
+        "below": "1.3.1",
         "severity": "low",
         "cwe": [
           "CWE-79"
@@ -2036,26 +2072,26 @@
         ]
       },
       {
-        "atOrAbove": "1.3.0-*",
-        "below": "1.3.1",
+        "atOrAbove": "1.3.0",
+        "below": "1.3.2",
         "severity": "low",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "ember-routing-auto-location can be forced to redirect to another domain",
           "CVE": [
-            "CVE-2014-0013",
-            "CVE-2014-0014"
+            "CVE-2014-0046"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
-          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
+          "https://github.com/emberjs/ember.js/blob/v1.5.0/CHANGELOG.md",
+          "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
         ]
       },
       {
-        "atOrAbove": "1.2.0-*",
-        "below": "1.2.1",
+        "atOrAbove": "1.4.0",
+        "below": "1.4.0-beta.2",
         "severity": "low",
         "cwe": [
           "CWE-79"
@@ -2072,167 +2108,194 @@
         ]
       },
       {
-        "atOrAbove": "1.1.0-*",
-        "below": "1.1.3",
+        "below": "1.5.0",
         "severity": "low",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "ember-routing-auto-location can be forced to redirect to another domain",
           "CVE": [
-            "CVE-2014-0013",
-            "CVE-2014-0014"
+            "CVE-2014-0046"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
-          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
+          "https://github.com/emberjs/ember.js/blob/v1.5.0/CHANGELOG.md",
+          "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
         ]
       },
       {
-        "atOrAbove": "1.0.0-*",
-        "below": "1.0.1",
-        "severity": "low",
+        "atOrAbove": "1.8.0",
+        "below": "1.11.4",
+        "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2014-0013",
-            "CVE-2014-0014"
+            "CVE-2015-7565"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
-          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
+          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
         ]
       },
       {
-        "atOrAbove": "1.0.0-rc.1",
-        "below": "1.0.0-rc.1.1",
+        "atOrAbove": "1.12.0",
+        "below": "1.12.2",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2013-4170"
+            "CVE-2015-7565"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
+          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
         ]
       },
       {
-        "atOrAbove": "1.0.0-rc.2",
-        "below": "1.0.0-rc.2.1",
+        "atOrAbove": "1.13.0",
+        "below": "1.13.12",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2013-4170"
+            "CVE-2015-7565"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
+          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
         ]
       },
       {
-        "atOrAbove": "1.0.0-rc.3",
-        "below": "1.0.0-rc.3.1",
+        "atOrAbove": "2.0.0",
+        "below": "2.0.3",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2013-4170"
+            "CVE-2015-7565"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
+          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
         ]
       },
       {
-        "atOrAbove": "1.0.0-rc.4",
-        "below": "1.0.0-rc.4.1",
+        "atOrAbove": "2.1.0",
+        "below": "2.1.2",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2013-4170"
+            "CVE-2015-7565"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
+          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
         ]
       },
       {
-        "atOrAbove": "1.0.0-rc.5",
-        "below": "1.0.0-rc.5.1",
+        "atOrAbove": "2.2.0",
+        "below": "2.2.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2013-4170"
+            "CVE-2015-7565"
           ]
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
+          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
         ]
       },
       {
-        "atOrAbove": "1.0.0-rc.6",
-        "below": "1.0.0-rc.6.1",
-        "severity": "medium",
+        "below": "3.24.7",
+        "severity": "high",
         "cwe": [
-          "CWE-79"
+          "CWE-1321"
         ],
         "identifiers": {
-          "CVE": [
-            "CVE-2013-4170"
-          ]
+          "summary": "Prototype pollution",
+          "retid": "59"
         },
         "info": [
-          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
+          "https://blog.emberjs.com/ember-4-8-1-released/"
         ]
       },
       {
-        "below": "0.9.7.1",
-        "severity": "low",
+        "atOrAbove": "3.25.0",
+        "below": "3.28.10",
+        "severity": "high",
         "cwe": [
-          "CWE-79"
+          "CWE-1321"
         ],
         "identifiers": {
-          "retid": "60",
-          "summary": "More rigorous XSS escaping from bindAttr"
+          "summary": "Prototype pollution",
+          "retid": "58"
         },
         "info": [
-          "https://github.com/emberjs/ember.js/blob/master/CHANGELOG.md"
+          "https://blog.emberjs.com/ember-4-8-1-released/"
         ]
       },
       {
-        "below": "0.9.7",
+        "atOrAbove": "4.0.0",
+        "below": "4.4.4",
         "severity": "high",
         "cwe": [
-          "CWE-79"
+          "CWE-1321"
         ],
         "identifiers": {
-          "bug": "699",
-          "summary": "Bound attributes aren't escaped properly"
+          "summary": "Prototype pollution",
+          "retid": "57"
         },
         "info": [
-          "https://github.com/emberjs/ember.js/issues/699"
+          "https://blog.emberjs.com/ember-4-8-1-released/"
         ]
-      }
-    ],
-    "extractors": {
+      },
+      {
+        "atOrAbove": "4.5.0",
+        "below": "4.8.1",
+        "severity": "high",
+        "cwe": [
+          "CWE-1321"
+        ],
+        "identifiers": {
+          "summary": "Prototype pollution",
+          "retid": "56"
+        },
+        "info": [
+          "https://blog.emberjs.com/ember-4-8-1-released/"
+        ]
+      },
+      {
+        "atOrAbove": "4.9.0-alpha.1",
+        "below": "4.9.0-beta.3",
+        "severity": "high",
+        "cwe": [
+          "CWE-1321"
+        ],
+        "identifiers": {
+          "summary": "Prototype pollution",
+          "retid": "55"
+        },
+        "info": [
+          "https://blog.emberjs.com/ember-4-8-1-released/"
+        ]
+      }
+    ],
+    "extractors": {
       "uri": [
         "/(?:v)?(§§version§§)/ember(\\.min)?\\.js",
         "/ember\\.?js/(§§version§§)/ember((\\.|-)[a-z\\-.]+)?\\.js"
@@ -2262,17 +2325,21 @@
           "CWE-79"
         ],
         "identifiers": {
+          "PR": "307",
           "CVE": [
-            "CVE-2010-2276",
-            "CVE-2010-2274",
             "CVE-2010-2273"
           ],
           "githubID": "GHSA-536q-8gxx-m782"
         },
         "info": [
           "http://dojotoolkit.org/blog/dojo-security-advisory",
+          "http://www.cvedetails.com/cve/CVE-2010-2272/",
+          "http://www.cvedetails.com/cve/CVE-2010-2273/",
+          "http://www.cvedetails.com/cve/CVE-2010-2274/",
           "http://www.cvedetails.com/cve/CVE-2010-2276/",
-          "http://www.cvedetails.com/cve/CVE-2010-2272/"
+          "https://dojotoolkit.org/blog/dojo-1-14-released",
+          "https://github.com/advisories/GHSA-536q-8gxx-m782",
+          "https://github.com/dojo/dojo/pull/307"
         ]
       },
       {
@@ -2283,106 +2350,112 @@
           "CWE-79"
         ],
         "identifiers": {
+          "PR": "307",
           "CVE": [
-            "CVE-2010-2276",
-            "CVE-2010-2274",
             "CVE-2010-2273"
           ],
           "githubID": "GHSA-536q-8gxx-m782"
         },
         "info": [
           "http://dojotoolkit.org/blog/dojo-security-advisory",
-          "http://www.cvedetails.com/cve/CVE-2010-2276/",
+          "http://www.cvedetails.com/cve/CVE-2010-2272/",
+          "http://www.cvedetails.com/cve/CVE-2010-2273/",
           "http://www.cvedetails.com/cve/CVE-2010-2274/",
-          "http://www.cvedetails.com/cve/CVE-2010-2273/"
+          "http://www.cvedetails.com/cve/CVE-2010-2276/",
+          "https://dojotoolkit.org/blog/dojo-1-14-released",
+          "https://github.com/advisories/GHSA-536q-8gxx-m782",
+          "https://github.com/dojo/dojo/pull/307"
         ]
       },
       {
-        "atOrAbove": "1.1",
-        "below": "1.1.2",
+        "below": "1.1.0",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2010-2276",
-            "CVE-2010-2274",
-            "CVE-2010-2273"
+            "CVE-2008-6681"
           ],
-          "githubID": "GHSA-536q-8gxx-m782"
+          "githubID": "GHSA-39cx-xcwj-3rc4"
         },
         "info": [
-          "http://dojotoolkit.org/blog/dojo-security-advisory",
-          "http://www.cvedetails.com/cve/CVE-2010-2276/",
-          "http://www.cvedetails.com/cve/CVE-2010-2274/",
-          "http://www.cvedetails.com/cve/CVE-2010-2273/"
+          "http://www.cvedetails.com/cve/CVE-2008-6681/"
         ]
       },
       {
-        "atOrAbove": "1.2",
-        "below": "1.2.4",
+        "atOrAbove": "1.1",
+        "below": "1.1.2",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "PR": "307",
           "CVE": [
-            "CVE-2010-2276",
-            "CVE-2010-2274",
             "CVE-2010-2273"
           ],
           "githubID": "GHSA-536q-8gxx-m782"
         },
         "info": [
           "http://dojotoolkit.org/blog/dojo-security-advisory",
-          "http://www.cvedetails.com/cve/CVE-2010-2276/",
+          "http://www.cvedetails.com/cve/CVE-2010-2272/",
+          "http://www.cvedetails.com/cve/CVE-2010-2273/",
           "http://www.cvedetails.com/cve/CVE-2010-2274/",
-          "http://www.cvedetails.com/cve/CVE-2010-2273/"
+          "http://www.cvedetails.com/cve/CVE-2010-2276/",
+          "https://dojotoolkit.org/blog/dojo-1-14-released",
+          "https://github.com/advisories/GHSA-536q-8gxx-m782",
+          "https://github.com/dojo/dojo/pull/307"
         ]
       },
       {
-        "atOrAbove": "1.3",
-        "below": "1.3.3",
+        "atOrAbove": "1.2",
+        "below": "1.2.4",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "PR": "307",
           "CVE": [
-            "CVE-2010-2276",
-            "CVE-2010-2274",
             "CVE-2010-2273"
           ],
           "githubID": "GHSA-536q-8gxx-m782"
         },
         "info": [
           "http://dojotoolkit.org/blog/dojo-security-advisory",
-          "http://www.cvedetails.com/cve/CVE-2010-2276/",
+          "http://www.cvedetails.com/cve/CVE-2010-2272/",
+          "http://www.cvedetails.com/cve/CVE-2010-2273/",
           "http://www.cvedetails.com/cve/CVE-2010-2274/",
-          "http://www.cvedetails.com/cve/CVE-2010-2273/"
+          "http://www.cvedetails.com/cve/CVE-2010-2276/",
+          "https://dojotoolkit.org/blog/dojo-1-14-released",
+          "https://github.com/advisories/GHSA-536q-8gxx-m782",
+          "https://github.com/dojo/dojo/pull/307"
         ]
       },
       {
-        "atOrAbove": "1.4",
-        "below": "1.4.2",
+        "atOrAbove": "1.3",
+        "below": "1.3.3",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "PR": "307",
           "CVE": [
-            "CVE-2010-2276",
-            "CVE-2010-2274",
             "CVE-2010-2273"
           ],
           "githubID": "GHSA-536q-8gxx-m782"
         },
         "info": [
           "http://dojotoolkit.org/blog/dojo-security-advisory",
-          "http://www.cvedetails.com/cve/CVE-2010-2276/",
+          "http://www.cvedetails.com/cve/CVE-2010-2272/",
+          "http://www.cvedetails.com/cve/CVE-2010-2273/",
           "http://www.cvedetails.com/cve/CVE-2010-2274/",
-          "http://www.cvedetails.com/cve/CVE-2010-2273/"
+          "http://www.cvedetails.com/cve/CVE-2010-2276/",
+          "https://dojotoolkit.org/blog/dojo-1-14-released",
+          "https://github.com/advisories/GHSA-536q-8gxx-m782",
+          "https://github.com/dojo/dojo/pull/307"
         ]
       },
       {
@@ -2401,19 +2474,28 @@
         ]
       },
       {
-        "below": "1.1.0",
+        "atOrAbove": "1.4",
+        "below": "1.4.2",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "PR": "307",
           "CVE": [
-            "CVE-2008-6681"
+            "CVE-2010-2273"
           ],
-          "githubID": "GHSA-39cx-xcwj-3rc4"
+          "githubID": "GHSA-536q-8gxx-m782"
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2008-6681/"
+          "http://dojotoolkit.org/blog/dojo-security-advisory",
+          "http://www.cvedetails.com/cve/CVE-2010-2272/",
+          "http://www.cvedetails.com/cve/CVE-2010-2273/",
+          "http://www.cvedetails.com/cve/CVE-2010-2274/",
+          "http://www.cvedetails.com/cve/CVE-2010-2276/",
+          "https://dojotoolkit.org/blog/dojo-1-14-released",
+          "https://github.com/advisories/GHSA-536q-8gxx-m782",
+          "https://github.com/dojo/dojo/pull/307"
         ]
       },
       {
@@ -2442,15 +2524,19 @@
         "identifiers": {
           "PR": "307",
           "CVE": [
-            "CVE-2010-2276",
-            "CVE-2010-2274",
             "CVE-2010-2273"
           ],
           "githubID": "GHSA-536q-8gxx-m782"
         },
         "info": [
-          "https://github.com/dojo/dojo/pull/307",
-          "https://dojotoolkit.org/blog/dojo-1-14-released"
+          "http://dojotoolkit.org/blog/dojo-security-advisory",
+          "http://www.cvedetails.com/cve/CVE-2010-2272/",
+          "http://www.cvedetails.com/cve/CVE-2010-2273/",
+          "http://www.cvedetails.com/cve/CVE-2010-2274/",
+          "http://www.cvedetails.com/cve/CVE-2010-2276/",
+          "https://dojotoolkit.org/blog/dojo-1-14-released",
+          "https://github.com/advisories/GHSA-536q-8gxx-m782",
+          "https://github.com/dojo/dojo/pull/307"
         ]
       },
       {
@@ -2463,41 +2549,43 @@
         "identifiers": {
           "PR": "307",
           "CVE": [
-            "CVE-2010-2276",
-            "CVE-2010-2274",
             "CVE-2010-2273"
           ],
           "githubID": "GHSA-536q-8gxx-m782"
         },
         "info": [
-          "https://github.com/dojo/dojo/pull/307",
-          "https://dojotoolkit.org/blog/dojo-1-14-released"
+          "http://dojotoolkit.org/blog/dojo-security-advisory",
+          "http://www.cvedetails.com/cve/CVE-2010-2272/",
+          "http://www.cvedetails.com/cve/CVE-2010-2273/",
+          "http://www.cvedetails.com/cve/CVE-2010-2274/",
+          "http://www.cvedetails.com/cve/CVE-2010-2276/",
+          "https://dojotoolkit.org/blog/dojo-1-14-released",
+          "https://github.com/advisories/GHSA-536q-8gxx-m782",
+          "https://github.com/dojo/dojo/pull/307"
         ]
       },
       {
-        "atOrAbove": "1.12.0",
-        "below": "1.12.4",
-        "severity": "medium",
+        "below": "1.11.10",
+        "severity": "high",
         "cwe": [
-          "CWE-79"
+          "CWE-1321",
+          "CWE-74",
+          "CWE-94"
         ],
         "identifiers": {
-          "PR": "307",
           "CVE": [
-            "CVE-2010-2276",
-            "CVE-2010-2274",
-            "CVE-2010-2273"
+            "CVE-2020-5258"
           ],
-          "githubID": "GHSA-536q-8gxx-m782"
+          "githubID": "GHSA-jxfh-8wgv-vfr2"
         },
         "info": [
-          "https://github.com/dojo/dojo/pull/307",
-          "https://dojotoolkit.org/blog/dojo-1-14-released"
+          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
+          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
         ]
       },
       {
-        "atOrAbove": "1.13.0",
-        "below": "1.13.1",
+        "atOrAbove": "1.12.0",
+        "below": "1.12.4",
         "severity": "medium",
         "cwe": [
           "CWE-79"
@@ -2505,53 +2593,69 @@
         "identifiers": {
           "PR": "307",
           "CVE": [
-            "CVE-2010-2276",
-            "CVE-2010-2274",
             "CVE-2010-2273"
           ],
           "githubID": "GHSA-536q-8gxx-m782"
         },
         "info": [
-          "https://github.com/dojo/dojo/pull/307",
-          "https://dojotoolkit.org/blog/dojo-1-14-released"
+          "http://dojotoolkit.org/blog/dojo-security-advisory",
+          "http://www.cvedetails.com/cve/CVE-2010-2272/",
+          "http://www.cvedetails.com/cve/CVE-2010-2273/",
+          "http://www.cvedetails.com/cve/CVE-2010-2274/",
+          "http://www.cvedetails.com/cve/CVE-2010-2276/",
+          "https://dojotoolkit.org/blog/dojo-1-14-released",
+          "https://github.com/advisories/GHSA-536q-8gxx-m782",
+          "https://github.com/dojo/dojo/pull/307"
         ]
       },
       {
-        "below": "1.14",
+        "atOrAbove": "1.12.0",
+        "below": "1.12.8",
         "severity": "high",
         "cwe": [
-          "CWE-79"
+          "CWE-1321",
+          "CWE-74",
+          "CWE-94"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2018-15494"
-          ]
+            "CVE-2020-5258"
+          ],
+          "githubID": "GHSA-jxfh-8wgv-vfr2"
         },
         "info": [
-          "https://dojotoolkit.org/blog/dojo-1-14-released"
+          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
+          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
         ]
       },
       {
-        "below": "1.11.10",
-        "severity": "high",
+        "atOrAbove": "1.13.0",
+        "below": "1.13.1",
+        "severity": "medium",
         "cwe": [
-          "CWE-1321",
-          "CWE-74",
-          "CWE-94"
+          "CWE-79"
         ],
         "identifiers": {
+          "PR": "307",
           "CVE": [
-            "CVE-2020-5258"
+            "CVE-2010-2273"
           ],
-          "githubID": "GHSA-jxfh-8wgv-vfr2"
+          "githubID": "GHSA-536q-8gxx-m782"
         },
         "info": [
-          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
+          "http://dojotoolkit.org/blog/dojo-security-advisory",
+          "http://www.cvedetails.com/cve/CVE-2010-2272/",
+          "http://www.cvedetails.com/cve/CVE-2010-2273/",
+          "http://www.cvedetails.com/cve/CVE-2010-2274/",
+          "http://www.cvedetails.com/cve/CVE-2010-2276/",
+          "https://dojotoolkit.org/blog/dojo-1-14-released",
+          "https://github.com/advisories/GHSA-536q-8gxx-m782",
+          "https://github.com/dojo/dojo/pull/307"
         ]
       },
       {
-        "below": "1.12.8",
-        "atOrAbove": "1.12.0",
+        "atOrAbove": "1.13.0",
+        "below": "1.13.7",
         "severity": "high",
         "cwe": [
           "CWE-1321",
@@ -2565,31 +2669,28 @@
           "githubID": "GHSA-jxfh-8wgv-vfr2"
         },
         "info": [
+          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
           "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
         ]
       },
       {
-        "below": "1.13.7",
-        "atOrAbove": "1.13.0",
+        "below": "1.14",
         "severity": "high",
         "cwe": [
-          "CWE-1321",
-          "CWE-74",
-          "CWE-94"
+          "CWE-79"
         ],
         "identifiers": {
           "CVE": [
-            "CVE-2020-5258"
-          ],
-          "githubID": "GHSA-jxfh-8wgv-vfr2"
+            "CVE-2018-15494"
+          ]
         },
         "info": [
-          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
+          "https://dojotoolkit.org/blog/dojo-1-14-released"
         ]
       },
       {
-        "below": "1.14.6",
         "atOrAbove": "1.14.0",
+        "below": "1.14.6",
         "severity": "high",
         "cwe": [
           "CWE-1321",
@@ -2603,12 +2704,13 @@
           "githubID": "GHSA-jxfh-8wgv-vfr2"
         },
         "info": [
+          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
           "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
         ]
       },
       {
-        "below": "1.15.3",
         "atOrAbove": "1.15.0",
+        "below": "1.15.3",
         "severity": "high",
         "cwe": [
           "CWE-1321",
@@ -2622,12 +2724,13 @@
           "githubID": "GHSA-jxfh-8wgv-vfr2"
         },
         "info": [
+          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
           "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
         ]
       },
       {
-        "below": "1.16.2",
         "atOrAbove": "1.16.0",
+        "below": "1.16.2",
         "severity": "high",
         "cwe": [
           "CWE-1321",
@@ -2641,6 +2744,7 @@
           "githubID": "GHSA-jxfh-8wgv-vfr2"
         },
         "info": [
+          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
           "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
         ]
       },
@@ -2693,194 +2797,192 @@
     "npmname": "angular",
     "vulnerabilities": [
       {
-        "below": "1.8.0",
+        "atOrAbove": "1.0.0",
+        "below": "1.2.30",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "XSS via JQLite DOM manipulation functions in AngularJS",
-          "githubID": "GHSA-5cp4-xmrw-59wf"
+          "summary": "The attribute usemap can be used as a security exploit",
+          "retid": "50"
         },
         "info": [
-          "https://github.com/advisories/GHSA-5cp4-xmrw-59wf"
+          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21"
         ]
       },
       {
-        "below": "1.8.0",
+        "below": "1.5.0-beta.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element.",
+          "summary": "XSS through xlink:href attributes",
           "CVE": [
-            "CVE-2020-7676"
+            "CVE-2019-14863"
           ],
-          "githubID": "GHSA-mhp6-pxh8-r675"
+          "githubID": "GHSA-r5fx-8r73-v86c"
         },
         "info": [
-          "https://github.com/advisories/GHSA-5cp4-xmrw-59wf"
+          "https://github.com/advisories/GHSA-r5fx-8r73-v86c",
+          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#150-beta1-dense-dispersion-2015-09-29"
         ]
       },
       {
-        "below": "1.8.0",
+        "atOrAbove": "1.3.0",
+        "below": "1.5.0-rc2",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one.",
-          "CVE": [
-            "CVE-2020-7676"
-          ],
-          "githubID": "GHSA-mhp6-pxh8-r675"
+          "summary": "The attribute usemap can be used as a security exploit",
+          "retid": "49"
         },
         "info": [
-          "https://nvd.nist.gov/vuln/detail/CVE-2020-7676"
+          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21"
         ]
       },
       {
-        "below": "1.7.9",
-        "severity": "high",
+        "below": "1.6.0",
+        "severity": "medium",
         "cwe": [
-          "CWE-1321",
-          "CWE-20",
-          "CWE-915"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "Prototype pollution",
-          "retid": "47",
-          "githubID": "GHSA-89mq-4x47-5v83",
-          "CVE": [
-            "CVE-2019-10768"
-          ]
+          "summary": "Cross-Site Scripting via JSONP",
+          "githubID": "GHSA-28hp-fgcr-2r4h"
         },
         "info": [
-          "https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a",
-          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19"
+          "https://github.com/advisories/GHSA-28hp-fgcr-2r4h"
         ]
       },
       {
-        "atOrAbove": "1.5.0",
-        "below": "1.6.9",
-        "severity": "low",
+        "below": "1.6.3",
+        "severity": "medium",
         "cwe": [
-          "CWE-79"
+          "CWE-400"
         ],
         "identifiers": {
-          "summary": "XSS through SVG if enableSvg is set",
-          "retid": "48"
+          "summary": "DOS in $sanitize",
+          "retid": "52"
         },
         "info": [
-          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02",
-          "https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html"
+          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md",
+          "https://github.com/angular/angular.js/pull/15699"
         ]
       },
       {
-        "below": "1.5.0-beta.1",
+        "below": "1.6.3",
         "severity": "medium",
         "cwe": [
-          "CWE-79"
+          "CWE-942"
         ],
         "identifiers": {
-          "summary": "XSS through xlink:href attributes",
-          "CVE": [
-            "CVE-2019-14863"
-          ],
-          "githubID": "GHSA-r5fx-8r73-v86c"
+          "summary": "Universal CSP bypass via add-on in Firefox",
+          "retid": "51"
         },
         "info": [
-          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#150-beta1-dense-dispersion-2015-09-29",
-          "https://github.com/advisories/GHSA-r5fx-8r73-v86c"
+          "http://pastebin.com/raw/kGrdaypP",
+          "https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435"
         ]
       },
       {
-        "atOrAbove": "1.3.0",
-        "below": "1.5.0-rc2",
-        "severity": "medium",
+        "below": "1.6.5",
+        "severity": "low",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "The attribute usemap can be used as a security exploit",
-          "retid": "49"
+          "summary": "XSS in $sanitize in Safari/Firefox",
+          "retid": "53"
         },
         "info": [
-          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21"
+          "https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94"
         ]
       },
       {
-        "atOrAbove": "1.0.0",
-        "below": "1.2.30",
-        "severity": "medium",
+        "atOrAbove": "1.5.0",
+        "below": "1.6.9",
+        "severity": "low",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "The attribute usemap can be used as a security exploit",
-          "retid": "50"
+          "summary": "XSS through SVG if enableSvg is set",
+          "retid": "48"
         },
         "info": [
-          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21"
+          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02",
+          "https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html"
         ]
       },
       {
-        "below": "1.6.3",
-        "severity": "medium",
+        "below": "1.7.9",
+        "severity": "high",
         "cwe": [
-          "CWE-942"
+          "CWE-1321",
+          "CWE-20",
+          "CWE-915"
         ],
         "identifiers": {
-          "summary": "Universal CSP bypass via add-on in Firefox",
-          "retid": "51"
+          "summary": "Prototype pollution",
+          "retid": "47",
+          "githubID": "GHSA-89mq-4x47-5v83",
+          "CVE": [
+            "CVE-2019-10768"
+          ]
         },
         "info": [
-          "https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435",
-          "http://pastebin.com/raw/kGrdaypP"
+          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19",
+          "https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a"
         ]
       },
       {
-        "below": "1.6.3",
+        "below": "1.8.0",
         "severity": "medium",
         "cwe": [
-          "CWE-400"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "DOS in $sanitize",
-          "retid": "52"
+          "summary": "XSS via JQLite DOM manipulation functions in AngularJS",
+          "githubID": "GHSA-5cp4-xmrw-59wf"
         },
         "info": [
-          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md",
-          "https://github.com/angular/angular.js/pull/15699"
+          "https://github.com/advisories/GHSA-5cp4-xmrw-59wf"
         ]
       },
       {
-        "below": "1.6.5",
-        "severity": "low",
+        "below": "1.8.0",
+        "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "XSS in $sanitize in Safari/Firefox",
-          "retid": "53"
+          "summary": "XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element.",
+          "CVE": [
+            "CVE-2020-7676"
+          ],
+          "githubID": "GHSA-mhp6-pxh8-r675"
         },
         "info": [
-          "https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94"
+          "https://github.com/advisories/GHSA-5cp4-xmrw-59wf",
+          "https://nvd.nist.gov/vuln/detail/CVE-2020-7676"
         ]
       },
       {
-        "below": "1.6.0",
-        "severity": "medium",
+        "below": "1.999",
+        "severity": "low",
         "cwe": [
-          "CWE-79"
+          "CWE-1104"
         ],
         "identifiers": {
-          "summary": "Cross-Site Scripting via JSONP",
-          "githubID": "GHSA-28hp-fgcr-2r4h"
+          "summary": "End-of-Life: Long term support for AngularJS has been discontinued",
+          "retid": "54"
         },
         "info": [
-          "https://github.com/advisories/GHSA-28hp-fgcr-2r4h"
+          "https://blog.angular.io/discontinued-long-term-support-for-angularjs-cc066b82e65a?gi=9d3103b5445c"
         ]
       },
       {
@@ -2890,28 +2992,31 @@
           "CWE-1333"
         ],
         "identifiers": {
-          "summary": "angular vulnerable to regular expression denial of service via the <input type=\"url\"> element",
-          "githubID": "GHSA-qwqh-hm9m-p5hr",
+          "summary": "angular vulnerable to regular expression denial of service via the $resource service",
           "CVE": [
-            "CVE-2023-26118"
-          ]
+            "CVE-2023-26117"
+          ],
+          "githubID": "GHSA-2qqx-w9hr-q5gx"
         },
         "info": [
-          "https://github.com/advisories/GHSA-qwqh-hm9m-p5hr"
+          "https://github.com/advisories/GHSA-2qqx-w9hr-q5gx"
         ]
       },
       {
-        "below": "1.999",
-        "severity": "low",
+        "below": "999",
+        "severity": "medium",
         "cwe": [
-          "CWE-1104"
+          "CWE-1333"
         ],
         "identifiers": {
-          "summary": "End-of-Life: Long term support for AngularJS has been discontinued",
-          "retid": "54"
+          "summary": "angular vulnerable to regular expression denial of service via the angular.copy() utility",
+          "CVE": [
+            "CVE-2023-26116"
+          ],
+          "githubID": "GHSA-2vrf-hf26-jrp5"
         },
         "info": [
-          "https://blog.angular.io/discontinued-long-term-support-for-angularjs-cc066b82e65a?gi=9d3103b5445c"
+          "https://github.com/advisories/GHSA-2vrf-hf26-jrp5"
         ]
       },
       {
@@ -2931,25 +3036,6 @@
           "https://github.com/advisories/GHSA-prc3-vjfx-vhm9"
         ]
       },
-      {
-        "below": "999",
-        "atOrAbove": "1.7.0",
-        "severity": "medium",
-        "cwe": [
-          "CWE-1333",
-          "CWE-770"
-        ],
-        "identifiers": {
-          "summary": "angular vulnerable to regular expression denial of service (ReDoS)",
-          "CVE": [
-            "CVE-2022-25844"
-          ],
-          "githubID": "GHSA-m2h2-264f-f486"
-        },
-        "info": [
-          "https://github.com/advisories/GHSA-m2h2-264f-f486"
-        ]
-      },
       {
         "below": "999",
         "severity": "medium",
@@ -2957,31 +3043,33 @@
           "CWE-1333"
         ],
         "identifiers": {
-          "summary": "angular vulnerable to regular expression denial of service via the angular.copy() utility",
+          "summary": "angular vulnerable to regular expression denial of service via the <input type=\"url\"> element",
+          "githubID": "GHSA-qwqh-hm9m-p5hr",
           "CVE": [
-            "CVE-2023-26116"
-          ],
-          "githubID": "GHSA-2vrf-hf26-jrp5"
+            "CVE-2023-26118"
+          ]
         },
         "info": [
-          "https://github.com/advisories/GHSA-2vrf-hf26-jrp5"
+          "https://github.com/advisories/GHSA-qwqh-hm9m-p5hr"
         ]
       },
       {
+        "atOrAbove": "1.7.0",
         "below": "999",
         "severity": "medium",
         "cwe": [
-          "CWE-1333"
+          "CWE-1333",
+          "CWE-770"
         ],
         "identifiers": {
-          "summary": "angular vulnerable to regular expression denial of service via the $resource service",
+          "summary": "angular vulnerable to regular expression denial of service (ReDoS)",
           "CVE": [
-            "CVE-2023-26117"
+            "CVE-2022-25844"
           ],
-          "githubID": "GHSA-2qqx-w9hr-q5gx"
+          "githubID": "GHSA-m2h2-264f-f486"
         },
         "info": [
-          "https://github.com/advisories/GHSA-2qqx-w9hr-q5gx"
+          "https://github.com/advisories/GHSA-m2h2-264f-f486"
         ]
       }
     ],
@@ -3005,7 +3093,7 @@
       "backbone"
     ],
     "npmname": "backbone",
-    "basePurl": "npm:npm/backbone",
+    "basePurl": "pkg:npm/backbone",
     "vulnerabilities": [
       {
         "below": "0.5.0",
@@ -3014,8 +3102,8 @@
           "CWE-79"
         ],
         "identifiers": {
-          "release": "0.5.0",
           "summary": "cross-site scripting vulnerability",
+          "release": "0.5.0",
           "retid": "46",
           "githubID": "GHSA-j6p2-cx3w-6jcp",
           "CVE": [
@@ -3047,7 +3135,7 @@
       "mustache"
     ],
     "npmname": "mustache",
-    "basePurl": "npm:npm/mustache",
+    "basePurl": "pkg:npm/mustache",
     "vulnerabilities": [
       {
         "below": "0.3.1",
@@ -3056,8 +3144,8 @@
           "CWE-79"
         ],
         "identifiers": {
-          "bug": "112",
-          "summary": "execution of arbitrary javascript"
+          "summary": "execution of arbitrary javascript",
+          "bug": "112"
         },
         "info": [
           "https://github.com/janl/mustache.js/issues/112"
@@ -3070,16 +3158,16 @@
           "CWE-79"
         ],
         "identifiers": {
-          "bug": "pull request 530",
           "summary": "weakness in HTML escaping",
+          "PR": "530",
           "githubID": "GHSA-w3w8-37jv-2c58",
           "CVE": [
             "CVE-2015-8862"
           ]
         },
         "info": [
-          "https://github.com/janl/mustache.js/releases/tag/v2.2.1",
-          "https://github.com/janl/mustache.js/pull/530"
+          "https://github.com/janl/mustache.js/pull/530",
+          "https://github.com/janl/mustache.js/releases/tag/v2.2.1"
         ]
       }
     ],
@@ -3120,94 +3208,89 @@
         ]
       },
       {
-        "below": "4.0.0",
-        "severity": "medium",
+        "below": "3.0.7",
+        "severity": "high",
         "cwe": [
-          "CWE-79"
+          "CWE-471"
         ],
         "identifiers": {
-          "summary": "Quoteless attributes in templates can lead to XSS",
-          "issue": "1083",
-          "CVE": [
-            "CVE-2015-8861"
-          ],
-          "githubID": "GHSA-9prh-257w-9277"
+          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
+          "issue": "1495",
+          "githubID": "GHSA-q42p-pg8m-cqh6"
         },
         "info": [
-          "https://github.com/wycats/handlebars.js/pull/1083"
+          "https://github.com/advisories/GHSA-q42p-pg8m-cqh6",
+          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e",
+          "https://github.com/wycats/handlebars.js/issues/1495",
+          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183"
         ]
       },
       {
-        "atOrAbove": "4.0.0",
-        "below": "4.0.13",
+        "below": "3.0.8",
         "severity": "high",
         "cwe": [
-          "CWE-1321"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
-          "retid": "43"
+          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).\n\nThe following template can be used to demonstrate the vulnerability:  \n```{{#with \"constructor\"}}\n\t{{#with split as |a|}}\n\t\t{{pop (push \"alert('Vulnerable Handlebars JS');\")}}\n\t\t{{#with (concat (lookup join (slice 0 1)))}}\n\t\t\t{{#each (slice 2 3)}}\n\t\t\t\t{{#with (apply 0 a)}}\n\t\t\t\t\t{{.}}\n\t\t\t\t{{/with}}\n\t\t\t{{/each}}\n\t\t{{/with}}\n\t{{/with}}\n{{/with}}```\n\n\n## Recommendation\n\nUpgrade to version 3.0.8, 4.5.2 or later.",
+          "githubID": "GHSA-2cf5-4w76-r9qv"
         },
         "info": [
-          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692",
-          "https://github.com/wycats/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86"
+          "https://github.com/advisories/GHSA-2cf5-4w76-r9qv",
+          "https://www.npmjs.com/advisories/1316"
         ]
       },
       {
-        "below": "3.0.7",
+        "below": "3.0.8",
         "severity": "high",
         "cwe": [
-          "CWE-471"
+          "CWE-94"
         ],
         "identifiers": {
-          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
-          "issue": "1495",
-          "githubID": "GHSA-q42p-pg8m-cqh6"
+          "summary": "Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).",
+          "githubID": "GHSA-3cqr-58rm-57f8",
+          "CVE": [
+            "CVE-2019-20920"
+          ]
         },
         "info": [
-          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183",
-          "https://github.com/wycats/handlebars.js/issues/1495",
-          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e"
+          "https://github.com/advisories/GHSA-3cqr-58rm-57f8",
+          "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
         ]
       },
       {
-        "atOrAbove": "4.0.0",
-        "below": "4.0.14",
+        "below": "3.0.8",
         "severity": "high",
         "cwe": [
-          "CWE-471"
+          "CWE-1321"
         ],
         "identifiers": {
-          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
-          "issue": "1495",
-          "githubID": "GHSA-q42p-pg8m-cqh6"
+          "summary": "Prototype pollution",
+          "retid": "45",
+          "githubID": "GHSA-g9r4-xpmj-mj65"
         },
         "info": [
-          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183",
-          "https://github.com/wycats/handlebars.js/issues/1495",
-          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e"
+          "https://github.com/advisories/GHSA-g9r4-xpmj-mj65",
+          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
         ]
       },
       {
-        "atOrAbove": "4.1.0",
-        "below": "4.1.2",
+        "below": "3.0.8",
         "severity": "high",
         "cwe": [
-          "CWE-471"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
-          "issue": "1495",
-          "githubID": "GHSA-q42p-pg8m-cqh6"
+          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting)",
+          "githubID": "GHSA-q2c6-c6pm-g3gh"
         },
         "info": [
-          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183",
-          "https://github.com/wycats/handlebars.js/issues/1495",
-          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e"
+          "https://github.com/advisories/GHSA-q2c6-c6pm-g3gh",
+          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
         ]
       },
       {
-        "below": "4.3.0",
+        "below": "3.0.8",
         "severity": "high",
         "cwe": [
           "CWE-1321",
@@ -3226,102 +3309,134 @@
         ]
       },
       {
-        "below": "3.0.8",
-        "severity": "high",
+        "below": "4.0.0",
+        "severity": "medium",
         "cwe": [
-          "CWE-1321"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "Prototype pollution",
-          "retid": "45",
-          "githubID": "GHSA-g9r4-xpmj-mj65"
+          "summary": "Quoteless attributes in templates can lead to XSS",
+          "issue": "1083",
+          "CVE": [
+            "CVE-2015-8861"
+          ],
+          "githubID": "GHSA-9prh-257w-9277"
         },
         "info": [
-          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
+          "https://github.com/wycats/handlebars.js/pull/1083"
         ]
       },
       {
-        "below": "4.5.3",
         "atOrAbove": "4.0.0",
+        "below": "4.0.13",
         "severity": "high",
         "cwe": [
           "CWE-1321"
         ],
         "identifiers": {
-          "summary": "Prototype pollution",
-          "retid": "45",
-          "githubID": "GHSA-g9r4-xpmj-mj65"
+          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
+          "retid": "43"
         },
         "info": [
-          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
+          "https://github.com/wycats/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86",
+          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692"
         ]
       },
       {
-        "below": "3.0.8",
+        "atOrAbove": "4.0.0",
+        "below": "4.0.14",
         "severity": "high",
         "cwe": [
-          "CWE-94"
+          "CWE-471"
         ],
         "identifiers": {
-          "summary": "Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).",
-          "githubID": "GHSA-3cqr-58rm-57f8",
-          "CVE": [
-            "CVE-2019-20920"
-          ]
+          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
+          "issue": "1495",
+          "githubID": "GHSA-q42p-pg8m-cqh6"
         },
         "info": [
-          "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
+          "https://github.com/advisories/GHSA-q42p-pg8m-cqh6",
+          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e",
+          "https://github.com/wycats/handlebars.js/issues/1495",
+          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183"
         ]
       },
       {
-        "atOrAbove": "4.0.0",
-        "below": "4.5.3",
+        "atOrAbove": "4.1.0",
+        "below": "4.1.2",
         "severity": "high",
         "cwe": [
-          "CWE-94"
+          "CWE-471"
         ],
         "identifiers": {
-          "summary": "Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).",
-          "githubID": "GHSA-3cqr-58rm-57f8",
-          "CVE": [
-            "CVE-2019-20920"
-          ]
+          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
+          "issue": "1495",
+          "githubID": "GHSA-q42p-pg8m-cqh6"
         },
         "info": [
-          "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
+          "https://github.com/advisories/GHSA-q42p-pg8m-cqh6",
+          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e",
+          "https://github.com/wycats/handlebars.js/issues/1495",
+          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183"
         ]
       },
       {
-        "below": "3.0.8",
-        "severity": "high",
+        "atOrAbove": "4.0.0",
+        "below": "4.3.0",
+        "severity": "high",
         "cwe": [
-          "CWE-79"
+          "CWE-1321",
+          "CWE-74"
         ],
         "identifiers": {
-          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting)",
-          "githubID": "GHSA-q2c6-c6pm-g3gh"
+          "summary": "Disallow calling helperMissing and blockHelperMissing directly",
+          "retid": "44",
+          "CVE": [
+            "CVE-2019-19919"
+          ],
+          "githubID": "GHSA-w457-6q6x-cgp9"
         },
         "info": [
-          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
+          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v430---september-24th-2019"
         ]
       },
       {
-        "below": "4.5.3",
         "atOrAbove": "4.0.0",
+        "below": "4.4.5",
         "severity": "high",
         "cwe": [
-          "CWE-79"
+          "CWE-400"
         ],
         "identifiers": {
-          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting)",
-          "githubID": "GHSA-q2c6-c6pm-g3gh"
+          "summary": "Regular Expression Denial of Service in Handlebars",
+          "githubID": "GHSA-62gr-4qp9-h98f",
+          "CVE": [
+            "CVE-2019-20922"
+          ]
         },
         "info": [
-          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
+          "https://nvd.nist.gov/vuln/detail/CVE-2019-20922"
         ]
       },
       {
-        "below": "3.0.8",
+        "atOrAbove": "4.0.0",
+        "below": "4.4.5",
+        "severity": "medium",
+        "cwe": [
+          "CWE-400"
+        ],
+        "identifiers": {
+          "summary": "Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to version 4.4.5 or later.",
+          "retid": "75",
+          "githubID": "GHSA-f52g-6jhx-586p"
+        },
+        "info": [
+          "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427"
+        ]
+      },
+      {
+        "atOrAbove": "4.0.0",
+        "below": "4.5.2",
         "severity": "high",
         "cwe": [
           "CWE-79"
@@ -3331,22 +3446,60 @@
           "githubID": "GHSA-2cf5-4w76-r9qv"
         },
         "info": [
+          "https://github.com/advisories/GHSA-2cf5-4w76-r9qv",
           "https://www.npmjs.com/advisories/1316"
         ]
       },
       {
         "atOrAbove": "4.0.0",
-        "below": "4.5.2",
+        "below": "4.5.3",
+        "severity": "high",
+        "cwe": [
+          "CWE-94"
+        ],
+        "identifiers": {
+          "summary": "Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).",
+          "githubID": "GHSA-3cqr-58rm-57f8",
+          "CVE": [
+            "CVE-2019-20920"
+          ]
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-3cqr-58rm-57f8",
+          "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
+        ]
+      },
+      {
+        "atOrAbove": "4.0.0",
+        "below": "4.5.3",
+        "severity": "high",
+        "cwe": [
+          "CWE-1321"
+        ],
+        "identifiers": {
+          "summary": "Prototype pollution",
+          "retid": "45",
+          "githubID": "GHSA-g9r4-xpmj-mj65"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-g9r4-xpmj-mj65",
+          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
+        ]
+      },
+      {
+        "atOrAbove": "4.0.0",
+        "below": "4.5.3",
         "severity": "high",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).\n\nThe following template can be used to demonstrate the vulnerability:  \n```{{#with \"constructor\"}}\n\t{{#with split as |a|}}\n\t\t{{pop (push \"alert('Vulnerable Handlebars JS');\")}}\n\t\t{{#with (concat (lookup join (slice 0 1)))}}\n\t\t\t{{#each (slice 2 3)}}\n\t\t\t\t{{#with (apply 0 a)}}\n\t\t\t\t\t{{.}}\n\t\t\t\t{{/with}}\n\t\t\t{{/each}}\n\t\t{{/with}}\n\t{{/with}}\n{{/with}}```\n\n\n## Recommendation\n\nUpgrade to version 3.0.8, 4.5.2 or later.",
-          "githubID": "GHSA-2cf5-4w76-r9qv"
+          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting)",
+          "githubID": "GHSA-q2c6-c6pm-g3gh"
         },
         "info": [
-          "https://www.npmjs.com/advisories/1316"
+          "https://github.com/advisories/GHSA-q2c6-c6pm-g3gh",
+          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
         ]
       },
       {
@@ -3397,40 +3550,6 @@
         "info": [
           "https://nvd.nist.gov/vuln/detail/CVE-2021-23369"
         ]
-      },
-      {
-        "atOrAbove": "4.0.0",
-        "below": "4.4.5",
-        "severity": "medium",
-        "cwe": [
-          "CWE-400"
-        ],
-        "identifiers": {
-          "summary": "Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to version 4.4.5 or later.",
-          "retid": "71",
-          "githubID": "GHSA-f52g-6jhx-586p"
-        },
-        "info": [
-          "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427"
-        ]
-      },
-      {
-        "atOrAbove": "4.0.0",
-        "below": "4.4.5",
-        "severity": "high",
-        "cwe": [
-          "CWE-400"
-        ],
-        "identifiers": {
-          "summary": "Regular Expression Denial of Service in Handlebars",
-          "githubID": "GHSA-62gr-4qp9-h98f",
-          "CVE": [
-            "CVE-2019-20922"
-          ]
-        },
-        "info": [
-          "https://nvd.nist.gov/vuln/detail/CVE-2019-20922"
-        ]
       }
     ],
     "extractors": {
@@ -3596,81 +3715,81 @@
         ]
       },
       {
-        "below": "3.1.3",
-        "atOrAbove": "3.0.0",
+        "below": "2.3.8",
         "severity": "medium",
         "cwe": [
-          "CWE-434"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "Fixed security vulnerability by adding die calls to all php files to prevent them from being executed unless modified.",
-          "retid": "36"
+          "summary": "Fixed a potential security issue with not entity encoding the file names in the html in the queue/ui widgets.",
+          "retid": "38"
         },
         "info": [
-          "https://github.com/moxiecode/plupload/releases/tag/v3.1.3"
+          "https://github.com/moxiecode/plupload/releases/tag/v2.3.8"
         ]
       },
       {
-        "below": "3.1.4",
-        "atOrAbove": "3.0.0",
+        "below": "2.3.9",
         "severity": "medium",
         "cwe": [
-          "CWE-79"
+          "CWE-434",
+          "CWE-75"
         ],
         "identifiers": {
-          "summary": "Fixed a potential security issue with not entity encoding the file names in the html in the queue/ui widgets.",
-          "retid": "37"
+          "summary": "Fixed another case of html entities not being encoded that could be exploded by uploading a file name with html in it.",
+          "retid": "42",
+          "CVE": [
+            "CVE-2021-23562"
+          ],
+          "githubID": "GHSA-rp2c-jrgp-cvr8"
         },
         "info": [
-          "https://github.com/moxiecode/plupload/releases/tag/v3.1.4"
+          "https://github.com/moxiecode/plupload/releases/tag/v2.3.9"
         ]
       },
       {
-        "below": "2.3.8",
+        "atOrAbove": "3.0.0",
+        "below": "3.1.3",
         "severity": "medium",
         "cwe": [
-          "CWE-79"
+          "CWE-434"
         ],
         "identifiers": {
-          "summary": "Fixed a potential security issue with not entity encoding the file names in the html in the queue/ui widgets.",
-          "retid": "38"
+          "summary": "Fixed security vulnerability by adding die calls to all php files to prevent them from being executed unless modified.",
+          "retid": "36"
         },
         "info": [
-          "https://github.com/moxiecode/plupload/releases/tag/v2.3.8"
+          "https://github.com/moxiecode/plupload/releases/tag/v3.1.3"
         ]
       },
       {
-        "below": "3.1.5",
         "atOrAbove": "3.0.0",
+        "below": "3.1.4",
         "severity": "medium",
         "cwe": [
-          "CWE-434"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "Fixed another case of html entities not being encoded that could be exploded by uploading a file name with html in it.",
-          "retid": "41"
+          "summary": "Fixed a potential security issue with not entity encoding the file names in the html in the queue/ui widgets.",
+          "retid": "37"
         },
         "info": [
-          "https://github.com/moxiecode/plupload/releases/tag/v3.1.5"
+          "https://github.com/moxiecode/plupload/releases/tag/v3.1.4"
         ]
       },
       {
-        "below": "2.3.9",
+        "atOrAbove": "3.0.0",
+        "below": "3.1.5",
         "severity": "medium",
         "cwe": [
-          "CWE-434",
-          "CWE-75"
+          "CWE-434"
         ],
         "identifiers": {
           "summary": "Fixed another case of html entities not being encoded that could be exploded by uploading a file name with html in it.",
-          "retid": "42",
-          "CVE": [
-            "CVE-2021-23562"
-          ],
-          "githubID": "GHSA-rp2c-jrgp-cvr8"
+          "retid": "41"
         },
         "info": [
-          "https://github.com/moxiecode/plupload/releases/tag/v2.3.9"
+          "https://github.com/moxiecode/plupload/releases/tag/v3.1.5"
         ]
       }
     ],
@@ -3750,6 +3869,29 @@
           "https://github.com/cure53/DOMPurify/releases/tag/0.9.0"
         ]
       },
+      {
+        "atOrAbove": "0",
+        "below": "1.0.11",
+        "cwe": [
+          "CWE-601"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "DOMPurify Open Redirect vulnerability",
+          "CVE": [
+            "CVE-2019-25155"
+          ],
+          "githubID": "GHSA-8hgg-xxm5-3873"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-8hgg-xxm5-3873",
+          "https://nvd.nist.gov/vuln/detail/CVE-2019-25155",
+          "https://github.com/cure53/DOMPurify/pull/337",
+          "https://github.com/cure53/DOMPurify/commit/7601c33a57e029cce51d910eda5179a3f1b51c83",
+          "https://github.com/cure53/DOMPurify",
+          "https://github.com/cure53/DOMPurify/compare/1.0.10...1.0.11"
+        ]
+      },
       {
         "below": "2.0.3",
         "severity": "medium",
@@ -3905,14 +4047,15 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "potential XSS vulnerability can arise when using user data as a key",
           "CVE": [
             "CVE-2013-7035"
           ],
-          "summary": "potential XSS vulnerability can arise when using user data as a key",
           "githubID": "GHSA-g53w-52xc-2j85"
         },
         "info": [
-          "https://facebook.github.io/react/blog/2013/12/18/react-v0.5.2-v0.4.2.html"
+          "https://facebook.github.io/react/blog/2013/12/18/react-v0.5.2-v0.4.2.html",
+          "https://github.com/advisories/GHSA-g53w-52xc-2j85"
         ]
       },
       {
@@ -3923,19 +4066,20 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "potential XSS vulnerability can arise when using user data as a key",
           "CVE": [
             "CVE-2013-7035"
           ],
-          "summary": "potential XSS vulnerability can arise when using user data as a key",
           "githubID": "GHSA-g53w-52xc-2j85"
         },
         "info": [
-          "https://facebook.github.io/react/blog/2013/12/18/react-v0.5.2-v0.4.2.html"
+          "https://facebook.github.io/react/blog/2013/12/18/react-v0.5.2-v0.4.2.html",
+          "https://github.com/advisories/GHSA-g53w-52xc-2j85"
         ]
       },
       {
-        "below": "0.14.0",
         "atOrAbove": "0.0.1",
+        "below": "0.14.0",
         "severity": "high",
         "cwe": [
           "CWE-79"
@@ -3958,10 +4102,10 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
           "CVE": [
             "CVE-2018-6341"
-          ],
-          "summary": "potential XSS vulnerability when the attacker controls an attribute name"
+          ]
         },
         "info": [
           "https://github.com/facebook/react/blob/master/CHANGELOG.md",
@@ -3976,10 +4120,10 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
           "CVE": [
             "CVE-2018-6341"
-          ],
-          "summary": "potential XSS vulnerability when the attacker controls an attribute name"
+          ]
         },
         "info": [
           "https://github.com/facebook/react/blob/master/CHANGELOG.md",
@@ -3994,10 +4138,10 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
           "CVE": [
             "CVE-2018-6341"
-          ],
-          "summary": "potential XSS vulnerability when the attacker controls an attribute name"
+          ]
         },
         "info": [
           "https://github.com/facebook/react/blob/master/CHANGELOG.md",
@@ -4012,10 +4156,10 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
           "CVE": [
             "CVE-2018-6341"
-          ],
-          "summary": "potential XSS vulnerability when the attacker controls an attribute name"
+          ]
         },
         "info": [
           "https://github.com/facebook/react/blob/master/CHANGELOG.md",
@@ -4030,10 +4174,10 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
           "CVE": [
             "CVE-2018-6341"
-          ],
-          "summary": "potential XSS vulnerability when the attacker controls an attribute name"
+          ]
         },
         "info": [
           "https://github.com/facebook/react/blob/master/CHANGELOG.md",
@@ -4045,67 +4189,164 @@
       "filecontent": [
         "/\\*\\*\n +\\* React \\(with addons\\) ?v(§§version§§)",
         "/\\*\\*\n +\\* React v(§§version§§)",
+        "/\\*\\* @license React v(§§version§§)[\\s]*\\* react\\.",
         "\"\\./ReactReconciler\":[0-9]+,\"\\./Transaction\":[0-9]+,\"fbjs/lib/invariant\":[0-9]+\\}\\],[0-9]+:\\[function\\(require,module,exports\\)\\{\"use strict\";module\\.exports=\"(§§version§§)\"\\}",
         "ReactVersion\\.js[\\*! \\\\/\n\r]{0,100}function\\(e,t\\)\\{\"use strict\";e\\.exports=\"(§§version§§)\"",
         "expected a ReactNode.[\\s\\S]{0,1800}?function\\(e,t\\)\\{\"use strict\";e\\.exports=\"(§§version§§)\""
       ]
     }
   },
-  "flowplayer": {
+  "react-dom": {
     "vulnerabilities": [
       {
-        "below": "5.4.3",
+        "atOrAbove": "16.0.0",
+        "below": "16.0.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "XSS vulnerability in Flash fallback",
-          "issue": "381"
+          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
+          "CVE": [
+            "CVE-2018-6341"
+          ],
+          "githubID": "GHSA-mvjj-gqq2-p4hw"
         },
         "info": [
-          "https://github.com/flowplayer/flowplayer/issues/381"
+          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
+          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
+          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
         ]
-      }
-    ],
-    "extractors": {
-      "uri": [
-        "flowplayer-(§§version§§)(\\.min)?\\.js"
-      ],
-      "filename": [
-        "flowplayer-(§§version§§)(\\.min)?\\.js"
-      ]
-    }
-  },
-  "DWR": {
-    "npmname": "dwr",
-    "vulnerabilities": [
+      },
       {
-        "below": "1.1.4",
-        "severity": "high",
+        "atOrAbove": "16.1.0",
+        "below": "16.1.2",
+        "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
           "CVE": [
-            "CVE-2007-01-09"
-          ]
+            "CVE-2018-6341"
+          ],
+          "githubID": "GHSA-mvjj-gqq2-p4hw"
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2014-5326/",
-          "http://www.cvedetails.com/cve/CVE-2014-5326/"
+          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
+          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
+          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
         ]
       },
       {
-        "below": "2.0.11",
+        "atOrAbove": "16.2.0",
+        "below": "16.2.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
           "CVE": [
-            "CVE-2014-5326",
-            "CVE-2014-5325"
+            "CVE-2018-6341"
+          ],
+          "githubID": "GHSA-mvjj-gqq2-p4hw"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
+          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
+          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
+        ]
+      },
+      {
+        "atOrAbove": "16.3.0",
+        "below": "16.3.3",
+        "severity": "medium",
+        "cwe": [
+          "CWE-79"
+        ],
+        "identifiers": {
+          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
+          "CVE": [
+            "CVE-2018-6341"
+          ],
+          "githubID": "GHSA-mvjj-gqq2-p4hw"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
+          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
+          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
+        ]
+      },
+      {
+        "atOrAbove": "16.4.0",
+        "below": "16.4.2",
+        "severity": "medium",
+        "cwe": [
+          "CWE-79"
+        ],
+        "identifiers": {
+          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
+          "CVE": [
+            "CVE-2018-6341"
+          ],
+          "githubID": "GHSA-mvjj-gqq2-p4hw"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
+          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
+          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
+        ]
+      }
+    ],
+    "extractors": {
+      "uri": [
+        "/react-dom@(§§version§§)/"
+      ],
+      "filecontent": [
+        "version:\"(§§version§§)[a-z0-9\\-]*\"[\\s,]*rendererPackageName:\"react-dom\"",
+        "/\\*\\* @license React v(§§version§§)[\\s]*\\* react-dom\\."
+      ]
+    }
+  },
+  "flowplayer": {
+    "vulnerabilities": [
+      {
+        "below": "5.4.3",
+        "severity": "medium",
+        "cwe": [
+          "CWE-79"
+        ],
+        "identifiers": {
+          "summary": "XSS vulnerability in Flash fallback",
+          "issue": "381"
+        },
+        "info": [
+          "https://github.com/flowplayer/flowplayer/issues/381"
+        ]
+      }
+    ],
+    "extractors": {
+      "uri": [
+        "flowplayer-(§§version§§)(\\.min)?\\.js"
+      ],
+      "filename": [
+        "flowplayer-(§§version§§)(\\.min)?\\.js"
+      ]
+    }
+  },
+  "DWR": {
+    "npmname": "dwr",
+    "vulnerabilities": [
+      {
+        "below": "1.1.4",
+        "severity": "high",
+        "cwe": [
+          "CWE-79"
+        ],
+        "identifiers": {
+          "CVE": [
+            "CVE-2007-01-09"
           ]
         },
         "info": [
@@ -4114,7 +4355,23 @@
         ]
       },
       {
-        "above": "3",
+        "below": "2.0.11",
+        "severity": "medium",
+        "cwe": [
+          "CWE-79"
+        ],
+        "identifiers": {
+          "CVE": [
+            "CVE-2014-5326",
+            "CVE-2014-5325"
+          ]
+        },
+        "info": [
+          "http://www.cvedetails.com/cve/CVE-2014-5326/"
+        ]
+      },
+      {
+        "atOrAbove": "3",
         "below": "3.0.RC3",
         "severity": "medium",
         "cwe": [
@@ -4127,7 +4384,6 @@
           ]
         },
         "info": [
-          "http://www.cvedetails.com/cve/CVE-2014-5326/",
           "http://www.cvedetails.com/cve/CVE-2014-5326/"
         ]
       }
@@ -4193,9 +4449,9 @@
           "githubID": "GHSA-446m-mv8f-q348"
         },
         "info": [
-          "https://security.snyk.io/vuln/npm:moment:20170905",
           "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18214",
-          "https://github.com/moment/moment/issues/4163"
+          "https://github.com/moment/moment/issues/4163",
+          "https://security.snyk.io/vuln/npm:moment:20170905"
         ]
       },
       {
@@ -4217,8 +4473,8 @@
         ]
       },
       {
-        "below": "2.29.4",
         "atOrAbove": "2.18.0",
+        "below": "2.29.4",
         "severity": "high",
         "cwe": [
           "CWE-1333",
@@ -4227,13 +4483,14 @@
         "identifiers": {
           "summary": "Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4",
           "CVE": [
-            "CVE-2022-31129"
+            "CVE-2022-31129",
+            "CVE-2023-22467"
           ],
           "githubID": "GHSA-wc69-rhjr-hc9g"
         },
         "info": [
-          "https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238",
-          "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
+          "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
+          "https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238"
         ]
       }
     ],
@@ -4262,8 +4519,8 @@
     "npmname": "underscore",
     "vulnerabilities": [
       {
-        "below": "1.12.1",
         "atOrAbove": "1.3.2",
+        "below": "1.12.1",
         "severity": "high",
         "cwe": [
           "CWE-94"
@@ -4292,59 +4549,53 @@
   "bootstrap": {
     "vulnerabilities": [
       {
-        "below": "4.3.1",
-        "atOrAbove": "4.0.0",
+        "below": "2.1.0",
+        "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "issue": "28236",
-          "summary": "XSS in data-template, data-content and data-title properties of tooltip/popover",
-          "CVE": [
-            "CVE-2019-8331"
-          ],
-          "githubID": "GHSA-9v3m-8fp8-mj99"
+          "summary": "cross-site scripting vulnerability",
+          "issue": "3421"
         },
-        "severity": "medium",
         "info": [
-          "https://github.com/twbs/bootstrap/issues/28236"
+          "https://github.com/twbs/bootstrap/pull/3421"
         ]
       },
       {
-        "atOrAbove": "3.0.0",
-        "below": "3.4.1",
+        "below": "3.4.0",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
-          "issue": "28236",
-          "summary": "XSS in data-template, data-content and data-title properties of tooltip/popover",
+          "summary": "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.",
+          "issue": "27044",
           "CVE": [
-            "CVE-2019-8331"
+            "CVE-2018-20676"
           ],
-          "githubID": "GHSA-9v3m-8fp8-mj99"
+          "githubID": "GHSA-3mgp-fx93-9xv5"
         },
-        "severity": "medium",
         "info": [
-          "https://github.com/twbs/bootstrap/issues/28236"
+          "https://nvd.nist.gov/vuln/detail/CVE-2018-20676"
         ]
       },
       {
-        "below": "4.1.2",
-        "atOrAbove": "4.0.0",
+        "below": "3.4.0",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
-          "issue": "20184",
           "summary": "XSS in data-target property of scrollspy",
+          "issue": "20184",
           "CVE": [
             "CVE-2018-14041"
           ],
           "githubID": "GHSA-pj7m-g53m-7638"
         },
-        "severity": "medium",
         "info": [
+          "https://github.com/advisories/GHSA-pj7m-g53m-7638",
           "https://github.com/twbs/bootstrap/issues/20184"
         ]
       },
@@ -4353,170 +4604,180 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
+          "summary": "XSS in data-container property of tooltip",
           "issue": "20184",
-          "summary": "XSS in data-target property of scrollspy",
           "CVE": [
-            "CVE-2018-14041"
-          ],
-          "githubID": "GHSA-pj7m-g53m-7638"
+            "CVE-2018-14042"
+          ]
         },
-        "severity": "medium",
         "info": [
           "https://github.com/twbs/bootstrap/issues/20184"
         ]
       },
       {
-        "below": "4.1.2",
-        "atOrAbove": "4.0.0",
+        "below": "3.4.0",
+        "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "issue": "20184",
-          "summary": "XSS in collapse data-parent attribute",
+          "summary": "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.",
           "CVE": [
-            "CVE-2018-14040"
+            "CVE-2018-20677"
           ],
-          "githubID": "GHSA-3wqf-4x89-9g79"
+          "githubID": "GHSA-ph58-4vrj-w6hr"
         },
-        "severity": "medium",
         "info": [
-          "https://github.com/twbs/bootstrap/issues/20184"
+          "https://github.com/advisories/GHSA-ph58-4vrj-w6hr"
         ]
       },
       {
+        "atOrAbove": "3.0.0",
         "below": "3.4.0",
+        "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "issue": "27044",
-          "summary": "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.",
+          "summary": "XSS is possible in the data-target attribute.",
           "CVE": [
-            "CVE-2018-20676"
+            "CVE-2016-10735"
           ],
-          "githubID": "GHSA-3mgp-fx93-9xv5"
+          "githubID": "GHSA-4p24-vmcr-4gqj"
         },
-        "severity": "medium",
         "info": [
-          "https://nvd.nist.gov/vuln/detail/CVE-2018-20676"
+          "https://github.com/advisories/GHSA-4p24-vmcr-4gqj"
         ]
       },
       {
-        "below": "4.1.2",
-        "atOrAbove": "4.0.0",
+        "atOrAbove": "3.0.0",
+        "below": "3.4.1",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
-          "issue": "20184",
-          "summary": "XSS in data-container property of tooltip",
+          "summary": "XSS in data-template, data-content and data-title properties of tooltip/popover",
+          "issue": "28236",
           "CVE": [
-            "CVE-2018-14042"
-          ]
+            "CVE-2019-8331"
+          ],
+          "githubID": "GHSA-9v3m-8fp8-mj99"
         },
-        "severity": "medium",
         "info": [
-          "https://github.com/twbs/bootstrap/issues/20184"
+          "https://github.com/advisories/GHSA-9v3m-8fp8-mj99",
+          "https://github.com/twbs/bootstrap/issues/28236"
         ]
       },
       {
-        "below": "3.4.0",
+        "below": "3.999.999",
+        "severity": "low",
         "cwe": [
-          "CWE-79"
+          "CWE-1104"
         ],
         "identifiers": {
-          "issue": "20184",
-          "summary": "XSS in data-container property of tooltip",
-          "CVE": [
-            "CVE-2018-14042"
-          ]
+          "summary": "Bootstrap before 4.0.0 is end-of-life and no longer maintained.",
+          "retid": "72"
         },
-        "severity": "medium",
         "info": [
-          "https://github.com/twbs/bootstrap/issues/20184"
+          "https://github.com/twbs/bootstrap/issues/20631"
         ]
       },
       {
-        "below": "3.4.0",
+        "atOrAbove": "4.0.0-beta",
+        "below": "4.0.0-beta.2",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.",
+          "summary": "XSS is possible in the data-target attribute.",
           "CVE": [
-            "CVE-2018-20677"
+            "CVE-2016-10735"
           ],
-          "githubID": "GHSA-ph58-4vrj-w6hr"
+          "githubID": "GHSA-4p24-vmcr-4gqj"
         },
         "info": [
-          "https://github.com/advisories/GHSA-ph58-4vrj-w6hr"
+          "https://github.com/advisories/GHSA-4p24-vmcr-4gqj"
         ]
       },
       {
-        "atOrAbove": "3.0.0",
-        "below": "3.4.0",
-        "severity": "medium",
+        "atOrAbove": "4.0.0",
+        "below": "4.1.2",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
-          "summary": "XSS is possible in the data-target attribute.",
+          "summary": "XSS in collapse data-parent attribute",
+          "issue": "20184",
           "CVE": [
-            "CVE-2016-10735"
+            "CVE-2018-14040"
           ],
-          "githubID": "GHSA-4p24-vmcr-4gqj"
+          "githubID": "GHSA-3wqf-4x89-9g79"
         },
         "info": [
-          "https://github.com/advisories/GHSA-4p24-vmcr-4gqj"
+          "https://github.com/twbs/bootstrap/issues/20184"
         ]
       },
       {
-        "atOrAbove": "4.0.0-beta",
-        "below": "4.0.0-beta.2",
-        "severity": "medium",
+        "atOrAbove": "4.0.0",
+        "below": "4.1.2",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
-          "summary": "XSS is possible in the data-target attribute.",
+          "summary": "XSS in data-target property of scrollspy",
+          "issue": "20184",
           "CVE": [
-            "CVE-2016-10735"
+            "CVE-2018-14041"
           ],
-          "githubID": "GHSA-4p24-vmcr-4gqj"
+          "githubID": "GHSA-pj7m-g53m-7638"
         },
         "info": [
-          "https://github.com/advisories/GHSA-4p24-vmcr-4gqj"
+          "https://github.com/advisories/GHSA-pj7m-g53m-7638",
+          "https://github.com/twbs/bootstrap/issues/20184"
         ]
       },
       {
-        "below": "2.1.0",
-        "severity": "medium",
+        "atOrAbove": "4.0.0",
+        "below": "4.1.2",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
-          "summary": "cross-site scripting vulnerability",
-          "issue": "3421"
+          "summary": "XSS in data-container property of tooltip",
+          "issue": "20184",
+          "CVE": [
+            "CVE-2018-14042"
+          ]
         },
         "info": [
-          "https://github.com/twbs/bootstrap/pull/3421"
+          "https://github.com/twbs/bootstrap/issues/20184"
         ]
       },
       {
-        "below": "3.999.999",
-        "severity": "low",
+        "atOrAbove": "4.0.0",
+        "below": "4.3.1",
         "cwe": [
-          "CWE-1104"
+          "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
-          "retid": "72",
-          "summary": "Bootstrap before 4.0.0 is end-of-life and no longer maintained."
+          "summary": "XSS in data-template, data-content and data-title properties of tooltip/popover",
+          "issue": "28236",
+          "CVE": [
+            "CVE-2019-8331"
+          ],
+          "githubID": "GHSA-9v3m-8fp8-mj99"
         },
         "info": [
-          "https://github.com/twbs/bootstrap/issues/20631"
+          "https://github.com/advisories/GHSA-9v3m-8fp8-mj99",
+          "https://github.com/twbs/bootstrap/issues/28236"
         ]
       }
     ],
@@ -4564,7 +4825,10 @@
         ],
         "identifiers": {
           "summary": "Cross-Site Scripting in bootstrap-select",
-          "githubID": "GHSA-9r7h-6639-v5mw"
+          "githubID": "GHSA-9r7h-6639-v5mw",
+          "CVE": [
+            "CVE-2019-20921"
+          ]
         },
         "info": [
           "https://github.com/snapappointments/bootstrap-select/issues/2199"
@@ -4588,11 +4852,11 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
           "summary": "XSS",
           "retid": "13"
         },
-        "severity": "medium",
         "info": [
           "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-443"
         ]
@@ -4602,11 +4866,11 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
           "summary": "XSS",
           "retid": "14"
         },
-        "severity": "medium",
         "info": [
           "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-446"
         ]
@@ -4616,11 +4880,11 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
           "summary": "XSS",
           "retid": "15"
         },
-        "severity": "medium",
         "info": [
           "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-448"
         ]
@@ -4630,26 +4894,26 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
           "summary": "XSS",
           "retid": "16"
         },
-        "severity": "medium",
         "info": [
           "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-4511"
         ]
       },
       {
-        "below": "4.9.2",
         "atOrAbove": "4.5.11",
+        "below": "4.9.2",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
           "summary": "XSS if the enhanced image plugin is installed",
           "retid": "17"
         },
-        "severity": "medium",
         "info": [
           "https://ckeditor.com/blog/CKEditor-4.9.2-with-a-security-patch-released/",
           "https://ckeditor.com/cke4/release-notes"
@@ -4661,6 +4925,7 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
           "summary": "XSS vulnerability in the HTML parser",
           "retid": "18",
@@ -4669,38 +4934,37 @@
           ],
           "githubID": "GHSA-g68x-vvqq-pvw3"
         },
-        "severity": "medium",
         "info": [
           "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/",
           "https://snyk.io/vuln/SNYK-JS-CKEDITOR-72618"
         ]
       },
       {
-        "below": "4.15.1",
+        "below": "4.14.0",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "low",
         "identifiers": {
-          "summary": "XSS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted HTML code into the Color Button dialog",
-          "retid": "19"
+          "summary": "XSS",
+          "retid": "20"
         },
-        "severity": "medium",
         "info": [
-          "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-4151"
+          "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-414"
         ]
       },
       {
-        "below": "4.14.0",
+        "below": "4.15.1",
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
-          "summary": "XSS",
-          "retid": "20"
+          "summary": "XSS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted HTML code into the Color Button dialog",
+          "retid": "19"
         },
-        "severity": "low",
         "info": [
-          "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-414"
+          "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-4151"
         ]
       },
       {
@@ -4708,11 +4972,11 @@
         "cwe": [
           "CWE-1333"
         ],
+        "severity": "low",
         "identifiers": {
           "summary": "ReDoS vulnerability in Autolink plugin and Advanced Tab for Dialogs plugin",
           "retid": "21"
         },
-        "severity": "low",
         "info": [
           "https://ckeditor.com/cke4/release/CKEditor-4.16.0"
         ]
@@ -4722,15 +4986,15 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "low",
         "identifiers": {
-          "summary": "XSS vulnerability in the Clipboard plugin",
+          "summary": "XSS vulnerability in the Widget plugin",
           "CVE": [
-            "CVE-2021-32809"
+            "CVE-2021-32808"
           ]
         },
-        "severity": "low",
         "info": [
-          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg"
+          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c"
         ]
       },
       {
@@ -4738,15 +5002,15 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "low",
         "identifiers": {
-          "summary": "XSS vulnerability in the Widget plugin",
+          "summary": "XSS vulnerability in the Clipboard plugin",
           "CVE": [
-            "CVE-2021-32808"
+            "CVE-2021-32809"
           ]
         },
-        "severity": "low",
         "info": [
-          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c"
+          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg"
         ]
       },
       {
@@ -4754,13 +5018,13 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
           "summary": "XSS vulnerability in the Fake Objects plugin",
           "CVE": [
             "CVE-2021-37695"
           ]
         },
-        "severity": "medium",
         "info": [
           "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc"
         ]
@@ -4770,6 +5034,7 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
           "summary": "XSS vulnerabilities in the core module",
           "CVE": [
@@ -4777,10 +5042,9 @@
             "CVE-2021-41165"
           ]
         },
-        "severity": "medium",
         "info": [
-          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj",
-          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2"
+          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2",
+          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj"
         ]
       },
       {
@@ -4788,20 +5052,20 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "low",
         "identifiers": {
           "summary": "Inject malformed URL to bypass content sanitization for XSS",
           "CVE": [
             "CVE-2022-24728"
           ]
         },
-        "severity": "low",
         "info": [
           "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh"
         ]
       },
       {
         "below": "4.21.0",
-        "severity": "Medium",
+        "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
@@ -4813,8 +5077,8 @@
         },
         "info": [
           "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439",
-          "https://nvd.nist.gov/vuln/detail/CVE-2023-28439",
-          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g"
+          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g",
+          "https://nvd.nist.gov/vuln/detail/CVE-2023-28439"
         ]
       }
     ],
@@ -4839,13 +5103,13 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "low",
         "identifiers": {
           "summary": "XSS in the link package",
           "CVE": [
             "CVE-2018-11093"
           ]
         },
-        "severity": "low",
         "info": [
           "https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/"
         ]
@@ -4855,13 +5119,13 @@
         "cwe": [
           "CWE-1333"
         ],
+        "severity": "low",
         "identifiers": {
           "summary": "ReDos in several packages",
           "CVE": [
             "CVE-2021-21254"
           ]
         },
-        "severity": "low",
         "info": [
           "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-hgmg-hhc8-g5wr"
         ]
@@ -4871,13 +5135,13 @@
         "cwe": [
           "CWE-1333"
         ],
+        "severity": "low",
         "identifiers": {
           "summary": "ReDos in several packages",
           "CVE": [
             "CVE-2021-21391"
           ]
         },
-        "severity": "low",
         "info": [
           "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj"
         ]
@@ -4887,13 +5151,13 @@
         "cwe": [
           "CWE-79"
         ],
+        "severity": "low",
         "identifiers": {
           "summary": "security fix for the Markdown GFM, HTML support and HTML embed packages",
           "CVE": [
             "CVE-2022-31175"
           ]
         },
-        "severity": "low",
         "info": [
           "https://github.com/ckeditor/ckeditor5/compare/v34.2.0...v35.0.0",
           "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j"
@@ -4917,17 +5181,17 @@
   "vue": {
     "vulnerabilities": [
       {
-        "below": "2.6.11",
+        "below": "2.4.3",
         "severity": "medium",
         "cwe": [
-          "CWE-94"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "Bump vue-server-renderer's dependency of serialize-javascript to 2.1.2",
-          "retid": "10"
+          "summary": "possible xss vector",
+          "retid": "12"
         },
         "info": [
-          "https://github.com/vuejs/vue/releases/tag/v2.6.11"
+          "https://github.com/vuejs/vue/releases/tag/v2.4.3"
         ]
       },
       {
@@ -4945,17 +5209,17 @@
         ]
       },
       {
-        "below": "2.4.3",
+        "below": "2.6.11",
         "severity": "medium",
         "cwe": [
-          "CWE-79"
+          "CWE-94"
         ],
         "identifiers": {
-          "summary": "possible xss vector",
-          "retid": "12"
+          "summary": "Bump vue-server-renderer's dependency of serialize-javascript to 2.1.2",
+          "retid": "10"
         },
         "info": [
-          "https://github.com/vuejs/vue/releases/tag/v2.4.3"
+          "https://github.com/vuejs/vue/releases/tag/v2.6.11"
         ]
       }
     ],
@@ -4981,21 +5245,23 @@
   "ExtJS": {
     "vulnerabilities": [
       {
-        "below": "6.6.0",
-        "atOrAbove": "4.0.0",
+        "atOrAbove": "3.0.0",
+        "below": "4.0.0",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "XSS vulnerability in ExtJS charts.swf",
           "CVE": [
-            "CVE-2018-8046"
-          ],
-          "summary": "XSS in Sencha Ext JS 4 to 6 via getTip() method of Action Columns"
+            "CVE-2010-4207",
+            "CVE-2012-5881"
+          ]
         },
         "info": [
-          "http://seclists.org/fulldisclosure/2018/Jul/8",
-          "https://nvd.nist.gov/vuln/detail/CVE-2018-8046"
+          "https://typo3.org/security/advisory/typo3-core-sa-2014-001/",
+          "https://www.acunetix.com/vulnerabilities/web/extjs-charts-swf-cross-site-scripting",
+          "https://www.akawebdesign.com/2018/08/14/should-js-frameworks-prevent-xss/"
         ]
       },
       {
@@ -5005,35 +5271,33 @@
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "Directory traversal and arbitrary file read",
           "CVE": [
             "CVE-2007-2285"
-          ],
-          "summary": "Directory traversal and arbitrary file read"
+          ]
         },
         "info": [
-          "https://www.cvedetails.com/cve/CVE-2007-2285/",
           "https://packetstormsecurity.com/files/132052/extjs-Arbitrary-File-Read.html",
-          "https://www.akawebdesign.com/2018/08/14/should-js-frameworks-prevent-xss/"
+          "https://www.akawebdesign.com/2018/08/14/should-js-frameworks-prevent-xss/",
+          "https://www.cvedetails.com/cve/CVE-2007-2285/"
         ]
       },
       {
-        "below": "4.0.0",
-        "atOrAbove": "3.0.0",
+        "atOrAbove": "4.0.0",
+        "below": "6.6.0",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "XSS in Sencha Ext JS 4 to 6 via getTip() method of Action Columns",
           "CVE": [
-            "CVE-2010-4207",
-            "CVE-2012-5881"
-          ],
-          "summary": "XSS vulnerability in ExtJS charts.swf"
+            "CVE-2018-8046"
+          ]
         },
         "info": [
-          "https://www.acunetix.com/vulnerabilities/web/extjs-charts-swf-cross-site-scripting",
-          "https://typo3.org/security/advisory/typo3-core-sa-2014-001/",
-          "https://www.akawebdesign.com/2018/08/14/should-js-frameworks-prevent-xss/"
+          "http://seclists.org/fulldisclosure/2018/Jul/8",
+          "https://nvd.nist.gov/vuln/detail/CVE-2018-8046"
         ]
       }
     ],
@@ -5054,21 +5318,17 @@
   "svelte": {
     "vulnerabilities": [
       {
-        "below": "3.49.0",
+        "below": "2.9.8",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "summary": "XSS",
-          "issue": "7530",
-          "githubID": "GHSA-wv8q-r932-8hc7",
-          "CVE": [
-            "CVE-2022-25875"
-          ]
+          "retid": "9"
         },
         "info": [
-          "https://github.com/sveltejs/svelte/pull/7530"
+          "https://github.com/sveltejs/svelte/pull/1623"
         ]
       },
       {
@@ -5086,17 +5346,21 @@
         ]
       },
       {
-        "below": "2.9.8",
+        "below": "3.49.0",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
           "summary": "XSS",
-          "retid": "9"
+          "issue": "7530",
+          "githubID": "GHSA-wv8q-r932-8hc7",
+          "CVE": [
+            "CVE-2022-25875"
+          ]
         },
         "info": [
-          "https://github.com/sveltejs/svelte/pull/1623"
+          "https://github.com/sveltejs/svelte/pull/7530"
         ]
       }
     ],
@@ -5118,22 +5382,22 @@
   "axios": {
     "vulnerabilities": [
       {
-        "below": "0.21.3",
+        "below": "0.18.1",
         "severity": "high",
         "cwe": [
-          "CWE-1333",
-          "CWE-400"
+          "CWE-20",
+          "CWE-755"
         ],
         "identifiers": {
-          "summary": "Axios is vulnerable to Inefficient Regular Expression Complexity",
+          "summary": "Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded",
           "CVE": [
-            "CVE-2021-3749"
+            "CVE-2019-10742"
           ],
-          "githubID": "GHSA-cph5-m8f7-6c5x"
+          "githubID": "GHSA-42xw-2xvc-qx8m"
         },
         "info": [
-          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-1579269",
-          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3749"
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10742",
+          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-174505"
         ]
       },
       {
@@ -5150,27 +5414,52 @@
           "githubID": "GHSA-4w2v-q235-vp99"
         },
         "info": [
-          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-1038255",
-          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168"
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168",
+          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-1038255"
         ]
       },
       {
-        "below": "0.18.1",
+        "below": "0.21.3",
         "severity": "high",
         "cwe": [
-          "CWE-20",
-          "CWE-755"
+          "CWE-1333",
+          "CWE-400"
         ],
         "identifiers": {
-          "summary": "Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded",
+          "summary": "Axios is vulnerable to Inefficient Regular Expression Complexity",
           "CVE": [
-            "CVE-2019-10742"
+            "CVE-2021-3749"
           ],
-          "githubID": "GHSA-42xw-2xvc-qx8m"
+          "githubID": "GHSA-cph5-m8f7-6c5x"
+        },
+        "info": [
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3749",
+          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-1579269"
+        ]
+      },
+      {
+        "atOrAbove": "0.8.1",
+        "below": "1.6.0",
+        "cwe": [
+          "CWE-352"
+        ],
+        "severity": "medium",
+        "identifiers": {
+          "summary": "Axios Cross-Site Request Forgery Vulnerability",
+          "CVE": [
+            "CVE-2023-45857"
+          ],
+          "githubID": "GHSA-wf5p-g6vw-rhxx"
         },
         "info": [
-          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-174505",
-          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10742"
+          "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
+          "https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
+          "https://github.com/axios/axios/issues/6006",
+          "https://github.com/axios/axios/issues/6022",
+          "https://github.com/axios/axios/pull/6028",
+          "https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0",
+          "https://github.com/axios/axios/releases/tag/v1.6.0",
+          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459"
         ]
       }
     ],
@@ -5189,43 +5478,43 @@
   "markdown-it": {
     "vulnerabilities": [
       {
-        "below": "12.3.2",
-        "severity": "medium",
+        "below": "3.0.0",
+        "severity": "high",
         "cwe": [
-          "CWE-1333",
-          "CWE-400"
+          "CWE-1333"
         ],
         "identifiers": {
-          "summary": "Regular Expression Denial of Service (ReDoS)",
+          "summary": "Cross-site Scripting (XSS)",
           "CVE": [
-            "CVE-2022-21670"
+            "CVE-2015-10005"
           ],
-          "githubID": "GHSA-6vfc-qv3f-vr6c"
+          "githubID": "GHSA-j5p7-jf4q-742q"
         },
         "info": [
-          "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-2331914",
-          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
-          "https://nvd.nist.gov/vuln/detail/CVE-2022-21670"
+          "https://nvd.nist.gov/vuln/detail/CVE-2015-10005"
         ]
       },
       {
-        "below": "10.0.0",
+        "below": "4.1.0",
         "severity": "medium",
         "cwe": [
-          "CWE-1333"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "Regular Expression Denial of Service (ReDoS)",
-          "retid": "6"
+          "summary": "Cross-site Scripting (XSS)",
+          "CVE": [
+            "CVE-2015-3295"
+          ]
         },
         "info": [
-          "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438",
-          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md"
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3295",
+          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
+          "https://security.snyk.io/vuln/npm:markdown-it:20160912"
         ]
       },
       {
-        "below": "4.3.1",
         "atOrAbove": "4.0.0",
+        "below": "4.3.1",
         "severity": "medium",
         "cwe": [
           "CWE-79"
@@ -5235,43 +5524,43 @@
           "retid": "7"
         },
         "info": [
-          "https://security.snyk.io/vuln/npm:markdown-it:20150702",
-          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md"
+          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
+          "https://security.snyk.io/vuln/npm:markdown-it:20150702"
         ]
       },
       {
-        "below": "4.1.0",
+        "below": "10.0.0",
         "severity": "medium",
         "cwe": [
-          "CWE-79"
+          "CWE-1333"
         ],
         "identifiers": {
-          "summary": "Cross-site Scripting (XSS)",
-          "CVE": [
-            "CVE-2015-3295"
-          ]
+          "summary": "Regular Expression Denial of Service (ReDoS)",
+          "retid": "6"
         },
         "info": [
-          "https://security.snyk.io/vuln/npm:markdown-it:20160912",
-          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3295",
-          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md"
+          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
+          "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438"
         ]
       },
       {
-        "below": "3.0.0",
-        "severity": "high",
+        "below": "12.3.2",
+        "severity": "medium",
         "cwe": [
-          "CWE-1333"
+          "CWE-1333",
+          "CWE-400"
         ],
         "identifiers": {
-          "summary": "Cross-site Scripting (XSS)",
+          "summary": "Regular Expression Denial of Service (ReDoS)",
           "CVE": [
-            "CVE-2015-10005"
+            "CVE-2022-21670"
           ],
-          "githubID": "GHSA-j5p7-jf4q-742q"
+          "githubID": "GHSA-6vfc-qv3f-vr6c"
         },
         "info": [
-          "https://nvd.nist.gov/vuln/detail/CVE-2015-10005"
+          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
+          "https://nvd.nist.gov/vuln/detail/CVE-2022-21670",
+          "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-2331914"
         ]
       }
     ],
@@ -5290,26 +5579,27 @@
   "jszip": {
     "vulnerabilities": [
       {
-        "below": "3.8.0",
-        "severity": "high",
+        "below": "2.7.0",
+        "severity": "medium",
         "cwe": [
-          "CWE-22"
+          "CWE-1321"
         ],
         "identifiers": {
-          "summary": "Santize filenames when files are loaded with loadAsync, to avoid “zip slip” attacks.",
-          "retid": "5",
+          "summary": "Prototype Pollution",
           "CVE": [
-            "CVE-2022-48285"
+            "CVE-2021-23413"
           ],
-          "githubID": "GHSA-36fh-84j7-cv5h"
+          "githubID": "GHSA-jg8v-48h5-wgxg"
         },
         "info": [
-          "https://stuk.github.io/jszip/CHANGES.html"
+          "https://github.com/advisories/GHSA-jg8v-48h5-wgxg",
+          "https://nvd.nist.gov/vuln/detail/CVE-2021-23413",
+          "https://security.snyk.io/vuln/SNYK-JS-JSZIP-1251497"
         ]
       },
       {
-        "below": "3.7.0",
         "atOrAbove": "3.0.0",
+        "below": "3.7.0",
         "severity": "medium",
         "cwe": [
           "CWE-1321"
@@ -5322,26 +5612,27 @@
           "githubID": "GHSA-jg8v-48h5-wgxg"
         },
         "info": [
-          "https://security.snyk.io/vuln/SNYK-JS-JSZIP-1251497",
-          "https://nvd.nist.gov/vuln/detail/CVE-2021-23413"
+          "https://github.com/advisories/GHSA-jg8v-48h5-wgxg",
+          "https://nvd.nist.gov/vuln/detail/CVE-2021-23413",
+          "https://security.snyk.io/vuln/SNYK-JS-JSZIP-1251497"
         ]
       },
       {
-        "below": "2.7.0",
-        "severity": "medium",
+        "below": "3.8.0",
+        "severity": "high",
         "cwe": [
-          "CWE-1321"
+          "CWE-22"
         ],
         "identifiers": {
-          "summary": "Prototype Pollution",
+          "summary": "Santize filenames when files are loaded with loadAsync, to avoid “zip slip” attacks.",
+          "retid": "5",
           "CVE": [
-            "CVE-2021-23413"
+            "CVE-2022-48285"
           ],
-          "githubID": "GHSA-jg8v-48h5-wgxg"
+          "githubID": "GHSA-36fh-84j7-cv5h"
         },
         "info": [
-          "https://security.snyk.io/vuln/SNYK-JS-JSZIP-1251497",
-          "https://nvd.nist.gov/vuln/detail/CVE-2021-23413"
+          "https://stuk.github.io/jszip/CHANGES.html"
         ]
       }
     ],
@@ -5367,8 +5658,8 @@
           "CWE-94"
         ],
         "identifiers": {
-          "bug": "SNYK-JS-ALASQL-1082932",
-          "summary": "An arbitrary code execution exists as AlaSQL doesn't sanitize input when characters are placed between square brackets [] or preceded with a backtik (accent grave) ` character. Versions older that 0.7.0 were deprecated in March of 2021 and should no longer be used."
+          "summary": "An arbitrary code execution exists as AlaSQL doesn't sanitize input when characters are placed between square brackets [] or preceded with a backtik (accent grave) ` character. Versions older that 0.7.0 were deprecated in March of 2021 and should no longer be used.",
+          "bug": "SNYK-JS-ALASQL-1082932"
         },
         "info": [
           "https://security.snyk.io/vuln/SNYK-JS-ALASQL-1082932"
@@ -5391,20 +5682,21 @@
     "npmname": "datatables.net",
     "vulnerabilities": [
       {
-        "below": "1.11.3",
-        "severity": "medium",
+        "below": "1.10.10",
+        "severity": "high",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "Cross site scripting in datatables.net",
+          "summary": "XSS",
           "CVE": [
-            "CVE-2021-23445"
-          ],
-          "githubID": "GHSA-h73q-5wmj-q8pj"
+            "CVE-2015-6584"
+          ]
         },
         "info": [
-          "https://github.com/advisories/GHSA-h73q-5wmj-q8pj"
+          "https://github.com/DataTables/DataTablesSrc/commit/ccf86dc5982bd8e16d",
+          "https://github.com/advisories/GHSA-4mv4-gmmf-q382",
+          "https://www.invicti.com/web-applications-advisories/cve-2015-6384-xss-vulnerability-identified-in-datatables/"
         ]
       },
       {
@@ -5425,18 +5717,17 @@
         ]
       },
       {
-        "below": "1.11.3",
-        "severity": "low",
+        "below": "1.10.22",
+        "severity": "medium",
         "cwe": [
-          "CWE-79"
+          "CWE-1321"
         ],
         "identifiers": {
-          "summary": "possible XSS",
-          "retid": "2"
+          "summary": "prototype pollution",
+          "retid": "4"
         },
         "info": [
-          "https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b",
-          "https://cdn.datatables.net/1.11.3/"
+          "https://cdn.datatables.net/1.10.22/"
         ]
       },
       {
@@ -5450,40 +5741,40 @@
           "retid": "3"
         },
         "info": [
-          "https://github.com/DataTables/DataTablesSrc/commit/a51cbe99fd3d02aa5582f97d4af1615d11a1ea03",
-          "https://cdn.datatables.net/1.10.23/"
+          "https://cdn.datatables.net/1.10.23/",
+          "https://github.com/DataTables/DataTablesSrc/commit/a51cbe99fd3d02aa5582f97d4af1615d11a1ea03"
         ]
       },
       {
-        "below": "1.10.22",
-        "severity": "medium",
+        "below": "1.11.3",
+        "severity": "low",
         "cwe": [
-          "CWE-1321"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "prototype pollution",
-          "retid": "4"
+          "summary": "possible XSS",
+          "retid": "2"
         },
         "info": [
-          "https://cdn.datatables.net/1.10.22/"
+          "https://cdn.datatables.net/1.11.3/",
+          "https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b"
         ]
       },
       {
-        "below": "1.10.10",
-        "severity": "high",
+        "below": "1.11.3",
+        "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
+          "summary": "Cross site scripting in datatables.net",
           "CVE": [
-            "CVE-2015-6584"
+            "CVE-2021-23445"
           ],
-          "summary": "XSS"
+          "githubID": "GHSA-h73q-5wmj-q8pj"
         },
         "info": [
-          "https://github.com/DataTables/DataTablesSrc/commit/ccf86dc5982bd8e16d",
-          "https://www.invicti.com/web-applications-advisories/cve-2015-6384-xss-vulnerability-identified-in-datatables/",
-          "https://github.com/advisories/GHSA-4mv4-gmmf-q382"
+          "https://github.com/advisories/GHSA-h73q-5wmj-q8pj"
         ]
       }
     ],
@@ -5505,99 +5796,112 @@
     "npmname": "next",
     "vulnerabilities": [
       {
-        "atOrAbove": "10.0.0",
-        "below": "12.1.0",
-        "severity": "medium",
+        "atOrAbove": "1.0.0",
+        "below": "2.4.1",
+        "severity": "high",
         "cwe": [
-          "CWE-451"
+          "CWE-22"
         ],
         "identifiers": {
-          "summary": "Improper CSP in Image Optimization API",
+          "summary": "Next.js Directory Traversal Vulnerability",
           "CVE": [
-            "CVE-2022-23646"
+            "CVE-2017-16877"
           ],
-          "githubID": "GHSA-fmvm-x8mv-47mj"
+          "githubID": "GHSA-3f5c-4qxj-vmpf"
         },
         "info": [
-          "https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj"
+          "https://github.com/vercel/next.js/security/advisories/GHSA-3f5c-4qxj-vmpf"
         ]
       },
       {
-        "atOrAbove": "12.0.0",
-        "below": "12.0.9",
-        "severity": "medium",
+        "atOrAbove": "1.0.0",
+        "below": "4.2.3",
         "cwe": [
-          "CWE-20",
-          "CWE-400"
+          "CWE-22"
         ],
+        "severity": "high",
         "identifiers": {
-          "summary": "DOS Vulnerability for self-hosted next.js apps",
+          "summary": "Directory traversal vulnerability in Next.js",
           "CVE": [
-            "CVE-2022-21721"
+            "CVE-2018-6184"
           ],
-          "githubID": "GHSA-wr66-vrwm-5g5x"
+          "githubID": "GHSA-m34x-wgrh-g897"
+        },
+        "info": [
+          "https://github.com/vercel/next.js/security/advisories/GHSA-m34x-wgrh-g897"
+        ]
+      },
+      {
+        "atOrAbove": "0.9.9",
+        "below": "5.1.0",
+        "cwe": [
+          "CWE-20"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "Remote Code Execution in next",
+          "githubID": "GHSA-5vj8-3v2h-h38v"
         },
         "info": [
-          "https://github.com/vercel/next.js/security/advisories/GHSA-wr66-vrwm-5g5x"
+          "https://github.com/vercel/next.js/security/advisories/GHSA-5vj8-3v2h-h38v"
         ]
       },
       {
-        "atOrAbove": "0.9.9",
-        "below": "11.1.3",
-        "severity": "high",
+        "atOrAbove": "7.0.0",
+        "below": "7.0.2",
         "cwe": [
-          "CWE-20"
+          "CWE-79"
         ],
+        "severity": "medium",
         "identifiers": {
-          "summary": "Unexpected server crash in Next.js versions",
+          "summary": "Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page",
           "CVE": [
-            "CVE-2021-43803"
+            "CVE-2018-18282"
           ],
-          "githubID": "GHSA-25mp-g6fv-mqxx"
+          "githubID": "GHSA-qw96-mm2g-c8m7"
         },
         "info": [
-          "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx"
+          "https://github.com/vercel/next.js/security/advisories/GHSA-qw96-mm2g-c8m7"
         ]
       },
       {
-        "atOrAbove": "12.0.0",
-        "below": "12.0.5",
-        "severity": "high",
+        "below": "9.3.2",
+        "severity": "medium",
         "cwe": [
-          "CWE-20"
+          "CWE-23"
         ],
         "identifiers": {
-          "summary": "Unexpected server crash in Next.js versions",
+          "summary": "Directory Traversal in Next.js",
           "CVE": [
-            "CVE-2021-43803"
+            "CVE-2020-5284"
           ],
-          "githubID": "GHSA-25mp-g6fv-mqxx"
+          "githubID": "GHSA-fq77-7p7r-83rj"
         },
         "info": [
-          "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx"
+          "https://github.com/vercel/next.js/security/advisories/GHSA-fq77-7p7r-83rj"
         ]
       },
       {
-        "atOrAbove": "10.0.0",
-        "below": "11.1.1",
-        "severity": "high",
+        "atOrAbove": "9.5.0",
+        "below": "9.5.4",
+        "severity": "medium",
         "cwe": [
-          "CWE-79"
+          "CWE-601"
         ],
         "identifiers": {
-          "summary": "XSS in Image Optimization API",
+          "summary": "Open Redirect in Next.js",
           "CVE": [
-            "CVE-2021-39178"
+            "CVE-2020-15242"
           ],
-          "githubID": "GHSA-9gr3-7897-pp7m"
+          "githubID": "GHSA-x56p-c8cg-q435"
         },
         "info": [
-          "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3-7897-pp7m"
+          "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435"
         ]
       },
       {
-        "below": "11.1.0",
         "atOrAbove": "0.9.9",
+        "below": "11.1.0",
         "severity": "medium",
         "cwe": [
           "CWE-601"
@@ -5614,126 +5918,133 @@
         ]
       },
       {
-        "atOrAbove": "9.5.0",
-        "below": "9.5.4",
-        "severity": "medium",
+        "atOrAbove": "10.0.0",
+        "below": "11.1.1",
+        "severity": "high",
         "cwe": [
-          "CWE-601"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "Open Redirect in Next.js",
+          "summary": "XSS in Image Optimization API",
           "CVE": [
-            "CVE-2020-15242"
+            "CVE-2021-39178"
           ],
-          "githubID": "GHSA-x56p-c8cg-q435"
+          "githubID": "GHSA-9gr3-7897-pp7m"
         },
         "info": [
-          "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435"
+          "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3-7897-pp7m"
         ]
       },
       {
-        "below": "9.3.2",
-        "severity": "medium",
+        "atOrAbove": "0.9.9",
+        "below": "11.1.3",
+        "severity": "high",
         "cwe": [
-          "CWE-23"
+          "CWE-20"
         ],
         "identifiers": {
-          "summary": "Directory Traversal in Next.js",
+          "summary": "Unexpected server crash in Next.js versions",
           "CVE": [
-            "CVE-2020-5284"
+            "CVE-2021-43803"
           ],
-          "githubID": "GHSA-fq77-7p7r-83rj"
+          "githubID": "GHSA-25mp-g6fv-mqxx"
         },
         "info": [
-          "https://github.com/vercel/next.js/security/advisories/GHSA-fq77-7p7r-83rj"
+          "https://github.com/advisories/GHSA-25mp-g6fv-mqxx",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx"
         ]
       },
       {
-        "below": "12.2.4",
-        "atOrAbove": "12.2.3",
+        "atOrAbove": "12.0.0",
+        "below": "12.0.5",
+        "severity": "high",
         "cwe": [
-          "CWE-248",
-          "CWE-754"
+          "CWE-20"
         ],
-        "severity": "medium",
         "identifiers": {
-          "summary": "Unexpected server crash in Next.js",
-          "githubID": "GHSA-wff4-fpwg-qqv3",
+          "summary": "Unexpected server crash in Next.js versions",
           "CVE": [
-            "CVE-2022-36046"
-          ]
+            "CVE-2021-43803"
+          ],
+          "githubID": "GHSA-25mp-g6fv-mqxx"
         },
         "info": [
-          "https://github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3"
+          "https://github.com/advisories/GHSA-25mp-g6fv-mqxx",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx"
         ]
       },
       {
-        "below": "7.0.2",
-        "atOrAbove": "7.0.0",
+        "atOrAbove": "12.0.0",
+        "below": "12.0.9",
+        "severity": "medium",
         "cwe": [
-          "CWE-79"
+          "CWE-20",
+          "CWE-400"
         ],
-        "severity": "medium",
         "identifiers": {
-          "summary": "Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page",
+          "summary": "DOS Vulnerability for self-hosted next.js apps",
           "CVE": [
-            "CVE-2018-18282"
+            "CVE-2022-21721"
           ],
-          "githubID": "GHSA-qw96-mm2g-c8m7"
+          "githubID": "GHSA-wr66-vrwm-5g5x"
         },
         "info": [
-          "https://github.com/vercel/next.js/security/advisories/GHSA-qw96-mm2g-c8m7"
+          "https://github.com/vercel/next.js/security/advisories/GHSA-wr66-vrwm-5g5x"
         ]
       },
       {
-        "below": "4.2.3",
-        "atOrAbove": "1.0.0",
+        "atOrAbove": "10.0.0",
+        "below": "12.1.0",
+        "severity": "medium",
         "cwe": [
-          "CWE-22"
+          "CWE-451"
         ],
-        "severity": "high",
         "identifiers": {
-          "summary": "Directory traversal vulnerability in Next.js",
+          "summary": "Improper CSP in Image Optimization API",
           "CVE": [
-            "CVE-2018-6184"
+            "CVE-2022-23646"
           ],
-          "githubID": "GHSA-m34x-wgrh-g897"
+          "githubID": "GHSA-fmvm-x8mv-47mj"
         },
         "info": [
-          "https://github.com/vercel/next.js/security/advisories/GHSA-m34x-wgrh-g897"
+          "https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj"
         ]
       },
       {
-        "below": "5.1.0",
-        "atOrAbove": "0.9.9",
+        "atOrAbove": "12.2.3",
+        "below": "12.2.4",
         "cwe": [
-          "CWE-20"
+          "CWE-248",
+          "CWE-754"
         ],
-        "severity": "high",
+        "severity": "medium",
         "identifiers": {
-          "summary": "Remote Code Execution in next",
-          "githubID": "GHSA-5vj8-3v2h-h38v"
+          "summary": "Unexpected server crash in Next.js",
+          "githubID": "GHSA-wff4-fpwg-qqv3",
+          "CVE": [
+            "CVE-2022-36046"
+          ]
         },
         "info": [
-          "https://github.com/vercel/next.js/security/advisories/GHSA-5vj8-3v2h-h38v"
+          "https://github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3"
         ]
       },
       {
-        "below": "2.4.1",
-        "atOrAbove": "1.0.0",
-        "severity": "high",
+        "atOrAbove": "0.9.9",
+        "below": "13.4.20-canary.13",
         "cwe": [
-          "CWE-22"
+          "CWE-525"
         ],
+        "severity": "low",
         "identifiers": {
-          "summary": "Next.js Directory Traversal Vulnerability",
+          "summary": "Next.js missing cache-control header may lead to CDN caching empty reply",
           "CVE": [
-            "CVE-2017-16877"
+            "CVE-2023-46298"
           ],
-          "githubID": "GHSA-3f5c-4qxj-vmpf"
+          "githubID": "GHSA-c59h-r6p8-q9wc"
         },
         "info": [
-          "https://github.com/vercel/next.js/security/advisories/GHSA-3f5c-4qxj-vmpf"
+          "https://github.com/advisories/GHSA-c59h-r6p8-q9wc"
         ]
       }
     ],
@@ -5781,99 +6092,99 @@
     "npmname": "froala-editor",
     "vulnerabilities": [
       {
-        "below": "4.0.11",
+        "below": "3.2.2",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "XSS vulnerability in [insert video]",
-          "issue": "3880",
-          "githubID": "GHSA-97x5-cc53-cv4v",
-          "CVE": [
-            "CVE-2020-22864"
-          ]
+          "summary": "Security issue: XSS via pasted content",
+          "issue": "3880"
         },
         "info": [
-          "https://github.com/froala/wysiwyg-editor/releases/tag/v4.0.11"
+          "https://froala.com/wysiwyg-editor/changelog/#3.2.2"
         ]
       },
       {
-        "below": "3.2.7",
-        "severity": "high",
+        "below": "3.2.2",
+        "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.",
-          "CVE": [
-            "CVE-2021-28114"
-          ]
+          "summary": "XSS Issue In Link Insertion",
+          "issue": "3270"
         },
         "info": [
-          "https://bishopfox.com/blog/froala-editor-v3-2-6-advisory"
+          "https://github.com/froala/wysiwyg-editor/issues/3270"
         ]
       },
       {
-        "below": "3.2.7",
+        "below": "3.2.3",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "Froala WYSIWYG Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent XSS.",
+          "summary": "DOM-based cross-site scripting in Froala Editor",
+          "githubID": "GHSA-h236-g5gh-vq6c",
           "CVE": [
-            "CVE-2021-30109"
-          ],
-          "githubID": "GHSA-cq6w-w5rj-p9x8"
+            "CVE-2019-19935"
+          ]
         },
         "info": [
-          "https://github.com/froala/wysiwyg-editor/releases/tag/v4.0.11"
+          "https://github.com/advisories/GHSA-h236-g5gh-vq6c"
         ]
       },
       {
-        "below": "3.2.3",
-        "severity": "medium",
+        "below": "3.2.7",
+        "severity": "high",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "DOM-based cross-site scripting in Froala Editor",
-          "githubID": "GHSA-h236-g5gh-vq6c",
+          "summary": "Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.",
           "CVE": [
-            "CVE-2019-19935"
+            "CVE-2021-28114"
           ]
         },
         "info": [
-          "https://github.com/advisories/GHSA-h236-g5gh-vq6c"
+          "https://bishopfox.com/blog/froala-editor-v3-2-6-advisory"
         ]
       },
       {
-        "below": "3.2.2",
+        "below": "3.2.7",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "Security issue: XSS via pasted content",
-          "issue": "3880"
+          "summary": "Froala WYSIWYG Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent XSS.",
+          "CVE": [
+            "CVE-2021-30109"
+          ],
+          "githubID": "GHSA-cq6w-w5rj-p9x8"
         },
         "info": [
-          "https://froala.com/wysiwyg-editor/changelog/#3.2.2"
+          "https://github.com/froala/wysiwyg-editor/releases/tag/v4.0.11"
         ]
       },
       {
-        "below": "3.2.2",
+        "below": "4.0.11",
         "severity": "medium",
         "cwe": [
           "CWE-79"
         ],
         "identifiers": {
-          "summary": "XSS Issue In Link Insertion",
-          "issue": "3270"
+          "summary": "XSS vulnerability in [insert video]",
+          "issue": "3880",
+          "githubID": "GHSA-97x5-cc53-cv4v",
+          "CVE": [
+            "CVE-2020-22864"
+          ]
         },
         "info": [
-          "https://github.com/froala/wysiwyg-editor/issues/3270"
+          "https://github.com/froala/wysiwyg-editor/releases/tag/v4.0.11"
         ]
       }
     ],
@@ -5914,17 +6225,17 @@
   "highcharts": {
     "vulnerabilities": [
       {
-        "below": "9.0.0",
+        "below": "6.1.0",
         "severity": "high",
         "cwe": [
-          "CWE-79"
+          "CWE-1333"
         ],
         "identifiers": {
-          "summary": "Cross-site Scripting (XSS) and Prototype Pollution in Highcharts < 9.0.0",
+          "summary": "Regular Expression Denial of Service in highcharts",
           "CVE": [
-            "CVE-2021-29489"
+            "CVE-2018-20801"
           ],
-          "githubID": "GHSA-8j65-4pcq-xq95"
+          "githubID": "GHSA-xmc8-cjfr-phx3"
         },
         "info": [
           "https://security.snyk.io/vuln/SNYK-JS-HIGHCHARTS-1290057"
@@ -5941,12 +6252,13 @@
           "githubID": "GHSA-gr4j-r575-g665"
         },
         "info": [
+          "https://github.com/advisories/GHSA-gr4j-r575-g665",
           "https://github.com/highcharts/highcharts/issues/13559"
         ]
       },
       {
-        "below": "8.1.1",
         "atOrAbove": "8.0.0",
+        "below": "8.1.1",
         "severity": "high",
         "cwe": [
           "CWE-79"
@@ -5956,21 +6268,22 @@
           "githubID": "GHSA-gr4j-r575-g665"
         },
         "info": [
+          "https://github.com/advisories/GHSA-gr4j-r575-g665",
           "https://github.com/highcharts/highcharts/issues/13559"
         ]
       },
       {
-        "below": "6.1.0",
+        "below": "9.0.0",
         "severity": "high",
         "cwe": [
-          "CWE-1333"
+          "CWE-79"
         ],
         "identifiers": {
-          "summary": "Regular Expression Denial of Service in highcharts",
+          "summary": "Cross-site Scripting (XSS) and Prototype Pollution in Highcharts < 9.0.0",
           "CVE": [
-            "CVE-2018-20801"
+            "CVE-2021-29489"
           ],
-          "githubID": "GHSA-xmc8-cjfr-phx3"
+          "githubID": "GHSA-8j65-4pcq-xq95"
         },
         "info": [
           "https://security.snyk.io/vuln/SNYK-JS-HIGHCHARTS-1290057"
@@ -5988,6 +6301,7 @@
     }
   },
   "dont check": {
+    "vulnerabilities": [],
     "extractors": {
       "uri": [
         "^http[s]?://(ssl|www).google-analytics.com/ga.js",