Update dependency express to v4.20.0 #28
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
CVE-398484-724968Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.22.1.tgz (Root Library) -> send-0.19.2.tgz -> ❌ ms-2.1.3.tgz (Vulnerable Library) |
 Critical |
9.8 | Transitive ms-2.1.3.tgz |
express-4.22.1.tgz | None | ||
CVE-289561-266276Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.22.1.tgz (Root Library) -> http-errors-2.0.1.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
express-4.22.1.tgz | None |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| GHSA-6chw-6frg-f759 | acorn-6.1.1.tgz |
| GHSA-v2p6-4mp7-3r9v | underscore.string-2.4.0.tgz |
| GHSA-c3m8-x3cg-qm2c | helmet-csp-2.7.1.tgz |
| GHSA-7fhm-mqm4-2wp7 | acorn-6.1.1.tgz |
| GHSA-pc5p-h8pf-mvwp | https-proxy-agent-2.2.1.tgz |
| GHSA-64g7-mvw6-v9qj | shelljs-0.8.3.tgz |
| CVE-2025-404142 | buffers-0.1.1.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.8.tgz |
| GHSA-7wwv-vh3v-89cq | highlight.js-9.15.8.tgz |
| GHSA-7fhm-mqm4-2wp7 | acorn-4.0.13.tgz |
| GHSA-w42g-7vfc-xf37 | apollo-server-express-2.9.12.tgz |
| GHSA-8x6c-cv3v-vp6g | cacheable-request-2.1.4.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-1.2.0.tgz |
| GHSA-g95f-p29q-9xw4 | braces-1.8.5.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.10.tgz |
| CVE-2022-25881 | http-cache-semantics-3.8.1.tgz |
| GHSA-w42g-7vfc-xf37 | apollo-server-express-2.5.0-alpha.0.tgz |
| GHSA-4xcv-9jjx-gfj3 | mem-1.1.0.tgz |
Base branch total remaining vulnerabilities: 277
Base branch commit: d8a4d1743dfb4e8c2596563c8b569bb9ec3f1892
Total libraries scanned: 1850
Scan token: 4961a238d02d41758f4a13db8e985f40