ugh, npm.
There are 212 npm security advisories affecting our repositories.
Severity: critical
Cross-site scripting in Swagger-UI
Severity: critical
json-pointer vulnerable to Prototype Pollution
Severity: critical
flat vulnerable to Prototype Pollution
Severity: critical
ejs template injection vulnerability
Severity: critical
Improper parsing of octal bytes in netmask
Severity: critical
Prototype Pollution in minimist
Severity: critical
Prototype Pollution in minimist
Severity: critical
mockery is vulnerable to prototype pollution
Severity: critical
Prototype pollution in getobject
Severity: critical
Prototype pollution in webpack loader-utils
Severity: critical
Prototype pollution in webpack loader-utils
Severity: critical
Cross-realm object access in Webpack 5
Severity: critical
Prototype Pollution in lodash
Severity: critical
Arbitrary Code Execution in eslint-utils
Severity: critical
Insufficient Entropy in cryptiles
Severity: critical
Prototype Pollution in mixin-deep
Severity: critical
json-schema is vulnerable to Prototype Pollution
Severity: critical
Arbitrary Code Execution in underscore
Severity: critical
Prototype Pollution in set-value
Severity: critical
protobufjs Prototype Pollution vulnerability
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Severity: critical
Prototype Pollution in minimist
Severity: critical
Prototype Pollution in minimist
Severity: critical
Prototype Pollution in minimist
Severity: critical
Prototype Pollution in minimist
Severity: high
Regular Expression Denial of Service in Acorn
Severity: high
Regular Expression Denial of Service in Acorn
Severity: high
d3-color vulnerable to ReDoS
Severity: high
Infinite loop in jpeg-js
Severity: high
Node-Redis potential exponential regex in monitor mode
Severity: high
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader
Severity: high
TaffyDB can allow access to any data items in the DB
Severity: high
GraphiQL introspection schema template injection attack
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Severity: high
Arbitrary Code Execution in grunt
Severity: high
Regular Expression Denial of Service in trim
Severity: high
Denial of service in chrono-node
Severity: high
qs vulnerable to Prototype Pollution
Severity: high
qs vulnerable to Prototype Pollution
Severity: high
qs vulnerable to Prototype Pollution
Severity: high
Code Injection in pac-resolver
Severity: high
Code Injection in pac-resolver
Severity: high
Cookie exposure in requestretry
Severity: high
Cross-site Scripting in Prism
Severity: high
Prototype Pollution in JSON5 via Parse Method
Severity: high
minimatch ReDoS vulnerability
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex
Severity: high
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
Severity: high
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
Severity: high
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
Severity: high
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Severity: high
Path Traversal: 'dir/../../filename' in moment.locale
Severity: high
Moment.js vulnerable to Inefficient Regular Expression Complexity
Severity: high
Race Condition in Grunt
Severity: high
Terser insecure use of regular expressions leads to ReDoS
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service
Severity: high
semver-regex Regular Expression Denial of Service (ReDOS)
Severity: high
Denial of service vulnerability exists in libxmljs
Severity: high
Crash in HeaderParser in dicer
Severity: high
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
Severity: high
Command injection in git-clone
Severity: high
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
Severity: high
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
Severity: high
decode-uri-component vulnerable to Denial of Service (DoS)
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex
Severity: high
Command Injection in lodash
Severity: high
Prototype Pollution in lodash
Severity: high
Prototype Pollution in set-value
Severity: high
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
Severity: high
Chaijs/get-func-name vulnerable to ReDoS
Severity: high
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
Severity: high
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
Severity: high
Prototype Pollution in node-forge
Severity: high
Improper Verification of Cryptographic Signature in node-forge
Severity: high
Improper Verification of Cryptographic Signature in node-forge
Severity: high
dot-prop Prototype Pollution vulnerability
Severity: high
Inefficient Regular Expression Complexity in marked
Severity: high
Inefficient Regular Expression Complexity in marked
Severity: high
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
Severity: high
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
Severity: high
Validation Bypass in kind-of
Severity: high
Code Injection in js-yaml
Severity: high
Uncontrolled Resource Consumption in Hawk
Severity: high
Moment.js vulnerable to Inefficient Regular Expression Complexity
Severity: high
node-fetch forwards secure headers to untrusted sites
Severity: high
Path Traversal: 'dir/../../filename' in moment.locale
Severity: high
Prototype Pollution in y18n
Severity: high
Uncontrolled Resource Consumption in trim-newlines
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
Severity: high
Improper Privilege Management in shelljs
Severity: high
Prototype Pollution in protobufjs
Severity: high
Inefficient Regular Expression Complexity in nth-check
Severity: high
ReDoS in normalize-url
Severity: high
Overly permissive origin policy
Severity: high
msgpackr's conversion of property names to strings can trigger infinite recursion
Severity: high
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
Severity: high
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
Severity: high
minimatch ReDoS vulnerability
Severity: high
Prototype Pollution in lodash
Severity: high
Prototype Pollution in lodash
Severity: high
Prototype Pollution in lodash
Severity: high
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
Severity: high
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Severity: high
hoek subject to prototype pollution via the clone function.
Severity: high
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Severity: high
qs vulnerable to Prototype Pollution
Severity: high
qs vulnerable to Prototype Pollution
Severity: high
qs vulnerable to Prototype Pollution
Severity: high
Prototype Pollution in async
Severity: high
Prototype Pollution in merge
Severity: high
minimatch ReDoS vulnerability
Severity: high
Command Injection in lodash
Severity: high
Prototype Pollution in JSON5 via Parse Method
Severity: high
Prototype Pollution in JSON5 via Parse Method
Severity: high
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
Severity: moderate
Server side request forgery in SwaggerUI
Severity: moderate
Regular Expression Denial of Service (ReDoS) in lodash
Severity: moderate
Denial of Service in mem
Severity: moderate
Reverse Tabnapping in swagger-ui
Severity: moderate
Regular Expression Denial of Service in underscore.string
Severity: moderate
Denial of Service in js-yaml
Severity: moderate
Cross-Site Scripting in swagger-ui
Severity: moderate
Improper Privilege Management in shelljs
Severity: moderate
Inefficient Regular Expression Complexity in Validator.js
Severity: moderate
cookiejar Regular Expression Denial of Service via Cookie.parse function
Severity: moderate
Incorrect Authorization in cross-fetch
Severity: moderate
Improper Verification of Cryptographic Signature in `node-forge`
Severity: moderate
Spoofing attack in swagger-ui-dist
Severity: moderate
Spoofing attack in swagger-ui
Severity: moderate
yargs-parser Vulnerable to Prototype Pollution
Severity: moderate
Vercel ms Inefficient Regular Expression Complexity vulnerability
Severity: moderate
Prototype Pollution in json-pointer
Severity: moderate
Got allows a redirect to a UNIX socket
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
Severity: moderate
Prototype Pollution in Ajv
Severity: moderate
Vitejs Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
Severity: moderate
Insufficient Granularity of Access Control in JSDom
Severity: moderate
Prototype poisoning
Severity: moderate
Vuetify Cross-site Scripting vulnerability
Severity: moderate
jsonwebtoken unrestricted key type could lead to legacy keys usage
Severity: moderate
Inefficient Regular Expression Complexity in validator.js
Severity: moderate
Regular Expression Denial of Service in path-parse
Severity: moderate
Regular Expression Denial of Service (ReDOS)
Severity: moderate
Regular Expression Denial of Service in postcss
Severity: moderate
Regular Expression Denial of Service in hosted-git-info
Severity: moderate
Improper Input Validation in sanitize-html
Severity: moderate
Prototype Pollution in minimist
Severity: moderate
Prototype Pollution in minimist
Severity: moderate
ReDoS in Sec-Websocket-Protocol header
Severity: moderate
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability
Severity: moderate
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
Severity: moderate
Server-Side Request Forgery in Request
Severity: moderate
Path Traversal in Grunt
Severity: moderate
Improper Input Validation in sanitize-html
Severity: moderate
Server side request forgery in SwaggerUI
Severity: moderate
Server side request forgery in SwaggerUI
Severity: moderate
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Severity: moderate
JOSE vulnerable to resource exhaustion via specifically crafted JWE
Severity: moderate
Uncontrolled Resource Consumption in markdown-it
Severity: moderate
Server-Side Request Forgery in Request
Severity: moderate
Regular Expression Denial of Service in browserslist
Severity: moderate
Regular Expression Denial of Service in postcss
Severity: moderate
netmask npm package mishandles octal input data
Severity: moderate
Uncontrolled resource consumption in jpeg-js
Severity: moderate
Open Redirect in node-forge
Severity: moderate
Potential XSS vulnerability in jQuery
Severity: moderate
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Severity: moderate
Potential XSS vulnerability in jQuery
Severity: moderate
Cross-Site Scripting in swagger-ui
Severity: moderate
Regular Expression Denial of Service in debug
Severity: moderate
Regular Expression Denial of Service in debug
Severity: moderate
Vercel ms Inefficient Regular Expression Complexity vulnerability
Severity: moderate
Regular Expression Denial of Service (ReDoS) in lodash
Severity: moderate
PostCSS line return parsing error
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service
Severity: moderate
Logging of the firestore key within nodejs-firestore
Severity: moderate
semver vulnerable to Regular Expression Denial of Service
Severity: moderate
semver vulnerable to Regular Expression Denial of Service
Severity: moderate
semver vulnerable to Regular Expression Denial of Service
Severity: moderate
jQuery Cross Site Scripting vulnerability
Severity: moderate
Prototype Pollution in minimist
Severity: moderate
Prototype Pollution in minimist
Severity: moderate
Follow Redirects improperly handles URLs in the url.parse() function
Severity: moderate
Prototype Pollution in minimist
Severity: moderate
Prototype Pollution in minimist
Severity: moderate
jQuery Cross Site Scripting vulnerability
Severity: moderate
semver vulnerable to Regular Expression Denial of Service
Severity: moderate
semver vulnerable to Regular Expression Denial of Service
Severity: moderate
semver vulnerable to Regular Expression Denial of Service
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability
Severity: moderate
NPM IP package incorrectly identifies some private IP addresses as public
Severity: moderate
NPM IP package incorrectly identifies some private IP addresses as public
Severity: moderate
sanitize-html Information Exposure vulnerability
Severity: moderate
tough-cookie Prototype Pollution vulnerability
Severity: moderate
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
Severity: moderate
follow-redirects' Proxy-Authorization header kept across hosts
Severity: moderate
xml2js is vulnerable to prototype pollution
Severity: low
Regular Expression Denial of Service in braces
Severity: low
Prototype Pollution in node-forge debug API.
Severity: low
Prototype Pollution in node-forge util.setPath API
Severity: low
URL parsing in node-forge could lead to undesired behavior.
Severity: low
Regular Expression Denial of Service (ReDoS) in braces
Severity: low
The `size` option isn't honored after following a redirect in node-fetch
Severity: low
Regular expression denial of service in semver-regex
Severity: low
Prevent logging invalid header values
Severity: low
Undici's cookie header not cleared on cross-origin redirect in fetch
Severity: low
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`