Update dependency dompurify to v3.2.4 #62
Security Report
❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: php. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
CVE-2025-53892Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json Dependency Hierarchy: -> ❌ vue-i18n-9.2.2.tgz (Vulnerable Library) |
 Medium |
6.1 | Direct vue-i18n-9.2.2.tgz |
vue-i18n-9.2.2.tgz | https://github.com/intlify/vue-i18n.git - no_fix | None |
|
CVE-2025-54798Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> ❌ tmp-0.2.1.tgz (Vulnerable Library) |
 Low |
2.5 | Transitive tmp-0.2.1.tgz |
cypress-3.1.2.tgz | Transitive 0.2.4 |
None |
|
CVE-2025-7783Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> request-2.88.12.tgz -> ❌ form-data-2.3.3.tgz (Vulnerable Library) |
 High |
8.7 | Transitive form-data-2.3.3.tgz |
cypress-3.1.2.tgz | None |
|
|
CVE-2023-28155Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> ❌ request-2.88.12.tgz (Vulnerable Library) |
Medium |
6.1 | Transitive request-2.88.12.tgz |
cypress-3.1.2.tgz | Transitive 3.0.0 |
None |
|
CVE-2026-2391Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> request-2.88.12.tgz -> ❌ qs-6.10.4.tgz (Vulnerable Library) |
Low |
3.7 | Transitive qs-6.10.4.tgz |
cypress-3.1.2.tgz | Transitive 6.14.2 |
None |
|
CVE-2025-15284Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> request-2.88.12.tgz -> ❌ qs-6.10.4.tgz (Vulnerable Library) |
Low |
3.7 | Transitive qs-6.10.4.tgz |
cypress-3.1.2.tgz | Transitive qs - 6.14.1 |
None |
|
CVE-893166-217151Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> request-2.88.12.tgz -> ❌ form-data-2.3.3.tgz (Vulnerable Library) |
 Critical |
9.8 | Transitive form-data-2.3.3.tgz |
cypress-3.1.2.tgz | None | ||
CVE-814504-1548Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> request-2.88.12.tgz -> ❌ isstream-0.1.2.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive isstream-0.1.2.tgz |
cypress-3.1.2.tgz | None | ||
CVE-72435-185255Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> request-2.88.12.tgz -> http-signature-1.3.6.tgz -> sshpk-1.17.0.tgz -> ❌ tweetnacl-0.14.5.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive tweetnacl-0.14.5.tgz |
cypress-3.1.2.tgz | None | ||
CVE-402712-500231Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> request-2.88.12.tgz -> http-signature-1.3.6.tgz -> sshpk-1.17.0.tgz -> ❌ dashdash-1.14.1.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive dashdash-1.14.1.tgz |
cypress-3.1.2.tgz | None | ||
CVE-295712-399081Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> request-2.88.12.tgz -> http-signature-1.3.6.tgz -> sshpk-1.17.0.tgz -> ❌ asn1-0.2.6.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive asn1-0.2.6.tgz |
cypress-3.1.2.tgz | None |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2021-33502 | normalize-url-3.3.0.tgz |
| GHSA-8x6c-cv3v-vp6g | cacheable-request-6.1.0.tgz |
| CVE-2021-33502 | normalize-url-1.9.1.tgz |
| CVE-2025-26791 | dompurify-3.0.1.tgz |
| CVE-2022-25881 | http-cache-semantics-4.1.0.tgz |
| CVE-2021-33587 | css-what-2.1.3.tgz |
| CVE-2025-26862 | urllib3-2.2.3-py3-none-any.whl |
| CVE-2021-33587 | css-what-3.2.1.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.8.tgz |
| CVE-2026-21441 | urllib3-2.2.3-py3-none-any.whl |
| GHSA-6chw-6frg-f759 | acorn-6.3.0.tgz |
| GHSA-7fhm-mqm4-2wp7 | acorn-6.3.0.tgz |
| CVE-2025-50182 | urllib3-2.2.3-py3-none-any.whl |
| GHSA-7fhm-mqm4-2wp7 | minimist-1.2.0.tgz |
| CVE-2024-47081 | requests-2.32.3-py3-none-any.whl |
| CVE-2025-66471 | urllib3-2.2.3-py3-none-any.whl |
| CVE-2024-45801 | dompurify-3.0.1.tgz |
| CVE-2025-50181 | urllib3-2.2.3-py3-none-any.whl |
Base branch total remaining vulnerabilities: 235
Base branch commit: c3bfeab8ee549fbc0a78e721eeab90ec8dc4e9ce
Total libraries scanned: 2386
Scan token: 338a89edd6ec4943811908d275bfcaa8