Update dependency jsonwebtoken to ^9.0.3 (main) #144
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue |
|---|---|---|---|---|---|---|
CVE-616547-419802Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> sdk-1.13.2.tgz (Root Library) -> express-5.0.1.tgz -> ❌ parseurl-1.3.3.tgz (Vulnerable Library) |
 Critical |
9.8 | Transitive parseurl-1.3.3.tgz |
sdk-1.13.2.tgz | None | |
CVE-398484-724968Path to dependency file: /oas_docs/package.json Path to vulnerable library: /oas_docs/package.json,/package.json Dependency Hierarchy: -> jsonwebtoken-9.0.3.tgz (Root Library) -> ❌ ms-2.1.3.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive ms-2.1.3.tgz |
jsonwebtoken-9.0.3.tgz | None | |
CVE-398484-724968Path to dependency file: /oas_docs/package.json Path to vulnerable library: /oas_docs/package.json,/package.json Dependency Hierarchy: -> elastic-apm-node-4.13.0.tgz (Root Library) -> agentkeepalive-4.2.1.tgz -> humanize-ms-1.2.1.tgz -> ❌ ms-2.1.3.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive ms-2.1.3.tgz |
elastic-apm-node-4.13.0.tgz | None | |
CVE-398484-724968Path to dependency file: /oas_docs/package.json Path to vulnerable library: /oas_docs/package.json,/package.json Dependency Hierarchy: -> bump-cli-2.8.4.tgz (Root Library) -> debug-4.3.7.tgz -> ❌ ms-2.1.3.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive ms-2.1.3.tgz |
bump-cli-2.8.4.tgz | None | |
CVE-398484-724968Path to dependency file: /oas_docs/package.json Path to vulnerable library: /oas_docs/package.json,/package.json Dependency Hierarchy: -> elasticsearch-9.1.1.tgz (Root Library) -> transport-9.0.1.tgz -> ❌ ms-2.1.3.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive ms-2.1.3.tgz |
elasticsearch-9.1.1.tgz | None | |
CVE-289561-266276Dependency Hierarchy: -> cli-1.34.5.tgz (Root Library) -> glob-7.2.3.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
cli-1.34.5.tgz | None | |
CVE-289561-266276Dependency Hierarchy: -> inquirer-8.2.7.tgz (Root Library) -> ora-5.4.1.tgz -> bl-4.1.0.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
inquirer-8.2.7.tgz | None | |
CVE-289561-266276Dependency Hierarchy: -> openpgp-5.11.3.tgz (Root Library) -> asn1.js-5.4.1.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
openpgp-5.11.3.tgz | None | |
CVE-289561-266276Dependency Hierarchy: -> del-6.1.1.tgz (Root Library) -> rimraf-3.0.2.tgz -> glob-7.2.3.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
del-6.1.1.tgz | None | |
CVE-289561-266276Dependency Hierarchy: -> wellknown-0.5.0.tgz (Root Library) -> concat-stream-1.5.2.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
wellknown-0.5.0.tgz | None | |
CVE-289561-266276Dependency Hierarchy: -> borc-3.0.0.tgz (Root Library) -> readable-stream-3.6.2.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
borc-3.0.0.tgz | None | |
CVE-289561-266276Dependency Hierarchy: -> sdk-1.13.2.tgz (Root Library) -> express-5.0.1.tgz -> http-errors-2.0.0.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
sdk-1.13.2.tgz | None | |
CVE-289561-266276Dependency Hierarchy: -> server-11.11.0.tgz (Root Library) -> multipipe-1.0.2.tgz -> duplexer2-0.1.4.tgz -> readable-stream-2.3.8.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
server-11.11.0.tgz | None | |
CVE-2025-12735Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ expr-eval-2.0.2.tgz (Vulnerable Library) |
Critical |
9.8 | Direct expr-eval-2.0.2.tgz |
expr-eval-2.0.2.tgz | expr-eval-fork - 3.0.0,expr-eval-fork - 3.0.1 | None |
CVE-154062-641864Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> sdk-1.13.2.tgz (Root Library) -> express-5.0.1.tgz -> on-finished-2.4.1.tgz -> ❌ ee-first-1.1.1.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive ee-first-1.1.1.tgz |
sdk-1.13.2.tgz | None | |
| Critical |
9.8 | Direct lodash-4.17.21.tgz |
lodash-4.17.21.tgz | None | ||
CVE-105163-391686Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ jquery-3.7.1.tgz (Vulnerable Library) |
Critical |
9.8 | Direct jquery-3.7.1.tgz |
jquery-3.7.1.tgz | None | |
CVE-2022-1227Path to dependency file: /oas_docs/package.json Path to vulnerable library: /oas_docs/package.json Dependency Hierarchy: -> cli-1.34.5.tgz (Root Library) -> redoc-2.5.0.tgz -> ❌ prismjs-1.29.0.tgz (Vulnerable Library) |
 High |
8.8 | Transitive prismjs-1.29.0.tgz |
cli-1.34.5.tgz | Transitive github.com/containers/psgo - v1.7.2,react - 15.0.1,https://github.com/containers/psgo.git - no_fix,https://github.com/containers/podman.git - no_fix |
None |
CVE-2025-12816Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ node-forge-1.3.1.tgz (Vulnerable Library) |
High |
8.6 | Direct node-forge-1.3.1.tgz |
node-forge-1.3.1.tgz | node-forge - 1.3.2 | None |
CVE-2025-68154Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> opentelemetry-node-1.2.0.tgz (Root Library) -> host-metrics-0.36.0.tgz -> ❌ systeminformation-5.23.8.tgz (Vulnerable Library) |
High |
8.1 | Transitive systeminformation-5.23.8.tgz |
opentelemetry-node-1.2.0.tgz | Transitive systeminformation - 5.27.14 |
None |
CVE-2025-59840Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ vega-5.33.0.tgz (Vulnerable Library) |
High |
8.1 | Direct vega-5.33.0.tgz |
vega-5.33.0.tgz | vega-interpreter - 2.2.1,vega-interpreter - 1.2.1,vega-expression - 5.2.1,vega-expression - 6.1.0,vega - 6.2.0,vega - 6.2.0 | None |
MSC-2025-10528Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ jquery-3.7.1.tgz (Vulnerable Library) |
High |
7.8 | Direct jquery-3.7.1.tgz |
jquery-3.7.1.tgz | None | |
CVE-2025-66031Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ node-forge-1.3.1.tgz (Vulnerable Library) |
High |
7.5 | Direct node-forge-1.3.1.tgz |
node-forge-1.3.1.tgz | node-forge - 1.3.2 | None |
CVE-2025-65945Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> google-auth-library-9.10.0.tgz (Root Library) -> ❌ jws-4.0.0.tgz (Vulnerable Library) |
High |
7.5 | Transitive jws-4.0.0.tgz |
google-auth-library-9.10.0.tgz | Transitive jws - 3.2.3,jws - 4.0.1 |
None |
CVE-2025-64756Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> tar-7.4.3.tgz (Root Library) -> minizlib-3.0.1.tgz -> rimraf-5.0.10.tgz -> ❌ glob-10.4.5.tgz (Vulnerable Library) |
High |
7.5 | Transitive glob-10.4.5.tgz |
tar-7.4.3.tgz | Transitive glob - 11.1.0,glob - 10.5.0 |
None |
CVE-2025-64756Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> archiver-7.0.1.tgz (Root Library) -> archiver-utils-5.0.2.tgz -> ❌ glob-10.4.5.tgz (Vulnerable Library) |
High |
7.5 | Transitive glob-10.4.5.tgz |
archiver-7.0.1.tgz | Transitive glob - 11.1.0,glob - 10.5.0 |
None |
CVE-2025-58754Path to dependency file: /oas_docs/package.json Path to vulnerable library: /oas_docs/package.json Dependency Hierarchy: -> bump-cli-2.8.4.tgz (Root Library) -> ❌ axios-1.7.7.tgz (Vulnerable Library) |
High |
7.5 | Transitive axios-1.7.7.tgz |
bump-cli-2.8.4.tgz | Transitive 1.12.0 |
None |
CVE-2025-57319Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> elastic-apm-node-4.13.0.tgz (Root Library) -> pino-8.15.1.tgz -> ❌ fast-redact-3.1.2.tgz (Vulnerable Library) |
High |
7.5 | Transitive fast-redact-3.1.2.tgz |
elastic-apm-node-4.13.0.tgz | None | |
CVE-2025-11362Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ pdfmake-0.2.15.tgz (Vulnerable Library) |
High |
7.5 | Direct pdfmake-0.2.15.tgz |
pdfmake-0.2.15.tgz | pdfmake - 0.3.0-beta.17,pdfmake - 0.3.0-beta.17 | None |
CVE-2012-3412Path to dependency file: /oas_docs/package.json Path to vulnerable library: /oas_docs/package.json Dependency Hierarchy: -> cli-1.34.5.tgz (Root Library) -> redoc-2.5.0.tgz -> ❌ prismjs-1.29.0.tgz (Vulnerable Library) |
High |
7.5 | Transitive prismjs-1.29.0.tgz |
cli-1.34.5.tgz | Transitive 3.2.30 |
None |
CVE-2025-13204Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ expr-eval-2.0.2.tgz (Vulnerable Library) |
High |
7.3 | Direct expr-eval-2.0.2.tgz |
expr-eval-2.0.2.tgz | None | |
CVE-2015-9251Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ jquery-3.7.1.tgz (Vulnerable Library) |
 Medium |
6.1 | Direct jquery-3.7.1.tgz |
jquery-3.7.1.tgz | jquery - 3.0.0,org.webjars.npm:jquery:1.12.2,jQuery - 3.0.0,jquery-rails - 4.2.0,jquery - 1.12.2,org.webjars.npm:jquery:3.0.0,jQuery - 1.12.2,jQuery - 3.0.0,org.webjars.npm:jquery:1.12.2,org.webjars.npm:jquery:3.0.0,jquery - 3.0.0,jquery - 1.12.2,jQuery - 1.12.2,jquery-rails - 4.2.0 | None |
CVE-2025-13466Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> sdk-1.13.2.tgz (Root Library) -> express-5.0.1.tgz -> ❌ body-parser-2.2.0.tgz (Vulnerable Library) |
Medium |
5.8 | Transitive body-parser-2.2.0.tgz |
sdk-1.13.2.tgz | Transitive body-parser - 2.2.1 |
None |
MSC-2025-10533Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ jquery-3.7.1.tgz (Vulnerable Library) |
Medium |
5.3 | Direct jquery-3.7.1.tgz |
jquery-3.7.1.tgz | None | |
CVE-2025-66030Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ node-forge-1.3.1.tgz (Vulnerable Library) |
Medium |
5.3 | Direct node-forge-1.3.1.tgz |
node-forge-1.3.1.tgz | node-forge - 1.3.2 | None |
CVE-2024-51999Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> sdk-1.13.2.tgz (Root Library) -> ❌ express-5.0.1.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive express-5.0.1.tgz |
sdk-1.13.2.tgz | Transitive express - 4.22.0,express - 5.2.0 |
None |
CVE-2019-3820Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ jquery-3.7.1.tgz (Vulnerable Library) |
Medium |
4.3 | Direct jquery-3.7.1.tgz |
jquery-3.7.1.tgz | None | |
CVE-2025-5889Path to dependency file: /oas_docs/package.json Path to vulnerable library: /oas_docs/package.json Dependency Hierarchy: -> cli-1.34.5.tgz (Root Library) -> glob-7.2.3.tgz -> minimatch-3.1.2.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
 Low |
3.1 | Transitive brace-expansion-1.1.11.tgz |
cli-1.34.5.tgz | Transitive 2.0.2 |
None |
CVE-2025-5889Path to dependency file: /oas_docs/package.json Path to vulnerable library: /oas_docs/package.json Dependency Hierarchy: -> cli-1.34.5.tgz (Root Library) -> openapi-core-1.34.5.tgz -> minimatch-5.1.6.tgz -> ❌ brace-expansion-2.0.1.tgz (Vulnerable Library) |
Low |
3.1 | Transitive brace-expansion-2.0.1.tgz |
cli-1.34.5.tgz | Transitive 2.0.2 |
None |
CVE-2025-5889Path to dependency file: /oas_docs/package.json Path to vulnerable library: /oas_docs/package.json Dependency Hierarchy: -> bump-cli-2.8.4.tgz (Root Library) -> core-1.20.4.tgz -> ejs-3.1.10.tgz -> jake-10.9.2.tgz -> filelist-1.0.4.tgz -> minimatch-5.1.6.tgz -> ❌ brace-expansion-2.0.1.tgz (Vulnerable Library) |
Low |
3.1 | Transitive brace-expansion-2.0.1.tgz |
bump-cli-2.8.4.tgz | Transitive 2.0.2 |
None |
Base branch total remaining vulnerabilities: 0
Base branch commit: 0d4c439f850955161bb80b25f879aa3be0fbc60d
Total libraries scanned: 3092
Scan token: a3e1931f6c014aa19f6a28137e7f6199