Update dependency nuxt to v2.11.0 #137
Security Report
❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: php. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
❌ New vulnerabilities:
Partial results (48 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
CVE-2026-33750Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json,/src/Administration/Resources/app/administration/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json Dependency Hierarchy: -> mocha-7.2.0.tgz (Root Library) -> glob-7.1.3.tgz -> minimatch-3.1.2.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
 Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
mocha-7.2.0.tgz | Transitive Upgrade to version brace-expansion - 2.0.3 or greater |
#31 |
|
CVE-2026-33750Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json,/src/Administration/Resources/app/administration/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json Dependency Hierarchy: -> eslint-config-base-2.0.0.tgz (Root Library) -> eslint-plugin-import-2.26.0.tgz -> minimatch-3.1.2.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
eslint-config-base-2.0.0.tgz | Transitive Upgrade to version brace-expansion - 2.0.3 or greater |
#25 |
|
CVE-2026-33750Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json,/src/Administration/Resources/app/administration/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json Dependency Hierarchy: -> fork-ts-checker-webpack-plugin-6.5.3.tgz (Root Library) -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
fork-ts-checker-webpack-plugin-6.5.3.tgz | Transitive Upgrade to version brace-expansion - 2.0.3 or greater |
#14 |
|
CVE-2026-33750Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json,/src/Administration/Resources/app/administration/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json Dependency Hierarchy: -> nuxt-2.11.0.tgz (Root Library) -> webpack-2.11.0.tgz -> style-resources-loader-1.5.0.tgz -> glob-7.2.3.tgz -> minimatch-3.1.5.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
nuxt-2.11.0.tgz | Transitive Upgrade to version brace-expansion - 2.0.3 or greater |
None |
|
CVE-2026-33750Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json,/src/Administration/Resources/app/administration/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json Dependency Hierarchy: -> glob-7.1.4.tgz (Root Library) -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
glob-7.1.4.tgz | Transitive Upgrade to version brace-expansion - 2.0.3 or greater |
#21 |
|
CVE-2026-33750Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json,/src/Administration/Resources/app/administration/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json Dependency Hierarchy: -> webpack-plugin-injector-1.0.7.tgz (Root Library) -> copy-webpack-plugin-5.1.2.tgz -> minimatch-3.1.2.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-1.1.11.tgz |
webpack-plugin-injector-1.0.7.tgz | Transitive Upgrade to version brace-expansion - 2.0.3 or greater |
#4 |
|
CVE-2025-53892Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json Dependency Hierarchy: -> ❌ vue-i18n-9.2.2.tgz (Vulnerable Library) |
Medium |
6.1 | Direct vue-i18n-9.2.2.tgz |
vue-i18n-9.2.2.tgz | https://github.com/intlify/vue-i18n.git - no_fix | None |
|
CVE-2026-25645Path to dependency file: /src/Core/DevOps/Locust/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260327231337_ZFNVXZ/python_YPMOCW/202603272313381/env/lib/python3.9/site-packages/requests-2.32.5.dist-info Dependency Hierarchy: -> ❌ requests-2.32.5-py3-none-any.whl (Vulnerable Library) |
Medium |
4.4 | Direct requests-2.32.5-py3-none-any.whl |
requests-2.32.5-py3-none-any.whl | Upgrade to version requests - 2.33.0 or greater | None |
|
CVE-2025-54798Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> ❌ tmp-0.2.1.tgz (Vulnerable Library) |
 Low |
2.5 | Transitive tmp-0.2.1.tgz |
cypress-3.1.2.tgz | Transitive 0.2.4 |
None |
|
CVE-2024-29415Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Dependency Hierarchy: -> nuxt-2.11.0.tgz (Root Library) -> core-2.11.0.tgz -> server-2.11.0.tgz -> ❌ ip-1.1.9.tgz (Vulnerable Library) |
 Critical |
9.1 | Transitive ip-1.1.9.tgz |
nuxt-2.11.0.tgz | Transitive no_fix,ip - no_fix,https://github.com/indutny/node-ip.git - no_fix |
None |
|
CVE-2025-7783Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> request-2.88.12.tgz -> ❌ form-data-2.3.3.tgz (Vulnerable Library) |
 High |
8.7 | Transitive form-data-2.3.3.tgz |
cypress-3.1.2.tgz | None |
|
|
CVE-2026-4867Path to dependency file: /src/Storefront/Resources/app/storefront/package.json Path to vulnerable library: /src/Storefront/Resources/app/storefront/package.json,/src/Administration/Resources/app/administration/package.json Dependency Hierarchy: -> cli-0.11.0.tgz (Root Library) -> express-4.18.2.tgz -> ❌ path-to-regexp-0.1.7.tgz (Vulnerable Library) |
High |
7.5 | Transitive path-to-regexp-0.1.7.tgz |
cli-0.11.0.tgz | Transitive Upgrade to version path-to-regexp - 0.1.13 or greater |
#29 |
|
CVE-2026-4867Path to dependency file: /src/Storefront/Resources/app/storefront/package.json Path to vulnerable library: /src/Storefront/Resources/app/storefront/package.json,/src/Administration/Resources/app/administration/package.json Dependency Hierarchy: -> cli-0.9.0.tgz (Root Library) -> express-4.18.2.tgz -> ❌ path-to-regexp-0.1.7.tgz (Vulnerable Library) |
High |
7.5 | Transitive path-to-regexp-0.1.7.tgz |
cli-0.9.0.tgz | Transitive Upgrade to version path-to-regexp - 0.1.13 or greater |
#1 |
|
CVE-2026-33895Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json Dependency Hierarchy: -> webpack-dev-server-3.11.3.tgz (Root Library) -> selfsigned-1.10.11.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High |
7.5 | Transitive node-forge-0.10.0.tgz |
webpack-dev-server-3.11.3.tgz | Transitive Upgrade to version node-forge - 1.4.0 or greater |
#20 |
|
CVE-2026-33894Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json Dependency Hierarchy: -> webpack-dev-server-3.11.3.tgz (Root Library) -> selfsigned-1.10.11.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High |
7.5 | Transitive node-forge-0.10.0.tgz |
webpack-dev-server-3.11.3.tgz | Transitive Upgrade to version node-forge - 1.4.0 or greater |
#20 |
|
CVE-2026-33891Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json Dependency Hierarchy: -> webpack-dev-server-3.11.3.tgz (Root Library) -> selfsigned-1.10.11.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High |
7.5 | Transitive node-forge-0.10.0.tgz |
webpack-dev-server-3.11.3.tgz | Transitive Upgrade to version node-forge - 1.4.0 or greater |
#20 |
|
CVE-2026-33671Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json Dependency Hierarchy: -> mocha-7.2.0.tgz (Root Library) -> chokidar-3.3.0.tgz -> anymatch-3.1.3.tgz -> ❌ picomatch-2.3.1.tgz (Vulnerable Library) |
High |
7.5 | Transitive picomatch-2.3.1.tgz |
mocha-7.2.0.tgz | Transitive Upgrade to version picomatch - 4.0.4 or greater |
#31 |
|
CVE-2026-33671Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json Dependency Hierarchy: -> jest-environment-jsdom-29.5.0.tgz (Root Library) -> jest-util-29.5.0.tgz -> ❌ picomatch-2.3.1.tgz (Vulnerable Library) |
High |
7.5 | Transitive picomatch-2.3.1.tgz |
jest-environment-jsdom-29.5.0.tgz | Transitive Upgrade to version picomatch - 4.0.4 or greater |
None |
|
CVE-2026-33671Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json Dependency Hierarchy: -> fork-ts-checker-webpack-plugin-6.5.3.tgz (Root Library) -> chokidar-3.4.2.tgz -> readdirp-3.4.0.tgz -> ❌ picomatch-2.3.1.tgz (Vulnerable Library) |
High |
7.5 | Transitive picomatch-2.3.1.tgz |
fork-ts-checker-webpack-plugin-6.5.3.tgz | Transitive Upgrade to version picomatch - 4.0.4 or greater |
#14 |
|
CVE-2026-33671Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json Dependency Hierarchy: -> ts-loader-8.4.0.tgz (Root Library) -> micromatch-4.0.5.tgz -> ❌ picomatch-2.3.1.tgz (Vulnerable Library) |
High |
7.5 | Transitive picomatch-2.3.1.tgz |
ts-loader-8.4.0.tgz | Transitive Upgrade to version picomatch - 4.0.4 or greater |
#23 |
|
CVE-2026-33671Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Dependency Hierarchy: -> sass-1.51.0.tgz (Root Library) -> chokidar-3.5.3.tgz -> anymatch-3.1.2.tgz -> ❌ picomatch-2.0.7.tgz (Vulnerable Library) |
High |
7.5 | Transitive picomatch-2.0.7.tgz |
sass-1.51.0.tgz | Transitive Upgrade to version picomatch - 4.0.4 or greater |
#22 |
|
CVE-2026-33671Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json Dependency Hierarchy: -> sass-1.51.0.tgz (Root Library) -> chokidar-3.5.3.tgz -> readdirp-3.6.0.tgz -> ❌ picomatch-2.3.1.tgz (Vulnerable Library) |
High |
7.5 | Transitive picomatch-2.3.1.tgz |
sass-1.51.0.tgz | Transitive Upgrade to version picomatch - 4.0.4 or greater |
#22 |
|
CVE-2026-33896Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json Dependency Hierarchy: -> webpack-dev-server-3.11.3.tgz (Root Library) -> selfsigned-1.10.11.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High |
7.4 | Transitive node-forge-0.10.0.tgz |
webpack-dev-server-3.11.3.tgz | Transitive Upgrade to version node-forge - 1.4.0 or greater |
#20 |
|
CVE-2026-33750Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json Dependency Hierarchy: -> test-utils-2.3.2.tgz (Root Library) -> js-beautify-1.14.6.tgz -> glob-8.1.0.tgz -> minimatch-5.1.6.tgz -> ❌ brace-expansion-2.0.1.tgz (Vulnerable Library) |
Medium |
6.5 | Transitive brace-expansion-2.0.1.tgz |
test-utils-2.3.2.tgz | Transitive Upgrade to version brace-expansion - 2.0.3 or greater |
#48 |
|
CVE-2024-43788Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Dependency Hierarchy: -> nuxt-2.11.0.tgz (Root Library) -> webpack-2.11.0.tgz -> ❌ webpack-4.47.0.tgz (Vulnerable Library) |
Medium |
6.4 | Transitive webpack-4.47.0.tgz |
nuxt-2.11.0.tgz | Transitive besnik/laravel-filtering - no_fix,piksera/core - no_fix,auspice - no_fix,axistrustee/compliance-overview - no_fix,chilister/nova-translation-manager - no_fix,slackstone/radix_rsvp - no_fix,na-ekb/service-site-module - no_fix,dnaklik/dna-exchange-bundle - no_fix,saphyr-solutions/saphyr-web-generator - no_fix,rogelio1502/ef-package - no_fix,meesy/shopavel - no_fix,habeuk/wb_universe - no_fix,flarum/ai-toolkit - no_fix,ryguy2407/nwostarter - no_fix,Fable.Sutil.Templates - no_fix,ViewPacker - no_fix,buddy/deploy-buddy - no_fix,antoniosiles/nova-4-card-map-plus - no_fix,org.webjars.npm:webpack:no_fix,bigeweb/framework - no_fix,webpack - no_fix,Envisia.DotNet.Templates - no_fix,narirock/marrs-catalog - no_fix,laraxot/module_job_fila3 - no_fix,lsi.js.build - no_fix,imumz/nova-4-card-map - no_fix,XivoBlue.CleanArchitecture.MechanicalEngineering.Template - no_fix,jeffersonpereira/realestatelaravel - no_fix,rzakhanov/translation - no_fix,stephane888/wb_universe - no_fix,andrew-vozniak/pantheon - no_fix,gmsl/flarum-abc - no_fix,vesperphp/project - no_fix,stephane888/generate_style_theme - no_fix |
None |
|
CVE-2023-28155Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> ❌ request-2.88.12.tgz (Vulnerable Library) |
Medium |
6.1 | Transitive request-2.88.12.tgz |
cypress-3.1.2.tgz | Transitive 3.0.0 |
None |
|
CVE-2026-34043Path to dependency file: /src/Storefront/Resources/app/storefront/package.json Path to vulnerable library: /src/Storefront/Resources/app/storefront/package.json Dependency Hierarchy: -> terser-webpack-plugin-5.3.6.tgz (Root Library) -> ❌ serialize-javascript-6.0.0.tgz (Vulnerable Library) |
Medium |
5.9 | Transitive serialize-javascript-6.0.0.tgz |
terser-webpack-plugin-5.3.6.tgz | Transitive Upgrade to version serialize-javascript - 7.0.5 or greater |
None |
|
CVE-2026-34043Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json Dependency Hierarchy: -> webpack-plugin-injector-1.0.6.tgz (Root Library) -> copy-webpack-plugin-5.1.2.tgz -> ❌ serialize-javascript-4.0.0.tgz (Vulnerable Library) |
Medium |
5.9 | Transitive serialize-javascript-4.0.0.tgz |
webpack-plugin-injector-1.0.6.tgz | Transitive Upgrade to version serialize-javascript - 7.0.5 or greater |
#10 |
|
CVE-2026-34043Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json Dependency Hierarchy: -> copy-webpack-plugin-6.4.1.tgz (Root Library) -> ❌ serialize-javascript-5.0.1.tgz (Vulnerable Library) |
Medium |
5.9 | Transitive serialize-javascript-5.0.1.tgz |
copy-webpack-plugin-6.4.1.tgz | Transitive Upgrade to version serialize-javascript - 7.0.5 or greater |
#13 |
|
CVE-2026-34043Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json Dependency Hierarchy: -> terser-webpack-plugin-4.2.3.tgz (Root Library) -> ❌ serialize-javascript-5.0.1.tgz (Vulnerable Library) |
Medium |
5.9 | Transitive serialize-javascript-5.0.1.tgz |
terser-webpack-plugin-4.2.3.tgz | Transitive Upgrade to version serialize-javascript - 7.0.5 or greater |
#27 |
|
CVE-2026-34043Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Dependency Hierarchy: -> nuxt-2.11.0.tgz (Root Library) -> builder-2.11.0.tgz -> ❌ serialize-javascript-2.1.2.tgz (Vulnerable Library) |
Medium |
5.9 | Transitive serialize-javascript-2.1.2.tgz |
nuxt-2.11.0.tgz | Transitive Upgrade to version serialize-javascript - 7.0.5 or greater |
None |
|
CVE-2026-34043Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json Dependency Hierarchy: -> nuxt-2.11.0.tgz (Root Library) -> webpack-2.11.0.tgz -> terser-webpack-plugin-2.3.8.tgz -> ❌ serialize-javascript-4.0.0.tgz (Vulnerable Library) |
Medium |
5.9 | Transitive serialize-javascript-4.0.0.tgz |
nuxt-2.11.0.tgz | Transitive Upgrade to version serialize-javascript - 7.0.5 or greater |
None |
|
CVE-2026-34043Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Dependency Hierarchy: -> nuxt-2.11.0.tgz (Root Library) -> core-2.11.0.tgz -> vue-renderer-2.11.0.tgz -> vue-server-renderer-2.7.16.tgz -> ❌ serialize-javascript-6.0.2.tgz (Vulnerable Library) |
Medium |
5.9 | Transitive serialize-javascript-6.0.2.tgz |
nuxt-2.11.0.tgz | Transitive Upgrade to version serialize-javascript - 7.0.5 or greater |
None |
|
CVE-2026-34043Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> terser-webpack-plugin-1.4.5.tgz -> ❌ serialize-javascript-4.0.0.tgz (Vulnerable Library) |
Medium |
5.9 | Transitive serialize-javascript-4.0.0.tgz |
webpack-4.46.0.tgz | Transitive Upgrade to version serialize-javascript - 7.0.5 or greater |
#18 |
|
CVE-2026-34043Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json,/src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Storefront/Resources/app/storefront/package.json Dependency Hierarchy: -> webpack-plugin-injector-1.0.7.tgz (Root Library) -> copy-webpack-plugin-5.1.2.tgz -> ❌ serialize-javascript-4.0.0.tgz (Vulnerable Library) |
Medium |
5.9 | Transitive serialize-javascript-4.0.0.tgz |
webpack-plugin-injector-1.0.7.tgz | Transitive Upgrade to version serialize-javascript - 7.0.5 or greater |
#4 |
|
CVE-2025-14505Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Dependency Hierarchy: -> nuxt-2.11.0.tgz (Root Library) -> webpack-2.11.0.tgz -> webpack-4.47.0.tgz -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.1.tgz -> create-ecdh-4.0.4.tgz -> ❌ elliptic-6.6.1.tgz (Vulnerable Library) |
Medium |
5.6 | Transitive elliptic-6.6.1.tgz |
nuxt-2.11.0.tgz | None |
|
|
CVE-2026-33993Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Dependency Hierarchy: -> twig-1.13.3.tgz (Root Library) -> ❌ locutus-2.0.11.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive locutus-2.0.11.tgz |
twig-1.13.3.tgz | Transitive Upgrade to version locutus - 3.0.25 or greater |
#6 |
|
CVE-2026-33993Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json Dependency Hierarchy: -> twig-1.15.4.tgz (Root Library) -> ❌ locutus-2.0.15.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive locutus-2.0.15.tgz |
twig-1.15.4.tgz | Transitive Upgrade to version locutus - 3.0.25 or greater |
#28 |
|
CVE-2026-33672Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json Dependency Hierarchy: -> mocha-7.2.0.tgz (Root Library) -> chokidar-3.3.0.tgz -> anymatch-3.1.3.tgz -> ❌ picomatch-2.3.1.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive picomatch-2.3.1.tgz |
mocha-7.2.0.tgz | Transitive Upgrade to version picomatch - 3.0.2 or greater |
#31 |
|
CVE-2026-33672Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json Dependency Hierarchy: -> jest-environment-jsdom-29.5.0.tgz (Root Library) -> jest-util-29.5.0.tgz -> ❌ picomatch-2.3.1.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive picomatch-2.3.1.tgz |
jest-environment-jsdom-29.5.0.tgz | Transitive Upgrade to version picomatch - 3.0.2 or greater |
None |
|
CVE-2026-33672Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json Dependency Hierarchy: -> fork-ts-checker-webpack-plugin-6.5.3.tgz (Root Library) -> chokidar-3.4.2.tgz -> readdirp-3.4.0.tgz -> ❌ picomatch-2.3.1.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive picomatch-2.3.1.tgz |
fork-ts-checker-webpack-plugin-6.5.3.tgz | Transitive Upgrade to version picomatch - 3.0.2 or greater |
#14 |
|
CVE-2026-33672Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json Dependency Hierarchy: -> ts-loader-8.4.0.tgz (Root Library) -> micromatch-4.0.5.tgz -> ❌ picomatch-2.3.1.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive picomatch-2.3.1.tgz |
ts-loader-8.4.0.tgz | Transitive Upgrade to version picomatch - 3.0.2 or greater |
#23 |
|
CVE-2026-33672Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Dependency Hierarchy: -> sass-1.51.0.tgz (Root Library) -> chokidar-3.5.3.tgz -> anymatch-3.1.2.tgz -> ❌ picomatch-2.0.7.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive picomatch-2.0.7.tgz |
sass-1.51.0.tgz | Transitive Upgrade to version picomatch - 3.0.2 or greater |
#22 |
|
CVE-2026-33672Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json,/src/Administration/Resources/app/administration/package.json,/tests/e2e/package.json Dependency Hierarchy: -> sass-1.51.0.tgz (Root Library) -> chokidar-3.5.3.tgz -> readdirp-3.6.0.tgz -> ❌ picomatch-2.3.1.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive picomatch-2.3.1.tgz |
sass-1.51.0.tgz | Transitive Upgrade to version picomatch - 3.0.2 or greater |
#22 |
|
CVE-2024-6783Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json Dependency Hierarchy: -> nuxt-2.11.0.tgz (Root Library) -> core-2.11.0.tgz -> vue-renderer-2.11.0.tgz -> ❌ vue-2.7.16.tgz (Vulnerable Library) |
Medium |
4.8 | Transitive vue-2.7.16.tgz |
nuxt-2.11.0.tgz | None |
|
|
CVE-2026-33532Path to dependency file: /src/Administration/Resources/app/administration/package.json Path to vulnerable library: /src/Administration/Resources/app/administration/package.json Dependency Hierarchy: -> fork-ts-checker-webpack-plugin-6.5.3.tgz (Root Library) -> cosmiconfig-6.0.0.tgz -> ❌ yaml-1.10.2.tgz (Vulnerable Library) |
Medium |
4.3 | Transitive yaml-1.10.2.tgz |
fork-ts-checker-webpack-plugin-6.5.3.tgz | Transitive Upgrade to version yaml - 2.8.3 or greater |
#14 |
|
CVE-2026-2391Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> request-2.88.12.tgz -> ❌ qs-6.10.4.tgz (Vulnerable Library) |
Low |
3.7 | Transitive qs-6.10.4.tgz |
cypress-3.1.2.tgz | Transitive 6.14.2 |
None |
|
CVE-2025-15284Path to dependency file: /tests/e2e/package.json Path to vulnerable library: /tests/e2e/package.json Dependency Hierarchy: -> cypress-3.1.2.tgz (Root Library) -> cypress-12.17.4.tgz -> request-2.88.12.tgz -> ❌ qs-6.10.4.tgz (Vulnerable Library) |
Low |
3.7 | Transitive qs-6.10.4.tgz |
cypress-3.1.2.tgz | Transitive qs - 6.14.1 |
None |
|
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2020-8203 | lodash-4.17.15.tgz |
| CVE-2022-0235 | node-fetch-2.6.0.tgz |
| CVE-2021-23337 | lodash-4.17.15.tgz |
| GHSA-8x6c-cv3v-vp6g | cacheable-request-6.1.0.tgz |
| CVE-2025-14505 | elliptic-6.5.2.tgz |
| CVE-2024-21538 | cross-spawn-7.0.1.tgz |
| CVE-2020-28469 | glob-parent-5.1.0.tgz |
| CVE-2021-27290 | ssri-7.1.0.tgz |
| CVE-2024-45590 | body-parser-1.19.0.tgz |
| CVE-2021-23424 | ansi-html-0.0.7.tgz |
| CVE-2021-23343 | path-parse-1.0.6.tgz |
| CVE-2020-7733 | ua-parser-js-0.7.20.tgz |
| CVE-2024-42461 | elliptic-6.5.2.tgz |
| CVE-2024-43800 | serve-static-1.14.1.tgz |
| CVE-495493-603164 | delegates-1.0.0.tgz |
| CVE-2022-24999 | qs-6.7.0.tgz |
| CVE-2020-13822 | elliptic-6.5.2.tgz |
| CVE-2022-25881 | http-cache-semantics-4.1.0.tgz |
| CVE-2021-37701 | tar-4.4.8.tgz |
| CVE-2024-9506 | vue-template-compiler-2.6.10.tgz |
| CVE-796484-931798 | lodash-4.17.15.tgz |
| CVE-2022-46175 | json5-2.1.1.tgz |
| CVE-2021-23364 | browserslist-4.8.2.tgz |
| CVE-2021-29060 | color-string-1.5.3.tgz |
| CVE-2020-28500 | lodash-4.17.15.tgz |
| CVE-2020-8116 | dot-prop-4.2.0.tgz |
| CVE-2021-29059 | is-svg-3.0.0.tgz |
| CVE-2021-3807 | ansi-regex-5.0.0.tgz |
| CVE-2025-26862 | urllib3-2.2.3-py3-none-any.whl |
| CVE-2020-15168 | node-fetch-2.6.0.tgz |
| CVE-2025-13466 | body-parser-1.19.0.tgz |
| CVE-2025-6545 | pbkdf2-3.0.17.tgz |
| WS-2020-0042 | acorn-6.3.0.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.8.tgz |
| CVE-2026-21441 | urllib3-2.2.3-py3-none-any.whl |
| WS-2019-0424 | elliptic-6.5.2.tgz |
| CVE-2020-28498 | elliptic-6.5.2.tgz |
| CVE-2021-41248 | simplepeer-5.11.6.min.js |
| CVE-2022-25927 | ua-parser-js-0.7.20.tgz |
| CVE-2021-37712 | tar-4.4.8.tgz |
| GHSA-6chw-6frg-f759 | acorn-6.3.0.tgz |
| CVE-2020-7660 | serialize-javascript-1.9.1.tgz |
| CVE-2021-23382 | postcss-7.0.24.tgz |
| CVE-2024-42459 | elliptic-6.5.2.tgz |
| CVE-2024-34343 | nuxt-2.10.2.tgz |
| CVE-2024-9506 | vue-server-renderer-2.6.10.tgz |
| WS-2021-0152 | color-string-1.5.3.tgz |
| CVE-2024-43796 | express-4.17.1.tgz |
| CVE-2024-42460 | elliptic-6.5.2.tgz |
| CVE-2021-28092 | is-svg-3.0.0.tgz |
| GHSA-7fhm-mqm4-2wp7 | acorn-6.3.0.tgz |
| CVE-2020-7793 | ua-parser-js-0.7.20.tgz |
| CVE-2021-27292 | ua-parser-js-0.7.20.tgz |
| CVE-2025-50182 | urllib3-2.2.3-py3-none-any.whl |
| GHSA-7fhm-mqm4-2wp7 | minimist-1.2.0.tgz |
| CVE-2021-37713 | tar-4.4.8.tgz |
| CVE-2024-43788 | webpack-4.41.2.tgz |
| CVE-2024-47081 | requests-2.32.3-py3-none-any.whl |
| CVE-2022-37598 | uglify-js-3.7.2.tgz |
| CVE-2024-6783 | vue-2.6.10.tgz |
| CVE-2019-16769 | serialize-javascript-1.9.1.tgz |
| CVE-2025-6547 | pbkdf2-3.0.17.tgz |
| CVE-2021-32640 | ws-6.2.1.tgz |
| CVE-2021-32804 | tar-4.4.8.tgz |
| CVE-2025-66471 | urllib3-2.2.3-py3-none-any.whl |
| CVE-2026-2739 | bn.js-4.11.8.tgz |
| CVE-2021-23368 | postcss-7.0.24.tgz |
| CVE-2024-47764 | cookie-0.4.0.tgz |
| CVE-2025-15284 | qs-6.7.0.tgz |
| CVE-2022-25883 | semver-5.7.0.tgz |
| CVE-2021-32803 | tar-4.4.8.tgz |
| CVE-2021-42740 | shell-quote-1.7.2.tgz |
| CVE-2026-2391 | qs-6.7.0.tgz |
| CVE-2024-9506 | vue-2.6.10.tgz |
| CVE-2024-10491 | express-4.17.1.tgz |
| CVE-2025-50181 | urllib3-2.2.3-py3-none-any.whl |
Base branch total remaining vulnerabilities: 235
Base branch commit: 1b8f1edc25bd7944b5e311b8c721e862ea8ac1c8
Total libraries scanned: 2432
Scan token: fb56a514228c4dbfaad0ec76681de060