Skip to content

Create package.json #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
adoll-cycode merged 1 commit into from
Feb 19, 2026
Merged

Create package.json #28

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
"name": "java-ai-vulnerable",
"version": "1.0.0",
"description": "Intentionally vulnerable application for security testing and SCA scanning demos",
"main": "test.js",
"scripts": {
"start": "node test.js",
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": ["vulnerable", "security", "demo"],
"author": "",
"license": "MIT",
"dependencies": {
"lodash": "4.17.4",

Check failure on line 14 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L14 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency lodash
Dependency Paths lodash 4.17.4
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-xxjr-mmjv-4gpg CVE-2025-13465 MEDIUM 4.17.23
GHSA-29mw-wpgm-hmr9 CVE-2020-28500 MEDIUM 4.17.21
GHSA-x5rq-j2xg-h7qm CVE-2019-1010266 MEDIUM 4.17.11
GHSA-fvqr-27wr-82fm CVE-2018-3721 MEDIUM 4.17.5
GHSA-35jh-r3h4-6jhm CVE-2021-23337 HIGH 4.17.21
GHSA-4xc9-xhrj-v574 CVE-2018-16487 HIGH 4.17.11
GHSA-jf85-cpcp-j695 CVE-2019-10744 CRITICAL 4.17.12
GHSA-p6mc-m468-83gw CVE-2020-8203 HIGH 4.17.19

Highest fixed version: 4.17.23

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"express": "4.16.0",

Check failure on line 15 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L15 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency express
Dependency Paths express 4.16.0
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-rv95-896h-c2vc CVE-2024-29041 MEDIUM 4.19.2

Highest fixed version: 4.19.2

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency express
Dependency Paths express 4.16.0
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-qw6h-vgh9-j6wx CVE-2024-43796 LOW 4.20.0
GHSA-rv95-896h-c2vc CVE-2024-29041 MEDIUM 4.19.2

Highest fixed version: 4.20.0

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"axios": "0.18.0",

Check failure on line 16 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L16 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency axios
Dependency Paths axios 0.18.0
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-43fc-jf86-j433 CVE-2026-25639 HIGH 0.30.3
GHSA-jr5f-v2jv-69x6 CVE-2025-27152 HIGH 0.30.0
GHSA-cph5-m8f7-6c5x CVE-2021-3749 HIGH 0.21.2
GHSA-wf5p-g6vw-rhxx CVE-2023-45857 MEDIUM 0.28.0
GHSA-4w2v-q235-vp99 CVE-2020-28168 MEDIUM 0.21.1
GHSA-42xw-2xvc-qx8m CVE-2019-10742 HIGH 0.18.1

Highest fixed version: 0.30.3

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"node-serialize": "0.0.4",

Check failure on line 17 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L17 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency node-serialize
Dependency Paths node-serialize 0.0.4
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-q4v7-4rhw-9hqm CVE-2017-5941 CRITICAL
Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"serialize-javascript": "1.7.0",

Check failure on line 18 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L18 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency serialize-javascript
Dependency Paths serialize-javascript 1.7.0
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-hxcc-f52p-wc94 CVE-2020-7660 HIGH 3.1.0
GHSA-h9rv-jmmf-4pgx CVE-2019-16769 MEDIUM 2.1.1

Highest fixed version: 3.1.0

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"minimist": "1.2.0",

Check failure on line 19 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L19 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency minimist
Dependency Paths minimist 1.2.0
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-xvch-5gv4-984h CVE-2021-44906 CRITICAL 1.2.6
GHSA-vh95-rmgr-6w4m CVE-2020-7598 MEDIUM 1.2.3

Highest fixed version: 1.2.6

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"ini": "1.3.5",
"path-parse": "1.0.6",

Check failure on line 21 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L21 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency path-parse
Dependency Paths path-parse 1.0.6
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-hj48-42vr-x3v9 CVE-2021-23343 MEDIUM 1.0.7

Highest fixed version: 1.0.7

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"json-schema": "0.2.3",

Check failure on line 22 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L22 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency json-schema
Dependency Paths json-schema 0.2.3
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-896r-f27r-55mw CVE-2021-3918 CRITICAL 0.4.0

Highest fixed version: 0.4.0

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"marked": "0.3.6",

Check failure on line 23 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L23 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency marked
Dependency Paths marked 0.3.6
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-p9wx-2529-fp83 CVE-2018-25110 MEDIUM 0.3.17
GHSA-rrrm-qjm4-v8hf CVE-2022-21680 HIGH 4.0.10
GHSA-5v2h-r2cx-5xgj CVE-2022-21681 HIGH 4.0.10
GHSA-7px7-7xjx-hxm8 CVE-2017-1000427 MEDIUM 0.3.7
GHSA-x5pg-88wf-qq4p CVE-2017-16114 HIGH 0.3.9

Highest fixed version: 4.0.10

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"dot": "1.1.2",

Check failure on line 24 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L24 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency dot
Dependency Paths dot 1.1.2
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-297x-8xj4-vcxv CVE-2020-8141 HIGH 1.1.3
GHSA-4859-gpc7-4j66 MEDIUM

Highest fixed version: 1.1.3

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"handlebars": "4.0.11",

Check failure on line 25 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L25 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency handlebars
Dependency Paths handlebars 4.0.11
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-w457-6q6x-cgp9 CVE-2019-19919 CRITICAL 4.3.0
GHSA-765h-qjxv-5f44 CVE-2021-23383 CRITICAL 4.7.7
GHSA-2cf5-4w76-r9qv HIGH 4.5.2
GHSA-f2jv-r9rf-7988 CVE-2021-23369 CRITICAL 4.7.7
GHSA-3cqr-58rm-57f8 CVE-2019-20920 HIGH 4.5.3
GHSA-q42p-pg8m-cqh6 HIGH 4.0.14
GHSA-62gr-4qp9-h98f CVE-2019-20922 HIGH 4.4.5
GHSA-q2c6-c6pm-g3gh HIGH 4.5.3
GHSA-g9r4-xpmj-mj65 HIGH 4.5.3
GHSA-f52g-6jhx-586p MEDIUM 4.4.5

Highest fixed version: 4.7.7

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"mysql": "2.16.0",
"morgan": "1.9.0",

Check failure on line 27 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L27 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency morgan
Dependency Paths morgan 1.9.0
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-gwg9-rgvj-4h5j CVE-2019-5413 CRITICAL 1.9.1

Highest fixed version: 1.9.1

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"jsonwebtoken": "8.1.0",

Check failure on line 28 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L28 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency jsonwebtoken
Dependency Paths jsonwebtoken 8.1.0
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-8cf7-32gw-wr33 CVE-2022-23539 HIGH 9.0.0
GHSA-qwph-4952-7xr6 CVE-2022-23540 MEDIUM 9.0.0
GHSA-hjrf-2m68-5959 CVE-2022-23541 MEDIUM 9.0.0

Highest fixed version: 9.0.0

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"bcrypt": "1.0.3",

Check failure on line 29 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L29 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency bcrypt
Dependency Paths bcrypt 1.0.3
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-5wg4-74h6-q47v CVE-2020-7689 MEDIUM 5.0.0

Highest fixed version: 5.0.0

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"request": "2.85.0",

Check failure on line 30 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L30 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency request
Dependency Paths request 2.85.0
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-p8p7-x288-28g6 CVE-2023-28155 MEDIUM
Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"tar": "4.4.1",

Check failure on line 31 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L31 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency tar
Dependency Paths tar 4.4.1
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-83g3-92jg-28cx CVE-2026-26960 HIGH 7.5.8
GHSA-34x7-hfp2-rc4v CVE-2026-24842 HIGH 7.5.7
GHSA-r6q2-hw4h-h46w CVE-2026-23950 HIGH 7.5.4
GHSA-8qq5-rm4j-mr97 CVE-2026-23745 HIGH 7.5.3
GHSA-f5x3-32g6-xq36 CVE-2024-28863 MEDIUM 6.2.1
GHSA-qq89-hq3f-393p CVE-2021-37712 HIGH 4.4.18
GHSA-9r2w-394v-53qc CVE-2021-37701 HIGH 4.4.16
GHSA-r628-mhmh-qjhw CVE-2021-32803 HIGH 4.4.15
GHSA-5955-9wpr-37jh CVE-2021-37713 HIGH 4.4.18
GHSA-j44m-qm6p-hp7m CVE-2018-20834 HIGH 4.4.2
GHSA-3jfq-g458-7qm9 CVE-2021-32804 HIGH 4.4.14

Highest fixed version: 7.5.8

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

"underscore": "1.9.0"

Check failure on line 32 in package.json

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

package.json#L32 

Vulnerability found in dependency found
Copy link

@cycode-security cycode-security bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem NPM
Dependency underscore
Dependency Paths underscore 1.9.0
Direct Dependency Yes
Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-cf4h-3jhx-xvhq CVE-2021-23358 CRITICAL 1.12.1

Highest fixed version: 1.12.1

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

},
"devDependencies": {
"mocha": "5.2.0",
"eslint": "4.18.2"
}
}
Loading