np-dms/lcbp3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
lcbp3/frontend/npm-audit-frontend.json
T
admin 13745e5874
CI / CD Pipeline / build (push) Failing after 4m57s
Details
CI / CD Pipeline / deploy (push) Has been skipped
Details
690419:1831 feat: update CI/CD to use SSH key authentication #05
2026-04-19 18:31:30 +07:00

795 lines
23 KiB
JSON
Raw Permalink Blame History

{
"auditReportVersion": 2,
"vulnerabilities": {
"@next/eslint-plugin-next": {
"name": "@next/eslint-plugin-next",
"severity": "high",
"isDirect": false,
"via": [
"glob"
],
"effects": [
"eslint-config-next"
],
"range": "14.0.5-canary.0 - 15.0.0-rc.1",
"nodes": [
"node_modules/@next/eslint-plugin-next"
],
"fixAvailable": true
},
"ajv": {
"name": "ajv",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113714,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<6.14.0"
}
],
"effects": [],
"range": "<6.14.0",
"nodes": [
"node_modules/ajv"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1113275,
"name": "axios",
"dependency": "axios",
"title": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig",
"url": "https://github.com/advisories/GHSA-43fc-jf86-j433",
"severity": "high",
"cwe": [
"CWE-754"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=1.0.0 <=1.13.4"
},
{
"source": 1116673,
"name": "axios",
"dependency": "axios",
"title": "Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF",
"url": "https://github.com/advisories/GHSA-3p68-rc4w-qgx5",
"severity": "moderate",
"cwe": [
"CWE-441",
"CWE-918"
],
"cvss": {
"score": 4.8,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": ">=1.0.0 <1.15.0"
},
{
"source": 1116675,
"name": "axios",
"dependency": "axios",
"title": "Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain",
"url": "https://github.com/advisories/GHSA-fvcv-3m26-pcqx",
"severity": "moderate",
"cwe": [
"CWE-113",
"CWE-444",
"CWE-918"
],
"cvss": {
"score": 4.8,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": ">=1.0.0 <1.15.0"
}
],
"effects": [],
"range": "1.0.0 - 1.14.0",
"nodes": [
"node_modules/axios"
],
"fixAvailable": true
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115540,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<1.1.13"
},
{
"source": 1115541,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": ">=2.0.0 <2.0.3"
}
],
"effects": [],
"range": "<1.1.13 || >=2.0.0 <2.0.3",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
"node_modules/brace-expansion",
"node_modules/glob/node_modules/brace-expansion"
],
"fixAvailable": true
},
"dompurify": {
"name": "dompurify",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115529,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify is vulnerable to mutation-XSS via Re-Contextualization ",
"url": "https://github.com/advisories/GHSA-h8r8-wccr-v5f2",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.3.2"
},
{
"source": 1115668,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify contains a Cross-site Scripting vulnerability",
"url": "https://github.com/advisories/GHSA-v2wj-7wpq-c8vv",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": ">=3.1.3 <=3.3.1"
},
{
"source": 1115921,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify ADD_ATTR predicate skips URI validation",
"url": "https://github.com/advisories/GHSA-cjmm-f4jc-qw8r",
"severity": "moderate",
"cwe": [
"CWE-183"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=3.3.1"
},
{
"source": 1115922,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify USE_PROFILES prototype pollution allows event handlers",
"url": "https://github.com/advisories/GHSA-cj63-jhhr-wcxv",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=3.3.1"
},
{
"source": 1116663,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation",
"url": "https://github.com/advisories/GHSA-39q2-94rc-95cp",
"severity": "moderate",
"cwe": [
"CWE-783"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=3.3.3"
}
],
"effects": [
"monaco-editor"
],
"range": "<=3.3.3",
"nodes": [
"node_modules/dompurify"
],
"fixAvailable": true
},
"eslint-config-next": {
"name": "eslint-config-next",
"severity": "high",
"isDirect": true,
"via": [
"@next/eslint-plugin-next"
],
"effects": [],
"range": "14.0.5-canary.0 - 15.0.0-rc.1",
"nodes": [
"node_modules/eslint-config-next"
],
"fixAvailable": true
},
"flatted": {
"name": "flatted",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114526,
"name": "flatted",
"dependency": "flatted",
"title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
"severity": "high",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.4.0"
},
{
"source": 1115357,
"name": "flatted",
"dependency": "flatted",
"title": "Prototype Pollution via parse() in NodeJS flatted",
"url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=3.4.1"
}
],
"effects": [],
"range": "<=3.4.1",
"nodes": [
"node_modules/flatted"
],
"fixAvailable": true
},
"follow-redirects": {
"name": "follow-redirects",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1116560,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets",
"url": "https://github.com/advisories/GHSA-r4q5-vmmm-2653",
"severity": "moderate",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=1.15.11"
}
],
"effects": [],
"range": "<=1.15.11",
"nodes": [
"node_modules/follow-redirects"
],
"fixAvailable": true
},
"glob": {
"name": "glob",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1109842,
"name": "glob",
"dependency": "glob",
"title": "glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"url": "https://github.com/advisories/GHSA-5j98-mcp5-4vw2",
"severity": "high",
"cwe": [
"CWE-78"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=10.2.0 <10.5.0"
}
],
"effects": [
"@next/eslint-plugin-next"
],
"range": "10.2.0 - 10.4.5",
"nodes": [
"node_modules/glob"
],
"fixAvailable": true
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [],
"range": "<=3.1.3 || 9.0.0 - 9.0.6",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
"node_modules/glob/node_modules/minimatch",
"node_modules/minimatch"
],
"fixAvailable": true
},
"monaco-editor": {
"name": "monaco-editor",
"severity": "moderate",
"isDirect": false,
"via": [
"dompurify"
],
"effects": [],
"range": ">=0.54.0-dev-20250909",
"nodes": [
"node_modules/monaco-editor"
],
"fixAvailable": true
},
"next": {
"name": "next",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1111374,
"name": "next",
"dependency": "next",
"title": "Next Server Actions Source Code Exposure ",
"url": "https://github.com/advisories/GHSA-w37m-7fhw-fmv9",
"severity": "moderate",
"cwe": [
"CWE-497",
"CWE-502",
"CWE-1395"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
"range": ">=16.0.0-beta.0 <16.0.9"
},
{
"source": 1111383,
"name": "next",
"dependency": "next",
"title": "Next Vulnerable to Denial of Service with Server Components",
"url": "https://github.com/advisories/GHSA-mwv6-3258-q52c",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-502",
"CWE-1395"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=16.0.0-beta.0 <16.0.9"
},
{
"source": 1112592,
"name": "next",
"dependency": "next",
"title": "Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration",
"url": "https://github.com/advisories/GHSA-9g9p-9gw9-jx7f",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=15.6.0-canary.0 <16.1.5"
},
{
"source": 1112646,
"name": "next",
"dependency": "next",
"title": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components",
"url": "https://github.com/advisories/GHSA-h25m-26qc-wcjf",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-502"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=16.0.0-beta.0 <16.0.11"
},
{
"source": 1114898,
"name": "next",
"dependency": "next",
"title": "Next.js: HTTP request smuggling in rewrites",
"url": "https://github.com/advisories/GHSA-ggv3-7p47-pfv8",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=16.0.0-beta.0 <16.1.7"
},
{
"source": 1114941,
"name": "next",
"dependency": "next",
"title": "Next.js: Unbounded next/image disk cache growth can exhaust storage",
"url": "https://github.com/advisories/GHSA-3x4c-7xq6-9pq8",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=16.0.0-beta.0 <16.1.7"
},
{
"source": 1114942,
"name": "next",
"dependency": "next",
"title": "Next.js: Unbounded postponed resume buffering can lead to DoS",
"url": "https://github.com/advisories/GHSA-h27x-g6w4-24gq",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=16.0.1 <16.1.7"
},
{
"source": 1114943,
"name": "next",
"dependency": "next",
"title": "Next.js: null origin can bypass Server Actions CSRF checks",
"url": "https://github.com/advisories/GHSA-mq59-m269-xvcx",
"severity": "moderate",
"cwe": [
"CWE-352"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=16.0.1 <16.1.7"
},
{
"source": 1115360,
"name": "next",
"dependency": "next",
"title": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
"url": "https://github.com/advisories/GHSA-jcc7-9wpm-mj36",
"severity": "low",
"cwe": [
"CWE-1385"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=16.0.1 <16.1.7"
},
{
"source": 1116305,
"name": "next",
"dependency": "next",
"title": "Next.js has Unbounded Memory Consumption via PPR Resume Endpoint ",
"url": "https://github.com/advisories/GHSA-5f7q-jpqc-wp7h",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-409",
"CWE-770"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=16.0.0-beta.0 <16.1.5"
},
{
"source": 1116375,
"name": "next",
"dependency": "next",
"title": "Next.js has a Denial of Service with Server Components",
"url": "https://github.com/advisories/GHSA-q4gf-8mx6-v5v3",
"severity": "high",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=16.0.0-beta.0 <16.2.3"
}
],
"effects": [],
"range": "15.6.0-canary.0 - 16.2.2",
"nodes": [
"node_modules/next"
],
"fixAvailable": true
},
"picomatch": {
"name": "picomatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115549,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1115551,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1115552,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.3.2"
},
{
"source": 1115554,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "<=2.3.1 || 4.0.0 - 4.0.3",
"nodes": [
"node_modules/picomatch",
"node_modules/tinyglobby/node_modules/picomatch"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 5,
"high": 8,
"critical": 0,
"total": 13
},
"dependencies": {
"prod": 300,
"dev": 301,
"optional": 63,
"peer": 5,
"peerOptional": 0,
"total": 641
}
}
}
Reference in New Issue View Git Blame Copy Permalink