Update dependency axios to v1 (main) #236
Security Report
❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: gradle,sbt. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
Scan Details Report
gradle
/tmp/ws-scm/comms-router/test/demo-helper/play-helper/build.gradle
| Step | Level | Description | Details |
|---|---|---|---|
| Preparing the project for scan | ⚠Warn | One or more of the installations failed | failed running mend init script (mendDeps): NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED FAILURE: Build failed with an exception. * Where: Build file '/tmp/ws-scm/comms-router/test/demo-helper/play-helper/build.gradle' line: 2 * What went wrong: Plugin [id: 'play'] was not found in any o... |
https://vonagecc.jfrog.io/artifactory
| Step | Level | Description | Details |
|---|---|---|---|
| Checking registry connectivity | ⚠Warn | Problem occurred while connecting to the private registry host server, private registry returned 401 - Unauthorized | {"errors":[{"code":"UNAUTHORIZED","message":"Invalid token, parse"}]} |
https://vonagecc.jfrog.io/artifactory/maven
| Step | Level | Description | Details |
|---|---|---|---|
| Checking registry connectivity | ⚠Warn | Problem occurred while connecting to the private registry host server, private registry returned 401 - Unauthorized | {"errors":[{"code":"UNAUTHORIZED","message":"Invalid token, parse"}]} |
You have successfully remediated 10 vulnerabilities, but introduced 51 new vulnerabilities in this branch.❌ New vulnerabilities: > Partial results (41 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
| Vulnerability | Severity |  CVSS Score |
Exploit Maturity | EPSS | Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|---|---|
MSC-2023-16600Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> ❌ fsevents-1.2.4.tgz (Vulnerable Library) |
 Critical |
9.8 | High | Transitive fsevents-1.2.4.tgz |
vue-lory-0.0.4.tgz | #110 |
|
||
CVE-2023-45311Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> ❌ fsevents-1.2.4.tgz (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.4% | Transitive fsevents-1.2.4.tgz |
vue-lory-0.0.4.tgz | Transitive 1.2.11 |
#110 |
|
CVE-2024-4068Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library) |
 High |
7.5 | Not Defined | 0.2% | Transitive braces-2.3.2.tgz |
vue-lory-0.0.4.tgz | Transitive braces - 3.0.3 |
#110 |
|
CVE-2022-3517Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> readdirp-2.1.0.tgz -> ❌ minimatch-3.0.4.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.5% | Transitive minimatch-3.0.4.tgz |
vue-lory-0.0.4.tgz | Transitive minimatch - 3.0.5 |
#110 |
|
CVE-2024-43788Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> ❌ webpack-2.7.0.tgz (Vulnerable Library) |
 Medium |
6.4 | Not Defined | 1.8% | Transitive webpack-2.7.0.tgz |
vue-lory-0.0.4.tgz | Transitive 5.94.0 |
#110 |
|
CVE-2024-4067Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> anymatch-2.0.0.tgz -> ❌ micromatch-3.1.10.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.1% | Transitive micromatch-3.1.10.tgz |
vue-lory-0.0.4.tgz | Transitive 4.0.8 |
#110 |
|
CVE-2022-25883Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> yargs-6.6.0.tgz -> read-pkg-up-1.0.1.tgz -> read-pkg-1.1.0.tgz -> normalize-package-data-2.4.0.tgz -> ❌ semver-5.5.0.tgz (Vulnerable Library) |
Medium |
5.3 | Proof of concept | 0.6% | Transitive semver-5.5.0.tgz |
vue-lory-0.0.4.tgz | Transitive 5.7.2 |
#110 |
|
CVE-2020-28469Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> ❌ glob-parent-3.1.0.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.9% | Transitive glob-parent-3.1.0.tgz |
vue-lory-0.0.4.tgz | Transitive 5.1.2 |
#110 |
|
CVE-2025-5889Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> readdirp-2.1.0.tgz -> minimatch-3.0.4.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
 Low |
3.1 | Proof of concept | 0.0% | Transitive brace-expansion-1.1.11.tgz |
vue-lory-0.0.4.tgz | Transitive 1.1.12 |
#110 |
|
CVE-2025-6545Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> ❌ pbkdf2-3.0.16.tgz (Vulnerable Library) |
Critical |
10.0 | Not Defined | 0.1% | Transitive pbkdf2-3.0.16.tgz |
vue-lory-0.0.4.tgz | Transitive 3.1.3 |
#110 |
|
CVE-2021-44906Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> mkdirp-0.5.1.tgz -> ❌ minimist-0.0.8.tgz (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.9% | Transitive minimist-0.0.8.tgz |
vue-lory-0.0.4.tgz | Transitive 1.2.6 |
#110 |
|
CVE-2021-44906Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> rc-1.2.7.tgz -> ❌ minimist-1.2.0.tgz (Vulnerable Library) |
Critical |
9.8 | Not Defined | 0.9% | Transitive minimist-1.2.0.tgz |
vue-lory-0.0.4.tgz | Transitive 1.2.6 |
#110 |
|
CVE-2024-48949Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.0.4.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library) |
Critical |
9.1 | Not Defined | 0.2% | Transitive elliptic-6.4.0.tgz |
vue-lory-0.0.4.tgz | Transitive 6.5.6 |
#110 |
|
CVE-2026-23950Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library) |
High |
8.8 | Not Defined | 0.0% | Transitive tar-4.4.1.tgz |
vue-lory-0.0.4.tgz | Transitive 7.5.4 |
#110 |
|
CVE-2025-9288Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> create-hmac-1.1.7.tgz -> ❌ sha.js-2.4.11.tgz (Vulnerable Library) |
High |
8.7 | Not Defined | 0.0% | Transitive sha.js-2.4.11.tgz |
vue-lory-0.0.4.tgz | Transitive 2.4.12 |
#110 |
|
CVE-2025-9287Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> browserify-cipher-1.0.1.tgz -> browserify-aes-1.2.0.tgz -> ❌ cipher-base-1.0.4.tgz (Vulnerable Library) |
High |
8.7 | Not Defined | 0.1% | Transitive cipher-base-1.0.4.tgz |
vue-lory-0.0.4.tgz | Transitive cipher-base - 1.0.4 |
#110 |
|
WS-2025-0006Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.0.4.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library) |
High |
8.6 | Not Defined | Transitive elliptic-6.4.0.tgz |
vue-lory-0.0.4.tgz | Transitive 6.6.1 |
#110 |
|
|
CVE-2026-24842Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library) |
High |
8.2 | Not Defined | 0.0% | Transitive tar-4.4.1.tgz |
vue-lory-0.0.4.tgz | Transitive 7.5.7 |
#110 |
|
CVE-2021-37713Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library) |
High |
8.2 | Not Defined | 0.6% | Transitive tar-4.4.1.tgz |
vue-lory-0.0.4.tgz | Transitive 4.4.18 |
#110 |
|
CVE-2021-37712Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library) |
High |
8.2 | Not Defined | 0.0% | Transitive tar-4.4.1.tgz |
vue-lory-0.0.4.tgz | Transitive tar - 5.0.10,tar - 4.4.18,tar - 6.1.9 |
#110 |
|
CVE-2021-37701Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library) |
High |
8.2 | Not Defined | 0.0% | Transitive tar-4.4.1.tgz |
vue-lory-0.0.4.tgz | Transitive 4.4.16 |
#110 |
|
CVE-2021-32804Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library) |
High |
8.2 | Not Defined | 85.0% | Transitive tar-4.4.1.tgz |
vue-lory-0.0.4.tgz | Transitive 4.4.14 |
#110 |
|
CVE-2021-32803Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library) |
High |
8.2 | Not Defined | 0.2% | Transitive tar-4.4.1.tgz |
vue-lory-0.0.4.tgz | Transitive 4.4.15 |
#110 |
|
CVE-2021-43138Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> ❌ async-2.6.1.tgz (Vulnerable Library) |
High |
7.8 | Not Defined | 0.70000005% | Transitive async-2.6.1.tgz |
vue-lory-0.0.4.tgz | Transitive 2.6.4 |
#110 |
|
CVE-2020-13822Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.0.4.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library) |
High |
7.7 | Not Defined | 0.2% | Transitive elliptic-6.4.0.tgz |
vue-lory-0.0.4.tgz | Transitive 6.5.3 |
#110 |
|
WS-2020-0042Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> ❌ acorn-5.7.1.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | Transitive acorn-5.7.1.tgz |
vue-lory-0.0.4.tgz | Transitive 5.7.4 |
#110 |
|
|
CVE-2022-38900Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> source-map-resolve-0.5.2.tgz -> ❌ decode-uri-component-0.2.0.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.5% | Transitive decode-uri-component-0.2.0.tgz |
vue-lory-0.0.4.tgz | Transitive decode-uri-component - 0.2.1 |
#110 |
|
CVE-2019-20149Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> braces-2.3.2.tgz -> snapdragon-node-2.1.1.tgz -> define-property-1.0.0.tgz -> is-descriptor-1.0.2.tgz -> ❌ kind-of-6.0.2.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.2% | Transitive kind-of-6.0.2.tgz |
vue-lory-0.0.4.tgz | Transitive 6.0.3 |
#110 |
|
CVE-2018-20834Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.8% | Transitive tar-4.4.1.tgz |
vue-lory-0.0.4.tgz | Transitive 4.4.2 |
#110 |
|
CVE-2021-23440Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> union-value-1.0.0.tgz -> ❌ set-value-0.4.3.tgz (Vulnerable Library) |
High |
7.3 | Not Defined | 0.1% | Transitive set-value-0.4.3.tgz |
vue-lory-0.0.4.tgz | Transitive 2.0.1 |
#110 |
|
CVE-2021-23440Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> braces-2.3.2.tgz -> snapdragon-0.8.2.tgz -> base-0.11.2.tgz -> cache-base-1.0.1.tgz -> ❌ set-value-2.0.0.tgz (Vulnerable Library) |
High |
7.3 | Not Defined | 0.1% | Transitive set-value-2.0.0.tgz |
vue-lory-0.0.4.tgz | Transitive 2.0.1 |
#110 |
|
CVE-2020-7788Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> rc-1.2.7.tgz -> ❌ ini-1.3.5.tgz (Vulnerable Library) |
High |
7.3 | Proof of concept | 0.3% | Transitive ini-1.3.5.tgz |
vue-lory-0.0.4.tgz | Transitive 1.3.6 |
#110 |
|
CVE-2020-7774Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> yargs-6.6.0.tgz -> ❌ y18n-3.2.1.tgz (Vulnerable Library) |
High |
7.3 | Proof of concept | 0.6% | Transitive y18n-3.2.1.tgz |
vue-lory-0.0.4.tgz | Transitive 3.2.2 |
#110 |
|
CVE-2026-23745Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library) |
High |
7.1 | Not Defined | 0.0% | Transitive tar-4.4.1.tgz |
vue-lory-0.0.4.tgz | Transitive https://github.com/isaacs/node-tar.git - v7.5.3 |
#110 |
|
CVE-2025-6547Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> ❌ pbkdf2-3.0.16.tgz (Vulnerable Library) |
Medium |
6.8 | Not Defined | 0.1% | Transitive pbkdf2-3.0.16.tgz |
vue-lory-0.0.4.tgz | Transitive 3.1.3 |
#110 |
|
CVE-2020-28498Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.0.4.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library) |
Medium |
6.8 | Not Defined | 0.9% | Transitive elliptic-6.4.0.tgz |
vue-lory-0.0.4.tgz | Transitive 6.5.4 |
#110 |
|
CVE-2024-28863Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> watchpack-1.6.0.tgz -> chokidar-2.0.4.tgz -> fsevents-1.2.4.tgz -> node-pre-gyp-0.10.0.tgz -> ❌ tar-4.4.1.tgz (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.4% | Transitive tar-4.4.1.tgz |
vue-lory-0.0.4.tgz | Transitive tar - 6.2.1 |
#110 |
|
CVE-2023-46234Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> ❌ browserify-sign-4.0.4.tgz (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.5% | Transitive browserify-sign-4.0.4.tgz |
vue-lory-0.0.4.tgz | Transitive 4.2.2 |
#110 |
|
WS-2019-0427Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.0.4.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library) |
Medium |
5.9 | Not Defined | Transitive elliptic-6.4.0.tgz |
vue-lory-0.0.4.tgz | Transitive 6.5.2 |
#110 |
|
|
WS-2019-0424Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.0.4.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library) |
Medium |
5.9 | Not Defined | Transitive elliptic-6.4.0.tgz |
vue-lory-0.0.4.tgz | Transitive 6.5.3 |
#110 |
|
|
CVE-2025-14505Path to dependency file: /applications/gui/package.json Path to vulnerable library: /applications/gui/package.json Dependency Hierarchy: -> vue-lory-0.0.4.tgz (Root Library) -> lory.js-2.5.1.tgz -> karma-webpack-2.0.6.tgz -> webpack-2.7.0.tgz -> node-libs-browser-2.1.0.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.0.4.tgz -> ❌ elliptic-6.4.0.tgz (Vulnerable Library) |
Medium |
5.6 | Not Defined | 0.0% | Transitive elliptic-6.4.0.tgz |
vue-lory-0.0.4.tgz | #110 |
|
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2021-3749 | axios-0.15.3.tgz |
| CVE-2025-27152 | axios-0.15.3.tgz |
| CVE-2020-28168 | axios-0.15.3.tgz |
| CVE-2022-0155 | follow-redirects-1.0.0.tgz |
| WS-2023-0439 | axios-0.15.3.tgz |
| CVE-2023-45857 | axios-0.15.3.tgz |
| CVE-2023-26159 | follow-redirects-1.0.0.tgz |
| CVE-2022-0536 | follow-redirects-1.0.0.tgz |
| CVE-2026-25639 | axios-0.15.3.tgz |
| CVE-2024-28849 | follow-redirects-1.0.0.tgz |
Base branch total remaining vulnerabilities: 176
Base branch commit: 4e5656db54be4b22481fe3774c2caeba51bac190
Total libraries scanned: 560
Scan token: eb117fc9706e4551b69f3bb53dc40450