Update dependency apollo-server-express to v2.9.13 #6
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
CVE-398484-724968Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> apollo-server-express-2.26.2.tgz (Root Library) -> express-4.22.1.tgz -> send-0.19.2.tgz -> ❌ ms-2.1.3.tgz (Vulnerable Library) |
 Critical |
9.8 | Transitive ms-2.1.3.tgz |
apollo-server-express-2.26.2.tgz | None | ||
CVE-289561-266276Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> slate-0.20.7.tgz (Root Library) -> cheerio-0.22.0.tgz -> htmlparser2-3.10.1.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
slate-0.20.7.tgz | None | ||
CVE-289561-266276Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> flow-typed-2.6.2.tgz (Root Library) -> got-8.3.2.tgz -> into-stream-3.1.0.tgz -> from2-2.3.0.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
flow-typed-2.6.2.tgz | None | ||
CVE-289561-266276Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> apollo-server-express-2.26.2.tgz (Root Library) -> express-4.22.1.tgz -> http-errors-2.0.1.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
apollo-server-express-2.26.2.tgz | None | ||
CVE-289561-266276Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browserify-preprocessor-1.1.2.tgz (Root Library) -> watchify-3.11.0.tgz -> chokidar-1.7.0.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
browserify-preprocessor-1.1.2.tgz | None | ||
CVE-289561-266276Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.17.1.tgz (Root Library) -> send-0.17.1.tgz -> http-errors-1.7.3.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
express-4.17.1.tgz | None | ||
CVE-289561-266276Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> web-push-3.3.5.tgz (Root Library) -> asn1.js-5.0.1.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
web-push-3.3.5.tgz | None |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| GHSA-6chw-6frg-f759 | acorn-6.1.1.tgz |
| GHSA-v2p6-4mp7-3r9v | underscore.string-2.4.0.tgz |
| GHSA-c3m8-x3cg-qm2c | helmet-csp-2.7.1.tgz |
| WS-2020-0111 | apollo-server-express-2.9.12.tgz |
| GHSA-7fhm-mqm4-2wp7 | acorn-6.1.1.tgz |
| GHSA-pc5p-h8pf-mvwp | https-proxy-agent-2.2.1.tgz |
| GHSA-64g7-mvw6-v9qj | shelljs-0.8.3.tgz |
| CVE-2025-404142 | buffers-0.1.1.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.8.tgz |
| GHSA-7wwv-vh3v-89cq | highlight.js-9.15.8.tgz |
| GHSA-7fhm-mqm4-2wp7 | acorn-4.0.13.tgz |
| GHSA-w42g-7vfc-xf37 | apollo-server-express-2.9.12.tgz |
| GHSA-8x6c-cv3v-vp6g | cacheable-request-2.1.4.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-1.2.0.tgz |
| GHSA-g95f-p29q-9xw4 | braces-1.8.5.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.10.tgz |
| CVE-2022-25881 | http-cache-semantics-3.8.1.tgz |
| WS-2020-0108 | apollo-server-core-2.9.12.tgz |
| GHSA-w42g-7vfc-xf37 | apollo-server-express-2.5.0-alpha.0.tgz |
| GHSA-4xcv-9jjx-gfj3 | mem-1.1.0.tgz |
Base branch total remaining vulnerabilities: 278
Base branch commit: d8a4d1743dfb4e8c2596563c8b569bb9ec3f1892
Total libraries scanned: 1985
Scan token: 6b2f4d25eee44081917024b7c593f7a3