Merge pull request #1 from Arpitha890/whitesource/configure
Security Report
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2023-37903Path to dependency file: /package.json Path to vulnerable library: /node_modules/vm2/package.json Dependency Hierarchy: -> juicy-chat-bot-0.8.0.tgz (Root Library) -> ❌ vm2-3.9.17.tgz (Vulnerable Library) |
 Critical |
10.0 | vm2-3.9.17.tgz | #5 | |
CVE-2023-37466Path to dependency file: /package.json Path to vulnerable library: /node_modules/vm2/package.json Dependency Hierarchy: -> juicy-chat-bot-0.8.0.tgz (Root Library) -> ❌ vm2-3.9.17.tgz (Vulnerable Library) |
Critical |
10.0 | vm2-3.9.17.tgz | #5 | |
CVE-2023-32314Path to dependency file: /package.json Path to vulnerable library: /node_modules/vm2/package.json Dependency Hierarchy: -> juicy-chat-bot-0.8.0.tgz (Root Library) -> ❌ vm2-3.9.17.tgz (Vulnerable Library) |
Critical |
10.0 | vm2-3.9.17.tgz | Upgrade to version: vm2 - 3.9.18 | #5 |
CVE-2023-26136Path to dependency file: /package.json Path to vulnerable library: /node_modules/request/node_modules/tough-cookie/package.json Dependency Hierarchy: -> request-2.88.2.tgz (Root Library) -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library) |
Critical |
9.8 | tough-cookie-2.5.0.tgz | Upgrade to version: tough-cookie - 4.1.3 | #14 |
CVE-2020-12265Path to dependency file: /package.json Path to vulnerable library: /node_modules/decompress-tar/package.json Dependency Hierarchy: -> download-8.0.0.tgz (Root Library) -> decompress-4.2.1.tgz -> ❌ decompress-tar-4.1.1.tgz (Vulnerable Library) |
Critical |
9.8 | decompress-tar-4.1.1.tgz | Upgrade to version: decompress - 4.2.1, decompress-tar - No fix version available | #6 |
CVE-2015-9235Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> ❌ jsonwebtoken-0.4.0.tgz (Vulnerable Library) |
Critical |
9.8 | jsonwebtoken-0.4.0.tgz | Upgrade to version: jsonwebtoken - 4.2.0 | #15 |
CVE-2015-9235Path to dependency file: /package.json Path to vulnerable library: /node_modules/express-jwt/node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> express-jwt-0.1.3.tgz (Root Library) -> ❌ jsonwebtoken-0.1.0.tgz (Vulnerable Library) |
Critical |
9.8 | jsonwebtoken-0.1.0.tgz | Upgrade to version: jsonwebtoken - 4.2.0 | #2 |
CVE-2023-46233Path to dependency file: /package.json Path to vulnerable library: /node_modules/crypto-js/package.json Dependency Hierarchy: -> pdfkit-0.11.0.tgz (Root Library) -> ❌ crypto-js-3.3.0.tgz (Vulnerable Library) |
Critical |
9.1 | crypto-js-3.3.0.tgz | Upgrade to version: crypto-js - 4.2.0 | #12 |
CVE-2020-15084Path to dependency file: /package.json Path to vulnerable library: /node_modules/express-jwt/package.json Dependency Hierarchy: -> ❌ express-jwt-0.1.3.tgz (Vulnerable Library) |
Critical |
9.1 | express-jwt-0.1.3.tgz | Upgrade to version: 6.0.0 | #2 |
CVE-2019-10744Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/node_modules/lodash/package.json Dependency Hierarchy: -> sanitize-html-1.4.2.tgz (Root Library) -> ❌ lodash-2.4.2.tgz (Vulnerable Library) |
Critical |
9.1 | lodash-2.4.2.tgz | Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 | #4 |
CVE-2022-23539Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> ❌ jsonwebtoken-0.4.0.tgz (Vulnerable Library) |
 High |
8.1 | jsonwebtoken-0.4.0.tgz | Upgrade to version: jsonwebtoken - 9.0.0 | #15 |
CVE-2022-23539Path to dependency file: /package.json Path to vulnerable library: /node_modules/express-jwt/node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> express-jwt-0.1.3.tgz (Root Library) -> ❌ jsonwebtoken-0.1.0.tgz (Vulnerable Library) |
High |
8.1 | jsonwebtoken-0.1.0.tgz | Upgrade to version: jsonwebtoken - 9.0.0 | #2 |
CVE-2022-23540Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> ❌ jsonwebtoken-0.4.0.tgz (Vulnerable Library) |
High |
7.6 | jsonwebtoken-0.4.0.tgz | Upgrade to version: jsonwebtoken - 9.0.0 | #15 |
CVE-2022-23540Path to dependency file: /package.json Path to vulnerable library: /node_modules/express-jwt/node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> express-jwt-0.1.3.tgz (Root Library) -> ❌ jsonwebtoken-0.1.0.tgz (Vulnerable Library) |
High |
7.6 | jsonwebtoken-0.1.0.tgz | Upgrade to version: jsonwebtoken - 9.0.0 | #2 |
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /node_modules/braces/package.json Dependency Hierarchy: -> check-dependencies-1.1.1.tgz (Root Library) -> findup-sync-2.0.0.tgz -> micromatch-3.1.10.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library) |
High |
7.5 | braces-2.3.2.tgz | #16 | |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/micromatch/package.json Dependency Hierarchy: -> check-dependencies-1.1.1.tgz (Root Library) -> findup-sync-2.0.0.tgz -> ❌ micromatch-3.1.10.tgz (Vulnerable Library) |
High |
7.5 | micromatch-3.1.10.tgz | #16 | |
CVE-2023-32695Path to dependency file: /package.json Path to vulnerable library: /node_modules/socket.io/node_modules/socket.io-parser/package.json Dependency Hierarchy: -> socket.io-3.1.2.tgz (Root Library) -> ❌ socket.io-parser-4.0.5.tgz (Vulnerable Library) |
High |
7.5 | socket.io-parser-4.0.5.tgz | Upgrade to version: socket.io-parser - 3.4.3,4.2.3 | #13 |
CVE-2022-25887Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/package.json Dependency Hierarchy: -> ❌ sanitize-html-1.4.2.tgz (Vulnerable Library) |
High |
7.5 | sanitize-html-1.4.2.tgz | Upgrade to version: sanitize-html - 2.7.1 | #4 |
CVE-2022-25881Path to dependency file: /package.json Path to vulnerable library: /node_modules/http-cache-semantics/package.json Dependency Hierarchy: -> download-8.0.0.tgz (Root Library) -> got-8.3.2.tgz -> cacheable-request-2.1.4.tgz -> ❌ http-cache-semantics-3.8.1.tgz (Vulnerable Library) |
High |
7.5 | http-cache-semantics-3.8.1.tgz | Upgrade to version: http-cache-semantics - 4.1.1;org.webjars.npm:http-cache-semantics:4.1.1 | #6 |
CVE-2022-24785Path to dependency file: /package.json Path to vulnerable library: /node_modules/express-jwt/node_modules/moment/package.json Dependency Hierarchy: -> express-jwt-0.1.3.tgz (Root Library) -> jsonwebtoken-0.1.0.tgz -> ❌ moment-2.0.0.tgz (Vulnerable Library) |
High |
7.5 | moment-2.0.0.tgz | Upgrade to version: moment - 2.29.2 | #2 |
CVE-2017-18214Path to dependency file: /package.json Path to vulnerable library: /node_modules/express-jwt/node_modules/moment/package.json Dependency Hierarchy: -> express-jwt-0.1.3.tgz (Root Library) -> jsonwebtoken-0.1.0.tgz -> ❌ moment-2.0.0.tgz (Vulnerable Library) |
High |
7.5 | moment-2.0.0.tgz | Upgrade to version: moment - 2.19.3 | #2 |
CVE-2020-8203Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/node_modules/lodash/package.json Dependency Hierarchy: -> sanitize-html-1.4.2.tgz (Root Library) -> ❌ lodash-2.4.2.tgz (Vulnerable Library) |
High |
7.4 | lodash-2.4.2.tgz | Upgrade to version: lodash - 4.17.19 | #4 |
CVE-2021-23337Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/node_modules/lodash/package.json Dependency Hierarchy: -> sanitize-html-1.4.2.tgz (Root Library) -> ❌ lodash-2.4.2.tgz (Vulnerable Library) |
High |
7.2 | lodash-2.4.2.tgz | Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 | #4 |
WS-2018-0096Path to dependency file: /package.json Path to vulnerable library: /node_modules/base64url/package.json Dependency Hierarchy: -> jsonwebtoken-0.4.0.tgz (Root Library) -> jws-0.2.6.tgz -> ❌ base64url-0.0.6.tgz (Vulnerable Library) |
High |
7.1 | base64url-0.0.6.tgz | Upgrade to version: 3.0.0 | #15 |
CVE-2024-28863Path to dependency file: /package.json Path to vulnerable library: /node_modules/node-pre-gyp/node_modules/tar/package.json Dependency Hierarchy: -> node-pre-gyp-0.15.0.tgz (Root Library) -> ❌ tar-4.4.19.tgz (Vulnerable Library) |
 Medium |
6.5 | tar-4.4.19.tgz | Upgrade to version: tar - 6.2.1 | #11 |
CVE-2022-41940Path to dependency file: /package.json Path to vulnerable library: /node_modules/engine.io/package.json Dependency Hierarchy: -> socket.io-3.1.2.tgz (Root Library) -> ❌ engine.io-4.1.2.tgz (Vulnerable Library) |
Medium |
6.5 | engine.io-4.1.2.tgz | Upgrade to version: engine.io - 3.6.1,6.2.1 | #13 |
CVE-2021-23771Path to dependency file: /package.json Path to vulnerable library: /node_modules/notevil/package.json Dependency Hierarchy: -> ❌ notevil-1.3.3.tgz (Vulnerable Library) |
Medium |
6.5 | notevil-1.3.3.tgz | #8 | |
CVE-2019-1010266Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/node_modules/lodash/package.json Dependency Hierarchy: -> sanitize-html-1.4.2.tgz (Root Library) -> ❌ lodash-2.4.2.tgz (Vulnerable Library) |
Medium |
6.5 | lodash-2.4.2.tgz | Upgrade to version: lodash-4.17.11 | #4 |
CVE-2018-3721Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/node_modules/lodash/package.json Dependency Hierarchy: -> sanitize-html-1.4.2.tgz (Root Library) -> ❌ lodash-2.4.2.tgz (Vulnerable Library) |
Medium |
6.5 | lodash-2.4.2.tgz | Upgrade to version: lodash 4.17.5 | #4 |
CVE-2016-4055Path to dependency file: /package.json Path to vulnerable library: /node_modules/express-jwt/node_modules/moment/package.json Dependency Hierarchy: -> express-jwt-0.1.3.tgz (Root Library) -> jsonwebtoken-0.1.0.tgz -> ❌ moment-2.0.0.tgz (Vulnerable Library) |
Medium |
6.5 | moment-2.0.0.tgz | Upgrade to version: moment - 2.11.2 | #2 |
CVE-2022-23541Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> ❌ jsonwebtoken-0.4.0.tgz (Vulnerable Library) |
Medium |
6.3 | jsonwebtoken-0.4.0.tgz | Upgrade to version: jsonwebtoken - 9.0.0 | #15 |
CVE-2022-23541Path to dependency file: /package.json Path to vulnerable library: /node_modules/express-jwt/node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> express-jwt-0.1.3.tgz (Root Library) -> ❌ jsonwebtoken-0.1.0.tgz (Vulnerable Library) |
Medium |
6.3 | jsonwebtoken-0.1.0.tgz | Upgrade to version: jsonwebtoken - 9.0.0 | #2 |
WS-2019-0309Path to dependency file: /package.json Path to vulnerable library: /node_modules/marsdb/package.json Dependency Hierarchy: -> ❌ marsdb-0.6.11.tgz (Vulnerable Library) |
Medium |
6.2 | marsdb-0.6.11.tgz | #3 | |
CVE-2023-28155Path to dependency file: /package.json Path to vulnerable library: /node_modules/request/package.json Dependency Hierarchy: -> ❌ request-2.88.2.tgz (Vulnerable Library) |
Medium |
6.1 | request-2.88.2.tgz | Upgrade to version: @cypress/request - 3.0.0 | #14 |
CVE-2020-11023Path to dependency file: /frontend/src/index.html Path to vulnerable library: /frontend/src/index.html Dependency Hierarchy: -> ❌ jquery-2.2.4.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-2.2.4.min.js | Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0 | #9 |
CVE-2020-11022Path to dependency file: /frontend/src/index.html Path to vulnerable library: /frontend/src/index.html Dependency Hierarchy: -> ❌ jquery-2.2.4.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-2.2.4.min.js | Upgrade to version: jQuery - 3.5.0 | #9 |
CVE-2019-11358Path to dependency file: /frontend/src/index.html Path to vulnerable library: /frontend/src/index.html Dependency Hierarchy: -> ❌ jquery-2.2.4.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-2.2.4.min.js | Upgrade to version: jquery - 3.4.0 | #9 |
CVE-2017-16016Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/package.json Dependency Hierarchy: -> ❌ sanitize-html-1.4.2.tgz (Vulnerable Library) |
Medium |
6.1 | sanitize-html-1.4.2.tgz | Upgrade to version: 1.11.2 | #4 |
CVE-2016-1000237Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/package.json Dependency Hierarchy: -> ❌ sanitize-html-1.4.2.tgz (Vulnerable Library) |
Medium |
6.1 | sanitize-html-1.4.2.tgz | Upgrade to version: sanitize-html - 1.4.3 | #4 |
CVE-2015-9251Path to dependency file: /frontend/src/index.html Path to vulnerable library: /frontend/src/index.html Dependency Hierarchy: -> ❌ jquery-2.2.4.min.js (Vulnerable Library) |
Medium |
6.1 | jquery-2.2.4.min.js | Upgrade to version: jQuery - 3.0.0 | #9 |
CVE-2018-16487Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/node_modules/lodash/package.json Dependency Hierarchy: -> sanitize-html-1.4.2.tgz (Root Library) -> ❌ lodash-2.4.2.tgz (Vulnerable Library) |
Medium |
5.6 | lodash-2.4.2.tgz | Upgrade to version: lodash 4.17.11 | #4 |
WS-2016-0075Path to dependency file: /package.json Path to vulnerable library: /node_modules/express-jwt/node_modules/moment/package.json Dependency Hierarchy: -> express-jwt-0.1.3.tgz (Root Library) -> jsonwebtoken-0.1.0.tgz -> ❌ moment-2.0.0.tgz (Vulnerable Library) |
Medium |
5.3 | moment-2.0.0.tgz | Upgrade to version: moment - 2.15.2 | #2 |
CVE-2024-21501Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/package.json Dependency Hierarchy: -> ❌ sanitize-html-1.4.2.tgz (Vulnerable Library) |
Medium |
5.3 | sanitize-html-1.4.2.tgz | Upgrade to version: sanitize-html - 2.12.1 | #4 |
CVE-2023-32313Path to dependency file: /package.json Path to vulnerable library: /node_modules/vm2/package.json Dependency Hierarchy: -> juicy-chat-bot-0.8.0.tgz (Root Library) -> ❌ vm2-3.9.17.tgz (Vulnerable Library) |
Medium |
5.3 | vm2-3.9.17.tgz | Upgrade to version: vm2 - 3.9.18 | #5 |
CVE-2022-33987Path to dependency file: /package.json Path to vulnerable library: /node_modules/got/package.json Dependency Hierarchy: -> download-8.0.0.tgz (Root Library) -> ❌ got-8.3.2.tgz (Vulnerable Library) |
Medium |
5.3 | got-8.3.2.tgz | Upgrade to version: got - 11.8.5,12.1.0 | #6 |
CVE-2021-32822Path to dependency file: /package.json Path to vulnerable library: /node_modules/hbs/package.json Dependency Hierarchy: -> ❌ hbs-4.2.0.tgz (Vulnerable Library) |
Medium |
5.3 | hbs-4.2.0.tgz | #10 | |
CVE-2021-26540Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/package.json Dependency Hierarchy: -> ❌ sanitize-html-1.4.2.tgz (Vulnerable Library) |
Medium |
5.3 | sanitize-html-1.4.2.tgz | Upgrade to version: 2.3.2 | #4 |
CVE-2021-26539Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/package.json Dependency Hierarchy: -> ❌ sanitize-html-1.4.2.tgz (Vulnerable Library) |
Medium |
5.3 | sanitize-html-1.4.2.tgz | Upgrade to version: 2.3.1 | #4 |
CVE-2020-7639Path to dependency file: /package.json Path to vulnerable library: /node_modules/eivindfjeldstad-dot/package.json Dependency Hierarchy: -> yaml-schema-validator-1.2.3.tgz (Root Library) -> validate-4.5.1.tgz -> ❌ eivindfjeldstad-dot-0.0.1.tgz (Vulnerable Library) |
Medium |
5.3 | eivindfjeldstad-dot-0.0.1.tgz | Upgrade to version: @eivifj/dot - 1.0.3 | #7 |
CVE-2020-28500Path to dependency file: /package.json Path to vulnerable library: /node_modules/sanitize-html/node_modules/lodash/package.json Dependency Hierarchy: -> sanitize-html-1.4.2.tgz (Root Library) -> ❌ lodash-2.4.2.tgz (Vulnerable Library) |
Medium |
5.3 | lodash-2.4.2.tgz | Upgrade to version: lodash - 4.17.21 | #4 |
CVE-2016-1000223Path to dependency file: /package.json Path to vulnerable library: /node_modules/jws/package.json Dependency Hierarchy: -> express-jwt-0.1.3.tgz (Root Library) -> jsonwebtoken-0.1.0.tgz -> ❌ jws-0.2.6.tgz (Vulnerable Library) |
Medium |
4.6 | jws-0.2.6.tgz | Upgrade to version: 3.0.0 | #2 |
Total libraries scanned: 988
Scan token: 479fe8d109764c24a8298514c3c7c795