[Snyk] Fix for 42 vulnerabilities #221

TheRedHatter · 2025-07-11T06:44:45Z

Snyk has created this PR to fix 42 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

package.json
package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Out-of-Bounds SNYK-JS-LIBXMLJS-10557411	776
	XML External Entity (XXE) Injection SNYK-JS-LIBXMLJS-10557412	776
	Out-of-Bounds SNYK-JS-LIBXMLJS-10557414	776
	Use of Externally-Controlled Format String SNYK-JS-LIBXMLJS-10557422	776
	Out-of-Bounds SNYK-JS-LIBXMLJS-10557431	776
	Out-of-bounds Read SNYK-JS-LIBXMLJS-10557390	741
	Use After Free SNYK-JS-LIBXMLJS-10557401	726
	Out-of-bounds Write SNYK-JS-LIBXMLJS-10557402	726
	Use After Free SNYK-JS-LIBXMLJS-10557403	726
	Use After Free SNYK-JS-LIBXMLJS-10557432	726
	Out-of-bounds Write SNYK-JS-LIBXMLJS-10557439	716
	Denial of Service (DoS) SNYK-JS-WS-7266574	696
	Out-of-Bounds SNYK-JS-LIBXMLJS-10557434	691
	Out-of-Bounds SNYK-JS-LIBXMLJS-10557418	676
	Out-of-Bounds SNYK-JS-LIBXMLJS-10557419	676
	Improper Input Validation SNYK-JS-LIBXMLJS-10557391	661
	NULL Pointer Dereference SNYK-JS-LIBXMLJS-10557404	661
	Improper Input Validation SNYK-JS-LIBXMLJS-10557405	661
	Memory Leak SNYK-JS-LIBXMLJS-10557408	661
	Denial of Service (DoS) SNYK-JS-LIBXMLJS-10557413	661
	Deserialization of Untrusted Data SNYK-JS-LIBXMLJS-10557421	661
	Out-of-bounds Read SNYK-JS-LIBXMLJS-10557424	661
	Out-of-bounds Read SNYK-JS-LIBXMLJS-10557425	661
	Out-of-Bounds SNYK-JS-LIBXMLJS-10557430	661
	Denial of Service (DoS) SNYK-JS-LIBXMLJS-10557433	661
	Out-of-Bounds SNYK-JS-LIBXMLJS-10557436	661
	Out-of-Bounds SNYK-JS-LIBXMLJS-10557437	661
	Improper Input Validation SNYK-JS-LIBXMLJS-10557407	641
	Out-of-Bounds SNYK-JS-LIBXMLJS-10557389	611
	Denial of Service (DoS) SNYK-JS-LIBXMLJS-10557409	611
	Denial of Service (DoS) SNYK-JS-LIBXMLJS-10557415	611
	Out-of-bounds Read SNYK-JS-LIBXMLJS-10557416	611
	Denial of Service (DoS) SNYK-JS-LIBXMLJS-10557417	611
	Denial of Service (DoS) SNYK-JS-LIBXMLJS-10557429	611
	NULL Pointer Dereference SNYK-JS-LIBXMLJS-10557435	581
	Out-of-bounds Read SNYK-JS-LIBXMLJS-10557406	561
	Out-of-bounds Read SNYK-JS-LIBXMLJS-10557410	561
	Use After Free SNYK-JS-LIBXMLJS-10557420	561
	XML External Entity (XXE) Injection SNYK-JS-LIBXMLJS-10557423	561
	Use After Free SNYK-JS-LIBXMLJS-10557440	561
	Out-of-bounds Read SNYK-JS-LIBXMLJS-10557441	561
	Denial of Service (DoS) SNYK-JS-LIBXMLJS-10557428	551

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation
🦉 Use After Free
🦉 NULL Pointer Dereference
🦉 More lessons are available in Snyk Learn

TheRedHatter · 2025-07-11T06:45:10Z

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)

socket-security · 2025-07-11T06:45:25Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Quality	Maintenance	License
	libxmljs@0.19.7 ⏵ 1.0.0	⁺²	⁺⁵		⁺¹⁰
	node-releases@2.0.10
	object-keys@1.1.1
	object.assign@4.1.4
	object-assign@4.1.1
	object-copy@0.1.0
	cross-inspect@1.0.0
	oauth-sign@0.9.0
	@graphql-tools/schema@9.0.17 ⏵ 10.0.4	⁺¹	⁺¹	⁺¹
	@babel/helper-validator-identifier@7.19.1 ⏵ 7.27.1
	@graphql-tools/merge@8.4.0 ⏵ 9.0.4	⁺¹	⁺¹	⁺²
	@babel/code-frame@7.18.6 ⏵ 7.27.1		⁺²
	@graphql-tools/utils@9.2.1 ⏵ 10.2.3		⁺¹	^-3
	@babel/helper-string-parser@7.19.4 ⏵ 7.27.1
	@babel/template@7.20.7 ⏵ 7.27.2
	@babel/helper-globals@7.28.0
	object-visit@1.0.1
	on-exit-leak-free@2.1.0
	dset@3.1.4
	npm-run-path@4.0.1
	jsesc@2.5.2 ⏵ 3.1.0
	obliterator@2.0.4
	fast-glob@3.2.12 ⏵ 3.3.2	⁺¹	⁺¹
	@babel/generator@7.21.1 ⏵ 7.28.0		⁺¹
	@babel/traverse@7.28.0
	object.defaults@1.1.0
	object.pick@1.3.0
	@babel/parser@7.21.2 ⏵ 7.28.0		⁺¹
	@babel/types@7.21.2 ⏵ 7.28.0	⁺¹
	object.map@1.0.1
	chokidar@3.5.3 ⏵ 3.6.0	⁺¹
	normalize-path@3.0.0
	object-inspect@1.12.3
See 11 more rows in the dashboard

View full report

prisma-cloud-devsecops · 2025-07-11T06:45:30Z

package.json

    "@nestjs/config": "^2.3.1",
    "@nestjs/core": "^9.3.9",
-    "@nestjs/graphql": "^11.0.0",
+    "@nestjs/graphql": "^12.2.0",


@nestjs/graphql 12.2.0 / package.json

Total vulnerabilities: 3

Critical: 0 High: 2 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2024-4068 HIGH 7.5 - Open

CVE-2024-37890 HIGH 7.5 - Open

CVE-2024-4067 MEDIUM 5.3 - Open

prisma-cloud-devsecops · 2025-07-11T06:45:31Z

package.json

    "jwk-to-pem": "^2.0.5",
    "jwt-simple": "^0.5.6",
-    "libxmljs": "^0.19.7",
+    "libxmljs": "^1.0.0",


libxmljs 1.0.0 / package.json

Total vulnerabilities: 6

Critical: 2 High: 2 Medium: 1 Low: 1

Vulnerability ID Severity CVSS Fixed in Status

CVE-2024-34391 CRITICAL 8.1 - Open

CVE-2024-34392 CRITICAL 8.1 - Open

CVE-2022-25883 HIGH 7.5 - Open

CVE-2022-25883 HIGH 7.5 - Open

CVE-2024-28863 MEDIUM 6.5 - Open

CVE-2025-5889 LOW 3.1 - Open

TheRedHatter · 2025-07-11T06:57:12Z

Checkmarx One – Scan Summary & Details – ec24a262-1385-4f3a-b6f7-c082c9404772

New Issues (114)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2021-44906	Npm-minimist-1.2.5	details Recommended version: 1.2.6 Description: Minimist through 1.2.5 is vulnerable to Prototype Pollution via file "index.js", function "setKey()" (lines 69-95). Attack Vector: NETWORK Attack Complexity: LOW `ID: zWSFM3JLcQWaBPUAcyozCgR5rSIIgq%2FLe5FZqXpvJHQ%3D` Vulnerable Package
CVE-2022-39353	Npm-xmldom-0.6.0	details Description: xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-fo... Attack Vector: NETWORK Attack Complexity: LOW `ID: zBkG5l6LhJ7ClilE1SQfszSrmO7l8E7eljIvVXpEp2Y%3D` Vulnerable Package
CVE-2023-26136	Npm-tough-cookie-2.5.0	details Recommended version: 4.1.3 Description: The package tough-cookie in versions prior to 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar ... Attack Vector: NETWORK Attack Complexity: LOW `ID: T9viDobPafLG0fgJrfUpgDuc5QXlA7DtBVXT9R%2BsEBY%3D` Vulnerable Package
CVE-2023-28154	Npm-webpack-5.28.0	details Recommended version: 5.94.0 Description: Webpack 5.0.0-alpha.0 through 5.75.0 does not avoid cross-realm object access. ''ImportParserPlugin.js'' mishandles the magic comment feature. An a... Attack Vector: NETWORK Attack Complexity: LOW `ID: 2uj3xQIu7C5kAnsxDDSQawuW3y47s%2BC%2FEAALZnMJzmU%3D` Vulnerable Package
CVE-2023-42282	Npm-ip-2.0.0	details Description: An issue in NPM ip package 0.0.2 through 2.0.1 allows an attacker to execute arbitrary code and obtain sensitive information via the "isPublic()" f... Attack Vector: NETWORK Attack Complexity: LOW `ID: VoeaWHx1w4QoWai1xyf7SPhL6Hru%2FI1aqipueF8NIZ0%3D` Vulnerable Package
CVE-2024-42461	Npm-elliptic-6.5.4	details Recommended version: 6.6.1 Description: In the elliptic package, "ECDSA" signature malleability occurs because "BER-encoded" signatures are allowed which leads to Improper Verification of... Attack Vector: NETWORK Attack Complexity: LOW `ID: vFwdyxXHxMst0yhIctMo6T0tPz9s7QbUw0Yl%2FZYC83U%3D` Vulnerable Package
CVE-2024-48949	Npm-elliptic-6.5.4	details Recommended version: 6.6.1 Description: The verify function in "lib/elliptic/eddsa/index.js" in the Elliptic versions 4.0.0 through 6.5.5 for Node.js omits "sig.S().gte(sig.eddsa.curve.n)... Attack Vector: NETWORK Attack Complexity: LOW `ID: 4EpdXM05JgI3noTBRtR5yqJlcNx0b%2FOTtVKbGsk4n90%3D` Vulnerable Package
CVE-2025-49794	Npm-libxmljs-1.0.0	details Description: A Use-After-Free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schemat... Attack Vector: NETWORK Attack Complexity: LOW `ID: ATEx2r0WUAZk5Z4xtp1n0bLDop6l0Gm%2B6nCHYoYG8zw%3D` Vulnerable Package
CVE-2025-49796	Npm-libxmljs-1.0.0	details Description: A vulnerability was found in libxml2. Processing certain "sch:name" elements from the input XML file can trigger a memory corruption issue. This fl... Attack Vector: NETWORK Attack Complexity: LOW `ID: Q8%2FA2F6J1FSrfGsYfwg2vCkbkIr3I%2FE4l9GF2cKaJe4%3D` Vulnerable Package
Cx88b46a98-47a5	Npm-elliptic-6.5.4	details Recommended version: 6.6.1 Description: The elliptic package is a plain JavaScript implementation of elliptic-curve cryptography. Versions of elliptic package prior to 6.6.1 are vulnerabl... Attack Vector: NETWORK Attack Complexity: LOW `ID: nH95MYbLEOklDy6AMeaDiKQYsmAH7PjV4YJM99SL2T0%3D` Vulnerable Package
CVE-2016-20018	Npm-knex-0.21.19	details Recommended version: 2.4.0 Description: Knex.js prior to 2.4.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. Attack Vector: NETWORK Attack Complexity: LOW `ID: MdP2%2BLsqGddNVBmDw%2BK9pe3acGSC7xDHH6cX7S0Z1DM%3D` Vulnerable Package
CVE-2021-3803	Npm-nth-check-1.0.2	details Recommended version: 2.0.1 Description: nth-check prior to 2.0.1 is vulnerable to Inefficient Regular Expression Complexity Attack Vector: NETWORK Attack Complexity: LOW `ID: FFl4VIYNRrSw9JQRM8gikDmCRGSMOv8bce0OXcwWQZA%3D` Vulnerable Package
CVE-2021-3807	Npm-ansi-regex-3.0.0	details Recommended version: 3.0.1 Description: The package ansi-regex versions 3.x prior to 3.0.1, 4.x prior to 4.1.1, 5.x prior to 5.0.1 and 6.0.x prior to 6.0.1 is vulnerable to Inefficient Re... Attack Vector: NETWORK Attack Complexity: LOW `ID: 8V069wTEFeW2OuSL6I6kG882IbDQmUzZueAYDmu1Q6M%3D` Vulnerable Package
CVE-2021-3807	Npm-ansi-regex-2.1.1	details Recommended version: 3.0.1 Description: The package ansi-regex versions 3.x prior to 3.0.1, 4.x prior to 4.1.1, 5.x prior to 5.0.1 and 6.0.x prior to 6.0.1 is vulnerable to Inefficient Re... Attack Vector: NETWORK Attack Complexity: LOW `ID: Z8sMbnyKO6bxouNwR0sfRRMLwgmA9U5GE3pAZoSj%2B2g%3D` Vulnerable Package
CVE-2022-0144	Npm-shelljs-0.8.4	details Recommended version: 0.8.5 Description: shelljs prior to 0.8.5 is vulnerable to Improper Privilege Management. Attack Vector: LOCAL Attack Complexity: LOW `ID: HVEJCaCev7OVcA9dLfdBjkjBPWK%2FcH9BJqxNgpk95nE%3D` Vulnerable Package
CVE-2022-23308	Npm-libxmljs-1.0.0	details Description: "valid.c" in libxml2 prior to 2.9.13 has a use-after-free of ID and IDREF attributes. Attack Vector: NETWORK Attack Complexity: LOW `ID: frn7gKG9v%2FNqS6jvpCrSj8EbiPNgnIhaNJVXYH5ReNg%3D` Vulnerable Package
CVE-2022-23539	Npm-jsonwebtoken-8.5.1	details Recommended version: 9.0.0 Description: Versions prior to 9.0.0 `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For e... Attack Vector: NETWORK Attack Complexity: LOW `ID: ZKaXDNl8CIbvIjux2xS2NdqF068bmWNNwBvfpvWNf24%3D` Vulnerable Package
CVE-2022-23540	Npm-jsonwebtoken-8.5.1	details Recommended version: 9.0.0 Description: Versions prior to 9.0.0 of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation byp... Attack Vector: NETWORK Attack Complexity: LOW `ID: QlT%2FzWX%2BUtU6VttRQzhQ9oE2nap23Cz0D5AAV8fZ2WA%3D` Vulnerable Package
CVE-2022-24999	Npm-qs-6.5.2	details Recommended version: 6.5.3 Description: The qs package as used in Express through 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application becau... Attack Vector: NETWORK Attack Complexity: LOW `ID: PV%2Fm7WqqhHcPT0xElB5zmtSNA9BSxYA88Of4McxhZHs%3D` Vulnerable Package
CVE-2022-25883	Npm-semver-7.0.0	details Recommended version: 7.5.2 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW `ID: gz3dyg%2FOSWJXEnVBbcTDl6aujqoEW8WC7lIji6EuO38%3D` Vulnerable Package
CVE-2022-25883	Npm-semver-7.3.5	details Recommended version: 7.5.2 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW `ID: HXDyrltjtRAwvGCdt%2FgxXxcyoalm%2Bwyx3eQEV0LvFgY%3D` Vulnerable Package
CVE-2022-25883	Npm-semver-5.7.1	details Recommended version: 5.7.2 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW `ID: K%2FFjmL4FVL6ps56ZzsH%2FCFMUEFxX%2F%2B5dpkHS5c18AF4%3D` Vulnerable Package
CVE-2022-25883	Npm-semver-7.3.8	details Recommended version: 7.5.2 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW `ID: Nl4YiK%2BaMCcJqM%2BheMlSqdGvT2TZ6Q8sMhBx5p35QXo%3D` Vulnerable Package
CVE-2022-25883	Npm-semver-6.3.0	details Recommended version: 6.3.1 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW `ID: rTAcj8Fi1KG3qAiILEfz2DAT25%2BsA9OdnPx60xdSwSM%3D` Vulnerable Package
CVE-2022-31129	Npm-moment-2.29.2	details Recommended version: 2.29.4 Description: moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an i... Attack Vector: NETWORK Attack Complexity: LOW `ID: a1yPGP2%2F4mt0bgdLgEYPiHUU43DvOOtVmhCwFlYpALs%3D` Vulnerable Package
CVE-2022-3517	Npm-minimatch-3.0.4	details Recommended version: 3.0.5 Description: A vulnerability was found in the minimatch package versions prior to 3.0.5. This flaw allows a Regular Expression Denial of Service (ReDoS) when ca... Attack Vector: NETWORK Attack Complexity: LOW `ID: vN%2FZZ3yxjdqZyaeCqMmSmXUMjCOmfAyh7Gw0a8WDkrE%3D` Vulnerable Package
CVE-2022-40303	Npm-libxmljs-1.0.0	details Description: An issue was discovered in libxml2 prior to 2.10.3. When parsing a multi-gigabyte XML document with the "XML_PARSE_HUGE" parser option enabled, sev... Attack Vector: NETWORK Attack Complexity: LOW `ID: zG1s%2BS1EYwaYLpT%2BeM04iGY9MHI5DiJBxGJtr0texzo%3D` Vulnerable Package
CVE-2022-40304	Npm-libxmljs-1.0.0	details Description: An issue was discovered in libxml2 prior to 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to sub... Attack Vector: LOCAL Attack Complexity: LOW `ID: %2FYVTWfs0T1%2BsyQRyfnejWwwykvRkZyxkuRTMXZkGMxA%3D` Vulnerable Package
CVE-2022-46175	Npm-json5-2.2.0	details Recommended version: 2.2.2 Description: JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` met... Attack Vector: NETWORK Attack Complexity: LOW `ID: VT2RQ0fx%2Bhfy7G0i1OQuMoKTlNQRcnArMz%2BIbDSKl%2BI%3D` Vulnerable Package
CVE-2023-26115	Npm-word-wrap-1.2.3	details Recommended version: 1.2.4 Description: Versions prior to 1.24 of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regu... Attack Vector: NETWORK Attack Complexity: LOW `ID: DHu0m%2BYiwBdCAoL03CZf2Grf%2BRiMqTirarkSOvH92hU%3D` Vulnerable Package
CVE-2023-45133	Npm-@babel/traverse-7.16.3	details Recommended version: 7.23.2 Description: Babel is a compiler for writing JavaScript. In `@babel/traverse` versions prior to 7.23.2 and 8.0.x prior to 8.0.0-alpha.4, using Babel to compile ... Attack Vector: LOCAL Attack Complexity: LOW `ID: MsV3OvZ13S589bMERV9zauSAViXKSPEIdh3pJ0o15IE%3D` Vulnerable Package
CVE-2024-21536	Npm-http-proxy-middleware-2.0.6	details Recommended version: 2.0.9 Description: The http-proxy-middleware versions through 2.0.7-beta.0 and 3.0.0-beta.0 through 3.0.2 are vulnerable to Denial of Service (DoS) due to an "Unhandl... Attack Vector: NETWORK Attack Complexity: LOW `ID: VwEgb0q%2FPKuC9Wzq7lezppepmPuv5FEHu%2BfiT%2Bqtif4%3D` Vulnerable Package
CVE-2024-21538	Npm-cross-spawn-6.0.5	details Recommended version: 6.0.6 Description: Versions of the package cross-spawn prior to 6.0.6 and 7.x prior to 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS), due to im... Attack Vector: NETWORK Attack Complexity: LOW `ID: bVTRU5UJzJZvqCYiPJ45NXf5KSw7TvkVBM7y1%2B93OUI%3D` Vulnerable Package
CVE-2024-21538	Npm-cross-spawn-7.0.3	details Recommended version: 7.0.5 Description: Versions of the package cross-spawn prior to 6.0.6 and 7.x prior to 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS), due to im... Attack Vector: NETWORK Attack Complexity: LOW `ID: oBLSGKr%2BTsRNL9Fturh9vlM6qpoZaZ1s%2B0J8XyTgcyk%3D` Vulnerable Package
CVE-2024-29415	Npm-ip-2.0.0	details Description: The ip package 0.0.2 through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, a... Attack Vector: NETWORK Attack Complexity: HIGH `ID: 3b48ZWSkmxz019qX5kWXBejO8Jax3OVcG4do08JywIk%3D` Vulnerable Package
CVE-2024-34391	Npm-libxmljs-1.0.0	details Description: The libxmljs is vulnerable to a Type Confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of "attrs... Attack Vector: NETWORK Attack Complexity: HIGH `ID: u9O0Q2FGGLBh65NXupXepFUGlfcO%2BA0OE0pcXsKfXLg%3D` Vulnerable Package
CVE-2024-34392	Npm-libxmljs-1.0.0	details Description: The libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the "namespaces()" function (which... Attack Vector: NETWORK Attack Complexity: HIGH `ID: lM8ePDkHkoOvRmguz4NS2UkKQh2jaVJtuY0RV7GgHkk%3D` Vulnerable Package
CVE-2024-35220	Npm-@fastify/session-10.1.1	details Recommended version: 10.9.0 Description: The module @fastify/session is a session plugin for fastify that requires the @fastify/cookie plugin. When restoring the cookie from the session st... Attack Vector: NETWORK Attack Complexity: LOW `ID: J1TBhM37kF3B1rSuSWSroUtMhFWUOUTZnZVaxU%2Bg6lM%3D` Vulnerable Package
CVE-2024-37890	Npm-ws-7.5.9	details Recommended version: 7.5.10 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW `ID: 6gmQgkOnPBSKPI5B5AdXiFp570AnRmElmFlKb0%2FwuUE%3D` Vulnerable Package
CVE-2024-4068	Npm-braces-2.3.2	details Recommended version: 3.0.3 Description: The NPM package "braces", versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In... Attack Vector: NETWORK Attack Complexity: LOW `ID: hg29YJl1rZNlcNP5b6S6q9Np4QKvg32sgHntPBTIxJk%3D` Vulnerable Package
CVE-2024-4068	Npm-braces-3.0.2	details Recommended version: 3.0.3 Description: The NPM package "braces", versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In... Attack Vector: NETWORK Attack Complexity: LOW `ID: %2FV%2ByLH3K5UOjM7K6f8KMquOnXvQGjc8pPVBw1%2B7ekks%3D` Vulnerable Package

More results are available on the CxOne platform

Fixed Issues (4)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~Client_HTML5_Insecure_Storage~~	/client/src/pages/main/Contact.tsx: 18
	~~Client_HTML5_Insecure_Storage~~	/client/src/pages/main/Contact.tsx: 15
	~~Client_HTML5_Insecure_Storage~~	/client/src/pages/main/Contact.tsx: 16
	~~Client_HTML5_Insecure_Storage~~	/client/src/pages/main/Contact.tsx: 17

prisma-cloud-devsecops bot reviewed Jul 11, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Fix for 42 vulnerabilities #221

[Snyk] Fix for 42 vulnerabilities #221

Uh oh!

TheRedHatter commented Jul 11, 2025

Uh oh!

TheRedHatter commented Jul 11, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Jul 11, 2025

Uh oh!

prisma-cloud-devsecops bot Jul 11, 2025

Uh oh!

prisma-cloud-devsecops bot Jul 11, 2025

Uh oh!

TheRedHatter commented Jul 11, 2025

Uh oh!

Uh oh!

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2024-4068	HIGH	7.5	`-`	Open
CVE-2024-37890	HIGH	7.5	`-`	Open
CVE-2024-4067	MEDIUM	5.3	`-`	Open

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2024-34391	CRITICAL	8.1	`-`	Open
CVE-2024-34392	CRITICAL	8.1	`-`	Open
CVE-2022-25883	HIGH	7.5	`-`	Open
CVE-2022-25883	HIGH	7.5	`-`	Open
CVE-2024-28863	MEDIUM	6.5	`-`	Open
CVE-2025-5889	LOW	3.1	`-`	Open

[Snyk] Fix for 42 vulnerabilities #221

Are you sure you want to change the base?

[Snyk] Fix for 42 vulnerabilities #221

Uh oh!

Conversation

TheRedHatter commented Jul 11, 2025

Snyk has created this PR to fix 42 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

TheRedHatter commented Jul 11, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🎉 Snyk checks have passed. No issues have been found so far.

Uh oh!

socket-security bot commented Jul 11, 2025

Uh oh!

prisma-cloud-devsecops bot Jul 11, 2025

Choose a reason for hiding this comment

@nestjs/graphql 12.2.0 / package.json

Total vulnerabilities: 3

Uh oh!

prisma-cloud-devsecops bot Jul 11, 2025

Choose a reason for hiding this comment

libxmljs 1.0.0 / package.json

Total vulnerabilities: 6

Uh oh!

TheRedHatter commented Jul 11, 2025

Uh oh!

Uh oh!

TheRedHatter commented Jul 11, 2025 •

edited

Loading