Update dependency body-parser to v1.20.3 #85
Dev - Mend for GitHub.com / Mend Security Check
failed
Feb 10, 2026 in 2m 36s
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
CVE-2025-15284Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> body-parser-1.20.3.tgz (Root Library) -> ❌ qs-6.13.0.tgz (Vulnerable Library) |
 High |
7.5 | Transitive qs-6.13.0.tgz |
body-parser-1.20.3.tgz | Transitive qs - 6.14.1 |
None |
|
CVE-2025-13466Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ body-parser-1.20.3.tgz (Vulnerable Library) |
 Medium |
5.8 | Direct body-parser-1.20.3.tgz |
body-parser-1.20.3.tgz | body-parser - 2.2.1 | None |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| GHSA-7fhm-mqm4-2wp7 | minimist-0.2.4.tgz |
| GHSA-27h2-hvpr-p74q | jsonwebtoken-0.4.0.tgz |
| GHSA-rvg8-pwq2-xj7q | base64url-0.0.6.tgz |
| GHSA-hxf5-mg84-pj4m | moment-2.0.0.tgz |
| GHSA-5mrr-rgp6-x4gr | marsdb-0.6.11.tgz |
| GHSA-8x6c-cv3v-vp6g | cacheable-request-2.1.4.tgz |
| GHSA-27h2-hvpr-p74q | jsonwebtoken-0.1.0.tgz |
Base branch total remaining vulnerabilities: 81
Base branch commit: 576a0b06433e832942fe373cc83c2006320685e2
Total libraries scanned: 960
Scan token: 7725505eade44da3a59a06ef6cb11f8e
Loading