Skip to content

Update dependency @elastic/charts to v71.4.1 (main) #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: main
Choose a base branch
from

Update dependency @elastic/charts to v71.4.1

3fe8eb5
Select commit
Loading
Failed to load commit list.
Open

Update dependency @elastic/charts to v71.4.1 (main) #132

Update dependency @elastic/charts to v71.4.1
3fe8eb5
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Apr 14, 2026 in 21m 4s

Security Report

130 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

Partial results (95 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.


Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-2026-40175

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> bump-cli-2.8.4.tgz (Root Library)

   -> ❌ axios-1.7.7.tgz (Vulnerable Library)

Critical 10.0 Transitive axios-1.7.7.tgz bump-cli-2.8.4.tgz Transitive Upgrade to version axios - 1.15.0 or greater None
CVE-2026-40175

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ axios-1.12.1.tgz (Vulnerable Library)

Critical 10.0 Direct axios-1.12.1.tgz axios-1.12.1.tgz Upgrade to version axios - 1.15.0 or greater None
CVE-2025-62718

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> bump-cli-2.8.4.tgz (Root Library)

   -> ❌ axios-1.7.7.tgz (Vulnerable Library)

Critical 9.9 Transitive axios-1.7.7.tgz bump-cli-2.8.4.tgz Transitive Upgrade to version axios - 1.15.0 or greater None
CVE-2025-62718

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ axios-1.12.1.tgz (Vulnerable Library)

Critical 9.9 Direct axios-1.12.1.tgz axios-1.12.1.tgz Upgrade to version axios - 1.15.0 or greater None
CVE-616547-419802

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sdk-1.13.2.tgz (Root Library)

   -> express-5.0.1.tgz

     -> ❌ parseurl-1.3.3.tgz (Vulnerable Library)

Critical 9.8 Transitive parseurl-1.3.3.tgz sdk-1.13.2.tgz None
CVE-607537-903744

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sdk-1.13.2.tgz (Root Library)

   -> ❌ ajv-6.12.6.tgz (Vulnerable Library)

Critical 9.8 Transitive ajv-6.12.6.tgz sdk-1.13.2.tgz None
CVE-398484-724968

Dependency Hierarchy:

-> bump-cli-2.8.4.tgz (Root Library)

   -> debug-4.3.7.tgz

     -> ❌ ms-2.1.3.tgz (Vulnerable Library)

Critical 9.8 Transitive ms-2.1.3.tgz bump-cli-2.8.4.tgz None
CVE-398484-724968

Dependency Hierarchy:

-> elastic-apm-node-4.13.0.tgz (Root Library)

   -> agentkeepalive-4.2.1.tgz

     -> humanize-ms-1.2.1.tgz

       -> ❌ ms-2.1.3.tgz (Vulnerable Library)

Critical 9.8 Transitive ms-2.1.3.tgz elastic-apm-node-4.13.0.tgz None
CVE-398484-724968

Dependency Hierarchy:

-> jsonwebtoken-9.0.2.tgz (Root Library)

   -> ❌ ms-2.1.3.tgz (Vulnerable Library)

Critical 9.8 Transitive ms-2.1.3.tgz jsonwebtoken-9.0.2.tgz None
CVE-398484-724968

Dependency Hierarchy:

-> elasticsearch-9.1.1.tgz (Root Library)

   -> transport-9.0.1.tgz

     -> ❌ ms-2.1.3.tgz (Vulnerable Library)

Critical 9.8 Transitive ms-2.1.3.tgz elasticsearch-9.1.1.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> inquirer-8.2.7.tgz (Root Library)

   -> ora-5.4.1.tgz

     -> bl-4.1.0.tgz

       -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz inquirer-8.2.7.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> wellknown-0.5.0.tgz (Root Library)

   -> concat-stream-1.5.2.tgz

     -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz wellknown-0.5.0.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> server-11.11.0.tgz (Root Library)

   -> multipipe-1.0.2.tgz

     -> duplexer2-0.1.4.tgz

       -> readable-stream-2.3.8.tgz

         -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz server-11.11.0.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> glob-7.2.3.tgz

     -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz cli-1.34.5.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> openpgp-5.11.3.tgz (Root Library)

   -> asn1.js-5.4.1.tgz

     -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz openpgp-5.11.3.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> del-6.1.1.tgz (Root Library)

   -> rimraf-3.0.2.tgz

     -> glob-7.2.3.tgz

       -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz del-6.1.1.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> borc-3.0.0.tgz (Root Library)

   -> readable-stream-3.6.2.tgz

     -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz borc-3.0.0.tgz None
CVE-289561-266276

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> sdk-1.13.2.tgz (Root Library)

   -> express-5.0.1.tgz

     -> http-errors-2.0.0.tgz

       -> ❌ inherits-2.0.4.tgz (Vulnerable Library)

Critical 9.8 Transitive inherits-2.0.4.tgz sdk-1.13.2.tgz None
CVE-2026-33937

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json,/package.json

Dependency Hierarchy:

-> ❌ handlebars-4.7.8.tgz (Vulnerable Library)

Critical 9.8 Direct handlebars-4.7.8.tgz handlebars-4.7.8.tgz Upgrade to version handlebars - 4.7.9 or greater None
CVE-2026-1615

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> bump-cli-2.8.4.tgz (Root Library)

   -> ❌ jsonpath-1.1.1.tgz (Vulnerable Library)

Critical 9.8 Transitive jsonpath-1.1.1.tgz bump-cli-2.8.4.tgz Transitive Upgrade to version jsonpath - 1.3.0 or greater None
CVE-2025-12735

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ expr-eval-2.0.2.tgz (Vulnerable Library)

Critical 9.8 Direct expr-eval-2.0.2.tgz expr-eval-2.0.2.tgz expr-eval-fork - 3.0.0,expr-eval-fork - 3.0.1 None
CVE-154062-641864

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sdk-1.13.2.tgz (Root Library)

   -> express-5.0.1.tgz

     -> on-finished-2.4.1.tgz

       -> ❌ ee-first-1.1.1.tgz (Vulnerable Library)

Critical 9.8 Transitive ee-first-1.1.1.tgz sdk-1.13.2.tgz None
CVE-121740-819191

Dependency Hierarchy:

-> ❌ lodash-4.17.21.tgz (Vulnerable Library)

Critical 9.8 Direct lodash-4.17.21.tgz lodash-4.17.21.tgz None
CVE-105163-391686

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ jquery-3.7.1.tgz (Vulnerable Library)

Critical 9.8 Direct jquery-3.7.1.tgz jquery-3.7.1.tgz None
CVE-2026-25896

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> respect-core-1.34.5.tgz

     -> openapi-sampler-1.6.1.tgz

       -> ❌ fast-xml-parser-4.5.3.tgz (Vulnerable Library)

Critical 9.3 Transitive fast-xml-parser-4.5.3.tgz cli-1.34.5.tgz Transitive https://github.com/naturalintelligence/fast-xml-parser.git - v5.3.5 None
CVE-2026-25896

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> client-bedrock-runtime-3.883.0.tgz (Root Library)

   -> core-3.883.0.tgz

     -> ❌ fast-xml-parser-5.2.5.tgz (Vulnerable Library)

Critical 9.3 Transitive fast-xml-parser-5.2.5.tgz client-bedrock-runtime-3.883.0.tgz Transitive https://github.com/naturalintelligence/fast-xml-parser.git - v5.3.5 None
CVE-2022-1227

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> redoc-2.5.0.tgz

     -> ❌ prismjs-1.29.0.tgz (Vulnerable Library)

High 8.8 Transitive prismjs-1.29.0.tgz cli-1.34.5.tgz Transitive github.com/containers/psgo - v1.7.2,react - 15.0.1,https://github.com/containers/psgo.git - no_fix,https://github.com/containers/podman.git - no_fix None
CVE-2025-68665

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ langchain-0.3.35.tgz (Vulnerable Library)

High 8.6 Direct langchain-0.3.35.tgz langchain-0.3.35.tgz langchain - 0.3.37,@langchain/core - 1.1.8,langchain - 1.2.3,@langchain/core - 0.3.80 None
CVE-2025-68665

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ core-0.3.78.tgz (Vulnerable Library)

High 8.6 Direct core-0.3.78.tgz core-0.3.78.tgz langchain - 0.3.37,@langchain/core - 1.1.8,langchain - 1.2.3,@langchain/core - 0.3.80 None
CVE-2025-12816

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-forge-1.3.1.tgz (Vulnerable Library)

High 8.6 Direct node-forge-1.3.1.tgz node-forge-1.3.1.tgz node-forge - 1.3.2 None
CVE-2026-33941

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json,/package.json

Dependency Hierarchy:

-> ❌ handlebars-4.7.8.tgz (Vulnerable Library)

High 8.2 Direct handlebars-4.7.8.tgz handlebars-4.7.8.tgz Upgrade to version handlebars - 4.7.9 or greater None
CVE-2026-4800

Dependency Hierarchy:

-> ❌ lodash-4.17.21.tgz (Vulnerable Library)

High 8.1 Direct lodash-4.17.21.tgz lodash-4.17.21.tgz Upgrade to version lodash-amd - 4.18.0 or greater None
CVE-2026-4800

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> formik-2.4.6.tgz (Root Library)

   -> ❌ lodash-es-4.17.21.tgz (Vulnerable Library)

High 8.1 Transitive lodash-es-4.17.21.tgz formik-2.4.6.tgz Transitive Upgrade to version lodash-amd - 4.18.0 or greater None
CVE-2026-33940

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json,/package.json

Dependency Hierarchy:

-> ❌ handlebars-4.7.8.tgz (Vulnerable Library)

High 8.1 Direct handlebars-4.7.8.tgz handlebars-4.7.8.tgz Upgrade to version handlebars - 4.7.9 or greater None
CVE-2026-33938

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json,/package.json

Dependency Hierarchy:

-> ❌ handlebars-4.7.8.tgz (Vulnerable Library)

High 8.1 Direct handlebars-4.7.8.tgz handlebars-4.7.8.tgz Upgrade to version handlebars - 4.7.9 or greater None
CVE-2025-68154

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> opentelemetry-node-1.2.0.tgz (Root Library)

   -> host-metrics-0.36.0.tgz

     -> ❌ systeminformation-5.23.8.tgz (Vulnerable Library)

High 8.1 Transitive systeminformation-5.23.8.tgz opentelemetry-node-1.2.0.tgz Transitive systeminformation - 5.27.14 None
CVE-2025-65110

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> vega-5.33.0.tgz (Root Library)

   -> vega-functions-5.18.0.tgz

     -> ❌ vega-selections-5.6.0.tgz (Vulnerable Library)

High 8.1 Transitive vega-selections-5.6.0.tgz vega-5.33.0.tgz Transitive vega-selections - 5.6.3,vega-selections - 6.1.2 None
CVE-2025-59840

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ vega-5.33.0.tgz (Vulnerable Library)

High 8.1 Direct vega-5.33.0.tgz vega-5.33.0.tgz vega-interpreter - 2.2.1,vega-interpreter - 1.2.1,vega-expression - 5.2.1,vega-expression - 6.1.0,vega - 6.2.0,vega - 6.2.0 None
MSC-2025-10528

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ jquery-3.7.1.tgz (Vulnerable Library)

High 7.8 Direct jquery-3.7.1.tgz jquery-3.7.1.tgz None
WS-2026-0003

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sdk-1.13.2.tgz (Root Library)

   -> express-5.0.1.tgz

     -> on-finished-2.4.1.tgz

       -> ❌ ee-first-1.1.1.tgz (Vulnerable Library)

High 7.5 Transitive ee-first-1.1.1.tgz sdk-1.13.2.tgz Transitive https://github.com/virtio-win/kvm-guest-drivers-windows.git - mm316 None
CVE-2026-4926

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> oas-28.1.0.tgz (Root Library)

   -> ❌ path-to-regexp-8.2.0.tgz (Vulnerable Library)

High 7.5 Transitive path-to-regexp-8.2.0.tgz oas-28.1.0.tgz Transitive Upgrade to version path-to-regexp - 8.4.0 or greater None
CVE-2026-4926

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sdk-1.13.2.tgz (Root Library)

   -> express-5.0.1.tgz

     -> router-2.1.0.tgz

       -> ❌ path-to-regexp-8.2.0.tgz (Vulnerable Library)

High 7.5 Transitive path-to-regexp-8.2.0.tgz sdk-1.13.2.tgz Transitive Upgrade to version path-to-regexp - 8.4.0 or greater None
CVE-2026-35525

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ liquidjs-10.22.0.tgz (Vulnerable Library)

High 7.5 Direct liquidjs-10.22.0.tgz liquidjs-10.22.0.tgz Upgrade to version liquidjs - 10.25.3 or greater None
CVE-2026-35213

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> hapi-21.4.3.tgz (Root Library)

   -> subtext-8.1.1.tgz

     -> ❌ content-6.0.0.tgz (Vulnerable Library)

High 7.5 Transitive content-6.0.0.tgz hapi-21.4.3.tgz Transitive Upgrade to version @hapi/content - 6.0.1 or greater None
CVE-2026-33939

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json,/package.json

Dependency Hierarchy:

-> ❌ handlebars-4.7.8.tgz (Vulnerable Library)

High 7.5 Direct handlebars-4.7.8.tgz handlebars-4.7.8.tgz Upgrade to version handlebars - 4.7.9 or greater None
CVE-2026-33895

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-forge-1.3.1.tgz (Vulnerable Library)

High 7.5 Direct node-forge-1.3.1.tgz node-forge-1.3.1.tgz Upgrade to version node-forge - 1.4.0 or greater None
CVE-2026-33894

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-forge-1.3.1.tgz (Vulnerable Library)

High 7.5 Direct node-forge-1.3.1.tgz node-forge-1.3.1.tgz Upgrade to version node-forge - 1.4.0 or greater None
CVE-2026-33891

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-forge-1.3.1.tgz (Vulnerable Library)

High 7.5 Direct node-forge-1.3.1.tgz node-forge-1.3.1.tgz Upgrade to version node-forge - 1.4.0 or greater None
CVE-2026-33671

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> styled-components-5.3.11.tgz (Root Library)

   -> babel-plugin-styled-components-2.1.4.tgz

     -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

High 7.5 Transitive picomatch-2.3.1.tgz styled-components-5.3.11.tgz Transitive Upgrade to version picomatch - 4.0.4 or greater None
CVE-2026-33671

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> chokidar-3.6.0.tgz

     -> anymatch-3.1.3.tgz

       -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

High 7.5 Transitive picomatch-2.3.1.tgz cli-1.34.5.tgz Transitive Upgrade to version picomatch - 4.0.4 or greater None
CVE-2026-33287

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ liquidjs-10.22.0.tgz (Vulnerable Library)

High 7.5 Direct liquidjs-10.22.0.tgz liquidjs-10.22.0.tgz None
CVE-2026-33285

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ liquidjs-10.22.0.tgz (Vulnerable Library)

High 7.5 Direct liquidjs-10.22.0.tgz liquidjs-10.22.0.tgz None
CVE-2026-33036

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> respect-core-1.34.5.tgz

     -> openapi-sampler-1.6.1.tgz

       -> ❌ fast-xml-parser-4.5.3.tgz (Vulnerable Library)

High 7.5 Transitive fast-xml-parser-4.5.3.tgz cli-1.34.5.tgz Transitive Upgrade to version fast-xml-parser - 5.5.6 or greater None
CVE-2026-33036

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> client-bedrock-runtime-3.883.0.tgz (Root Library)

   -> core-3.883.0.tgz

     -> ❌ fast-xml-parser-5.2.5.tgz (Vulnerable Library)

High 7.5 Transitive fast-xml-parser-5.2.5.tgz client-bedrock-runtime-3.883.0.tgz Transitive Upgrade to version fast-xml-parser - 5.5.6 or greater None
CVE-2026-26996

Dependency Hierarchy:

-> ❌ minimatch-3.1.2.tgz (Vulnerable Library)

High 7.5 Direct minimatch-3.1.2.tgz minimatch-3.1.2.tgz 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> bump-cli-2.8.4.tgz (Root Library)

   -> core-1.20.4.tgz

     -> ejs-3.1.10.tgz

       -> jake-10.9.2.tgz

         -> filelist-1.0.4.tgz

           -> ❌ minimatch-5.1.6.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-5.1.6.tgz bump-cli-2.8.4.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> openapi-core-1.34.5.tgz

     -> ❌ minimatch-5.1.6.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-5.1.6.tgz cli-1.34.5.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> archiver-7.0.1.tgz (Root Library)

   -> archiver-utils-5.0.2.tgz

     -> glob-10.4.5.tgz

       -> ❌ minimatch-9.0.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-9.0.5.tgz archiver-7.0.1.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/oas_docs/package.json

Dependency Hierarchy:

-> archiver-7.0.1.tgz (Root Library)

   -> readdir-glob-1.1.3.tgz

     -> ❌ minimatch-5.1.6.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-5.1.6.tgz archiver-7.0.1.tgz Transitive 10.2.1 None
CVE-2026-26278

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> respect-core-1.34.5.tgz

     -> openapi-sampler-1.6.1.tgz

       -> ❌ fast-xml-parser-4.5.3.tgz (Vulnerable Library)

High 7.5 Transitive fast-xml-parser-4.5.3.tgz cli-1.34.5.tgz Transitive 5.3.6 None
CVE-2026-26278

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> client-bedrock-runtime-3.883.0.tgz (Root Library)

   -> core-3.883.0.tgz

     -> ❌ fast-xml-parser-5.2.5.tgz (Vulnerable Library)

High 7.5 Transitive fast-xml-parser-5.2.5.tgz client-bedrock-runtime-3.883.0.tgz Transitive 5.3.6 None
CVE-2026-25639

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> bump-cli-2.8.4.tgz (Root Library)

   -> ❌ axios-1.7.7.tgz (Vulnerable Library)

High 7.5 Transitive axios-1.7.7.tgz bump-cli-2.8.4.tgz Transitive https://github.com/axios/axios.git - v1.13.5 None
CVE-2026-25639

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ axios-1.12.1.tgz (Vulnerable Library)

High 7.5 Direct axios-1.12.1.tgz axios-1.12.1.tgz https://github.com/axios/axios.git - v1.13.5 None
CVE-2026-0621

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ sdk-1.13.2.tgz (Vulnerable Library)

High 7.5 Direct sdk-1.13.2.tgz sdk-1.13.2.tgz @modelcontextprotocol/sdk - 1.25.2 None
CVE-2025-66031

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-forge-1.3.1.tgz (Vulnerable Library)

High 7.5 Direct node-forge-1.3.1.tgz node-forge-1.3.1.tgz node-forge - 1.3.2 None
CVE-2025-65945

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> google-auth-library-9.10.0.tgz (Root Library)

   -> ❌ jws-4.0.0.tgz (Vulnerable Library)

High 7.5 Transitive jws-4.0.0.tgz google-auth-library-9.10.0.tgz Transitive jws - 3.2.3,jws - 4.0.1 None
CVE-2025-65945

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jsonwebtoken-9.0.2.tgz (Root Library)

   -> ❌ jws-3.2.2.tgz (Vulnerable Library)

High 7.5 Transitive jws-3.2.2.tgz jsonwebtoken-9.0.2.tgz Transitive jws - 3.2.3,jws - 4.0.1 None
CVE-2025-64756

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> tar-7.4.3.tgz (Root Library)

   -> minizlib-3.0.1.tgz

     -> rimraf-5.0.10.tgz

       -> ❌ glob-10.4.5.tgz (Vulnerable Library)

High 7.5 Transitive glob-10.4.5.tgz tar-7.4.3.tgz Transitive glob - 11.1.0,glob - 10.5.0 None
CVE-2025-64756

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> archiver-7.0.1.tgz (Root Library)

   -> archiver-utils-5.0.2.tgz

     -> ❌ glob-10.4.5.tgz (Vulnerable Library)

High 7.5 Transitive glob-10.4.5.tgz archiver-7.0.1.tgz Transitive glob - 11.1.0,glob - 10.5.0 None
CVE-2025-58754

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> bump-cli-2.8.4.tgz (Root Library)

   -> ❌ axios-1.7.7.tgz (Vulnerable Library)

High 7.5 Transitive axios-1.7.7.tgz bump-cli-2.8.4.tgz Transitive 1.12.0 None
CVE-2025-57319

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> elastic-apm-node-4.13.0.tgz (Root Library)

   -> pino-8.15.1.tgz

     -> ❌ fast-redact-3.1.2.tgz (Vulnerable Library)

High 7.5 Transitive fast-redact-3.1.2.tgz elastic-apm-node-4.13.0.tgz None
CVE-2025-14874

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ nodemailer-7.0.9.tgz (Vulnerable Library)

High 7.5 Direct nodemailer-7.0.9.tgz nodemailer-7.0.9.tgz 7.0.11 None
CVE-2025-11362

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ pdfmake-0.2.15.tgz (Vulnerable Library)

High 7.5 Direct pdfmake-0.2.15.tgz pdfmake-0.2.15.tgz pdfmake - 0.3.0-beta.17,pdfmake - 0.3.0-beta.17 None
CVE-2024-21538

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> bump-cli-2.8.4.tgz (Root Library)

   -> core-1.20.4.tgz

     -> password-prompt-1.1.3.tgz

       -> ❌ cross-spawn-7.0.3.tgz (Vulnerable Library)

High 7.5 Transitive cross-spawn-7.0.3.tgz bump-cli-2.8.4.tgz Transitive https://github.com/moxystudio/node-cross-spawn.git - v7.0.5,https://github.com/moxystudio/node-cross-spawn.git - v6.0.6,org.webjars.npm:cross-spawn:6.0.6 None
CVE-2012-3412

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> redoc-2.5.0.tgz

     -> ❌ prismjs-1.29.0.tgz (Vulnerable Library)

High 7.5 Transitive prismjs-1.29.0.tgz cli-1.34.5.tgz Transitive 3.2.30 None
CVE-2026-33896

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ node-forge-1.3.1.tgz (Vulnerable Library)

High 7.4 Direct node-forge-1.3.1.tgz node-forge-1.3.1.tgz Upgrade to version node-forge - 1.4.0 or greater None
CVE-2025-13204

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ expr-eval-2.0.2.tgz (Vulnerable Library)

High 7.3 Direct expr-eval-2.0.2.tgz expr-eval-2.0.2.tgz None
CVE-2025-66648

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> vega-5.33.0.tgz (Root Library)

   -> ❌ vega-functions-5.18.0.tgz (Vulnerable Library)

High 7.2 Transitive vega-functions-5.18.0.tgz vega-5.33.0.tgz Transitive vega-functions - 6.1.1 None
CVE-2026-33750

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> minimatch-3.1.2.tgz (Root Library)

   -> ❌ brace-expansion-1.1.12.tgz (Vulnerable Library)

Medium 6.5 Transitive brace-expansion-1.1.12.tgz minimatch-3.1.2.tgz Transitive Upgrade to version brace-expansion - 2.0.3 or greater None
CVE-2026-33750

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> bump-cli-2.8.4.tgz (Root Library)

   -> core-1.20.4.tgz

     -> ejs-3.1.10.tgz

       -> jake-10.9.2.tgz

         -> filelist-1.0.4.tgz

           -> minimatch-5.1.6.tgz

             -> ❌ brace-expansion-2.0.1.tgz (Vulnerable Library)

Medium 6.5 Transitive brace-expansion-2.0.1.tgz bump-cli-2.8.4.tgz Transitive Upgrade to version brace-expansion - 2.0.3 or greater None
CVE-2026-33750

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> glob-7.2.3.tgz

     -> minimatch-3.1.2.tgz

       -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)

Medium 6.5 Transitive brace-expansion-1.1.11.tgz cli-1.34.5.tgz Transitive Upgrade to version brace-expansion - 2.0.3 or greater None
CVE-2026-33750

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> openapi-core-1.34.5.tgz

     -> minimatch-5.1.6.tgz

       -> ❌ brace-expansion-2.0.1.tgz (Vulnerable Library)

Medium 6.5 Transitive brace-expansion-2.0.1.tgz cli-1.34.5.tgz Transitive Upgrade to version brace-expansion - 2.0.3 or greater None
CVE-2026-33750

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> archiver-7.0.1.tgz (Root Library)

   -> readdir-glob-1.1.3.tgz

     -> minimatch-5.1.6.tgz

       -> ❌ brace-expansion-2.0.2.tgz (Vulnerable Library)

Medium 6.5 Transitive brace-expansion-2.0.2.tgz archiver-7.0.1.tgz Transitive Upgrade to version brace-expansion - 2.0.3 or greater None
CVE-2026-2950

Dependency Hierarchy:

-> ❌ lodash-4.17.21.tgz (Vulnerable Library)

Medium 6.5 Direct lodash-4.17.21.tgz lodash-4.17.21.tgz Upgrade to version lodash.unset - 4.18.0 or greater None
CVE-2026-2950

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> formik-2.4.6.tgz (Root Library)

   -> ❌ lodash-es-4.17.21.tgz (Vulnerable Library)

Medium 6.5 Transitive lodash-es-4.17.21.tgz formik-2.4.6.tgz Transitive Upgrade to version lodash.unset - 4.18.0 or greater None
CVE-2025-9910

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ai-4.3.19.tgz (Root Library)

   -> ❌ jsondiffpatch-0.6.0.tgz (Vulnerable Library)

Medium 6.1 Transitive jsondiffpatch-0.6.0.tgz ai-4.3.19.tgz Transitive 0.7.2 None
CVE-2015-9251

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ jquery-3.7.1.tgz (Vulnerable Library)

Medium 6.1 Direct jquery-3.7.1.tgz jquery-3.7.1.tgz jquery - 3.0.0,org.webjars.npm:jquery:1.12.2,jQuery - 3.0.0,jquery-rails - 4.2.0,jquery - 1.12.2,org.webjars.npm:jquery:3.0.0,jQuery - 1.12.2,jQuery - 3.0.0,org.webjars.npm:jquery:1.12.2,org.webjars.npm:jquery:3.0.0,jquery - 3.0.0,jquery - 1.12.2,jQuery - 1.12.2,jquery-rails - 4.2.0 None
CVE-2026-4923

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> oas-28.1.0.tgz (Root Library)

   -> ❌ path-to-regexp-8.2.0.tgz (Vulnerable Library)

Medium 5.9 Transitive path-to-regexp-8.2.0.tgz oas-28.1.0.tgz Transitive Upgrade to version path-to-regexp - 8.4.0 or greater None
CVE-2026-4923

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sdk-1.13.2.tgz (Root Library)

   -> express-5.0.1.tgz

     -> router-2.1.0.tgz

       -> ❌ path-to-regexp-8.2.0.tgz (Vulnerable Library)

Medium 5.9 Transitive path-to-regexp-8.2.0.tgz sdk-1.13.2.tgz Transitive Upgrade to version path-to-regexp - 8.4.0 or greater None
CVE-2026-39865

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> bump-cli-2.8.4.tgz (Root Library)

   -> ❌ axios-1.7.7.tgz (Vulnerable Library)

Medium 5.9 Transitive axios-1.7.7.tgz bump-cli-2.8.4.tgz Transitive Upgrade to version axios - 1.13.2 or greater None
CVE-2026-39865

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ axios-1.12.1.tgz (Vulnerable Library)

Medium 5.9 Direct axios-1.12.1.tgz axios-1.12.1.tgz Upgrade to version axios - 1.13.2 or greater None
CVE-2026-33349

Path to dependency file: /oas_docs/package.json

Path to vulnerable library: /oas_docs/package.json

Dependency Hierarchy:

-> cli-1.34.5.tgz (Root Library)

   -> respect-core-1.34.5.tgz

     -> openapi-sampler-1.6.1.tgz

       -> ❌ fast-xml-parser-4.5.3.tgz (Vulnerable Library)

Medium 5.9 Transitive fast-xml-parser-4.5.3.tgz cli-1.34.5.tgz Transitive Upgrade to version fast-xml-parser - 5.5.7 or greater None
CVE-2026-33349

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> client-bedrock-runtime-3.883.0.tgz (Root Library)

   -> core-3.883.0.tgz

     -> ❌ fast-xml-parser-5.2.5.tgz (Vulnerable Library)

Medium 5.9 Transitive fast-xml-parser-5.2.5.tgz client-bedrock-runtime-3.883.0.tgz Transitive Upgrade to version fast-xml-parser - 5.5.7 or greater None
CVE-2025-13466

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sdk-1.13.2.tgz (Root Library)

   -> express-5.0.1.tgz

     -> ❌ body-parser-2.2.0.tgz (Vulnerable Library)

Medium 5.8 Transitive body-parser-2.2.0.tgz sdk-1.13.2.tgz Transitive body-parser - 2.2.1 None
CVE-2026-40190

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ langsmith-0.3.72.tgz (Vulnerable Library)

Medium 5.6 Direct langsmith-0.3.72.tgz langsmith-0.3.72.tgz Upgrade to version langsmith - 0.5.18 or greater None

Base branch total remaining vulnerabilities: 0
Base branch commit: 0d4c439f850955161bb80b25f879aa3be0fbc60d


Total libraries scanned: 3091

Scan token: e65dec6c57cd4cd1828bea552503f48c

View more details on Dev - Mend for GitHub.com