Tester brancher by adoll-cycode · Pull Request #29 · doll-cycode-org/java-ai-vulnerable

adoll-cycode · 2026-02-20T16:11:37Z

No description provided.

package.json

cycode-security · 2026-02-20T16:11:51Z

package.json

+    "cross-fetch": "3.0.4",
+    "socket.io": "2.3.0",
+    "ws": "5.2.2",
+    "multer": "1.4.2",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency multer

Dependency Paths multer 1.4.2

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-44fp-w29j-9vj5 CVE-2025-47935 HIGH 2.0.0

Highest fixed version: 2.0.0

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:11:52Z

package.json

+    "semver": "5.6.0",
+    "cross-fetch": "3.0.4",
+    "socket.io": "2.3.0",
+    "ws": "5.2.2",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency ws

Dependency Paths ws 5.2.2

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-3h5v-q93c-6h6q CVE-2024-37890 HIGH 5.2.4

GHSA-6fc8-4gx4-v693 CVE-2021-32640 MEDIUM 5.2.3

Highest fixed version: 5.2.4

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:11:53Z

package.json

+    "mongoose": "5.4.0",
+    "sequelize": "5.8.6",
+    "redis": "2.8.0",
+    "got": "9.6.0",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency got

Dependency Paths got 9.6.0

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-pfrx-2q88-qq97 CVE-2022-33987 MEDIUM 11.8.5

Highest fixed version: 11.8.5

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:11:54Z

package.json

+    "pug": "2.0.0-beta6",
+    "jquery": "1.12.4",
+    "xmlhttprequest": "1.8.0",
+    "xml2js": "0.4.17",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency xml2js

Dependency Paths xml2js 0.4.17

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-776f-qx25-q3cc CVE-2023-0842 MEDIUM 0.5.0

Highest fixed version: 0.5.0

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:11:55Z

package.json

+    "moment": "2.18.0",
+    "ejs": "3.1.6",
+    "pug": "2.0.0-beta6",
+    "jquery": "1.12.4",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency jquery

Dependency Paths jquery 1.12.4

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-jpcq-cgw6-v4j6 CVE-2020-11023 MEDIUM 3.5.0

GHSA-rmxg-73gg-4p98 CVE-2015-9251 MEDIUM 3.0.0

GHSA-gxr4-xjj5-5px2 CVE-2020-11022 MEDIUM 3.5.0

GHSA-6c3j-c64m-qhgq CVE-2019-11358 MEDIUM 3.4.0

Highest fixed version: 3.5.0

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:11:56Z

package.json

+    "request": "2.85.0",
+    "tar": "4.4.1",
+    "underscore": "1.9.0",
+    "moment": "2.18.0",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency moment

Dependency Paths moment 2.18.0

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-8hfj-j24r-96c4 CVE-2022-24785 HIGH 2.29.2

GHSA-wc69-rhjr-hc9g CVE-2022-31129 HIGH 2.29.4

GHSA-446m-mv8f-q348 CVE-2017-18214 HIGH 2.19.3

Highest fixed version: 2.29.4

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:11:56Z

package.json

+    "superagent": "3.8.3",
+    "node-fetch": "2.1.2",
+    "debug": "2.6.8",
+    "form-data": "2.3.2",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency form-data

Dependency Paths form-data 2.3.2

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-fjxv-7rqg-78g4 CVE-2025-7783 CRITICAL 2.5.4

Highest fixed version: 2.5.4

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:11:57Z

package.json

+    "express-session": "1.15.6",
+    "connect-mongo": "3.0.0",
+    "mongoose": "5.4.0",
+    "sequelize": "5.8.6",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency sequelize

Dependency Paths sequelize 5.8.6

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-m9jw-237r-gvfv CVE-2019-10752 CRITICAL 5.15.1

GHSA-f598-mfpv-gmfx CVE-2023-22578 CRITICAL 6.29.0

GHSA-vqfx-gj96-3w95 CVE-2023-22579 CRITICAL 6.28.1

GHSA-8c25-f3mj-v6h8 CVE-2023-22580 MEDIUM 6.28.1

GHSA-wrh9-cjv3-2hpw CVE-2023-25813 CRITICAL 6.19.1

GHSA-j9xp-92vc-559j CVE-2019-10748 CRITICAL 5.8.11

Highest fixed version: 6.29.0

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:11:58Z

package.json

+    "shelljs": "0.8.3",
+    "semver": "5.6.0",
+    "cross-fetch": "3.0.4",
+    "socket.io": "2.3.0",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency socket.io

Dependency Paths socket.io 2.3.0

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-25hc-qcg6-38wj CVE-2024-38355 MEDIUM 2.5.1

GHSA-fxwf-4rqh-v8g3 CVE-2020-28481 MEDIUM 2.4.0

Highest fixed version: 2.5.1

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:11:59Z

package.json

+    "tar": "4.4.1",
+    "underscore": "1.9.0",
+    "moment": "2.18.0",
+    "ejs": "3.1.6",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency ejs

Dependency Paths ejs 3.1.6

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-ghr5-ch3p-vcr6 CVE-2024-33883 MEDIUM 3.1.10

GHSA-phwq-j96m-2c2q CVE-2022-29078 CRITICAL 3.1.7

Highest fixed version: 3.1.10

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:12:00Z

package.json

+    "underscore": "1.9.0",
+    "moment": "2.18.0",
+    "ejs": "3.1.6",
+    "pug": "2.0.0-beta6",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency pug

Dependency Paths pug 2.0.0-beta6

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-3965-hpx2-q597 CVE-2024-36361 MEDIUM 3.0.3

GHSA-p493-635q-r6gr CVE-2021-21353 MEDIUM 3.0.1

Highest fixed version: 3.0.3

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:12:01Z

package.json

+    "redis": "2.8.0",
+    "got": "9.6.0",
+    "superagent": "3.8.3",
+    "node-fetch": "2.1.2",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency node-fetch

Dependency Paths node-fetch 2.1.2

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-w7rc-rwvf-8q5r CVE-2020-15168 LOW 2.6.1

GHSA-r683-j2x4-v87g CVE-2022-0235 HIGH 2.6.7

Highest fixed version: 2.6.7

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:12:02Z

package.json

+    "jquery": "1.12.4",
+    "xmlhttprequest": "1.8.0",
+    "xml2js": "0.4.17",
+    "fast-xml-parser": "3.17.4",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency fast-xml-parser

Dependency Paths fast-xml-parser 3.17.4

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-x3cc-x39p-42qx CVE-2023-26920 MEDIUM 4.1.2

Highest fixed version: 4.1.2

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:12:03Z

package.json

+    "socket.io": "2.3.0",
+    "ws": "5.2.2",
+    "multer": "1.4.2",
+    "passport": "0.4.1",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency passport

Dependency Paths passport 0.4.1

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-v923-w3x8-wh69 CVE-2022-25896 MEDIUM 0.6.0

Highest fixed version: 0.6.0

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:12:04Z

package.json

+    "xml2js": "0.4.17",
+    "fast-xml-parser": "3.17.4",
+    "shelljs": "0.8.3",
+    "semver": "5.6.0",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency semver

Dependency Paths semver 5.6.0

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-c2qf-rxjj-qqgw CVE-2022-25883 HIGH 5.7.2

Highest fixed version: 5.7.2

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:12:04Z

package.json

+    "cookie-parser": "1.4.4",
+    "express-session": "1.15.6",
+    "connect-mongo": "3.0.0",
+    "mongoose": "5.4.0",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency mongoose

Dependency Paths mongoose 5.4.0

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-m7xq-9374-9rvx CVE-2024-53900 HIGH 5.13.23

GHSA-vg7j-7cwx-8wgw CVE-2025-23061 CRITICAL 6.13.6

GHSA-h8hf-x3f4-xwgp CVE-2022-24304 CRITICAL 5.13.15

GHSA-8687-vv9j-hgph CVE-2019-17426 CRITICAL 5.7.5

GHSA-f825-f98c-gj3g CVE-2022-2564 HIGH 5.13.15

GHSA-9m93-w8w6-76hh CVE-2023-3696 CRITICAL 5.13.20

Highest fixed version: 6.13.6

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:12:05Z

package.json

+    "node-fetch": "2.1.2",
+    "debug": "2.6.8",
+    "form-data": "2.3.2",
+    "tough-cookie": "2.3.3"


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency tough-cookie

Dependency Paths tough-cookie 2.3.3

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-72xf-g2v4-qvf3 CVE-2023-26136 MEDIUM 4.1.3

Highest fixed version: 4.1.3

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:12:06Z

package.json

+    "xmlhttprequest": "1.8.0",
+    "xml2js": "0.4.17",
+    "fast-xml-parser": "3.17.4",
+    "shelljs": "0.8.3",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency shelljs

Dependency Paths shelljs 0.8.3

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-4rq4-32rv-6wp6 CVE-2022-0144 HIGH 0.8.5

GHSA-64g7-mvw6-v9qj MEDIUM 0.8.5

Highest fixed version: 0.8.5

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security · 2026-02-20T16:12:07Z

package.json

+    "connect-mongo": "3.0.0",
+    "mongoose": "5.4.0",
+    "sequelize": "5.8.6",
+    "redis": "2.8.0",


❗Cycode: Security vulnerabilities found in newly introduced dependency.

Ecosystem NPM

Dependency redis

Dependency Paths redis 2.8.0

Direct Dependency Yes

Development Dependency No

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version

GHSA-35q2-47q7-3pc3 CVE-2021-29469 HIGH 3.1.1

Highest fixed version: 3.1.1

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description

#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only

#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

adoll-cycode added 2 commits February 19, 2026 14:42

Create package.json

f792465

Update package.json

3973a4b

cycode-security bot reviewed Feb 20, 2026

View reviewed changes

package.json Show resolved Hide resolved

cycode-security bot reviewed Feb 20, 2026

View reviewed changes

Merge branch 'main' into tester-brancher

b973aa0

adoll-cycode merged commit 695538e into main Feb 20, 2026
3 of 5 checks passed

adoll-cycode deleted the tester-brancher branch February 20, 2026 16:13


Ecosystem	NPM
Dependency	`multer`
Dependency Paths	`multer 1.4.2`
Direct Dependency	Yes
Development Dependency	No

Tag	Short Description
#cycode_ignore_manifest_here <reason>	Applies to this manifest in this request only
#cycode_ignore_package_everywhere <reason>	Applies to this manifest for this package for all requests in your repository
#cycode_ignore_package_here <reason>	Applies to this manifest for this package in this request only


Ecosystem	NPM
Dependency	`ws`
Dependency Paths	`ws 5.2.2`
Direct Dependency	Yes
Development Dependency	No

GHSA	CVE	Severity	Fixed Version
GHSA-3h5v-q93c-6h6q	CVE-2024-37890	HIGH	5.2.4
GHSA-6fc8-4gx4-v693	CVE-2021-32640	MEDIUM	5.2.3


Ecosystem	NPM
Dependency	`got`
Dependency Paths	`got 9.6.0`
Direct Dependency	Yes
Development Dependency	No


Ecosystem	NPM
Dependency	`xml2js`
Dependency Paths	`xml2js 0.4.17`
Direct Dependency	Yes
Development Dependency	No


Ecosystem	NPM
Dependency	`jquery`
Dependency Paths	`jquery 1.12.4`
Direct Dependency	Yes
Development Dependency	No

GHSA	CVE	Severity	Fixed Version
GHSA-jpcq-cgw6-v4j6	CVE-2020-11023	MEDIUM	3.5.0
GHSA-rmxg-73gg-4p98	CVE-2015-9251	MEDIUM	3.0.0
GHSA-gxr4-xjj5-5px2	CVE-2020-11022	MEDIUM	3.5.0
GHSA-6c3j-c64m-qhgq	CVE-2019-11358	MEDIUM	3.4.0


Ecosystem	NPM
Dependency	`moment`
Dependency Paths	`moment 2.18.0`
Direct Dependency	Yes
Development Dependency	No

GHSA	CVE	Severity	Fixed Version
GHSA-8hfj-j24r-96c4	CVE-2022-24785	HIGH	2.29.2
GHSA-wc69-rhjr-hc9g	CVE-2022-31129	HIGH	2.29.4
GHSA-446m-mv8f-q348	CVE-2017-18214	HIGH	2.19.3


Ecosystem	NPM
Dependency	`form-data`
Dependency Paths	`form-data 2.3.2`
Direct Dependency	Yes
Development Dependency	No


Ecosystem	NPM
Dependency	`sequelize`
Dependency Paths	`sequelize 5.8.6`
Direct Dependency	Yes
Development Dependency	No

GHSA	CVE	Severity	Fixed Version
GHSA-m9jw-237r-gvfv	CVE-2019-10752	CRITICAL	5.15.1
GHSA-f598-mfpv-gmfx	CVE-2023-22578	CRITICAL	6.29.0
GHSA-vqfx-gj96-3w95	CVE-2023-22579	CRITICAL	6.28.1
GHSA-8c25-f3mj-v6h8	CVE-2023-22580	MEDIUM	6.28.1
GHSA-wrh9-cjv3-2hpw	CVE-2023-25813	CRITICAL	6.19.1
GHSA-j9xp-92vc-559j	CVE-2019-10748	CRITICAL	5.8.11


Ecosystem	NPM
Dependency	`socket.io`
Dependency Paths	`socket.io 2.3.0`
Direct Dependency	Yes
Development Dependency	No

GHSA	CVE	Severity	Fixed Version
GHSA-25hc-qcg6-38wj	CVE-2024-38355	MEDIUM	2.5.1
GHSA-fxwf-4rqh-v8g3	CVE-2020-28481	MEDIUM	2.4.0


Ecosystem	NPM
Dependency	`ejs`
Dependency Paths	`ejs 3.1.6`
Direct Dependency	Yes
Development Dependency	No

GHSA	CVE	Severity	Fixed Version
GHSA-ghr5-ch3p-vcr6	CVE-2024-33883	MEDIUM	3.1.10
GHSA-phwq-j96m-2c2q	CVE-2022-29078	CRITICAL	3.1.7


Ecosystem	NPM
Dependency	`pug`
Dependency Paths	`pug 2.0.0-beta6`
Direct Dependency	Yes
Development Dependency	No

GHSA	CVE	Severity	Fixed Version
GHSA-3965-hpx2-q597	CVE-2024-36361	MEDIUM	3.0.3
GHSA-p493-635q-r6gr	CVE-2021-21353	MEDIUM	3.0.1


Ecosystem	NPM
Dependency	`node-fetch`
Dependency Paths	`node-fetch 2.1.2`
Direct Dependency	Yes
Development Dependency	No

Conversation

adoll-cycode commented Feb 20, 2026

Uh oh!

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

cycode-security bot Feb 20, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

GHSA	CVE	Severity	Fixed Version
GHSA-w7rc-rwvf-8q5r	CVE-2020-15168	LOW	2.6.1
GHSA-r683-j2x4-v87g	CVE-2022-0235	HIGH	2.6.7


Ecosystem	NPM
Dependency	`fast-xml-parser`
Dependency Paths	`fast-xml-parser 3.17.4`
Direct Dependency	Yes
Development Dependency	No


Ecosystem	NPM
Dependency	`passport`
Dependency Paths	`passport 0.4.1`
Direct Dependency	Yes
Development Dependency	No


Ecosystem	NPM
Dependency	`semver`
Dependency Paths	`semver 5.6.0`
Direct Dependency	Yes
Development Dependency	No


Ecosystem	NPM
Dependency	`mongoose`
Dependency Paths	`mongoose 5.4.0`
Direct Dependency	Yes
Development Dependency	No

GHSA	CVE	Severity	Fixed Version
GHSA-m7xq-9374-9rvx	CVE-2024-53900	HIGH	5.13.23
GHSA-vg7j-7cwx-8wgw	CVE-2025-23061	CRITICAL	6.13.6
GHSA-h8hf-x3f4-xwgp	CVE-2022-24304	CRITICAL	5.13.15
GHSA-8687-vv9j-hgph	CVE-2019-17426	CRITICAL	5.7.5
GHSA-f825-f98c-gj3g	CVE-2022-2564	HIGH	5.13.15
GHSA-9m93-w8w6-76hh	CVE-2023-3696	CRITICAL	5.13.20


Ecosystem	NPM
Dependency	`tough-cookie`
Dependency Paths	`tough-cookie 2.3.3`
Direct Dependency	Yes
Development Dependency	No


Ecosystem	NPM
Dependency	`shelljs`
Dependency Paths	`shelljs 0.8.3`
Direct Dependency	Yes
Development Dependency	No

GHSA	CVE	Severity	Fixed Version
GHSA-4rq4-32rv-6wp6	CVE-2022-0144	HIGH	0.8.5
GHSA-64g7-mvw6-v9qj		MEDIUM	0.8.5


Ecosystem	NPM
Dependency	`redis`
Dependency Paths	`redis 2.8.0`
Direct Dependency	Yes
Development Dependency	No