[Snyk] Fix for 1 vulnerabilities

[TheRedHatter]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[TheRedHatter]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)

[prisma-cloud-devsecops]

libxmljs 0.19.8 / package.json

Total vulnerabilities: 5

Critical: 2	High: 2	Medium: 0	Low: 1

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2024-34391	CRITICAL	8.1	-	Open
CVE-2024-34392	CRITICAL	8.1	-	Open
CVE-2022-25883	HIGH	7.5	-	Open
CVE-2022-25883	HIGH	7.5	-	Open
CVE-2025-5889	LOW	3.1	-	Open

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	libxmljs@​0.19.7 ⏵ 0.19.8	+1		+1
	node-releases@​2.0.10
	fastify-swagger@​4.17.1 ⏵ 5.2.0			-52
	object-keys@​1.1.1
	object.assign@​4.1.4
	object-assign@​4.1.1
	object-copy@​0.1.0
	oauth-sign@​0.9.0
	@​babel/​helper-validator-identifier@​7.19.1 ⏵ 7.27.1
	@​babel/​code-frame@​7.18.6 ⏵ 7.27.1			+2
	@​babel/​helper-string-parser@​7.19.4 ⏵ 7.27.1
	@​babel/​template@​7.20.7 ⏵ 7.27.2
	@​jridgewell/​set-array@​1.1.2 ⏵ 1.2.1			+1
	object-visit@​1.0.1
	@​jridgewell/​trace-mapping@​0.3.17 ⏵ 0.3.25			+1
	fs-minipass@​1.2.7 ⏵ 2.1.0	+1		+1
	minipass@​4.2.4 ⏵ 5.0.0	+1		+1
	npm-run-path@​4.0.1
	jsesc@​2.5.2 ⏵ 3.1.0
	obliterator@​2.0.4
	@​babel/​generator@​7.21.1 ⏵ 7.27.5			+1
	@​babel/​traverse@​7.27.4
See 20 more rows in the dashboard

View full report

[TheRedHatter]

Checkmarx One – Scan Summary & Details – 65ca8bc6-5505-4188-a220-11f2368e1825

New Issues (118)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2004-0989	Npm-libxmljs-0.19.8	details Recommended version: 1.0.0 Description: Multiple buffer overflows in libXML prior to 2.6.15 (libxml2), may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is ... Attack Vector: NETWORK Attack Complexity: LOW ID: PWErh2wsjbX5llG1WACtXNBriOevfjGIpzdVzVWfsK4%3D Vulnerable Package
	CVE-2017-8872	Npm-libxmljs-0.19.8	details Recommended version: 1.0.0 Description: The "htmlParseTryOrFinish" function in "HTMLparser.c" in libxml2 versions prior to 2.9.4 allows attackers to cause a denial of service (buffer ove... Attack Vector: NETWORK Attack Complexity: LOW ID: bmqXfi5M3CNCrV7Tfy99MYxeMHnWd4LWM88eGZTuYJo%3D Vulnerable Package
	CVE-2021-44906	Npm-minimist-1.2.5	details Recommended version: 1.2.6 Description: Minimist through 1.2.5 is vulnerable to Prototype Pollution via file "index.js", function "setKey()" (lines 69-95). Attack Vector: NETWORK Attack Complexity: LOW ID: GXKW7Ip9%2BirzNxfHhTQBU7hsq1z%2Fln%2B8%2FK7HOKd5REE%3D Vulnerable Package
	CVE-2022-39353	Npm-xmldom-0.6.0	details Description: xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-fo... Attack Vector: NETWORK Attack Complexity: LOW ID: Wt4V7QafYxR3j0tJmJUxVyE36A95k8iyn%2BBITEviAFI%3D Vulnerable Package
	CVE-2023-26136	Npm-tough-cookie-2.5.0	details Recommended version: 4.1.3 Description: The package tough-cookie in versions prior to 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar ... Attack Vector: NETWORK Attack Complexity: LOW ID: 4psYLIidtSYJXnGDVtIpxC%2FumJjo9lZSS5iKtQHxy2I%3D Vulnerable Package
	CVE-2023-28154	Npm-webpack-5.28.0	details Recommended version: 5.94.0 Description: Webpack 5.0.0-alpha.0 through 5.75.0 does not avoid cross-realm object access. ''ImportParserPlugin.js'' mishandles the magic comment feature. An a... Attack Vector: NETWORK Attack Complexity: LOW ID: 4wcobckBW37Ua8oF%2F6oqUPB8XfU6Vhj5kIzomV46sGg%3D Vulnerable Package
	CVE-2023-42282	Npm-ip-2.0.0	details Description: An issue in NPM ip package 0.0.2 through 2.0.1 allows an attacker to execute arbitrary code and obtain sensitive information via the "isPublic()" f... Attack Vector: NETWORK Attack Complexity: LOW ID: %2FslAAGMeDWecBnUZpF4Gy%2B467aFLhnLcEwWX3f7QQUE%3D Vulnerable Package
	CVE-2024-42461	Npm-elliptic-6.5.4	details Recommended version: 6.6.1 Description: In the elliptic package, "ECDSA" signature malleability occurs because "BER-encoded" signatures are allowed which leads to Improper Verification of... Attack Vector: NETWORK Attack Complexity: LOW ID: 535Q5hi4my48YWxPuilmoMTYo%2BBwtXOOXd2lb5NScKk%3D Vulnerable Package
	CVE-2024-48949	Npm-elliptic-6.5.4	details Recommended version: 6.6.1 Description: The verify function in "lib/elliptic/eddsa/index.js" in the Elliptic versions 4.0.0 through 6.5.5 for Node.js omits "sig.S().gte(sig.eddsa.curve.n)... Attack Vector: NETWORK Attack Complexity: LOW ID: v3JpQpyL6K0y%2F4tmS4t7pjl0u4pXWEUT2mP07t8GVZM%3D Vulnerable Package
	Cx88b46a98-47a5	Npm-elliptic-6.5.4	details Recommended version: 6.6.1 Description: The elliptic package is a plain JavaScript implementation of elliptic-curve cryptography. Versions of elliptic package prior to 6.6.1 are vulnerabl... Attack Vector: NETWORK Attack Complexity: LOW ID: bxNbivL3Qe5kPmosmocZnblQ5lCqtWsOO5ghXGNAOAU%3D Vulnerable Package
	CVE-2015-5312	Npm-libxmljs-0.19.8	details Recommended version: 1.0.0 Description: The "xmlStringLenDecodeEntities" function in "parser.c" in libxml2 prior to 2.9.3 does not properly prevent entity expansion, which allows context-... Attack Vector: NETWORK Attack Complexity: MEDIUM ID: d%2FFhH1mR0ZnozhfVpBXO3CtFLidm3b52iFoqiAKD4hs%3D Vulnerable Package
	CVE-2016-20018	Npm-knex-0.21.19	details Recommended version: 2.4.0 Description: Knex.js prior to 2.4.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. Attack Vector: NETWORK Attack Complexity: LOW ID: YiERqA3SnhFxvGQitjvSQsH31ScyXcIcGjbL41Y4cyA%3D Vulnerable Package
	CVE-2017-9048	Npm-libxmljs-0.19.8	details Recommended version: 1.0.0 Description: libxml2 versions prior to v2.9.5-rc1 are vulnerable to a stack-based buffer overflow. The function "xmlSnprintfElementContent" in "valid.c" is supp... Attack Vector: NETWORK Attack Complexity: LOW ID: 7BaCLZ%2BlI%2BY%2BBqQJCcznOTCqOAGJs40IguIU4fcGFYI%3D Vulnerable Package
	CVE-2018-14404	Npm-libxmljs-0.19.8	details Recommended version: 1.0.0 Description: A NULL pointer dereference vulnerability exists in the "xpath.c:xmlXPathCompOpEval()" function of libxml2 through 2.9.8 when parsing an invalid XPa... Attack Vector: NETWORK Attack Complexity: LOW ID: Ebnx1iJnPMzOOHMpeb9srkbdvZGxJtgyv5OinDEyC%2B8%3D Vulnerable Package
	CVE-2021-3516	Npm-libxmljs-0.19.8	details Recommended version: 1.0.0 Description: There's a flaw in libxml2's "xmllint" in versions prior to 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint coul... Attack Vector: LOCAL Attack Complexity: LOW ID: Sgw1IZbgRwzVM7oPVS13g%2BuwnJdkw3holaLuaI8j8wA%3D Vulnerable Package
	CVE-2021-3803	Npm-nth-check-1.0.2	details Recommended version: 2.0.1 Description: nth-check prior to 2.0.1 is vulnerable to Inefficient Regular Expression Complexity Attack Vector: NETWORK Attack Complexity: LOW ID: 7va7egTkIOkkToB3GGcVHKHvfiKITrf7GfTD8TA5uAc%3D Vulnerable Package
	CVE-2021-3807	Npm-ansi-regex-3.0.0	details Recommended version: 3.0.1 Description: The package ansi-regex versions 3.x prior to 3.0.1, 4.x prior to 4.1.1, 5.x prior to 5.0.1 and 6.0.x prior to 6.0.1 is vulnerable to Inefficient Re... Attack Vector: NETWORK Attack Complexity: LOW ID: FK7AkbUeQgZMliWI4a2X%2BPBFms2JQndM1JSVFUhRBaE%3D Vulnerable Package
	CVE-2021-3807	Npm-ansi-regex-2.1.1	details Recommended version: 3.0.1 Description: The package ansi-regex versions 3.x prior to 3.0.1, 4.x prior to 4.1.1, 5.x prior to 5.0.1 and 6.0.x prior to 6.0.1 is vulnerable to Inefficient Re... Attack Vector: NETWORK Attack Complexity: LOW ID: ZkChbVA5MdfwbQDQ3oVreMJER%2Bf74HlSXAHa%2FWSqGeQ%3D Vulnerable Package
	CVE-2022-0144	Npm-shelljs-0.8.4	details Recommended version: 0.8.5 Description: shelljs prior to 0.8.5 is vulnerable to Improper Privilege Management. Attack Vector: LOCAL Attack Complexity: LOW ID: jdqgVfKON7nzuUGgU5HCzdaO7EASx2zP%2B8LQ3XDa5ek%3D Vulnerable Package
	CVE-2022-23308	Npm-libxmljs-0.19.8	details Description: "valid.c" in libxml2 prior to 2.9.13 has a use-after-free of ID and IDREF attributes. Attack Vector: NETWORK Attack Complexity: LOW ID: MM35XbVogvyOGf4X0wLrt5MkqIrgZ4t8fMqkwaLuKys%3D Vulnerable Package
	CVE-2022-23539	Npm-jsonwebtoken-8.5.1	details Recommended version: 9.0.0 Description: Versions prior to 9.0.0 `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For e... Attack Vector: NETWORK Attack Complexity: LOW ID: cMZALAlK3pLMjT9IvY0mgtCPR6lvucpL8rHlUXdcImM%3D Vulnerable Package
	CVE-2022-23540	Npm-jsonwebtoken-8.5.1	details Recommended version: 9.0.0 Description: Versions prior to 9.0.0 of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation byp... Attack Vector: NETWORK Attack Complexity: LOW ID: USWhLoNCoDh6Ynp1Mu%2BgUkFR%2BaJF84jFbJC4Knhi7IE%3D Vulnerable Package
	CVE-2022-24999	Npm-qs-6.5.2	details Recommended version: 6.5.3 Description: The qs package as used in Express through 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application becau... Attack Vector: NETWORK Attack Complexity: LOW ID: ASldHOUTMldFcULLfmMmQ46LluRaGjk3Alm7750AGCU%3D Vulnerable Package
	CVE-2022-25883	Npm-semver-7.0.0	details Recommended version: 7.5.2 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW ID: 0cuPL7ZXy2RaNqceMg%2BOn4cknTPHCUoKyL0Go8zCa3k%3D Vulnerable Package
	CVE-2022-25883	Npm-semver-7.3.8	details Recommended version: 7.5.2 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW ID: o0165XOge%2FlhGuCAbFGnGmwG5DeWxf%2F1xSWSPCl1Gyk%3D Vulnerable Package
	CVE-2022-25883	Npm-semver-7.3.5	details Recommended version: 7.5.2 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW ID: oLeouBweHHMUnNm6YN3uY6IYsdYJIce5Z%2FxLH%2B9aPZc%3D Vulnerable Package
	CVE-2022-25883	Npm-semver-5.7.1	details Recommended version: 5.7.2 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW ID: xV7Z%2BnLGLMtecu8cop8e%2FU516BJ7pMQeoRvE5sfkVZc%3D Vulnerable Package
	CVE-2022-25883	Npm-semver-6.3.0	details Recommended version: 6.3.1 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW ID: YCGp8PDCQFJ9Ka%2F7ZyW1yec8ViVWxUhTflEUj3smMkY%3D Vulnerable Package
	CVE-2022-31129	Npm-moment-2.29.2	details Recommended version: 2.29.4 Description: moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an i... Attack Vector: NETWORK Attack Complexity: LOW ID: LhUur3cVFAaV76O4WLUi64RqQGo4UsDqUl1mbPFIFeA%3D Vulnerable Package
	CVE-2022-3517	Npm-minimatch-3.0.4	details Recommended version: 3.0.5 Description: A vulnerability was found in the minimatch package versions prior to 3.0.5. This flaw allows a Regular Expression Denial of Service (ReDoS) when ca... Attack Vector: NETWORK Attack Complexity: LOW ID: 5CMRClkbMTv5dZvieuWhRN33qzvJpv3gAaVB4nEhdHk%3D Vulnerable Package
	CVE-2022-40303	Npm-libxmljs-0.19.8	details Description: An issue was discovered in libxml2 prior to 2.10.3. When parsing a multi-gigabyte XML document with the "XML_PARSE_HUGE" parser option enabled, sev... Attack Vector: NETWORK Attack Complexity: LOW ID: P5j3mIfD1FJKNM0IjWjtjfeOEOu%2F4%2BwQo4%2Bd3Zyyhkk%3D Vulnerable Package
	CVE-2022-40304	Npm-libxmljs-0.19.8	details Description: An issue was discovered in libxml2 prior to 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to sub... Attack Vector: LOCAL Attack Complexity: LOW ID: 0CLltnX%2Fh8vIMDL3iK1X0kuu0DgbupRyHrHS2oaWDss%3D Vulnerable Package
	CVE-2022-46175	Npm-json5-2.2.0	details Recommended version: 2.2.2 Description: JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` met... Attack Vector: NETWORK Attack Complexity: LOW ID: bxHRfFKa0koERiAeKX%2Bd6V0ji41FTBSg7W7F3XJ12SE%3D Vulnerable Package
	CVE-2023-26115	Npm-word-wrap-1.2.3	details Recommended version: 1.2.4 Description: Versions prior to 1.24 of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regu... Attack Vector: NETWORK Attack Complexity: LOW ID: tG4SRFgk4Q0XiA5kc1TozFraOwlmcIhF0lENSvnHejg%3D Vulnerable Package
	CVE-2023-45133	Npm-@babel/traverse-7.16.3	details Recommended version: 7.23.2 Description: Babel is a compiler for writing JavaScript. In `@babel/traverse` versions prior to 7.23.2 and 8.0.x prior to 8.0.0-alpha.4, using Babel to compile ... Attack Vector: LOCAL Attack Complexity: LOW ID: nTz7M8Zh9EvpNJ81Eeo6NzXxry%2FQuPtMaJe8ablOwIY%3D Vulnerable Package
	CVE-2024-21536	Npm-http-proxy-middleware-2.0.6	details Recommended version: 2.0.9 Description: The http-proxy-middleware versions through 2.0.7-beta.0 and 3.0.0-beta.0 through 3.0.2 are vulnerable to Denial of Service (DoS) due to an "Unhandl... Attack Vector: NETWORK Attack Complexity: LOW ID: e6AskX7F9wNLTjdBCyRg2PtJ%2Bp%2B0RHrO5bNP%2BsbWnLk%3D Vulnerable Package
	CVE-2024-21538	Npm-cross-spawn-6.0.5	details Recommended version: 6.0.6 Description: Versions of the package cross-spawn prior to 6.0.6 and 7.x prior to 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS), due to im... Attack Vector: NETWORK Attack Complexity: LOW ID: bdPzE96tBRVUtTMJImu%2BdrzCJOux0F5ipMtBbnTmEus%3D Vulnerable Package
	CVE-2024-21538	Npm-cross-spawn-7.0.3	details Recommended version: 7.0.5 Description: Versions of the package cross-spawn prior to 6.0.6 and 7.x prior to 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS), due to im... Attack Vector: NETWORK Attack Complexity: LOW ID: U1%2BE4UL%2Fm1F37VWA%2B%2BPJgagY%2BxIT7HzWSSqvq9YCa0g%3D Vulnerable Package
	CVE-2024-29415	Npm-ip-2.0.0	details Description: The ip package 0.0.2 through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, a... Attack Vector: NETWORK Attack Complexity: HIGH ID: IoCzW65m%2FcvxOe%2Bu7CasouXlPM97zj1fQZm14r6RjTw%3D Vulnerable Package
	CVE-2024-35220	Npm-@fastify/session-10.1.1	details Recommended version: 10.9.0 Description: The module @fastify/session is a session plugin for fastify that requires the @fastify/cookie plugin. When restoring the cookie from the session st... Attack Vector: NETWORK Attack Complexity: LOW ID: bcPmOuro%2F6rFuS1WS%2FoY2UDbKYxormEKtZYo6YZKaXo%3D Vulnerable Package
	CVE-2024-37890	Npm-ws-8.12.1	details Recommended version: 8.17.1 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW ID: clR%2FX81Ve04b6vAcs%2FWiOX29EhY63GaVJMMY95E3H0w%3D Vulnerable Package
	CVE-2024-37890	Npm-ws-8.12.0	details Recommended version: 8.17.1 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW ID: THPv7UqYpyNxU7LmHGLjb3x7BAHcqfzmWYP2fXPXlxA%3D Vulnerable Package
	CVE-2024-37890	Npm-ws-7.5.9	details Recommended version: 7.5.10 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW ID: zwdlzaRs1jCHuciPfE5c3FMqbVP%2F4EELKRQvnAl2LW8%3D Vulnerable Package
	CVE-2024-4068	Npm-braces-2.3.2	details Recommended version: 3.0.3 Description: The NPM package "braces", versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In... Attack Vector: NETWORK Attack Complexity: LOW ID: 5mxgtUgGyqjtJ2nMKkPPCcrUT3cUCvTHdbbTCbNczfE%3D Vulnerable Package
	CVE-2024-4068	Npm-braces-3.0.2	details Recommended version: 3.0.3 Description: The NPM package "braces", versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In... Attack Vector: NETWORK Attack Complexity: LOW ID: DcfoBt92PPLF6IrcCuJeGR%2Bw8Ayayq1nkAn7RSE0OW4%3D Vulnerable Package
	CVE-2024-45296	Npm-path-to-regexp-3.2.0	details Recommended version: 3.3.0 Description: The path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be explo... Attack Vector: NETWORK Attack Complexity: LOW ID: 966qzYLUI9DxZEM0Lmc8%2BkmFnh%2BUvWxodLIe92n5lpc%3D Vulnerable Package
	CVE-2024-45296	Npm-path-to-regexp-1.8.0	details Recommended version: 1.9.0 Description: The path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be explo... Attack Vector: NETWORK Attack Complexity: LOW ID: bAKW2AQGyFs7zsBHRhrFNQNWoIY3J%2BuJNF2uIVNnSms%3D Vulnerable Package
	CVE-2024-45296	Npm-path-to-regexp-6.2.1	details Recommended version: 6.3.0 Description: The path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be explo... Attack Vector: NETWORK Attack Complexity: LOW ID: TgREgTSNFlPSrSYdxxODmFlmlNNk1MpCFlg2d4ye8nE%3D Vulnerable Package
	CVE-2024-52798	Npm-path-to-regexp-0.1.10	details Recommended version: 0.1.12 Description: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploit... Attack Vector: NETWORK Attack Complexity: LOW ID: SLbowRuSaxbkPLTWmGhe%2BSX4YXwX4YO%2BnpYmrJFRL%2FI%3D Vulnerable Package
	CVE-2025-24033	Npm-@fastify/multipart-7.4.1	details Recommended version: 8.3.1 Description: The package @fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1, and 9.0.x prior to 9.0.3, the `... Attack Vector: NETWORK Attack Complexity: LOW ID: pV0%2FwIQ38KIrdex4LK0o6FZVW0rGHML2P613Icd2TCI%3D Vulnerable Package
	CVE-2025-27152	Npm-axios-0.26.1	details Recommended version: 0.30.0 Description: Axios is a promise-based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to... Attack Vector: NETWORK Attack Complexity: LOW ID: 0S9WM2RGkAwqZo%2BOSTzZSwlbOaISuGc0s6fZmdvtYOE%3D Vulnerable Package
	CVE-2025-27152	Npm-axios-0.21.4	details Recommended version: 0.30.0 Description: Axios is a promise-based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to... Attack Vector: NETWORK Attack Complexity: LOW ID: wOxkmLc9Rt%2FGg1p72LDvYJNwb7hO1%2B%2BDhoJo2W9%2BTYM%3D Vulnerable Package
	Cx10578cb2-c0fc	Npm-cypress-6.9.1	details Recommended version: 10.3.0 Description: The Cypress package in versions prior to 10.3.0 contains a memory leak in the "CdpAutomation" class that stores Data URLs as requests in the "pendi... Attack Vector: NETWORK Attack Complexity: LOW ID: 1xEemLn1G%2BDuuVL9eV%2BwgMzOcRRUI9TYFKwb6%2F%2Fd2ac%3D Vulnerable Package
	Cx62f5bb1b-fa5e	Npm-moment-2.29.2	details Recommended version: 2.29.4 Description: A Regular Expression Denial of Service (ReDoS) in moment 2.18 through 2.29.3 makes the server unavailable when a specially crafted input is provide... Attack Vector: NETWORK Attack Complexity: LOW ID: iTqV1IRfJQqlo9gUiCSFwWMIBWyXT0Y14AOKRDyuWLw%3D Vulnerable Package
	Cxc7705965-e0f0	Npm-@babel/core-7.12.3	details Recommended version: 7.18.6 Description: The @babel/core package versions prior to 7.18.6 were discovered to contain a memory leak vulnerability. Attack Vector: NETWORK Attack Complexity: LOW ID: X0gNHa67oaVqHynANHeeuH08FNAge3AEeBTq%2BOpDBnM%3D Vulnerable Package
	Cxdca8e59f-8bfe	Npm-inflight-1.0.6	details Description: In NPM `inflight` there is a Memory Leak because some resources are not freed correctly after being used. It appears to affect all versions, as the... Attack Vector: NETWORK Attack Complexity: LOW ID: AjV%2Fa0LdvUdyQ0hrV0Vw0ZMRthh8ZkrV1eBuoJgU2aw%3D Vulnerable Package
	CVE-2018-14567	Npm-libxmljs-0.19.8	details Recommended version: 1.0.0 Description: libxml2 prior to v2.9.9-rc1, if "--with-lzma" is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file ... Attack Vector: NETWORK Attack Complexity: LOW ID: Q0bikfa9lueKU9Ci6BzF8g5pm%2FiEA6fSdKKHE7fJ2wA%3D Vulnerable Package
	CVE-2018-9251	Npm-libxmljs-0.19.8	details Recommended version: 1.0.0 Description: The "xz_decomp" function in "xzlib.c" in libxml2 prior to v2.9.9-rc1, if --with-lzma is used, allows remote attackers to cause a Denial of Service ... Attack Vector: NETWORK Attack Complexity: HIGH ID: 1ZQK8aTZwHWqHaOPCO2%2BblyvUv3dPJknDU%2FaGb9zW5o%3D Vulnerable Package
	CVE-2020-24977	Npm-libxmljs-0.19.8	details Recommended version: 1.0.0 Description: GNOME project libxml2 prior to version 2.9.11 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at "libxml2/entities.c". Attack Vector: NETWORK Attack Complexity: LOW ID: f3qaPHTJI%2BSGkFxwv2AQvHlB5XeSmufUX1fgXOFiNOE%3D Vulnerable Package
	CVE-2021-32796	Npm-xmldom-0.6.0	details Description: The xmldom package is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom does not ... Attack Vector: NETWORK Attack Complexity: LOW ID: oNGXWRs47Jq%2FEc6BBJWc4FonRlGIMQBD99Jr%2BWUmy3w%3D Vulnerable Package
	CVE-2021-3537	Npm-libxmljs-0.19.8	details Recommended version: 1.0.0 Description: A vulnerability found in libxml2 in versions prior to 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL... Attack Vector: NETWORK Attack Complexity: HIGH ID: Ihp83YoFW8dMWhHBRmYgAsCO0uxVQaHCRF5nKFZk63I%3D Vulnerable Package
	CVE-2021-3541	Npm-libxmljs-0.19.8	details Recommended version: 1.0.0 Description: A flaw was found in libxml2 before 2.9.11. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leadin... Attack Vector: NETWORK Attack Complexity: LOW ID: kUh%2Bn135IJ1EaLad9KYQh3hxf4PcUC3z%2FB4GgLA%2BrGc%3D Vulnerable Package
	CVE-2022-23541	Npm-jsonwebtoken-8.5.1	details Recommended version: 9.0.0 Description: jsonwebtoken is an implementation of JSON Web Tokens. Versions prior to 9.0.0 of `jsonwebtoken` library can be misconfigured so that passing a poor... Attack Vector: NETWORK Attack Complexity: LOW ID: tmSoVFm4p97LP7Ky%2Fjz%2FfoxCDpdB9pg8iU9zrPVIAnM%3D Vulnerable Package
	CVE-2022-29622	Npm-formidable-2.1.2	details Recommended version: 2.1.3 Description: An arbitrary file upload vulnerability in formidable versions prior to 3.2.4, allows attackers to execute arbitrary code via a crafted "filename". ... Attack Vector: NETWORK Attack Complexity: HIGH ID: VI1RI%2Bafc3NfPjR5xYfVyZggfTv3SwnlXmwnXbHoeKQ%3D Vulnerable Package
	CVE-2022-29824	Npm-libxmljs-0.19.8	details Description: In libxml2 prior to 2.9.14, several buffer handling functions in "buf.c" (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This ... Attack Vector: NETWORK Attack Complexity: LOW ID: %2BGxnLRtXuT8EI0egxKG8FcKIJhCbFnpG337a77JIeB0%3D Vulnerable Package
	CVE-2022-36313	Npm-file-type-16.5.3	details Recommended version: 16.5.4 Description: An issue was discovered in the file-type package versions prior to 16.5.4 and 17.0.x prior to 17.1.3 for "Node.js". A malformed MKV file could caus... Attack Vector: LOCAL Attack Complexity: LOW ID: MMuMyVhEUMwGoqBN3VBoqoPirq1M6nTklNKmz2jrxz8%3D Vulnerable Package
	CVE-2023-26144	Npm-graphql-16.6.0	details Recommended version: 16.8.1 Description: The package graphql is in version 16.3.x prior to 16.8.1, and 17.0.x prior to 17.0.0-alpha.3 are vulnerable to Denial of Service (DoS) due to insuf... Attack Vector: NETWORK Attack Complexity: LOW ID: vvwLT76QTk3fAgjI9ZL5L30ZGnwPhHsWceo20Dk8m9Q%3D Vulnerable Package
	CVE-2023-26159	Npm-follow-redirects-1.14.8	details Recommended version: 1.15.6 Description: The package follow-redirects versions prior to 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the "url.... Attack Vector: NETWORK Attack Complexity: LOW ID: SyGbQ2og7s3mPDWpRbi1SXq4HTOfeOm3mMtV22U0D9E%3D Vulnerable Package
	CVE-2023-28155	Npm-request-2.88.2	details Description: The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-c... Attack Vector: NETWORK Attack Complexity: LOW ID: gUZSmbyG1Tq6wcLr6XVD8NSUL8sivpjDeKZfQFrldxo%3D Vulnerable Package
	CVE-2023-28155	Npm-@cypress/request-2.88.10	details Recommended version: 3.0.0 Description: The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-c... Attack Vector: NETWORK Attack Complexity: LOW ID: IrJ1w%2BnzpiOwPdZDKvS%2FxibTfSQ08ylQW3tcSVVB0IA%3D Vulnerable Package
	CVE-2023-28484	Npm-libxmljs-0.19.8	details Description: In libxml2 versions prior to 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL Pointer Dereference and subsequently a segfault. Thi... Attack Vector: NETWORK Attack Complexity: LOW ID: 27uOHz85Wn%2FHcH3TdWdYr586gk2wVyL70Nl4xYPGJtw%3D Vulnerable Package
	CVE-2023-29469	Npm-libxmljs-0.19.8	details Description: An issue was discovered in libxml2 in versions prior to 2.10.4. When hashing empty dict strings in a crafted XML document, "xmlDictComputeFastKey" ... Attack Vector: NETWORK Attack Complexity: LOW ID: edxwzuAPWQdLzAYKm24VlsQdelQPWCL52G0vgvPv3eI%3D Vulnerable Package
	CVE-2023-44270	Npm-postcss-7.0.39	details Recommended version: 8.4.31 Description: An issue was discovered in postcss versions prior to 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An at... Attack Vector: NETWORK Attack Complexity: LOW ID: IBJaPriyfkQum346sWE8LvLHR5eizUbnNRiz%2FD9O93I%3D Vulnerable Package
	CVE-2023-45857	Npm-axios-0.21.4	details Recommended version: 0.30.0 Description: An issue discovered in Axios, inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN f... Attack Vector: NETWORK Attack Complexity: LOW ID: fpw6k9u1%2BE5jbPuaUfpLdXzXFE2UsRM32xXfBvNHKhg%3D Vulnerable Package
	CVE-2023-45857	Npm-axios-0.26.1	details Recommended version: 0.30.0 Description: An issue discovered in Axios, inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN f... Attack Vector: NETWORK Attack Complexity: LOW ID: n%2FWKj4WiS1A4Q8YreIuhtyQFw2wphtYj1nbEE0on36c%3D Vulnerable Package
	CVE-2024-11831	Npm-serialize-javascript-6.0.1	details Recommended version: 6.0.2 Description: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain i... Attack Vector: NETWORK Attack Complexity: LOW ID: KsbNzE5r4u49z0D6jLZF35twEbqq1mNX9i7ESXtFD3k%3D Vulnerable Package
	CVE-2024-11831	Npm-serialize-javascript-4.0.0	details Recommended version: 6.0.2 Description: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain i... Attack Vector: NETWORK Attack Complexity: LOW ID: tk%2F%2BSACUk1uYKru4IN%2BG1PUFVCH2kU7s5mfcxwtce0M%3D Vulnerable Package
	CVE-2024-24758	Npm-undici-5.21.0	details Recommended version: 5.29.0 Description: Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not... Attack Vector: NETWORK Attack Complexity: LOW ID: 13muANBRFNYHk6JhF8nmmrhqIdDFJUsZJMzg%2F2nDK3Q%3D Vulnerable Package
	CVE-2024-28176	Npm-jose-4.13.1	details Recommended version: 4.15.5 Description: The package jose is a JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JW... Attack Vector: NETWORK Attack Complexity: LOW ID: smpMO23%2BdhnBKg5dnyzYTG%2FOCS5Wu6HC0SfhURpY9e8%3D Vulnerable Package
	CVE-2024-28849	Npm-follow-redirects-1.14.8	details Recommended version: 1.15.6 Description: follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected ver... Attack Vector: NETWORK Attack Complexity: LOW ID: GqL4F6hIEMBCghOzddpuec21RsD6WSQlXPi2A9e%2F1s0%3D Vulnerable Package
	CVE-2024-28849	Npm-follow-redirects-1.15.4	details Recommended version: 1.15.6 Description: follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected ver... Attack Vector: NETWORK Attack Complexity: LOW ID: RzM5Jw93qlPRZGXv%2FUkcXd4ISCcqcR534%2F8VpkPsqvg%3D Vulnerable Package
	CVE-2024-29409	Npm-@nestjs/common-9.3.9	details Recommended version: 10.4.16 Description: A File upload vulnerability in NestJS allows a remote attacker to execute arbitrary code through the Content-Type header. Versions through 10.4.15 ... Attack Vector: NETWORK Attack Complexity: LOW ID: LwZ1un8rQaN82Y5%2F3wdAlcIzuWv%2BW4%2BkSwqkvT5OirI%3D Vulnerable Package
	CVE-2024-30260	Npm-undici-5.21.0	details Recommended version: 5.29.0 Description: Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did... Attack Vector: NETWORK Attack Complexity: LOW ID: fDoGiQabREsvk9nf9KwaOnVpL6EF4REDiLVw7zewasY%3D Vulnerable Package

More results are available on the CxOne platform