Conversation
![cycode-security[bot]](https://avatars.githubusercontent.com/in/39308?s=60&v=4){kind=small}
| "ini": "1.3.5", | ||
| "path-parse": "1.0.6", | ||
| "json-schema": "0.2.3", | ||
| "marked": "0.3.6", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | marked |
| Dependency Paths | marked 0.3.6 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-p9wx-2529-fp83 | CVE-2018-25110 | MEDIUM | 0.3.17 |
| GHSA-rrrm-qjm4-v8hf | CVE-2022-21680 | HIGH | 4.0.10 |
| GHSA-5v2h-r2cx-5xgj | CVE-2022-21681 | HIGH | 4.0.10 |
| GHSA-7px7-7xjx-hxm8 | CVE-2017-1000427 | MEDIUM | 0.3.7 |
| GHSA-x5pg-88wf-qq4p | CVE-2017-16114 | HIGH | 0.3.9 |
Highest fixed version: 4.0.10
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "path-parse": "1.0.6", | ||
| "json-schema": "0.2.3", | ||
| "marked": "0.3.6", | ||
| "dot": "1.1.2", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | dot |
| Dependency Paths | dot 1.1.2 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-297x-8xj4-vcxv | CVE-2020-8141 | HIGH | 1.1.3 |
| GHSA-4859-gpc7-4j66 | MEDIUM |
Highest fixed version: 1.1.3
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "dot": "1.1.2", | ||
| "handlebars": "4.0.11", | ||
| "mysql": "2.16.0", | ||
| "morgan": "1.9.0", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | morgan |
| Dependency Paths | morgan 1.9.0 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-gwg9-rgvj-4h5j | CVE-2019-5413 | CRITICAL | 1.9.1 |
Highest fixed version: 1.9.1
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "minimist": "1.2.0", | ||
| "ini": "1.3.5", | ||
| "path-parse": "1.0.6", | ||
| "json-schema": "0.2.3", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | json-schema |
| Dependency Paths | json-schema 0.2.3 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-896r-f27r-55mw | CVE-2021-3918 | CRITICAL | 0.4.0 |
Highest fixed version: 0.4.0
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "author": "", | ||
| "license": "MIT", | ||
| "dependencies": { | ||
| "lodash": "4.17.4", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | lodash |
| Dependency Paths | lodash 4.17.4 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-xxjr-mmjv-4gpg | CVE-2025-13465 | MEDIUM | 4.17.23 |
| GHSA-29mw-wpgm-hmr9 | CVE-2020-28500 | MEDIUM | 4.17.21 |
| GHSA-x5rq-j2xg-h7qm | CVE-2019-1010266 | MEDIUM | 4.17.11 |
| GHSA-fvqr-27wr-82fm | CVE-2018-3721 | MEDIUM | 4.17.5 |
| GHSA-35jh-r3h4-6jhm | CVE-2021-23337 | HIGH | 4.17.21 |
| GHSA-4xc9-xhrj-v574 | CVE-2018-16487 | HIGH | 4.17.11 |
| GHSA-jf85-cpcp-j695 | CVE-2019-10744 | CRITICAL | 4.17.12 |
| GHSA-p6mc-m468-83gw | CVE-2020-8203 | HIGH | 4.17.19 |
Highest fixed version: 4.17.23
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "dependencies": { | ||
| "lodash": "4.17.4", | ||
| "express": "4.16.0", | ||
| "axios": "0.18.0", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | axios |
| Dependency Paths | axios 0.18.0 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-43fc-jf86-j433 | CVE-2026-25639 | HIGH | 0.30.3 |
| GHSA-jr5f-v2jv-69x6 | CVE-2025-27152 | HIGH | 0.30.0 |
| GHSA-cph5-m8f7-6c5x | CVE-2021-3749 | HIGH | 0.21.2 |
| GHSA-wf5p-g6vw-rhxx | CVE-2023-45857 | MEDIUM | 0.28.0 |
| GHSA-4w2v-q235-vp99 | CVE-2020-28168 | MEDIUM | 0.21.1 |
| GHSA-42xw-2xvc-qx8m | CVE-2019-10742 | HIGH | 0.18.1 |
Highest fixed version: 0.30.3
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "axios": "0.18.0", | ||
| "node-serialize": "0.0.4", | ||
| "serialize-javascript": "1.7.0", | ||
| "minimist": "1.2.0", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | minimist |
| Dependency Paths | minimist 1.2.0 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-xvch-5gv4-984h | CVE-2021-44906 | CRITICAL | 1.2.6 |
| GHSA-vh95-rmgr-6w4m | CVE-2020-7598 | MEDIUM | 1.2.3 |
Highest fixed version: 1.2.6
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "json-schema": "0.2.3", | ||
| "marked": "0.3.6", | ||
| "dot": "1.1.2", | ||
| "handlebars": "4.0.11", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | handlebars |
| Dependency Paths | handlebars 4.0.11 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-w457-6q6x-cgp9 | CVE-2019-19919 | CRITICAL | 4.3.0 |
| GHSA-765h-qjxv-5f44 | CVE-2021-23383 | CRITICAL | 4.7.7 |
| GHSA-2cf5-4w76-r9qv | HIGH | 4.5.2 | |
| GHSA-f2jv-r9rf-7988 | CVE-2021-23369 | CRITICAL | 4.7.7 |
| GHSA-3cqr-58rm-57f8 | CVE-2019-20920 | HIGH | 4.5.3 |
| GHSA-q42p-pg8m-cqh6 | HIGH | 4.0.14 | |
| GHSA-62gr-4qp9-h98f | CVE-2019-20922 | HIGH | 4.4.5 |
| GHSA-q2c6-c6pm-g3gh | HIGH | 4.5.3 | |
| GHSA-g9r4-xpmj-mj65 | HIGH | 4.5.3 | |
| GHSA-f52g-6jhx-586p | MEDIUM | 4.4.5 |
Highest fixed version: 4.7.7
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "express": "4.16.0", | ||
| "axios": "0.18.0", | ||
| "node-serialize": "0.0.4", | ||
| "serialize-javascript": "1.7.0", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | serialize-javascript |
| Dependency Paths | serialize-javascript 1.7.0 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-hxcc-f52p-wc94 | CVE-2020-7660 | HIGH | 3.1.0 |
| GHSA-h9rv-jmmf-4pgx | CVE-2019-16769 | MEDIUM | 2.1.1 |
Highest fixed version: 3.1.0
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "bcrypt": "1.0.3", | ||
| "request": "2.85.0", | ||
| "tar": "4.4.1", | ||
| "underscore": "1.9.0" |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | underscore |
| Dependency Paths | underscore 1.9.0 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-cf4h-3jhx-xvhq | CVE-2021-23358 | CRITICAL | 1.12.1 |
Highest fixed version: 1.12.1
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "mysql": "2.16.0", | ||
| "morgan": "1.9.0", | ||
| "jsonwebtoken": "8.1.0", | ||
| "bcrypt": "1.0.3", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | bcrypt |
| Dependency Paths | bcrypt 1.0.3 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-5wg4-74h6-q47v | CVE-2020-7689 | MEDIUM | 5.0.0 |
Highest fixed version: 5.0.0
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "license": "MIT", | ||
| "dependencies": { | ||
| "lodash": "4.17.4", | ||
| "express": "4.16.0", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | express |
| Dependency Paths | express 4.16.0 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-rv95-896h-c2vc | CVE-2024-29041 | MEDIUM | 4.19.2 |
Highest fixed version: 4.19.2
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "lodash": "4.17.4", | ||
| "express": "4.16.0", | ||
| "axios": "0.18.0", | ||
| "node-serialize": "0.0.4", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | node-serialize |
| Dependency Paths | node-serialize 0.0.4 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-q4v7-4rhw-9hqm | CVE-2017-5941 | CRITICAL |
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "morgan": "1.9.0", | ||
| "jsonwebtoken": "8.1.0", | ||
| "bcrypt": "1.0.3", | ||
| "request": "2.85.0", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | request |
| Dependency Paths | request 2.85.0 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-p8p7-x288-28g6 | CVE-2023-28155 | MEDIUM |
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "serialize-javascript": "1.7.0", | ||
| "minimist": "1.2.0", | ||
| "ini": "1.3.5", | ||
| "path-parse": "1.0.6", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | path-parse |
| Dependency Paths | path-parse 1.0.6 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-hj48-42vr-x3v9 | CVE-2021-23343 | MEDIUM | 1.0.7 |
Highest fixed version: 1.0.7
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "handlebars": "4.0.11", | ||
| "mysql": "2.16.0", | ||
| "morgan": "1.9.0", | ||
| "jsonwebtoken": "8.1.0", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | jsonwebtoken |
| Dependency Paths | jsonwebtoken 8.1.0 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-8cf7-32gw-wr33 | CVE-2022-23539 | HIGH | 9.0.0 |
| GHSA-qwph-4952-7xr6 | CVE-2022-23540 | MEDIUM | 9.0.0 |
| GHSA-hjrf-2m68-5959 | CVE-2022-23541 | MEDIUM | 9.0.0 |
Highest fixed version: 9.0.0
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "jsonwebtoken": "8.1.0", | ||
| "bcrypt": "1.0.3", | ||
| "request": "2.85.0", | ||
| "tar": "4.4.1", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | tar |
| Dependency Paths | tar 4.4.1 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-83g3-92jg-28cx | CVE-2026-26960 | HIGH | 7.5.8 |
| GHSA-34x7-hfp2-rc4v | CVE-2026-24842 | HIGH | 7.5.7 |
| GHSA-r6q2-hw4h-h46w | CVE-2026-23950 | HIGH | 7.5.4 |
| GHSA-8qq5-rm4j-mr97 | CVE-2026-23745 | HIGH | 7.5.3 |
| GHSA-f5x3-32g6-xq36 | CVE-2024-28863 | MEDIUM | 6.2.1 |
| GHSA-qq89-hq3f-393p | CVE-2021-37712 | HIGH | 4.4.18 |
| GHSA-9r2w-394v-53qc | CVE-2021-37701 | HIGH | 4.4.16 |
| GHSA-r628-mhmh-qjhw | CVE-2021-32803 | HIGH | 4.4.15 |
| GHSA-5955-9wpr-37jh | CVE-2021-37713 | HIGH | 4.4.18 |
| GHSA-j44m-qm6p-hp7m | CVE-2018-20834 | HIGH | 4.4.2 |
| GHSA-3jfq-g458-7qm9 | CVE-2021-32804 | HIGH | 4.4.14 |
Highest fixed version: 7.5.8
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
| "license": "MIT", | ||
| "dependencies": { | ||
| "lodash": "4.17.4", | ||
| "express": "4.16.0", |
There was a problem hiding this comment.
❗Cycode: Security vulnerabilities found in newly introduced dependency.
| Ecosystem | NPM |
| Dependency | express |
| Dependency Paths | express 4.16.0 |
| Direct Dependency | Yes |
| Development Dependency | No |
The following vulnerabilities were introduced:
| GHSA | CVE | Severity | Fixed Version |
|---|---|---|---|
| GHSA-qw6h-vgh9-j6wx | CVE-2024-43796 | LOW | 4.20.0 |
| GHSA-rv95-896h-c2vc | CVE-2024-29041 | MEDIUM | 4.19.2 |
Highest fixed version: 4.20.0
Description
Detects when new vulnerabilities affect your dependencies.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_manifest_here <reason> | Applies to this manifest in this request only |
| #cycode_ignore_package_everywhere <reason> | Applies to this manifest for this package for all requests in your repository |
| #cycode_ignore_package_here <reason> | Applies to this manifest for this package in this request only |
1 participant
No description provided.