You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# npm audit report
bcrypt <=5.0.0
Severity: moderate
Integer Overflow or Wraparound and Use of a Broken or Risky Cryptographic Algorithm in bcrypt - https://github.com/advisories/GHSA-5wg4-74h6-q47v
Depends on vulnerable versions of node-pre-gyp
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/bcrypt
cookie <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/cookie
csurf >=1.3.0
Depends on vulnerable versions of cookie
node_modules/csurf
dicer *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/dicer
busboy <=0.3.1
Depends on vulnerable versions of dicer
node_modules/busboy
express-fileupload <=1.3.1
Depends on vulnerable versions of busboy
node_modules/express-fileupload
ejs <=3.1.9
Severity: critical
ejs template injection vulnerability - https://github.com/advisories/GHSA-phwq-j96m-2c2q
ejs lacks certain pollution protection - https://github.com/advisories/GHSA-ghr5-ch3p-vcr6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ejs
libxmljs *
Severity: high
libxmljs vulnerable to type confusion when parsing specially crafted XML - https://github.com/advisories/GHSA-mg49-jqgw-gcj6
libxmljs vulnerable to type confusion when parsing specially crafted XML - https://github.com/advisories/GHSA-6433-x5p4-8jc7
No fix available
node_modules/libxmljs
mathjs <=7.5.0
Severity: critical
Arbitrary Code Execution in mathjs - https://github.com/advisories/GHSA-vx5c-87qx-cv6c
Prototype Pollution in mathjs - https://github.com/advisories/GHSA-x2fc-mxcx-w4mf
Arbitrary Code Execution in mathjs - https://github.com/advisories/GHSA-pv8x-p9hq-j328
Depends on vulnerable versions of typed-function
fix available via `npm audit fix --force`
Will install [email protected], which is outside the stated dependency range
node_modules/mathjs
mysql2 <=3.9.7
Severity: critical
mysql2 Remote Code Execution (RCE) via the readCodeFor function - https://github.com/advisories/GHSA-fpw7-j2hg-69v5
MySQL2 for Node Arbitrary Code Injection - https://github.com/advisories/GHSA-4rch-2fh8-94vw
mysql2 vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-pmh2-wpjm-fj45
mysql2 cache poisoning vulnerability - https://github.com/advisories/GHSA-mqr2-w7wj-jjgr
mysql2 vulnerable to Prototype Poisoning - https://github.com/advisories/GHSA-49j4-86m8-q2jw
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/mysql2
node-serialize *
Severity: critical
Code Execution through IIFE in node-serialize - https://github.com/advisories/GHSA-q4v7-4rhw-9hqm
No fix available
node_modules/node-serialize
passport <0.6.0
Severity: moderate
Passport vulnerable to session regeneration when a users logs in or out - https://github.com/advisories/GHSA-v923-w3x8-wh69
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/passport
sequelize <=6.28.2 || >=7.0.0-alpha.1
Severity: critical
Sequelize vulnerable to SQL Injection via replacements - https://github.com/advisories/GHSA-wrh9-cjv3-2hpw
Sequelize information disclosure vulnerability - https://github.com/advisories/GHSA-8c25-f3mj-v6h8
Sequelize - Default support for “raw attributes” when using parentheses - https://github.com/advisories/GHSA-f598-mfpv-gmfx
Unsafe fall-through in getWhereConditions - https://github.com/advisories/GHSA-vqfx-gj96-3w95
Depends on vulnerable versions of validator
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/sequelize
tar <6.2.1
Severity: moderate
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/node-pre-gyp/node_modules/tar
node-pre-gyp *
Depends on vulnerable versions of tar
node_modules/node-pre-gyp
typed-function <0.10.6
Severity: high
Arbitrary JavaScript Execution in typed-function - https://github.com/advisories/GHSA-3qh4-r86r-grvm
fix available via `npm audit fix --force`
Will install [email protected], which is outside the stated dependency range
node_modules/typed-function
validator <13.7.0
Severity: moderate
Inefficient Regular Expression Complexity in validator.js - https://github.com/advisories/GHSA-qgmg-gppg-76g5
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/validator
17 vulnerabilities (2 low, 5 moderate, 4 high, 6 critical)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
The text was updated successfully, but these errors were encountered:
The text was updated successfully, but these errors were encountered: