ugh, npm.
There are 139 npm security advisories affecting our repositories.
Severity: critical
ejs template injection vulnerability
Severity: critical
json-schema is vulnerable to Prototype Pollution
Severity: critical
Prototype pollution vulnerability in 'getobject'
Severity: critical
Prototype Pollution in immer
Severity: critical
Improper Certificate Validation in xmlhttprequest-ssl
Severity: critical
Prototype pollution in webpack loader-utils
Severity: critical
xmldom allows multiple root nodes in a DOM
Severity: critical
xmldom allows multiple root nodes in a DOM
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote
Severity: critical
Insufficient validation when decoding a Socket.IO packet
Severity: critical
Insufficient validation when decoding a Socket.IO packet
Severity: critical
Arbitrary Code Execution in underscore
Severity: critical
thenify before 3.3.1 made use of unsafe calls to `eval`.
Severity: critical
Prototype Pollution in minimist
Severity: critical
Prototype Pollution in property-expr
Severity: critical
global-modules-path Command Injection vulnerability
Severity: critical
Exposure of Sensitive Information in eventsource
Severity: critical
Arbitrary Code Execution in underscore
Severity: critical
flat vulnerable to Prototype Pollution
Severity: critical
ejs template injection vulnerability
Severity: high
Prototype Pollution in immer
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Severity: high
Resource exhaustion in engine.io
Severity: high
Inefficient Regular Expression Complexity in marked
Severity: high
Inefficient Regular Expression Complexity in marked
Severity: high
Uncontrolled Resource Consumption in trim-newlines
Severity: high
Regular Expression Denial of Service in ua-parser-js
Severity: high
Command injection in simple-git
Severity: high
Race Condition in Grunt
Severity: high
Regular Expression Denial of Service (ReDoS)
Severity: high
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
Severity: high
axios Inefficient Regular Expression Complexity vulnerability
Severity: high
GraphiQL introspection schema template injection attack
Severity: high
Inefficient Regular Expression Complexity in nth-check
Severity: high
Regular Expression Denial of Service (ReDOS)
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Severity: high
Resource exhaustion in socket.io-parser
Severity: high
Regular Expression Denial of Service (ReDoS) in Prism
Severity: high
Arbitrary Code Injection
Severity: high
Prototype pollution in pathval
Severity: high
ua-parser-js Regular Expression Denial of Service vulnerability
Severity: high
Regular Expression Denial of Service (ReDoS) in ua-parser-js
Severity: high
Prototype Pollution in merge
Severity: high
Denial of service in prismjs
Severity: high
Prototype Pollution in immer
Severity: high
Cross-Site Scripting in Prism
Severity: high
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
Severity: high
Cross-site Scripting in Prism
Severity: high
Improper Privilege Management in shelljs
Severity: high
d3-color vulnerable to ReDoS
Severity: high
qs vulnerable to Prototype Pollution
Severity: high
qs vulnerable to Prototype Pollution
Severity: high
qs vulnerable to Prototype Pollution
Severity: high
minimatch ReDoS vulnerability
Severity: high
Prototype Pollution in async
Severity: high
Prototype Pollution in async
Severity: high
ReDoS Vulnerability in ua-parser-js version
Severity: high
ReDoS Vulnerability in ua-parser-js version
Severity: high
Remote code execution in simple-git
Severity: high
Improper Verification of Cryptographic Signature in node-forge
Severity: high
Improper Verification of Cryptographic Signature in node-forge
Severity: high
Command injection in simple-git
Severity: high
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
Severity: high
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
Severity: high
Prototype Pollution in JSON5 via Parse Method
Severity: high
Prototype Pollution in JSON5 via Parse Method
Severity: high
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
Severity: high
Regular expression denial of service in scss-tokenizer
Severity: high
Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS
Severity: high
Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS
Severity: high
Infinite loop in jpeg-js
Severity: high
Exposure of sensitive information in follow-redirects
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex
Severity: high
Command Injection in lodash
Severity: high
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
Severity: high
Prototype Pollution in node-forge
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex
Severity: high
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Severity: high
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Severity: high
Prototype Pollution in immer
Severity: moderate
Incorrect Default Permissions in log4js
Severity: moderate
Cross-site Scripting in video.js
Severity: moderate
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Severity: moderate
Uncaught exception in engine.io
Severity: moderate
Regular Expression Denial of Service in postcss
Severity: moderate
Regular Expression Denial of Service in postcss
Severity: moderate
Improper Certificate Validation in node-sass
Severity: moderate
Misinterpretation of malicious XML input
Severity: moderate
Inefficient Regular Expression Complexity in validator.js
Severity: moderate
Regular Expression Denial of Service in path-parse
Severity: moderate
Regular Expression Denial of Service in postcss
Severity: moderate
Regular Expression Denial of Service in postcss
Severity: moderate
Regular Expression Denial of Service in browserslist
Severity: moderate
Regular Expression Denial of Service in hosted-git-info
Severity: moderate
Regular Expression Denial of Service in hosted-git-info
Severity: moderate
Insecure defaults due to CORS misconfiguration in socket.io
Severity: moderate
Axios vulnerable to Server-Side Request Forgery
Severity: moderate
OS Command Injection in node-notifier
Severity: moderate
ReDOS vulnerabities: multiple grammars
Severity: moderate
Prototype Pollution in highlight.js
Severity: moderate
Uncontrolled resource consumption in jpeg-js
Severity: moderate
Prototype Pollution in minimist
Severity: moderate
Prototype Pollution in minimist
Severity: moderate
Misinterpretation of malicious XML input
Severity: moderate
Open redirect in karma
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
Severity: moderate
Cross-site Scripting in karma
Severity: moderate
Improper Privilege Management in shelljs
Severity: moderate
Open Redirect in node-forge
Severity: moderate
Uncontrolled Resource Consumption in markdown-it
Severity: moderate
Inefficient Regular Expression Complexity in Validator.js
Severity: moderate
`undici.request` vulnerable to SSRF using absolute URL on `pathname`
Severity: moderate
Nodejs โundiciโ vulnerable to CRLF Injection via Content-Type
Severity: moderate
cookiejar Regular Expression Denial of Service via Cookie.parse function
Severity: moderate
Incorrect Authorization in cross-fetch
Severity: moderate
Path Traversal in Grunt
Severity: moderate
Improper Verification of Cryptographic Signature in `node-forge`
Severity: moderate
yargs-parser Vulnerable to Prototype Pollution
Severity: moderate
undici before v5.8.0 vulnerable to CRLF injection in request headers
Severity: moderate
Got allows a redirect to a UNIX socket
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
Severity: moderate
Prototype Pollution in Ajv
Severity: moderate
Regular Expression Denial of Service (ReDoS) in lodash
Severity: moderate
react-dev-utils OS Command Injection in function `getProcessForPort`
Severity: moderate
Potential XSS vulnerability in jQuery
Severity: moderate
Potential XSS vulnerability in jQuery
Severity: moderate
Insufficient Granularity of Access Control in JSDom
Severity: moderate
prismjs Regular Expression Denial of Service vulnerability
Severity: low
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Severity: low
The `size` option isn't honored after following a redirect in node-fetch
Severity: low
Prototype Pollution in node-forge debug API.
Severity: low
Prototype Pollution in node-forge util.setPath API
Severity: low
URL parsing in node-forge could lead to undesired behavior.
Severity: low
decode-uri-component vulnerable to Denial of Service (DoS)
Severity: low
Regular expression denial of service in semver-regex