Merge pull request #2 from itay-gh-stg/whitesource/configure
Security Report
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2022-37601Path to dependency file: /package.json Path to vulnerable library: /node_modules/worker-loader/node_modules/loader-utils/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> worker-loader-0.7.1.tgz -> ❌ loader-utils-0.2.17.tgz (Vulnerable Library) |
 Critical |
9.8 | loader-utils-0.2.17.tgz | Upgrade to version: loader-utils - v2.0.0 | #3 |
CVE-2020-7746Path to dependency file: /package.json Path to vulnerable library: /node_modules/chart.js/package.json Dependency Hierarchy: -> ❌ chart.js-2.9.3.tgz (Vulnerable Library) |
Critical |
9.8 | chart.js-2.9.3.tgz | Upgrade to version: chart.js - 2.9.4 | #7 |
CVE-2019-17495Path to dependency file: /package.json Path to vulnerable library: /node_modules/swagger-ui/package.json Dependency Hierarchy: -> ❌ swagger-ui-3.2.2.tgz (Vulnerable Library) |
Critical |
9.8 | swagger-ui-3.2.2.tgz | Upgrade to version: 3.23.11 | #3 |
CVE-2018-3750Path to dependency file: /package.json Path to vulnerable library: /node_modules/deep-extend/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> ❌ deep-extend-0.4.1.tgz (Vulnerable Library) |
Critical |
9.8 | deep-extend-0.4.1.tgz | Upgrade to version: 0.5.1 | #3 |
CVE-2022-1650Path to dependency file: /package.json Path to vulnerable library: /node_modules/eventsource/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> sockjs-client-1.1.2.tgz -> ❌ eventsource-0.1.6.tgz (Vulnerable Library) |
Critical |
9.3 | eventsource-0.1.6.tgz | Upgrade to version: eventsource - 1.1.1,2.0.2 | #3 |
CVE-2019-10744Path to dependency file: /package.json Path to vulnerable library: /node_modules/lodash/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> ❌ lodash-4.17.2.tgz (Vulnerable Library) |
Critical |
9.1 | lodash-4.17.2.tgz | Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 | #3 |
CVE-2022-46175Path to dependency file: /package.json Path to vulnerable library: /node_modules/worker-loader/node_modules/json5/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> worker-loader-0.7.1.tgz -> loader-utils-0.2.17.tgz -> ❌ json5-0.5.1.tgz (Vulnerable Library) |
 High |
8.8 | json5-0.5.1.tgz | Upgrade to version: json5 - 2.2.2 | #3 |
CVE-2018-3728Path to dependency file: /package.json Path to vulnerable library: /node_modules/hoek/package.json Dependency Hierarchy: -> firebase-4.4.0.tgz (Root Library) -> jsonwebtoken-7.4.3.tgz -> joi-6.10.1.tgz -> ❌ hoek-2.16.3.tgz (Vulnerable Library) |
High |
8.8 | hoek-2.16.3.tgz | Upgrade to version: 4.2.0,5.0.3 | #6 |
CVE-2022-23539Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> firebase-4.4.0.tgz (Root Library) -> ❌ jsonwebtoken-7.4.3.tgz (Vulnerable Library) |
High |
8.1 | jsonwebtoken-7.4.3.tgz | Upgrade to version: jsonwebtoken - 9.0.0 | #6 |
CVE-2022-23540Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> firebase-4.4.0.tgz (Root Library) -> ❌ jsonwebtoken-7.4.3.tgz (Vulnerable Library) |
High |
7.6 | jsonwebtoken-7.4.3.tgz | Upgrade to version: jsonwebtoken - 9.0.0 | #6 |
CVE-2022-23529Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> firebase-4.4.0.tgz (Root Library) -> ❌ jsonwebtoken-7.4.3.tgz (Vulnerable Library) |
High |
7.6 | jsonwebtoken-7.4.3.tgz | Upgrade to version: jsonwebtoken - 9.0.0 | #6 |
CVE-2022-31129Path to dependency file: /package.json Path to vulnerable library: /node_modules/moment/package.json Dependency Hierarchy: -> ❌ moment-2.19.3.tgz (Vulnerable Library) |
High |
7.5 | moment-2.19.3.tgz | Upgrade to version: moment - 2.29.4 | #10 |
CVE-2022-25887Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> ❌ sanitize-html-1.27.5.tgz (Vulnerable Library) |
High |
7.5 | sanitize-html-1.27.5.tgz | Upgrade to version: sanitize-html - 2.7.1 | #3 |
CVE-2022-24785Path to dependency file: /package.json Path to vulnerable library: /node_modules/moment/package.json Dependency Hierarchy: -> ❌ moment-2.19.3.tgz (Vulnerable Library) |
High |
7.5 | moment-2.19.3.tgz | Upgrade to version: moment - 2.29.2 | #10 |
CVE-2022-24772Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> selfsigned-1.10.14.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High |
7.5 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #3 |
CVE-2022-24771Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> selfsigned-1.10.14.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High |
7.5 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #3 |
CVE-2021-33623Path to dependency file: /package.json Path to vulnerable library: /node_modules/trim-newlines/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> internal-ip-1.2.0.tgz -> meow-3.7.0.tgz -> ❌ trim-newlines-1.0.0.tgz (Vulnerable Library) |
High |
7.5 | trim-newlines-1.0.0.tgz | Upgrade to version: trim-newlines - 3.0.1, 4.0.1 | #3 |
CVE-2021-23446Path to dependency file: /package.json Path to vulnerable library: /node_modules/handsontable/package.json Dependency Hierarchy: -> ng2-handsontable-1.0.3.tgz (Root Library) -> ❌ handsontable-0.31.2.tgz (Vulnerable Library) |
High |
7.5 | handsontable-0.31.2.tgz | Upgrade to version: handsontable - 10.0.0 | #5 |
CVE-2021-23424Path to dependency file: /package.json Path to vulnerable library: /node_modules/ansi-html/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> ❌ ansi-html-0.0.7.tgz (Vulnerable Library) |
High |
7.5 | ansi-html-0.0.7.tgz | Upgrade to version: VueJS.NetCore - 1.1.1;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;NorDroN.AngularTemplate - 0.1.6;CoreVueWebTest - 3.0.101;dotnetng.template - 1.0.0.4;Fable.Template.Elmish.React - 0.1.6;SAFE.Template - 3.0.1;GR.PageRender.Razor - 1.8.0;Envisia.DotNet.Templates - 3.0.1 | #3 |
CVE-2020-28469Path to dependency file: /package.json Path to vulnerable library: /node_modules/glob-base/node_modules/glob-parent/package.json,/node_modules/webpack-dev-server/node_modules/glob-parent/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> chokidar-1.7.0.tgz -> ❌ glob-parent-2.0.0.tgz (Vulnerable Library) |
High |
7.5 | glob-parent-2.0.0.tgz | Upgrade to version: glob-parent - 5.1.2 | #3 |
CVE-2018-14732Path to dependency file: /package.json Path to vulnerable library: /node_modules/webpack-dev-server/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> ❌ webpack-dev-server-2.5.0.tgz (Vulnerable Library) |
High |
7.5 | webpack-dev-server-2.5.0.tgz | Upgrade to version: 3.1.6 | #3 |
CVE-2020-8203Path to dependency file: /package.json Path to vulnerable library: /node_modules/lodash/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> ❌ lodash-4.17.2.tgz (Vulnerable Library) |
High |
7.4 | lodash-4.17.2.tgz | Upgrade to version: lodash - 4.17.19 | #3 |
CVE-2021-23337Path to dependency file: /package.json Path to vulnerable library: /node_modules/lodash/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> ❌ lodash-4.17.2.tgz (Vulnerable Library) |
High |
7.2 | lodash-4.17.2.tgz | Upgrade to version: lodash - 4.17.21 | #3 |
WS-2022-0008Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> selfsigned-1.10.14.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
 Medium |
6.6 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.0.0 | #3 |
WS-2019-0172Path to dependency file: /package.json Path to vulnerable library: /node_modules/swagger-ui/package.json Dependency Hierarchy: -> ❌ swagger-ui-3.2.2.tgz (Vulnerable Library) |
Medium |
6.5 | swagger-ui-3.2.2.tgz | Upgrade to version: 3.20.9 | #3 |
CVE-2019-1010266Path to dependency file: /package.json Path to vulnerable library: /node_modules/lodash/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> ❌ lodash-4.17.2.tgz (Vulnerable Library) |
Medium |
6.5 | lodash-4.17.2.tgz | Upgrade to version: 4.17.11 | #3 |
CVE-2018-3721Path to dependency file: /package.json Path to vulnerable library: /node_modules/lodash/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> ❌ lodash-4.17.2.tgz (Vulnerable Library) |
Medium |
6.5 | lodash-4.17.2.tgz | Upgrade to version: 4.17.5 | #3 |
CVE-2022-23541Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> firebase-4.4.0.tgz (Root Library) -> ❌ jsonwebtoken-7.4.3.tgz (Vulnerable Library) |
Medium |
6.3 | jsonwebtoken-7.4.3.tgz | Upgrade to version: jsonwebtoken - 9.0.0 | #6 |
WS-2017-3770Path to dependency file: /package.json Path to vulnerable library: /node_modules/autolinker/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> react-remarkable-1.1.1.tgz -> remarkable-1.7.4.tgz -> ❌ autolinker-0.28.1.tgz (Vulnerable Library) |
Medium |
6.1 | autolinker-0.28.1.tgz | Upgrade to version: autolinker - 3.14.0 | #3 |
CVE-2022-0235Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-fetch/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> react-addons-perf-15.4.2.tgz -> fbjs-0.8.18.tgz -> isomorphic-fetch-2.2.1.tgz -> ❌ node-fetch-1.7.3.tgz (Vulnerable Library) |
Medium |
6.1 | node-fetch-1.7.3.tgz | Upgrade to version: node-fetch - 2.6.7,3.1.1 | #3 |
CVE-2022-0122Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> selfsigned-1.10.14.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium |
6.1 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.0.0 | #3 |
CVE-2020-11023Path to dependency file: /package.json Path to vulnerable library: /node_modules/jquery/package.json Dependency Hierarchy: -> ❌ jquery-3.2.1.tgz (Vulnerable Library) |
Medium |
6.1 | jquery-3.2.1.tgz | Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0 | #8 |
CVE-2020-11022Path to dependency file: /package.json Path to vulnerable library: /node_modules/jquery/package.json Dependency Hierarchy: -> ❌ jquery-3.2.1.tgz (Vulnerable Library) |
Medium |
6.1 | jquery-3.2.1.tgz | Upgrade to version: jQuery - 3.5.0 | #8 |
CVE-2019-8331Path to dependency file: /package.json Path to vulnerable library: /node_modules/bootstrap/package.json Dependency Hierarchy: -> ❌ bootstrap-4.0.0-beta.tgz (Vulnerable Library) |
Medium |
6.1 | bootstrap-4.0.0-beta.tgz | Upgrade to version: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1 | #9 |
CVE-2019-11358Path to dependency file: /package.json Path to vulnerable library: /node_modules/jquery/package.json Dependency Hierarchy: -> ❌ jquery-3.2.1.tgz (Vulnerable Library) |
Medium |
6.1 | jquery-3.2.1.tgz | Upgrade to version: jquery - 3.4.0 | #8 |
CVE-2016-10735Path to dependency file: /package.json Path to vulnerable library: /node_modules/bootstrap/package.json Dependency Hierarchy: -> ❌ bootstrap-4.0.0-beta.tgz (Vulnerable Library) |
Medium |
6.1 | bootstrap-4.0.0-beta.tgz | Upgrade to version: bootstrap - 3.4.0, 4.0.0-beta.2 | #9 |
CVE-2018-16487Path to dependency file: /package.json Path to vulnerable library: /node_modules/lodash/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> ❌ lodash-4.17.2.tgz (Vulnerable Library) |
Medium |
5.6 | lodash-4.17.2.tgz | Upgrade to version: 4.17.11 | #3 |
WS-2018-0593Path to dependency file: /package.json Path to vulnerable library: /node_modules/swagger-ui/package.json Dependency Hierarchy: -> ❌ swagger-ui-3.2.2.tgz (Vulnerable Library) |
Medium |
5.4 | swagger-ui-3.2.2.tgz | Upgrade to version: v3.18.0 | #3 |
CVE-2021-4231Path to dependency file: /package.json Path to vulnerable library: /node_modules/@angular/core/package.json Dependency Hierarchy: -> ❌ core-4.4.3.tgz (Vulnerable Library) |
Medium |
5.4 | core-4.4.3.tgz | Upgrade to version: @angular/core -10.2.5,11.0.5 ,11.1.0-next.3 | #4 |
WS-2019-0540Path to dependency file: /package.json Path to vulnerable library: /node_modules/autolinker/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> react-remarkable-1.1.1.tgz -> remarkable-1.7.4.tgz -> ❌ autolinker-0.28.1.tgz (Vulnerable Library) |
Medium |
5.3 | autolinker-0.28.1.tgz | Upgrade to version: autolinker - 3.0.0 | #3 |
CVE-2022-24773Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-forge/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> selfsigned-1.10.14.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium |
5.3 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #3 |
CVE-2021-26540Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> ❌ sanitize-html-1.27.5.tgz (Vulnerable Library) |
Medium |
5.3 | sanitize-html-1.27.5.tgz | Upgrade to version: 2.3.2 | #3 |
CVE-2021-26539Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> ❌ sanitize-html-1.27.5.tgz (Vulnerable Library) |
Medium |
5.3 | sanitize-html-1.27.5.tgz | Upgrade to version: 2.3.1 | #3 |
CVE-2020-7693Path to dependency file: /package.json Path to vulnerable library: /node_modules/sockjs/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> ❌ sockjs-0.3.18.tgz (Vulnerable Library) |
Medium |
5.3 | sockjs-0.3.18.tgz | Upgrade to version: sockjs - 0.3.20 | #3 |
CVE-2020-7608Path to dependency file: /package.json Path to vulnerable library: /node_modules/yargs-parser/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> yargs-6.6.0.tgz -> ❌ yargs-parser-4.2.1.tgz (Vulnerable Library) |
Medium |
5.3 | yargs-parser-4.2.1.tgz | Upgrade to version: 5.0.1;13.1.2;15.0.1;18.1.1 | #3 |
CVE-2020-28500Path to dependency file: /package.json Path to vulnerable library: /node_modules/lodash/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> ❌ lodash-4.17.2.tgz (Vulnerable Library) |
Medium |
5.3 | lodash-4.17.2.tgz | Upgrade to version: lodash - 4.17.21 | #3 |
CVE-2020-15168Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-fetch/package.json Dependency Hierarchy: -> swagger-ui-3.2.2.tgz (Root Library) -> react-addons-perf-15.4.2.tgz -> fbjs-0.8.18.tgz -> isomorphic-fetch-2.2.1.tgz -> ❌ node-fetch-1.7.3.tgz (Vulnerable Library) |
Medium |
5.3 | node-fetch-1.7.3.tgz | Upgrade to version: 2.6.1,3.0.0-beta.9 | #3 |
WS-2019-0171Path to dependency file: /package.json Path to vulnerable library: /node_modules/swagger-ui/package.json Dependency Hierarchy: -> ❌ swagger-ui-3.2.2.tgz (Vulnerable Library) |
Medium |
4.3 | swagger-ui-3.2.2.tgz | Upgrade to version: 3.18.0 | #3 |
CVE-2018-25031Path to dependency file: /package.json Path to vulnerable library: /node_modules/swagger-ui/package.json Dependency Hierarchy: -> ❌ swagger-ui-3.2.2.tgz (Vulnerable Library) |
Medium |
4.3 | swagger-ui-3.2.2.tgz | Upgrade to version: swagger-ui - 4.1.3;swagger-ui-dist - 4.1.3 | #3 |
Total libraries scanned: 729
Scan token: ff0b19136d7d433d8cf6ababf51843ca