[DO NOT MERGE] - Snap debugging branch #1799
15 new alerts including 4 high severity security vulnerabilities
New alerts in code changed by this pull request
Security Alerts:
- 4 high
- 11 medium
See annotations below for details.
Annotations
Check failure on line 8504 in package-lock.json
Code scanning / Trivy
nodejs-axios: Regular expression denial of service in trim function High
Check warning on line 8504 in package-lock.json
Code scanning / Trivy
nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address Medium
Check warning on line 8504 in package-lock.json
Code scanning / Trivy
axios: exposure of confidential data stored in cookies Medium
Check warning on line 9855 in package-lock.json
Code scanning / Trivy
nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets Medium
Check failure on line 10701 in package-lock.json
Code scanning / Trivy
cross-spawn: regular expression denial of service High
Check warning on line 12258 in package-lock.json
Code scanning / Trivy
elliptic: ECDSA signature verification error may reject legitimate transactions Medium
Check warning on line 13398 in package-lock.json
Code scanning / Trivy
path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x High
Check failure on line 13827 in package-lock.json
Code scanning / Trivy
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor High
Check warning on line 13827 in package-lock.json
Code scanning / Trivy
follow-redirects: Exposure of Sensitive Information via Authorization Header leak Medium
Check warning on line 13827 in package-lock.json
Code scanning / Trivy
follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() Medium
Check warning on line 13827 in package-lock.json
Code scanning / Trivy
follow-redirects: Possible credential leak Medium
Check failure on line 15085 in package-lock.json
Code scanning / Trivy
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability High
Check failure on line 15179 in package-lock.json
Code scanning / Trivy
http-proxy-middleware: Denial of Service High
Check failure on line 17106 in package-lock.json
Code scanning / Trivy
nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode High
Check failure on line 17710 in package-lock.json
Code scanning / Trivy
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify High
Check warning on line 20192 in package-lock.json
Code scanning / Trivy
nanoid: nanoid mishandles non-integer values Medium
Check failure on line 23314 in package-lock.json
Code scanning / Trivy
node-fetch: exposure of sensitive information to an unauthorized actor High
Check failure on line 24402 in package-lock.json
Code scanning / Trivy
path-to-regexp: Backtracking regular expressions cause ReDoS High
Check warning on line 24620 in package-lock.json
Code scanning / Trivy
nanoid: nanoid mishandles non-integer values Medium
Check warning on line 24936 in package-lock.json
Code scanning / Trivy
index.js in the ssri module before 5.2.2 for Node.js is prone to a reg ... Medium
Check failure on line 25772 in package-lock.json
Code scanning / Trivy
cross-spawn: regular expression denial of service High
Check warning on line 10085 in package-lock.json
Code scanning / Trivy
nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address Medium
Check warning on line 10085 in package-lock.json
Code scanning / Trivy
axios: exposure of confidential data stored in cookies Medium
Check failure on line 10488 in package-lock.json
Code scanning / Trivy
cross-spawn: regular expression denial of service High
Check warning on line 11398 in package-lock.json
Code scanning / Trivy
elliptic: ECDSA signature verification error may reject legitimate transactions Medium