{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-48c2-rrv3-qjmp", "name": "yaml: GHSA-48c2-rrv3-qjmp", "shortDescription": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "fullDescription": {"text": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-58qx-3vcg-4xpx", "name": "ws: GHSA-58qx-3vcg-4xpx", "shortDescription": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "fullDescription": {"text": "ws: Uninitialized memory disclosure"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9jgg-88mc-972h", "name": "webpack-dev-server: GHSA-9jgg-88mc-972h", "shortDescription": {"text": "webpack-dev-server: GHSA-9jgg-88mc-972h"}, "fullDescription": {"text": "webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-79cf-xcqc-c78w", "name": "webpack-dev-server: GHSA-79cf-xcqc-c78w", "shortDescription": {"text": "webpack-dev-server: GHSA-79cf-xcqc-c78w"}, "fullDescription": {"text": "webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4v9v-hfq4-rm2v", "name": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v", "shortDescription": {"text": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v"}, "fullDescription": {"text": "webpack-dev-server users' source code may be stolen when they access a malicious web site"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w5hq-g745-h8pq", "name": "uuid: GHSA-w5hq-g745-h8pq", "shortDescription": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "fullDescription": {"text": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qj8w-gfj5-8c6v", "name": "serialize-javascript: GHSA-qj8w-gfj5-8c6v", "shortDescription": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "fullDescription": {"text": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q8mj-m7cp-5q26", "name": "qs: GHSA-q8mj-m7cp-5q26", "shortDescription": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "fullDescription": {"text": "qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6rw7-vpxm-498p", "name": "qs: GHSA-6rw7-vpxm-498p", "shortDescription": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "fullDescription": {"text": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qx2v-qp2m-jg93", "name": "postcss: GHSA-qx2v-qp2m-jg93", "shortDescription": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "fullDescription": {"text": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7fh5-64p2-3v2j", "name": "postcss: GHSA-7fh5-64p2-3v2j", "shortDescription": {"text": "postcss: GHSA-7fh5-64p2-3v2j"}, "fullDescription": {"text": "PostCSS line return parsing error"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3v7f-55p6-f55p", "name": "picomatch: GHSA-3v7f-55p6-f55p", "shortDescription": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "fullDescription": {"text": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-27v5-c462-wpq7", "name": "path-to-regexp: GHSA-27v5-c462-wpq7", "shortDescription": {"text": "path-to-regexp: GHSA-27v5-c462-wpq7"}, "fullDescription": {"text": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-65ch-62r8-g69g", "name": "node-forge: GHSA-65ch-62r8-g69g", "shortDescription": {"text": "node-forge: GHSA-65ch-62r8-g69g"}, "fullDescription": {"text": "node-forge is vulnerable to ASN.1 OID Integer Truncation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xxjr-mmjv-4gpg", "name": "lodash: GHSA-xxjr-mmjv-4gpg", "shortDescription": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "fullDescription": {"text": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f23m-r3pf-42rh", "name": "lodash: GHSA-f23m-r3pf-42rh", "shortDescription": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "fullDescription": {"text": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6c59-mwgh-r2x6", "name": "jsonpath: GHSA-6c59-mwgh-r2x6", "shortDescription": {"text": "jsonpath: GHSA-6c59-mwgh-r2x6"}, "fullDescription": {"text": "JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mh29-5h37-fv8m", "name": "js-yaml: GHSA-mh29-5h37-fv8m", "shortDescription": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "fullDescription": {"text": "js-yaml has prototype pollution in merge (<<)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r4q5-vmmm-2653", "name": "follow-redirects: GHSA-r4q5-vmmm-2653", "shortDescription": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "fullDescription": {"text": "follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f886-m6hf-6m8v", "name": "brace-expansion: GHSA-f886-m6hf-6m8v", "shortDescription": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "fullDescription": {"text": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-wqch-xfxh-vrr4", "name": "body-parser: GHSA-wqch-xfxh-vrr4", "shortDescription": {"text": "body-parser: GHSA-wqch-xfxh-vrr4"}, "fullDescription": {"text": "body-parser is vulnerable to denial of service when url encoding is used"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2g4f-4pwh-qvx6", "name": "ajv: GHSA-2g4f-4pwh-qvx6", "shortDescription": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "fullDescription": {"text": "ajv has ReDoS when using `$data` option"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9965-vmph-33xx", "name": "validator: GHSA-9965-vmph-33xx", "shortDescription": {"text": "validator: GHSA-9965-vmph-33xx"}, "fullDescription": {"text": "validator.js has a URL validation bypass vulnerability in its isURL function"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-g9mf-h72j-4rw9", "name": "undici: GHSA-g9mf-h72j-4rw9", "shortDescription": {"text": "undici: GHSA-g9mf-h72j-4rw9"}, "fullDescription": {"text": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4992-7rv2-5pvq", "name": "undici: GHSA-4992-7rv2-5pvq", "shortDescription": {"text": "undici: GHSA-4992-7rv2-5pvq"}, "fullDescription": {"text": "Undici has CRLF Injection in undici via `upgrade` option"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2mjp-6q6p-2qxm", "name": "undici: GHSA-2mjp-6q6p-2qxm", "shortDescription": {"text": "undici: GHSA-2mjp-6q6p-2qxm"}, "fullDescription": {"text": "Undici has an HTTP Request/Response Smuggling issue"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v2v4-37r5-5v8g", "name": "ip-address: GHSA-v2v4-37r5-5v8g", "shortDescription": {"text": "ip-address: GHSA-v2v4-37r5-5v8g"}, "fullDescription": {"text": "ip-address has XSS in Address6 HTML-emitting methods"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7rx3-28cr-v5wh", "name": "handlebars: GHSA-7rx3-28cr-v5wh", "shortDescription": {"text": "handlebars: GHSA-7rx3-28cr-v5wh"}, "fullDescription": {"text": "Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2qvq-rjwj-gvw9", "name": "handlebars: GHSA-2qvq-rjwj-gvw9", "shortDescription": {"text": "handlebars: GHSA-2qvq-rjwj-gvw9"}, "fullDescription": {"text": "Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5v7r-6r5c-r473", "name": "file-type: GHSA-5v7r-6r5c-r473", "shortDescription": {"text": "file-type: GHSA-5v7r-6r5c-r473"}, "fullDescription": {"text": "file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jp2q-39xq-3w4g", "name": "fast-xml-parser: GHSA-jp2q-39xq-3w4g", "shortDescription": {"text": "fast-xml-parser: GHSA-jp2q-39xq-3w4g"}, "fullDescription": {"text": "Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gh4j-gqv2-49f6", "name": "fast-xml-parser: GHSA-gh4j-gqv2-49f6", "shortDescription": {"text": "fast-xml-parser: GHSA-gh4j-gqv2-49f6"}, "fullDescription": {"text": "fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-67mh-4wv8-2f99", "name": "esbuild: GHSA-67mh-4wv8-2f99", "shortDescription": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "fullDescription": {"text": "esbuild enables any website to send any requests to the development server and read the response"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r5mx-6wc6-7h9w", "name": "dottie: GHSA-r5mx-6wc6-7h9w", "shortDescription": {"text": "dottie: GHSA-r5mx-6wc6-7h9w"}, "fullDescription": {"text": "dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set() and transform()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-378v-28hj-76wf", "name": "bn.js: GHSA-378v-28hj-76wf", "shortDescription": {"text": "bn.js: GHSA-378v-28hj-76wf"}, "fullDescription": {"text": "bn.js affected by an infinite loop"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xx6v-rp6x-q39c", "name": "axios: GHSA-xx6v-rp6x-q39c", "shortDescription": {"text": "axios: GHSA-xx6v-rp6x-q39c"}, "fullDescription": {"text": "Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w9j2-pvgh-6h63", "name": "axios: GHSA-w9j2-pvgh-6h63", "shortDescription": {"text": "axios: GHSA-w9j2-pvgh-6h63"}, "fullDescription": {"text": "Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vf2m-468p-8v99", "name": "axios: GHSA-vf2m-468p-8v99", "shortDescription": {"text": "axios: GHSA-vf2m-468p-8v99"}, "fullDescription": {"text": "Axios: HTTP adapter streamed responses bypass maxContentLength"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-m7pr-hjqh-92cm", "name": "axios: GHSA-m7pr-hjqh-92cm", "shortDescription": {"text": "axios: GHSA-m7pr-hjqh-92cm"}, "fullDescription": {"text": "Axios: no_proxy bypass via IP alias allows SSRF"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fvcv-3m26-pcqx", "name": "axios: GHSA-fvcv-3m26-pcqx", "shortDescription": {"text": "axios: GHSA-fvcv-3m26-pcqx"}, "fullDescription": {"text": "Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-898c-q2cr-xwhg", "name": "axios: GHSA-898c-q2cr-xwhg", "shortDescription": {"text": "axios: GHSA-898c-q2cr-xwhg"}, "fullDescription": {"text": "axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-62hf-57xw-28j9", "name": "axios: GHSA-62hf-57xw-28j9", "shortDescription": {"text": "axios: GHSA-62hf-57xw-28j9"}, "fullDescription": {"text": "Axios: unbounded recursion in toFormData causes DoS via deeply nested request data"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5c9x-8gcm-mpgx", "name": "axios: GHSA-5c9x-8gcm-mpgx", "shortDescription": {"text": "axios: GHSA-5c9x-8gcm-mpgx"}, "fullDescription": {"text": "Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-445q-vr5w-6q77", "name": "axios: GHSA-445q-vr5w-6q77", "shortDescription": {"text": "axios: GHSA-445q-vr5w-6q77"}, "fullDescription": {"text": "Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3w6x-2g7m-8v23", "name": "axios: GHSA-3w6x-2g7m-8v23", "shortDescription": {"text": "axios: GHSA-3w6x-2g7m-8v23"}, "fullDescription": {"text": "Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vhjm-w67q-g75c", "name": "@hapi/wreck: GHSA-vhjm-w67q-g75c", "shortDescription": {"text": "@hapi/wreck: GHSA-vhjm-w67q-g75c"}, "fullDescription": {"text": "@hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4vvj-4cpr-p986", "name": "webpack: GHSA-4vvj-4cpr-p986", "shortDescription": {"text": "webpack: GHSA-4vvj-4cpr-p986"}, "fullDescription": {"text": "Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c76h-2ccp-4975", "name": "undici: GHSA-c76h-2ccp-4975", "shortDescription": {"text": "undici: GHSA-c76h-2ccp-4975"}, "fullDescription": {"text": "Use of Insufficiently Random Values in undici"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-952p-6rrq-rcjv", "name": "micromatch: GHSA-952p-6rrq-rcjv", "shortDescription": {"text": "micromatch: GHSA-952p-6rrq-rcjv"}, "fullDescription": {"text": "Regular Expression Denial of Service (ReDoS) in micromatch"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-968p-4wvh-cqc8", "name": "@babel/runtime: GHSA-968p-4wvh-cqc8", "shortDescription": {"text": "@babel/runtime: GHSA-968p-4wvh-cqc8"}, "fullDescription": {"text": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q6x5-8v7m-xcrf", "name": "protobufjs: GHSA-q6x5-8v7m-xcrf", "shortDescription": {"text": "protobufjs: GHSA-q6x5-8v7m-xcrf"}, "fullDescription": {"text": "protobufjs has overlong UTF-8 decoding"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jggg-4jg4-v7c6", "name": "protobufjs: GHSA-jggg-4jg4-v7c6", "shortDescription": {"text": "protobufjs: GHSA-jggg-4jg4-v7c6"}, "fullDescription": {"text": "protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fx83-v9x8-x52w", "name": "protobufjs: GHSA-fx83-v9x8-x52w", "shortDescription": {"text": "protobufjs: GHSA-fx83-v9x8-x52w"}, "fullDescription": {"text": "protobuf.js: Prototype injection in generated message constructors"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2pr8-phx7-x9h3", "name": "protobufjs: GHSA-2pr8-phx7-x9h3", "shortDescription": {"text": "protobufjs: GHSA-2pr8-phx7-x9h3"}, "fullDescription": {"text": "protobuf.js: Denial of service from crafted field names in generated code"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6fx8-h7jm-663j", "name": "parseuri: GHSA-6fx8-h7jm-663j", "shortDescription": {"text": "parseuri: GHSA-6fx8-h7jm-663j"}, "fullDescription": {"text": "parse-uri Regular expression Denial of Service (ReDoS)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qwph-4952-7xr6", "name": "jsonwebtoken: GHSA-qwph-4952-7xr6", "shortDescription": {"text": "jsonwebtoken: GHSA-qwph-4952-7xr6"}, "fullDescription": {"text": "jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hjrf-2m68-5959", "name": "jsonwebtoken: GHSA-hjrf-2m68-5959", "shortDescription": {"text": "jsonwebtoken: GHSA-hjrf-2m68-5959"}, "fullDescription": {"text": "jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pfrx-2q88-qq97", "name": "got: GHSA-pfrx-2q88-qq97", "shortDescription": {"text": "got: GHSA-pfrx-2q88-qq97"}, "fullDescription": {"text": "Got allows a redirect to a UNIX socket"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `dynamodb-local` image uses the latest tag", "shortDescription": {"text": "Compose service `dynamodb-local` image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC125", "name": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeh", "shortDescription": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim "}, "fullDescription": {"text": "Replace with env lookup: `API_KEY = os.environ['SERVICE_API_KEY']`. Move actual key to a secret manager. Add a startup check that the env var is non-empty so missing config fails loudly instead of shipping the placeholder."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `redis` is 1 major version(s) behind (^5.11.0 -> 6.0.0)", "shortDescription": {"text": "npm package `redis` is 1 major version(s) behind (^5.11.0 -> 6.0.0)"}, "fullDescription": {"text": "`redis` is pinned/resolved at ^5.11.0 but the latest stable release on the npm registry is 6.0.0 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_README", "name": "No README file found", "shortDescription": {"text": "No README file found"}, "fullDescription": {"text": "Create a README.md with: project name and description, installation instructions, usage examples, configuration options, and contribution guidelines."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "GHSA-8fgc-7cc6-rx7x", "name": "webpack: GHSA-8fgc-7cc6-rx7x", "shortDescription": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "fullDescription": {"text": "webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-38r7-794h-5758", "name": "webpack: GHSA-38r7-794h-5758", "shortDescription": {"text": "webpack: GHSA-38r7-794h-5758"}, "fullDescription": {"text": "webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects \u2192 SSRF + cache persistence"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w7fw-mjwx-w883", "name": "qs: GHSA-w7fw-mjwx-w883", "shortDescription": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "fullDescription": {"text": "qs's arrayLimit bypass in comma parsing allows denial of service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vpq2-c234-7xj6", "name": "@tootallnate/once: GHSA-vpq2-c234-7xj6", "shortDescription": {"text": "@tootallnate/once: GHSA-vpq2-c234-7xj6"}, "fullDescription": {"text": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-x5gf-qvw8-r2rm", "name": "pm2: GHSA-x5gf-qvw8-r2rm", "shortDescription": {"text": "pm2: GHSA-x5gf-qvw8-r2rm"}, "fullDescription": {"text": "pm2 Regular Expression Denial of Service vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-442j-39wm-28r2", "name": "handlebars: GHSA-442j-39wm-28r2", "shortDescription": {"text": "handlebars: GHSA-442j-39wm-28r2"}, "fullDescription": {"text": "Handlebars.js has a Property Access Validation Bypass in container.lookup"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fj3w-jwp8-x2g3", "name": "fast-xml-parser: GHSA-fj3w-jwp8-x2g3", "shortDescription": {"text": "fast-xml-parser: GHSA-fj3w-jwp8-x2g3"}, "fullDescription": {"text": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-73rr-hh4g-fpgx", "name": "diff: GHSA-73rr-hh4g-fpgx", "shortDescription": {"text": "diff: GHSA-73rr-hh4g-fpgx"}, "fullDescription": {"text": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xhjh-pmcv-23jw", "name": "axios: GHSA-xhjh-pmcv-23jw", "shortDescription": {"text": "axios: GHSA-xhjh-pmcv-23jw"}, "fullDescription": {"text": "Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j965-2qgj-vjmq", "name": "aws-sdk: GHSA-j965-2qgj-vjmq", "shortDescription": {"text": "aws-sdk: GHSA-j965-2qgj-vjmq"}, "fullDescription": {"text": "JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6475-r3vj-m8vf", "name": "@smithy/config-resolver: GHSA-6475-r3vj-m8vf", "shortDescription": {"text": "@smithy/config-resolver: GHSA-6475-r3vj-m8vf"}, "fullDescription": {"text": "AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cxrh-j4jr-qwg3", "name": "undici: GHSA-cxrh-j4jr-qwg3", "shortDescription": {"text": "undici: GHSA-cxrh-j4jr-qwg3"}, "fullDescription": {"text": "undici Denial of Service attack via bad certificate data"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-52f5-9888-hmc6", "name": "tmp: GHSA-52f5-9888-hmc6", "shortDescription": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "fullDescription": {"text": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-75v8-2h7p-7m2m", "name": "formidable: GHSA-75v8-2h7p-7m2m", "shortDescription": {"text": "formidable: GHSA-75v8-2h7p-7m2m"}, "fullDescription": {"text": "Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pxg6-pf52-xh8x", "name": "cookie: GHSA-pxg6-pf52-xh8x", "shortDescription": {"text": "cookie: GHSA-pxg6-pf52-xh8x"}, "fullDescription": {"text": "cookie accepts cookie name, path, and domain with out of bounds characters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v6h2-p8h4-qcjw", "name": "brace-expansion: GHSA-v6h2-p8h4-qcjw", "shortDescription": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "fullDescription": {"text": "brace-expansion Regular Expression Denial of Service vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[SEC084] JS: require() with non-literal (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 16 more): Same pattern found in 16 additional f", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 64 more): Same pattern found in 64 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 64 more): Same pattern found in 64 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 392 more): Same pattern found in 392 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 392 more): Same pattern found in 392 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii (and 15 more): Same pattern found in 15 additional files. Review if needed.", "shortDescription": {"text": "[MINED049] Print Pii (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 226 more): Same pattern found in 226 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 226 more): Same pattern found in 226 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 30 more): Same pattern found in 30 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 30 more): Same pattern found in 30 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any (and 157 more): Same pattern found in 157 additional files. Review if needed.", "shortDescription": {"text": "[MINED054] Ts As Any (and 157 more): Same pattern found in 157 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GHSA-qpx9-hpmf-5gmw", "name": "underscore: GHSA-qpx9-hpmf-5gmw", "shortDescription": {"text": "underscore: GHSA-qpx9-hpmf-5gmw"}, "fullDescription": {"text": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xpqw-6gx7-v673", "name": "svgo: GHSA-xpqw-6gx7-v673", "shortDescription": {"text": "svgo: GHSA-xpqw-6gx7-v673"}, "fullDescription": {"text": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5c6j-r48x-rmvq", "name": "serialize-javascript: GHSA-5c6j-r48x-rmvq", "shortDescription": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "fullDescription": {"text": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mw96-cpmx-2vgc", "name": "rollup: GHSA-mw96-cpmx-2vgc", "shortDescription": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "fullDescription": {"text": "Rollup 4 has Arbitrary File Write via Path Traversal"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2c7-rcm5-vvqj", "name": "picomatch: GHSA-c2c7-rcm5-vvqj", "shortDescription": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "fullDescription": {"text": "Picomatch has a ReDoS vulnerability via extglob quantifiers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j3q9-mxjg-w52f", "name": "path-to-regexp: GHSA-j3q9-mxjg-w52f", "shortDescription": {"text": "path-to-regexp: GHSA-j3q9-mxjg-w52f"}, "fullDescription": {"text": "path-to-regexp vulnerable to Denial of Service via sequential optional groups"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-37ch-88jc-xwx2", "name": "path-to-regexp: GHSA-37ch-88jc-xwx2", "shortDescription": {"text": "path-to-regexp: GHSA-37ch-88jc-xwx2"}, "fullDescription": {"text": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rp65-9cf3-cjxr", "name": "nth-check: GHSA-rp65-9cf3-cjxr", "shortDescription": {"text": "nth-check: GHSA-rp65-9cf3-cjxr"}, "fullDescription": {"text": "Inefficient Regular Expression Complexity in nth-check"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q67f-28xg-22rw", "name": "node-forge: GHSA-q67f-28xg-22rw", "shortDescription": {"text": "node-forge: GHSA-q67f-28xg-22rw"}, "fullDescription": {"text": "Forge has signature forgery in Ed25519 due to missing S > L check"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ppp5-5v6c-4jwp", "name": "node-forge: GHSA-ppp5-5v6c-4jwp", "shortDescription": {"text": "node-forge: GHSA-ppp5-5v6c-4jwp"}, "fullDescription": {"text": "Forge has signature forgery in RSA-PKCS due to ASN.1 extra field  "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5m6q-g25r-mvwx", "name": "node-forge: GHSA-5m6q-g25r-mvwx", "shortDescription": {"text": "node-forge: GHSA-5m6q-g25r-mvwx"}, "fullDescription": {"text": "Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5gfm-wpxj-wjgq", "name": "node-forge: GHSA-5gfm-wpxj-wjgq", "shortDescription": {"text": "node-forge: GHSA-5gfm-wpxj-wjgq"}, "fullDescription": {"text": "node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-554w-wpv2-vw27", "name": "node-forge: GHSA-554w-wpv2-vw27", "shortDescription": {"text": "node-forge: GHSA-554w-wpv2-vw27"}, "fullDescription": {"text": "node-forge has ASN.1 Unbounded Recursion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2328-f5f3-gj25", "name": "node-forge: GHSA-2328-f5f3-gj25", "shortDescription": {"text": "node-forge: GHSA-2328-f5f3-gj25"}, "fullDescription": {"text": "Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7r86-cg39-jmmj", "name": "minimatch: GHSA-7r86-cg39-jmmj", "shortDescription": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "fullDescription": {"text": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3ppc-4f35-3m26", "name": "minimatch: GHSA-3ppc-4f35-3m26", "shortDescription": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "fullDescription": {"text": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-23c5-xmqv-rm74", "name": "minimatch: GHSA-23c5-xmqv-rm74", "shortDescription": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "fullDescription": {"text": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r5fr-rjxr-66jc", "name": "lodash: GHSA-r5fr-rjxr-66jc", "shortDescription": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "fullDescription": {"text": "lodash vulnerable to Code Injection via `_.template` imports key names"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-87r5-mp6g-5w5j", "name": "jsonpath: GHSA-87r5-mp6g-5w5j", "shortDescription": {"text": "jsonpath: GHSA-87r5-mp6g-5w5j"}, "fullDescription": {"text": "jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5j98-mcp5-4vw2", "name": "glob: GHSA-5j98-mcp5-4vw2", "shortDescription": {"text": "glob: GHSA-5j98-mcp5-4vw2"}, "fullDescription": {"text": "glob CLI: Command injection via -c/--cmd executes matches with shell:true"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rf6f-7fwh-wjgh", "name": "flatted: GHSA-rf6f-7fwh-wjgh", "shortDescription": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "fullDescription": {"text": "Prototype Pollution via parse() in NodeJS flatted"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-25h7-pfq9-p65f", "name": "flatted: GHSA-25h7-pfq9-p65f", "shortDescription": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "fullDescription": {"text": "flatted vulnerable to unbounded recursion DoS in parse() revive phase"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v39h-62p7-jpjc", "name": "fast-uri: GHSA-v39h-62p7-jpjc", "shortDescription": {"text": "fast-uri: GHSA-v39h-62p7-jpjc"}, "fullDescription": {"text": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q3j6-qgpj-74h6", "name": "fast-uri: GHSA-q3j6-qgpj-74h6", "shortDescription": {"text": "fast-uri: GHSA-q3j6-qgpj-74h6"}, "fullDescription": {"text": "fast-uri vulnerable to path traversal via percent-encoded dot segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fv7c-fp4j-7gwp", "name": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp", "shortDescription": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "fullDescription": {"text": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j658-c2gf-x6pq", "name": "velocityjs: GHSA-j658-c2gf-x6pq", "shortDescription": {"text": "velocityjs: GHSA-j658-c2gf-x6pq"}, "fullDescription": {"text": "Velocity.js has a Prototype Pollution vulnerability through #set path assignment"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vghf-hv5q-vc2g", "name": "validator: GHSA-vghf-hv5q-vc2g", "shortDescription": {"text": "validator: GHSA-vghf-hv5q-vc2g"}, "fullDescription": {"text": "Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vrm6-8vpv-qv8q", "name": "undici: GHSA-vrm6-8vpv-qv8q", "shortDescription": {"text": "undici: GHSA-vrm6-8vpv-qv8q"}, "fullDescription": {"text": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v9p9-hfj2-hcw8", "name": "undici: GHSA-v9p9-hfj2-hcw8", "shortDescription": {"text": "undici: GHSA-v9p9-hfj2-hcw8"}, "fullDescription": {"text": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f269-vfmq-vjvj", "name": "undici: GHSA-f269-vfmq-vjvj", "shortDescription": {"text": "undici: GHSA-f269-vfmq-vjvj"}, "fullDescription": {"text": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r6q2-hw4h-h46w", "name": "tar: GHSA-r6q2-hw4h-h46w", "shortDescription": {"text": "tar: GHSA-r6q2-hw4h-h46w"}, "fullDescription": {"text": "Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qffp-2rhf-9h96", "name": "tar: GHSA-qffp-2rhf-9h96", "shortDescription": {"text": "tar: GHSA-qffp-2rhf-9h96"}, "fullDescription": {"text": "tar has Hardlink Path Traversal via Drive-Relative Linkpath"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9ppj-qmqm-q256", "name": "tar: GHSA-9ppj-qmqm-q256", "shortDescription": {"text": "tar: GHSA-9ppj-qmqm-q256"}, "fullDescription": {"text": "node-tar Symlink Path Traversal via Drive-Relative Linkpath"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8qq5-rm4j-mr97", "name": "tar: GHSA-8qq5-rm4j-mr97", "shortDescription": {"text": "tar: GHSA-8qq5-rm4j-mr97"}, "fullDescription": {"text": "node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-83g3-92jg-28cx", "name": "tar: GHSA-83g3-92jg-28cx", "shortDescription": {"text": "tar: GHSA-83g3-92jg-28cx"}, "fullDescription": {"text": "Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-34x7-hfp2-rc4v", "name": "tar: GHSA-34x7-hfp2-rc4v", "shortDescription": {"text": "tar: GHSA-34x7-hfp2-rc4v"}, "fullDescription": {"text": "node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-wphj-fx3q-84ch", "name": "systeminformation: GHSA-wphj-fx3q-84ch", "shortDescription": {"text": "systeminformation: GHSA-wphj-fx3q-84ch"}, "fullDescription": {"text": "systeminformation has a Command Injection vulnerability in fsSize() function on Windows"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hvx9-hwr7-wjj9", "name": "systeminformation: GHSA-hvx9-hwr7-wjj9", "shortDescription": {"text": "systeminformation: GHSA-hvx9-hwr7-wjj9"}, "fullDescription": {"text": "Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9c88-49p5-5ggf", "name": "systeminformation: GHSA-9c88-49p5-5ggf", "shortDescription": {"text": "systeminformation: GHSA-9c88-49p5-5ggf"}, "fullDescription": {"text": "Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5vv4-hvf7-2h46", "name": "systeminformation: GHSA-5vv4-hvf7-2h46", "shortDescription": {"text": "systeminformation: GHSA-5vv4-hvf7-2h46"}, "fullDescription": {"text": "Command Injection via Unsanitized `locate` Output in `versions()` \u2014 systeminformation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jcxm-m3jx-f287", "name": "simple-git: GHSA-jcxm-m3jx-f287", "shortDescription": {"text": "simple-git: GHSA-jcxm-m3jx-f287"}, "fullDescription": {"text": "simple-git Affected by Command Execution via Option-Parsing Bypass"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hffm-xvc3-vprc", "name": "simple-git: GHSA-hffm-xvc3-vprc", "shortDescription": {"text": "simple-git: GHSA-hffm-xvc3-vprc"}, "fullDescription": {"text": "simple-git is vulnerable to Remote Code Execution"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6457-6jrx-69cr", "name": "sequelize: GHSA-6457-6jrx-69cr", "shortDescription": {"text": "sequelize: GHSA-6457-6jrx-69cr"}, "fullDescription": {"text": "Sequelize v6 Vulnerable to SQL Injection via JSON Column Cast Type"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xjpj-3mr7-gcpf", "name": "handlebars: GHSA-xjpj-3mr7-gcpf", "shortDescription": {"text": "handlebars: GHSA-xjpj-3mr7-gcpf"}, "fullDescription": {"text": "Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xhpv-hc6g-r9c6", "name": "handlebars: GHSA-xhpv-hc6g-r9c6", "shortDescription": {"text": "handlebars: GHSA-xhpv-hc6g-r9c6"}, "fullDescription": {"text": "Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9cx6-37pm-9jff", "name": "handlebars: GHSA-9cx6-37pm-9jff", "shortDescription": {"text": "handlebars: GHSA-9cx6-37pm-9jff"}, "fullDescription": {"text": "Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3mfm-83xf-c92r", "name": "handlebars: GHSA-3mfm-83xf-c92r", "shortDescription": {"text": "handlebars: GHSA-3mfm-83xf-c92r"}, "fullDescription": {"text": "Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8gc5-j5rx-235r", "name": "fast-xml-parser: GHSA-8gc5-j5rx-235r", "shortDescription": {"text": "fast-xml-parser: GHSA-8gc5-j5rx-235r"}, "fullDescription": {"text": "fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-37qj-frw5-hhjh", "name": "fast-xml-parser: GHSA-37qj-frw5-hhjh", "shortDescription": {"text": "fast-xml-parser: GHSA-37qj-frw5-hhjh"}, "fullDescription": {"text": "fast-xml-parser has RangeError DoS Numeric Entities Bug"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-38f7-945m-qr2g", "name": "effect: GHSA-38f7-945m-qr2g", "shortDescription": {"text": "effect: GHSA-38f7-945m-qr2g"}, "fullDescription": {"text": "Effect `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rpmf-866q-6p89", "name": "basic-ftp: GHSA-rpmf-866q-6p89", "shortDescription": {"text": "basic-ftp: GHSA-rpmf-866q-6p89"}, "fullDescription": {"text": "basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rp42-5vxx-qpwr", "name": "basic-ftp: GHSA-rp42-5vxx-qpwr", "shortDescription": {"text": "basic-ftp: GHSA-rp42-5vxx-qpwr"}, "fullDescription": {"text": "basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6v7q-wjvx-w8wg", "name": "basic-ftp: GHSA-6v7q-wjvx-w8wg", "shortDescription": {"text": "basic-ftp: GHSA-6v7q-wjvx-w8wg"}, "fullDescription": {"text": "basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q8qp-cvcw-x6jj", "name": "axios: GHSA-q8qp-cvcw-x6jj", "shortDescription": {"text": "axios: GHSA-q8qp-cvcw-x6jj"}, "fullDescription": {"text": "Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pf86-5x62-jrwf", "name": "axios: GHSA-pf86-5x62-jrwf", "shortDescription": {"text": "axios: GHSA-pf86-5x62-jrwf"}, "fullDescription": {"text": "Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-p92q-9vqr-4j8v", "name": "axios: GHSA-p92q-9vqr-4j8v", "shortDescription": {"text": "axios: GHSA-p92q-9vqr-4j8v"}, "fullDescription": {"text": "Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j5f8-grm9-p9fc", "name": "axios: GHSA-j5f8-grm9-p9fc", "shortDescription": {"text": "axios: GHSA-j5f8-grm9-p9fc"}, "fullDescription": {"text": "Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hfxv-24rg-xrqf", "name": "axios: GHSA-hfxv-24rg-xrqf", "shortDescription": {"text": "axios: GHSA-hfxv-24rg-xrqf"}, "fullDescription": {"text": "Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-777c-7fjr-54vf", "name": "axios: GHSA-777c-7fjr-54vf", "shortDescription": {"text": "axios: GHSA-777c-7fjr-54vf"}, "fullDescription": {"text": "Allocation of Resources Without Limits or Throttling in Axios"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6chq-wfr3-2hj9", "name": "axios: GHSA-6chq-wfr3-2hj9", "shortDescription": {"text": "axios: GHSA-6chq-wfr3-2hj9"}, "fullDescription": {"text": "Axios: Header Injection via Prototype Pollution"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-43fc-jf86-j433", "name": "axios: GHSA-43fc-jf86-j433", "shortDescription": {"text": "axios: GHSA-43fc-jf86-j433"}, "fullDescription": {"text": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pjwm-pj3p-43mv", "name": "axios: GHSA-pjwm-pj3p-43mv", "shortDescription": {"text": "axios: GHSA-pjwm-pj3p-43mv"}, "fullDescription": {"text": "axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3g43-6gmg-66jw", "name": "axios: GHSA-3g43-6gmg-66jw", "shortDescription": {"text": "axios: GHSA-3g43-6gmg-66jw"}, "fullDescription": {"text": "axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-35jp-ww65-95wh", "name": "axios: GHSA-35jp-ww65-95wh", "shortDescription": {"text": "axios: GHSA-35jp-ww65-95wh"}, "fullDescription": {"text": "axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jg4p-7fhp-p32p", "name": "@hapi/content: GHSA-jg4p-7fhp-p32p", "shortDescription": {"text": "@hapi/content: GHSA-jg4p-7fhp-p32p"}, "fullDescription": {"text": "@hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-36hh-x5p5-jgc8", "name": "@hapi/content: GHSA-36hh-x5p5-jgc8", "shortDescription": {"text": "@hapi/content: GHSA-36hh-x5p5-jgc8"}, "fullDescription": {"text": "@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3h5v-q93c-6h6q", "name": "ws: GHSA-3h5v-q93c-6h6q", "shortDescription": {"text": "ws: GHSA-3h5v-q93c-6h6q"}, "fullDescription": {"text": "ws affected by a DoS when handling a request with many HTTP headers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q2pj-6v73-8rgj", "name": "typeorm: GHSA-q2pj-6v73-8rgj", "shortDescription": {"text": "typeorm: GHSA-q2pj-6v73-8rgj"}, "fullDescription": {"text": "TypeORM vulnerable to SQL injection via crafted request to repository.save or repository.update"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ph9p-34f9-6g65", "name": "tmp: GHSA-ph9p-34f9-6g65", "shortDescription": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "fullDescription": {"text": "tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cvv5-9h9w-qp2m", "name": "systeminformation: GHSA-cvv5-9h9w-qp2m", "shortDescription": {"text": "systeminformation: GHSA-cvv5-9h9w-qp2m"}, "fullDescription": {"text": "Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2qf-rxjj-qqgw", "name": "semver: GHSA-c2qf-rxjj-qqgw", "shortDescription": {"text": "semver: GHSA-c2qf-rxjj-qqgw"}, "fullDescription": {"text": "semver vulnerable to Regular Expression Denial of Service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hw8r-x6gr-5gjp", "name": "jsonpath-plus: GHSA-hw8r-x6gr-5gjp", "shortDescription": {"text": "jsonpath-plus: GHSA-hw8r-x6gr-5gjp"}, "fullDescription": {"text": "JSONPath Plus allows Remote Code Execution"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MAL-2022-2415", "name": "defillama-adapters: MAL-2022-2415", "shortDescription": {"text": "defillama-adapters: MAL-2022-2415"}, "fullDescription": {"text": "Malicious code in defillama-adapters (npm)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3xgq-45jj-v275", "name": "cross-spawn: GHSA-3xgq-45jj-v275", "shortDescription": {"text": "cross-spawn: GHSA-3xgq-45jj-v275"}, "fullDescription": {"text": "Regular Expression Denial of Service (ReDoS) in cross-spawn"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-grv7-fg5c-xmjg", "name": "braces: GHSA-grv7-fg5c-xmjg", "shortDescription": {"text": "braces: GHSA-grv7-fg5c-xmjg"}, "fullDescription": {"text": "Uncontrolled resource consumption in braces"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3gc7-fjrx-p6mg", "name": "bigint-buffer: GHSA-3gc7-fjrx-p6mg", "shortDescription": {"text": "bigint-buffer: GHSA-3gc7-fjrx-p6mg"}, "fullDescription": {"text": "bigint-buffer Vulnerable to Buffer Overflow via toBigIntLE() Function"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xq7p-g2vc-g82p", "name": "base-x: GHSA-xq7p-g2vc-g82p", "shortDescription": {"text": "base-x: GHSA-xq7p-g2vc-g82p"}, "fullDescription": {"text": "Homograph attack allows Unicode lookalike characters to bypass validation."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jr5f-v2jv-69x6", "name": "axios: GHSA-jr5f-v2jv-69x6", "shortDescription": {"text": "axios: GHSA-jr5f-v2jv-69x6"}, "fullDescription": {"text": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8hc4-vh64-cxmj", "name": "axios: GHSA-8hc4-vh64-cxmj", "shortDescription": {"text": "axios: GHSA-8hc4-vh64-cxmj"}, "fullDescription": {"text": "Server-Side Request Forgery in axios"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4hjh-wcwx-xvwj", "name": "axios: GHSA-4hjh-wcwx-xvwj", "shortDescription": {"text": "axios: GHSA-4hjh-wcwx-xvwj"}, "fullDescription": {"text": "Axios is vulnerable to DoS attack through lack of data size check"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-677m-j7p3-52f9", "name": "socket.io-parser: GHSA-677m-j7p3-52f9", "shortDescription": {"text": "socket.io-parser: GHSA-677m-j7p3-52f9"}, "fullDescription": {"text": "socket.io allows an unbounded number of binary attachments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9p95-fxvg-qgq2", "name": "simple-git: GHSA-9p95-fxvg-qgq2", "shortDescription": {"text": "simple-git: GHSA-9p95-fxvg-qgq2"}, "fullDescription": {"text": "simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3f95-r44v-8mrg", "name": "simple-git: GHSA-3f95-r44v-8mrg", "shortDescription": {"text": "simple-git: GHSA-3f95-r44v-8mrg"}, "fullDescription": {"text": "Command injection in simple-git"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-28xr-mwxg-3qc8", "name": "simple-git: GHSA-28xr-mwxg-3qc8", "shortDescription": {"text": "simple-git: GHSA-28xr-mwxg-3qc8"}, "fullDescription": {"text": "Command injection in simple-git"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jvwf-75h9-cwgg", "name": "protobufjs: GHSA-jvwf-75h9-cwgg", "shortDescription": {"text": "protobufjs: GHSA-jvwf-75h9-cwgg"}, "fullDescription": {"text": "protobuf.js: Process-wide denial of service through unsafe option paths"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-75px-5xx7-5xc7", "name": "protobufjs: GHSA-75px-5xx7-5xc7", "shortDescription": {"text": "protobufjs: GHSA-75px-5xx7-5xc7"}, "fullDescription": {"text": "protobuf.js: Code generation gadget after prototype pollution"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-685m-2w69-288q", "name": "protobufjs: GHSA-685m-2w69-288q", "shortDescription": {"text": "protobufjs: GHSA-685m-2w69-288q"}, "fullDescription": {"text": "protobuf.js: Denial of service through unbounded protobuf recursion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-66ff-xgx4-vchm", "name": "protobufjs: GHSA-66ff-xgx4-vchm", "shortDescription": {"text": "protobufjs: GHSA-66ff-xgx4-vchm"}, "fullDescription": {"text": "protobuf.js: Code injection through bytes field defaults in generated toObject code"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-869p-cjfg-cm3x", "name": "jws: GHSA-869p-cjfg-cm3x", "shortDescription": {"text": "jws: GHSA-869p-cjfg-cm3x"}, "fullDescription": {"text": "auth0/node-jws Improperly Verifies HMAC Signature"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8cf7-32gw-wr33", "name": "jsonwebtoken: GHSA-8cf7-32gw-wr33", "shortDescription": {"text": "jsonwebtoken: GHSA-8cf7-32gw-wr33"}, "fullDescription": {"text": "jsonwebtoken unrestricted key type could lead to legacy keys usage "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MAL-2025-21003", "name": "fs: MAL-2025-21003", "shortDescription": {"text": "fs: MAL-2025-21003"}, "fullDescription": {"text": "Malicious code in fs (npm)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-g9cg-h3jm-cwrc", "name": "@hapi/pez: GHSA-g9cg-h3jm-cwrc", "shortDescription": {"text": "@hapi/pez: GHSA-g9cg-h3jm-cwrc"}, "fullDescription": {"text": "Prototype Pollution in @hapi/subtext"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3wqh-h42r-x8fq", "name": "@hapi/content: GHSA-3wqh-h42r-x8fq", "shortDescription": {"text": "@hapi/content: GHSA-3wqh-h42r-x8fq"}, "fullDescription": {"text": "Denial of Service in @hapi/content"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vj76-c3g6-qr5v", "name": "tar-fs: GHSA-vj76-c3g6-qr5v", "shortDescription": {"text": "tar-fs: GHSA-vj76-c3g6-qr5v"}, "fullDescription": {"text": "tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pq67-2wwv-3xjx", "name": "tar-fs: GHSA-pq67-2wwv-3xjx", "shortDescription": {"text": "tar-fs: GHSA-pq67-2wwv-3xjx"}, "fullDescription": {"text": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8cj5-5rvv-wf4v", "name": "tar-fs: GHSA-8cj5-5rvv-wf4v", "shortDescription": {"text": "tar-fs: GHSA-8cj5-5rvv-wf4v"}, "fullDescription": {"text": "tar-fs can extract outside the specified dir with a specific tarball"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC113", "name": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impe", "shortDescription": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "fullDescription": {"text": "Python: load `~/.ssh/known_hosts` and use `paramiko.RejectPolicy()`. Go: implement a `ssh.HostKeyCallback` that compares against a known fingerprint. Java JSch: load known_hosts via `jsch.setKnownHosts(...)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC100", "name": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make ", "shortDescription": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "fullDescription": {"text": "Allowlist specific origins. For dynamic per-request validation, validate against a known list and echo the origin back. Never combine wildcard origin with credentials."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED028", "name": "[MINED028] Ts Ignore Comment: // @ts-ignore silences all type errors on the next line.", "shortDescription": {"text": "[MINED028] Ts Ignore Comment: // @ts-ignore silences all type errors on the next line."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/setup-node` pinned to mutable ref `@v4`", "shortDescription": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "fullDescription": {"text": "`uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `node:20` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `node:20` not pinned by digest"}, "fullDescription": {"text": "`FROM node:20` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED113", "name": "Express POST /historicalLiquidity/:token has no auth", "shortDescription": {"text": "Express POST /historicalLiquidity/:token has no auth"}, "fullDescription": {"text": "Express route POST /historicalLiquidity/:token declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "GHSA-r275-fr43-pm7q", "name": "simple-git: GHSA-r275-fr43-pm7q", "shortDescription": {"text": "simple-git: GHSA-r275-fr43-pm7q"}, "fullDescription": {"text": "simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key enables RCE"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2w6w-674q-4c4q", "name": "handlebars: GHSA-2w6w-674q-4c4q", "shortDescription": {"text": "handlebars: GHSA-2w6w-674q-4c4q"}, "fullDescription": {"text": "Handlebars.js has JavaScript Injection via AST Type Confusion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-m7jm-9gc2-mpf2", "name": "fast-xml-parser: GHSA-m7jm-9gc2-mpf2", "shortDescription": {"text": "fast-xml-parser: GHSA-m7jm-9gc2-mpf2"}, "fullDescription": {"text": "fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5rq4-664w-9x2c", "name": "basic-ftp: GHSA-5rq4-664w-9x2c", "shortDescription": {"text": "basic-ftp: GHSA-5rq4-664w-9x2c"}, "fullDescription": {"text": "Basic FTP has Path Traversal Vulnerability in its downloadToDir()\u00a0method"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-95m3-7q98-8xr5", "name": "sha.js: GHSA-95m3-7q98-8xr5", "shortDescription": {"text": "sha.js: GHSA-95m3-7q98-8xr5"}, "fullDescription": {"text": "sha.js is missing type checks leading to hash rewind and passing on crafted data"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pppg-cpfq-h7wr", "name": "jsonpath-plus: GHSA-pppg-cpfq-h7wr", "shortDescription": {"text": "jsonpath-plus: GHSA-pppg-cpfq-h7wr"}, "fullDescription": {"text": "JSONPath Plus Remote Code Execution (RCE) Vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fjxv-7rqg-78g4", "name": "form-data: GHSA-fjxv-7rqg-78g4", "shortDescription": {"text": "form-data: GHSA-fjxv-7rqg-78g4"}, "fullDescription": {"text": "form-data uses unsafe random function in form-data for choosing boundary"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9w5j-4mwv-2wj8", "name": "simple-git: GHSA-9w5j-4mwv-2wj8", "shortDescription": {"text": "simple-git: GHSA-9w5j-4mwv-2wj8"}, "fullDescription": {"text": "Remote code execution in simple-git"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h97f-5258-5593", "name": "serverless-offline: GHSA-h97f-5258-5593", "shortDescription": {"text": "serverless-offline: GHSA-h97f-5258-5593"}, "fullDescription": {"text": "Incorrect Authorization in serverless-offline"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xq3m-2v4x-88gg", "name": "protobufjs: GHSA-xq3m-2v4x-88gg", "shortDescription": {"text": "protobufjs: GHSA-xq3m-2v4x-88gg"}, "fullDescription": {"text": "Arbitrary code execution in protobufjs"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED035", "name": "[MINED035] Js New Function: new Function(...) compiles strings to functions.", "shortDescription": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1361"}, "properties": {"repository": "DefiLlama/defillama-server", "repoUrl": "https://github.com/DefiLlama/defillama-server", "branch": "master"}, "results": [{"ruleId": "GHSA-48c2-rrv3-qjmp", "level": "warning", "message": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "properties": {"repobilityId": 139108, "scanner": "osv-scanner", "fingerprint": "a882d5520e40f6422d99a760a36792eccaad1f508330d87c19bba8096afb9a2c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33532"], "package": "yaml", "rule_id": "GHSA-48c2-rrv3-qjmp", "scanner": "osv-scanner", "correlation_key": "vuln|yaml|CVE-2026-33532|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 139107, "scanner": "osv-scanner", "fingerprint": "eb75e66ca594379a6d925ede9e263624ff8740dfccc0c291d0f5dd501ae06861", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9jgg-88mc-972h", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-9jgg-88mc-972h"}, "properties": {"repobilityId": 139106, "scanner": "osv-scanner", "fingerprint": "9b3d21ff683a6734c894d23087a09abc5bb082cad447ca0f77175073bdaaf249", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-30360"], "package": "webpack-dev-server", "rule_id": "GHSA-9jgg-88mc-972h", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2025-30360|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-79cf-xcqc-c78w", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-79cf-xcqc-c78w"}, "properties": {"repobilityId": 139105, "scanner": "osv-scanner", "fingerprint": "91fb2ea2296fefcf0a7e3e7192d90e22582fe4b8b20d15124751ae71d0a841f0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6402"], "package": "webpack-dev-server", "rule_id": "GHSA-79cf-xcqc-c78w", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2026-6402|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4v9v-hfq4-rm2v", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v"}, "properties": {"repobilityId": 139104, "scanner": "osv-scanner", "fingerprint": "7c75019ccd9b51aab6e3c24de9845df432db69f182d62211c9adbd036f7221b0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-30359"], "package": "webpack-dev-server", "rule_id": "GHSA-4v9v-hfq4-rm2v", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2025-30359|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 139101, "scanner": "osv-scanner", "fingerprint": "d3381266c0f59131379fe2d4ec1b92a9a2bc2d4b1288d0403a71ff9ff0a89e7d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qj8w-gfj5-8c6v", "level": "warning", "message": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "properties": {"repobilityId": 139098, "scanner": "osv-scanner", "fingerprint": "c39715d1ab8d54e7c60c6ffd3c670cbc755cf502e32dade9a26ee2a1f543366f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34043"], "package": "serialize-javascript", "rule_id": "GHSA-qj8w-gfj5-8c6v", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2026-34043|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8mj-m7cp-5q26", "level": "warning", "message": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "properties": {"repobilityId": 139094, "scanner": "osv-scanner", "fingerprint": "6fd5abb2c6e255c8a6d38f3aeb8c63f526c01c6d238efd4068fb915c7a3deb1f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-8723"], "package": "qs", "rule_id": "GHSA-q8mj-m7cp-5q26", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-8723|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6rw7-vpxm-498p", "level": "warning", "message": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "properties": {"repobilityId": 139093, "scanner": "osv-scanner", "fingerprint": "168444d41ce76a0ab8678bdefc07c74b60f007d20c8884730cbe7ab916d21dc2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-15284"], "package": "qs", "rule_id": "GHSA-6rw7-vpxm-498p", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2025-15284|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 139092, "scanner": "osv-scanner", "fingerprint": "e12293252f7b07b971080c4566bb286caac613fc6ec0e8a7ae633f49722ed2b1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7fh5-64p2-3v2j", "level": "warning", "message": {"text": "postcss: GHSA-7fh5-64p2-3v2j"}, "properties": {"repobilityId": 139091, "scanner": "osv-scanner", "fingerprint": "6c5a7e8dee5149e8f8202fdf30b779479f307ae763a3e3f0b0ccce71407fe7fe", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-44270"], "package": "postcss", "rule_id": "GHSA-7fh5-64p2-3v2j", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2023-44270|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 139089, "scanner": "osv-scanner", "fingerprint": "3f137284b31489d5cc38b590d5527b2ed9c5766fd73ab864ba4a9ce472d5e83a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-27v5-c462-wpq7", "level": "warning", "message": {"text": "path-to-regexp: GHSA-27v5-c462-wpq7"}, "properties": {"repobilityId": 139087, "scanner": "osv-scanner", "fingerprint": "b6037454c66106af4098b2f60f6f5ad5d639c8eb04ad545962581c57309d7c40", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4923"], "package": "path-to-regexp", "rule_id": "GHSA-27v5-c462-wpq7", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2026-4923|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-65ch-62r8-g69g", "level": "warning", "message": {"text": "node-forge: GHSA-65ch-62r8-g69g"}, "properties": {"repobilityId": 139082, "scanner": "osv-scanner", "fingerprint": "e40db9a0c5952e3c74ec736cdb607ef6818da0365da536a718934b1ec50bf367", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66030"], "package": "node-forge", "rule_id": "GHSA-65ch-62r8-g69g", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-66030|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xxjr-mmjv-4gpg", "level": "warning", "message": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "properties": {"repobilityId": 139074, "scanner": "osv-scanner", "fingerprint": "40d8f689c954a2b21360e59c9cb3dc4cf076f31021ae0de499bc321a9df85887", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-13465"], "package": "lodash", "rule_id": "GHSA-xxjr-mmjv-4gpg", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2025-13465|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f23m-r3pf-42rh", "level": "warning", "message": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "properties": {"repobilityId": 139072, "scanner": "osv-scanner", "fingerprint": "47ab075706b0322d8467460bbacb9d260b3be2b02fd43f37cbc1a571ceaf413c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2950"], "package": "lodash", "rule_id": "GHSA-f23m-r3pf-42rh", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-2950|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6c59-mwgh-r2x6", "level": "warning", "message": {"text": "jsonpath: GHSA-6c59-mwgh-r2x6"}, "properties": {"repobilityId": 139070, "scanner": "osv-scanner", "fingerprint": "fdfe37003aebe873402cbf60a427bc00cbc12f49b5fd1cf0709bca9e11cd798c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-61140"], "package": "jsonpath", "rule_id": "GHSA-6c59-mwgh-r2x6", "scanner": "osv-scanner", "correlation_key": "vuln|jsonpath|CVE-2025-61140|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mh29-5h37-fv8m", "level": "warning", "message": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "properties": {"repobilityId": 139069, "scanner": "osv-scanner", "fingerprint": "b1ca7761cec440169f4b78bd77ed86a5d627595095b5a31ecd36d71e35348352", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64718"], "package": "js-yaml", "rule_id": "GHSA-mh29-5h37-fv8m", "scanner": "osv-scanner", "correlation_key": "vuln|js-yaml|CVE-2025-64718|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r4q5-vmmm-2653", "level": "warning", "message": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "properties": {"repobilityId": 139067, "scanner": "osv-scanner", "fingerprint": "e2a101b534df7030b207c971a11a559ccacd292bfab221968c936b25a9deef10", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "follow-redirects", "rule_id": "GHSA-r4q5-vmmm-2653", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|GHSA-R4Q5-VMMM-2653|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 139062, "scanner": "osv-scanner", "fingerprint": "2fe5c7e8b682bfbc17a8b5084bba71502ce03af6147d4a24d3f3d83e783ebbbe", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wqch-xfxh-vrr4", "level": "warning", "message": {"text": "body-parser: GHSA-wqch-xfxh-vrr4"}, "properties": {"repobilityId": 139061, "scanner": "osv-scanner", "fingerprint": "053db13bbbc4412ce28b296846e8d0aab9024f519f57784ddb5be52390a19a2c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-13466"], "package": "body-parser", "rule_id": "GHSA-wqch-xfxh-vrr4", "scanner": "osv-scanner", "correlation_key": "vuln|body-parser|CVE-2025-13466|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 139060, "scanner": "osv-scanner", "fingerprint": "aee41a7be977ba55ed7bd8b9045035baa8b5793b80b1598ef9d5cc339a0050dc", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 139057, "scanner": "osv-scanner", "fingerprint": "4c314ffaa522a420670ced7e8b9f6279bdf48926317d2ced7657e0483ab630dc", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/scripts/rekt-rss/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 139056, "scanner": "osv-scanner", "fingerprint": "e28bf8cb044fe1d84db1a5772d5552797d12d46851a17e3c5a2b225b128d6254", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9965-vmph-33xx", "level": "warning", "message": {"text": "validator: GHSA-9965-vmph-33xx"}, "properties": {"repobilityId": 139051, "scanner": "osv-scanner", "fingerprint": "0096a9c542f441a7325fb1767fa644e125797d8626416079b62b185afb47f74b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-56200"], "package": "validator", "rule_id": "GHSA-9965-vmph-33xx", "scanner": "osv-scanner", "correlation_key": "vuln|validator|CVE-2025-56200|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 139050, "scanner": "osv-scanner", "fingerprint": "79fa757c9146415929cb84ab5f2ba9378fd0f308e5cd329a6b186096ca6002b2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-g9mf-h72j-4rw9", "level": "warning", "message": {"text": "undici: GHSA-g9mf-h72j-4rw9"}, "properties": {"repobilityId": 139047, "scanner": "osv-scanner", "fingerprint": "d2293c74b72a4bd3863289a79292dd221bb11ed083f5175441f7a67897e456b8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-22036"], "package": "undici", "rule_id": "GHSA-g9mf-h72j-4rw9", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-22036|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4992-7rv2-5pvq", "level": "warning", "message": {"text": "undici: GHSA-4992-7rv2-5pvq"}, "properties": {"repobilityId": 139045, "scanner": "osv-scanner", "fingerprint": "0342dd2aeed38a6449449e978071f132ac293c16074f90c988e2869fa9fa7468", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1527"], "package": "undici", "rule_id": "GHSA-4992-7rv2-5pvq", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1527|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2mjp-6q6p-2qxm", "level": "warning", "message": {"text": "undici: GHSA-2mjp-6q6p-2qxm"}, "properties": {"repobilityId": 139044, "scanner": "osv-scanner", "fingerprint": "a74f1a929333bbcc93c8e6aab0f77887dc8326a85686eae04a08b099bc305734", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1525"], "package": "undici", "rule_id": "GHSA-2mjp-6q6p-2qxm", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1525|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8mj-m7cp-5q26", "level": "warning", "message": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "properties": {"repobilityId": 139028, "scanner": "osv-scanner", "fingerprint": "87d78f0de0424ddc3128225d5964b3abd2d88f75e940fab76ed217b99865b45a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-8723"], "package": "qs", "rule_id": "GHSA-q8mj-m7cp-5q26", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-8723|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6rw7-vpxm-498p", "level": "warning", "message": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "properties": {"repobilityId": 139027, "scanner": "osv-scanner", "fingerprint": "e415b7ecf8744bc7539174eaa475ef4db98f34e7111e1684cd34e8388d6ec546", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-15284"], "package": "qs", "rule_id": "GHSA-6rw7-vpxm-498p", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2025-15284|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 139024, "scanner": "osv-scanner", "fingerprint": "d9b3352ef1b7caa19c9962e83adbce8b0fed8a12c66e7e65e297c765b4edfb9d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xxjr-mmjv-4gpg", "level": "warning", "message": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "properties": {"repobilityId": 139020, "scanner": "osv-scanner", "fingerprint": "90698de197006cc62ae87f0d6e40742ddac1ebc5b0c97230bbcf2997acfbc837", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-13465"], "package": "lodash", "rule_id": "GHSA-xxjr-mmjv-4gpg", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2025-13465|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f23m-r3pf-42rh", "level": "warning", "message": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "properties": {"repobilityId": 139018, "scanner": "osv-scanner", "fingerprint": "2915b5171385700e16baaf7b027fcd7a742d57e2a51f9d0d1355db781ec8708e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2950"], "package": "lodash", "rule_id": "GHSA-f23m-r3pf-42rh", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-2950|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mh29-5h37-fv8m", "level": "warning", "message": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "properties": {"repobilityId": 139017, "scanner": "osv-scanner", "fingerprint": "5fd7360a012b4120158b41b3728eb6d6e99ca102cb04e881e728303d1c60f05a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64718"], "package": "js-yaml", "rule_id": "GHSA-mh29-5h37-fv8m", "scanner": "osv-scanner", "correlation_key": "vuln|js-yaml|CVE-2025-64718|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v2v4-37r5-5v8g", "level": "warning", "message": {"text": "ip-address: GHSA-v2v4-37r5-5v8g"}, "properties": {"repobilityId": 139016, "scanner": "osv-scanner", "fingerprint": "4c6e9c970c94478c7fd3edb7d0c1d4645f008d5c0e5fcd7582c5a1898c4f27fb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42338"], "package": "ip-address", "rule_id": "GHSA-v2v4-37r5-5v8g", "scanner": "osv-scanner", "correlation_key": "vuln|ip-address|CVE-2026-42338|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7rx3-28cr-v5wh", "level": "warning", "message": {"text": "handlebars: GHSA-7rx3-28cr-v5wh"}, "properties": {"repobilityId": 139012, "scanner": "osv-scanner", "fingerprint": "b0fa5c2f702121c2a9eabb22967cc979995adc3bbe9d0c186083d05f835d601c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "handlebars", "rule_id": "GHSA-7rx3-28cr-v5wh", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|GHSA-7RX3-28CR-V5WH|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2qvq-rjwj-gvw9", "level": "warning", "message": {"text": "handlebars: GHSA-2qvq-rjwj-gvw9"}, "properties": {"repobilityId": 139008, "scanner": "osv-scanner", "fingerprint": "284d5f8781412745db31d4475e1884633e1440e367e8081e5e62f6a4d5576086", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33916"], "package": "handlebars", "rule_id": "GHSA-2qvq-rjwj-gvw9", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33916|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r4q5-vmmm-2653", "level": "warning", "message": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "properties": {"repobilityId": 139006, "scanner": "osv-scanner", "fingerprint": "9b7b1ccb8eafb0b0be10ada1b62888ef506428d6800e8b423544857a6b440005", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "follow-redirects", "rule_id": "GHSA-r4q5-vmmm-2653", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|GHSA-R4Q5-VMMM-2653|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5v7r-6r5c-r473", "level": "warning", "message": {"text": "file-type: GHSA-5v7r-6r5c-r473"}, "properties": {"repobilityId": 139005, "scanner": "osv-scanner", "fingerprint": "fbbf8fdc81c910b410cbf2426cf4811e9ac97c020adaaaa39bdd5441c1fbef6e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-31808"], "package": "file-type", "rule_id": "GHSA-5v7r-6r5c-r473", "scanner": "osv-scanner", "correlation_key": "vuln|file-type|CVE-2026-31808|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jp2q-39xq-3w4g", "level": "warning", "message": {"text": "fast-xml-parser: GHSA-jp2q-39xq-3w4g"}, "properties": {"repobilityId": 139003, "scanner": "osv-scanner", "fingerprint": "6ba77fd44bb55589f0c686551b5b8636ff06eba5fb3650906aca7c7484e953fe", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33349"], "package": "fast-xml-parser", "rule_id": "GHSA-jp2q-39xq-3w4g", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-33349|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gh4j-gqv2-49f6", "level": "warning", "message": {"text": "fast-xml-parser: GHSA-gh4j-gqv2-49f6"}, "properties": {"repobilityId": 139002, "scanner": "osv-scanner", "fingerprint": "c740828589188b072c4740d1ef0e466bd715a9b490dfdf3cf468523644eac5a6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41650"], "package": "fast-xml-parser", "rule_id": "GHSA-gh4j-gqv2-49f6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-41650|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67mh-4wv8-2f99", "level": "warning", "message": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "properties": {"repobilityId": 138996, "scanner": "osv-scanner", "fingerprint": "f25c9301c8a3f3b9580352bc1141530980d7a94c689abaab331c094ef21d66df", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "esbuild", "rule_id": "GHSA-67mh-4wv8-2f99", "scanner": "osv-scanner", "correlation_key": "vuln|esbuild|GHSA-67MH-4WV8-2F99|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5mx-6wc6-7h9w", "level": "warning", "message": {"text": "dottie: GHSA-r5mx-6wc6-7h9w"}, "properties": {"repobilityId": 138994, "scanner": "osv-scanner", "fingerprint": "c86ffed1d74cda0a361b25f9682753da5bf2acf4b945d048bc6667ddd30dd1e1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27837"], "package": "dottie", "rule_id": "GHSA-r5mx-6wc6-7h9w", "scanner": "osv-scanner", "correlation_key": "vuln|dottie|CVE-2026-27837|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 138992, "scanner": "osv-scanner", "fingerprint": "593caec271e54857d838a34c50d8a3a7942d6dbddfdd8e5a383e8271a0f54bb6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-378v-28hj-76wf", "level": "warning", "message": {"text": "bn.js: GHSA-378v-28hj-76wf"}, "properties": {"repobilityId": 138991, "scanner": "osv-scanner", "fingerprint": "9fac79068e67db764365cbeed8f73482f4840eb9c08294bf64b824addd17a8a5", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2739"], "package": "bn.js", "rule_id": "GHSA-378v-28hj-76wf", "scanner": "osv-scanner", "correlation_key": "vuln|bn.js|CVE-2026-2739|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xx6v-rp6x-q39c", "level": "warning", "message": {"text": "axios: GHSA-xx6v-rp6x-q39c"}, "properties": {"repobilityId": 138986, "scanner": "osv-scanner", "fingerprint": "dcfe8500aac1324c190650628ef4a78998050659b8fde199c3e5ca80e484d741", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42042"], "package": "axios", "rule_id": "GHSA-xx6v-rp6x-q39c", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42042|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w9j2-pvgh-6h63", "level": "warning", "message": {"text": "axios: GHSA-w9j2-pvgh-6h63"}, "properties": {"repobilityId": 138984, "scanner": "osv-scanner", "fingerprint": "d028064fcffb0b833da61b7350ea0b8a7237ff3240ae406aa2c777322a9b750a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42041"], "package": "axios", "rule_id": "GHSA-w9j2-pvgh-6h63", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42041|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vf2m-468p-8v99", "level": "warning", "message": {"text": "axios: GHSA-vf2m-468p-8v99"}, "properties": {"repobilityId": 138983, "scanner": "osv-scanner", "fingerprint": "aa04e224add75bb660d6247ca07a969dea9df8e805bdafcd1f3af77cdee95555", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42036"], "package": "axios", "rule_id": "GHSA-vf2m-468p-8v99", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42036|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m7pr-hjqh-92cm", "level": "warning", "message": {"text": "axios: GHSA-m7pr-hjqh-92cm"}, "properties": {"repobilityId": 138979, "scanner": "osv-scanner", "fingerprint": "73bb68fc74cee5e143db4ade1155dc38ff155336a6dca50a76c81bae27f9ffef", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42038"], "package": "axios", "rule_id": "GHSA-m7pr-hjqh-92cm", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42038|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fvcv-3m26-pcqx", "level": "warning", "message": {"text": "axios: GHSA-fvcv-3m26-pcqx"}, "properties": {"repobilityId": 138976, "scanner": "osv-scanner", "fingerprint": "c3070a098de2d96b8bd513189bb7cc0de14a0f460f492603541eb97e77aad4ac", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-40175"], "package": "axios", "rule_id": "GHSA-fvcv-3m26-pcqx", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-40175|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-898c-q2cr-xwhg", "level": "warning", "message": {"text": "axios: GHSA-898c-q2cr-xwhg"}, "properties": {"repobilityId": 138975, "scanner": "osv-scanner", "fingerprint": "461bce4b613e178e76e5cdb970f5a7b9907d841e9f85d1e4375ab494b9324afd", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44490"], "package": "axios", "rule_id": "GHSA-898c-q2cr-xwhg", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44490|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-62hf-57xw-28j9", "level": "warning", "message": {"text": "axios: GHSA-62hf-57xw-28j9"}, "properties": {"repobilityId": 138972, "scanner": "osv-scanner", "fingerprint": "f368fb9c7f6ee784bc61df2dd785d1f0b636bc37e7cf1a203c1c10b78415bbd0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42039"], "package": "axios", "rule_id": "GHSA-62hf-57xw-28j9", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42039|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c9x-8gcm-mpgx", "level": "warning", "message": {"text": "axios: GHSA-5c9x-8gcm-mpgx"}, "properties": {"repobilityId": 138971, "scanner": "osv-scanner", "fingerprint": "14d2750ce97b5d1bf00638164fd742a1737868200dda1fe38b7a5ecd2c5870dc", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42034"], "package": "axios", "rule_id": "GHSA-5c9x-8gcm-mpgx", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42034|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-445q-vr5w-6q77", "level": "warning", "message": {"text": "axios: GHSA-445q-vr5w-6q77"}, "properties": {"repobilityId": 138970, "scanner": "osv-scanner", "fingerprint": "c6d79e23eafe47a4f9f839de38f5a9c325c67c2911b4600069e78a9af7d5d2df", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42037"], "package": "axios", "rule_id": "GHSA-445q-vr5w-6q77", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42037|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3w6x-2g7m-8v23", "level": "warning", "message": {"text": "axios: GHSA-3w6x-2g7m-8v23"}, "properties": {"repobilityId": 138968, "scanner": "osv-scanner", "fingerprint": "fef62c26129a9f87dfe5a454c53b3b3268206f0e29ddb4c119fcbef8dc608b10", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42044"], "package": "axios", "rule_id": "GHSA-3w6x-2g7m-8v23", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42044|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 138963, "scanner": "osv-scanner", "fingerprint": "d7f8e36599c0e3c0cb02d1bf13999940cf413757bd561f6703c8def9753abdd2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vhjm-w67q-g75c", "level": "warning", "message": {"text": "@hapi/wreck: GHSA-vhjm-w67q-g75c"}, "properties": {"repobilityId": 138961, "scanner": "osv-scanner", "fingerprint": "c4cb39e6cd314771434253537fe25ddbfc0d603c6bd95dc81437df22f32cc7e9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44979"], "package": "@hapi/wreck", "rule_id": "GHSA-vhjm-w67q-g75c", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/wreck|CVE-2026-44979|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 138957, "scanner": "osv-scanner", "fingerprint": "b00fd9a1f762e4b510588b455ae97950ef1149424e8f0e2983c1079a70d0af53", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4vvj-4cpr-p986", "level": "warning", "message": {"text": "webpack: GHSA-4vvj-4cpr-p986"}, "properties": {"repobilityId": 138954, "scanner": "osv-scanner", "fingerprint": "e6ce96dd5a6b56288173b22d142ed5666b988cd96ec96187f8f102acbbf4d5f3", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43788"], "package": "webpack", "rule_id": "GHSA-4vvj-4cpr-p986", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2024-43788|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9965-vmph-33xx", "level": "warning", "message": {"text": "validator: GHSA-9965-vmph-33xx"}, "properties": {"repobilityId": 138950, "scanner": "osv-scanner", "fingerprint": "6d89408184bd0c742f63858a285af75b448775088658092182202c3812001c9f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-56200"], "package": "validator", "rule_id": "GHSA-9965-vmph-33xx", "scanner": "osv-scanner", "correlation_key": "vuln|validator|CVE-2025-56200|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 138949, "scanner": "osv-scanner", "fingerprint": "591a747df86e2b254312588a3ebd9d4e7995bc0efac1d1129334190ee69e53d5", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-g9mf-h72j-4rw9", "level": "warning", "message": {"text": "undici: GHSA-g9mf-h72j-4rw9"}, "properties": {"repobilityId": 138946, "scanner": "osv-scanner", "fingerprint": "fba5b3052d937384ed30eeaf20181d667a335193d4a371e06543a4c54d60fbee", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-22036"], "package": "undici", "rule_id": "GHSA-g9mf-h72j-4rw9", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-22036|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c76h-2ccp-4975", "level": "warning", "message": {"text": "undici: GHSA-c76h-2ccp-4975"}, "properties": {"repobilityId": 138944, "scanner": "osv-scanner", "fingerprint": "a3d0b3efff3ef3335a1ee160e161c161544773b92d13c9127e10c6f2bc70f028", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-22150"], "package": "undici", "rule_id": "GHSA-c76h-2ccp-4975", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2025-22150|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4992-7rv2-5pvq", "level": "warning", "message": {"text": "undici: GHSA-4992-7rv2-5pvq"}, "properties": {"repobilityId": 138943, "scanner": "osv-scanner", "fingerprint": "ffc6d74ff555594866dfc65d1984d56d7cc940cec908f661297f63e4db8158ec", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1527"], "package": "undici", "rule_id": "GHSA-4992-7rv2-5pvq", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1527|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2mjp-6q6p-2qxm", "level": "warning", "message": {"text": "undici: GHSA-2mjp-6q6p-2qxm"}, "properties": {"repobilityId": 138942, "scanner": "osv-scanner", "fingerprint": "0c2293f17e6e3ea9383258ad02128bc386517883dd4b76b866b9b6563d41d79b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1525"], "package": "undici", "rule_id": "GHSA-2mjp-6q6p-2qxm", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1525|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qj8w-gfj5-8c6v", "level": "warning", "message": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "properties": {"repobilityId": 138923, "scanner": "osv-scanner", "fingerprint": "2dd115d0b426f54428750ec32018d0ea27bd9396c67e5665f2aac6b8f1a7e0bd", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34043"], "package": "serialize-javascript", "rule_id": "GHSA-qj8w-gfj5-8c6v", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2026-34043|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8mj-m7cp-5q26", "level": "warning", "message": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "properties": {"repobilityId": 138918, "scanner": "osv-scanner", "fingerprint": "8fa8459563a2a3e795546ce4d8281767cb8af929fad9032a6e71d651145451b9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-8723"], "package": "qs", "rule_id": "GHSA-q8mj-m7cp-5q26", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-8723|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6rw7-vpxm-498p", "level": "warning", "message": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "properties": {"repobilityId": 138917, "scanner": "osv-scanner", "fingerprint": "1da7b80dfc50f2ba0ffca71bf6da25df603806ee5370029093ef9c69775f94c9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-15284"], "package": "qs", "rule_id": "GHSA-6rw7-vpxm-498p", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2025-15284|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 138914, "scanner": "osv-scanner", "fingerprint": "66f9618869122bc8b32f3860f26b48e2fa38487e66ac9b818eb15236034c30d5", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-952p-6rrq-rcjv", "level": "warning", "message": {"text": "micromatch: GHSA-952p-6rrq-rcjv"}, "properties": {"repobilityId": 138910, "scanner": "osv-scanner", "fingerprint": "3e45b7033b7e7c423587c06496b96b102e1d738ac4e02265ec6a7b81d14e6885", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4067"], "package": "micromatch", "rule_id": "GHSA-952p-6rrq-rcjv", "scanner": "osv-scanner", "correlation_key": "vuln|micromatch|CVE-2024-4067|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xxjr-mmjv-4gpg", "level": "warning", "message": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "properties": {"repobilityId": 138909, "scanner": "osv-scanner", "fingerprint": "ff97ac10d2de8b62d1127d4839c971a8131a6a410fbd8e7b6c52719f616ed02a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-13465"], "package": "lodash", "rule_id": "GHSA-xxjr-mmjv-4gpg", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2025-13465|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f23m-r3pf-42rh", "level": "warning", "message": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "properties": {"repobilityId": 138907, "scanner": "osv-scanner", "fingerprint": "8cb40fab2b2ac6e46b97294cfab6e8b1828f8b10c88f1fceb3115e16e456dbb1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2950"], "package": "lodash", "rule_id": "GHSA-f23m-r3pf-42rh", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-2950|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mh29-5h37-fv8m", "level": "warning", "message": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "properties": {"repobilityId": 138904, "scanner": "osv-scanner", "fingerprint": "4b017014f4632ae4830337c5cc1fa561cd75341aa1fd58813223baaba9ad1247", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64718"], "package": "js-yaml", "rule_id": "GHSA-mh29-5h37-fv8m", "scanner": "osv-scanner", "correlation_key": "vuln|js-yaml|CVE-2025-64718|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v2v4-37r5-5v8g", "level": "warning", "message": {"text": "ip-address: GHSA-v2v4-37r5-5v8g"}, "properties": {"repobilityId": 138903, "scanner": "osv-scanner", "fingerprint": "b785c55e792333c3e3bb82dd2c15c3879c5ae4c12dfbaddccb52bf470770397c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42338"], "package": "ip-address", "rule_id": "GHSA-v2v4-37r5-5v8g", "scanner": "osv-scanner", "correlation_key": "vuln|ip-address|CVE-2026-42338|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r4q5-vmmm-2653", "level": "warning", "message": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "properties": {"repobilityId": 138899, "scanner": "osv-scanner", "fingerprint": "152ab59bb96f0d22e05e81c7e80e4daed7268683a7c4253550ee67a855b4bed4", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "follow-redirects", "rule_id": "GHSA-r4q5-vmmm-2653", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|GHSA-R4Q5-VMMM-2653|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5v7r-6r5c-r473", "level": "warning", "message": {"text": "file-type: GHSA-5v7r-6r5c-r473"}, "properties": {"repobilityId": 138896, "scanner": "osv-scanner", "fingerprint": "12135b90f8ce6b7eb2bdec62a1d8d596164625921325c9562361f040b96f1c2a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-31808"], "package": "file-type", "rule_id": "GHSA-5v7r-6r5c-r473", "scanner": "osv-scanner", "correlation_key": "vuln|file-type|CVE-2026-31808|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jp2q-39xq-3w4g", "level": "warning", "message": {"text": "fast-xml-parser: GHSA-jp2q-39xq-3w4g"}, "properties": {"repobilityId": 138894, "scanner": "osv-scanner", "fingerprint": "789d5faa9b7ecb3c94ae8c8d024897728a4bb0f1e02b0572f313cb631d5ad973", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33349"], "package": "fast-xml-parser", "rule_id": "GHSA-jp2q-39xq-3w4g", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-33349|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gh4j-gqv2-49f6", "level": "warning", "message": {"text": "fast-xml-parser: GHSA-gh4j-gqv2-49f6"}, "properties": {"repobilityId": 138893, "scanner": "osv-scanner", "fingerprint": "5300a236855fb1435ee7ed87463c79594f84410c7df95bfb45856e1aa18f7ffc", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41650"], "package": "fast-xml-parser", "rule_id": "GHSA-gh4j-gqv2-49f6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-41650|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67mh-4wv8-2f99", "level": "warning", "message": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "properties": {"repobilityId": 138890, "scanner": "osv-scanner", "fingerprint": "8e9eafa59935f135f9d8434f1da72beb085ea6d4792bf99a640dd0e9db197e1e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "esbuild", "rule_id": "GHSA-67mh-4wv8-2f99", "scanner": "osv-scanner", "correlation_key": "vuln|esbuild|GHSA-67MH-4WV8-2F99|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5mx-6wc6-7h9w", "level": "warning", "message": {"text": "dottie: GHSA-r5mx-6wc6-7h9w"}, "properties": {"repobilityId": 138889, "scanner": "osv-scanner", "fingerprint": "240ad2f8b87bd248e69670b5ff18bbd71a5ac75c9159d1c8004ae017bc50caf5", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27837"], "package": "dottie", "rule_id": "GHSA-r5mx-6wc6-7h9w", "scanner": "osv-scanner", "correlation_key": "vuln|dottie|CVE-2026-27837|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 138882, "scanner": "osv-scanner", "fingerprint": "0294d744c5d66e16c349e45e22b1043a9596273cc5624189b5985ab2cd16e287", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-378v-28hj-76wf", "level": "warning", "message": {"text": "bn.js: GHSA-378v-28hj-76wf"}, "properties": {"repobilityId": 138881, "scanner": "osv-scanner", "fingerprint": "4422a1d44a499158d109707b48f53488682241ebcea6196b5a7d55a161441678", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2739"], "package": "bn.js", "rule_id": "GHSA-378v-28hj-76wf", "scanner": "osv-scanner", "correlation_key": "vuln|bn.js|CVE-2026-2739|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xx6v-rp6x-q39c", "level": "warning", "message": {"text": "axios: GHSA-xx6v-rp6x-q39c"}, "properties": {"repobilityId": 138874, "scanner": "osv-scanner", "fingerprint": "7d464f52c4e497d1441bdc43f8730e04401f205588fefa1b8dec64a21854e7d7", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42042"], "package": "axios", "rule_id": "GHSA-xx6v-rp6x-q39c", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42042|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w9j2-pvgh-6h63", "level": "warning", "message": {"text": "axios: GHSA-w9j2-pvgh-6h63"}, "properties": {"repobilityId": 138872, "scanner": "osv-scanner", "fingerprint": "83fd6077b55849670ffb0d7d9ef192951ae57bfc1a258a13b12bb59caf6533a4", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42041"], "package": "axios", "rule_id": "GHSA-w9j2-pvgh-6h63", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42041|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vf2m-468p-8v99", "level": "warning", "message": {"text": "axios: GHSA-vf2m-468p-8v99"}, "properties": {"repobilityId": 138871, "scanner": "osv-scanner", "fingerprint": "173d0afdf930e999a7a4a9a6552085dec689daa89434cabd468786332187967c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42036"], "package": "axios", "rule_id": "GHSA-vf2m-468p-8v99", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42036|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m7pr-hjqh-92cm", "level": "warning", "message": {"text": "axios: GHSA-m7pr-hjqh-92cm"}, "properties": {"repobilityId": 138867, "scanner": "osv-scanner", "fingerprint": "8083617fa9a3653244bb0ca8b78921bc82ee5500f36b392f5772fae744bb7aba", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42038"], "package": "axios", "rule_id": "GHSA-m7pr-hjqh-92cm", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42038|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fvcv-3m26-pcqx", "level": "warning", "message": {"text": "axios: GHSA-fvcv-3m26-pcqx"}, "properties": {"repobilityId": 138863, "scanner": "osv-scanner", "fingerprint": "bd1023946bff58dbc0431947fd12a451332802a9c359e2b1eeb3b2860b7bf1dd", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-40175"], "package": "axios", "rule_id": "GHSA-fvcv-3m26-pcqx", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-40175|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-898c-q2cr-xwhg", "level": "warning", "message": {"text": "axios: GHSA-898c-q2cr-xwhg"}, "properties": {"repobilityId": 138861, "scanner": "osv-scanner", "fingerprint": "d4c22e9519d7e5287a8dffe32c241cbeaf398f0286390f9a298c6fbb946e17d1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44490"], "package": "axios", "rule_id": "GHSA-898c-q2cr-xwhg", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44490|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-62hf-57xw-28j9", "level": "warning", "message": {"text": "axios: GHSA-62hf-57xw-28j9"}, "properties": {"repobilityId": 138858, "scanner": "osv-scanner", "fingerprint": "eb56bd88b88b8c53b083e0c872191159895be98481d845c89d268903a6b25951", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42039"], "package": "axios", "rule_id": "GHSA-62hf-57xw-28j9", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42039|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c9x-8gcm-mpgx", "level": "warning", "message": {"text": "axios: GHSA-5c9x-8gcm-mpgx"}, "properties": {"repobilityId": 138857, "scanner": "osv-scanner", "fingerprint": "b2bcb03ce23a81fee75be80815f303e10e19635e572abe64398a07e60e94bf6e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42034"], "package": "axios", "rule_id": "GHSA-5c9x-8gcm-mpgx", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42034|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-445q-vr5w-6q77", "level": "warning", "message": {"text": "axios: GHSA-445q-vr5w-6q77"}, "properties": {"repobilityId": 138855, "scanner": "osv-scanner", "fingerprint": "b19eb6d1a0f277ec67a336e452f253c1c24a6e31857b59eb346c901276961d14", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42037"], "package": "axios", "rule_id": "GHSA-445q-vr5w-6q77", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42037|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3w6x-2g7m-8v23", "level": "warning", "message": {"text": "axios: GHSA-3w6x-2g7m-8v23"}, "properties": {"repobilityId": 138853, "scanner": "osv-scanner", "fingerprint": "d531af14becbb7f4f51c8302e448c896d21bb207b03978e9e052087a62ceeae1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42044"], "package": "axios", "rule_id": "GHSA-3w6x-2g7m-8v23", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42044|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 138848, "scanner": "osv-scanner", "fingerprint": "7a1050589b0dd8d91a69ac65d4c4f1556b8e6492e32baff84f4b4cfd1f871666", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vhjm-w67q-g75c", "level": "warning", "message": {"text": "@hapi/wreck: GHSA-vhjm-w67q-g75c"}, "properties": {"repobilityId": 138846, "scanner": "osv-scanner", "fingerprint": "b7c68ff8fd147f3244839c864a1c03b45cd1d918ebe7644bdd5dbd49ab144565", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44979"], "package": "@hapi/wreck", "rule_id": "GHSA-vhjm-w67q-g75c", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/wreck|CVE-2026-44979|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/runtime: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 138843, "scanner": "osv-scanner", "fingerprint": "9c0dc3bfd1f8ad6c9e15bb902c982a6bfb76c0f54430e956b0fb43979b28f93d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/runtime", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/runtime|CVE-2025-27789|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/helpers: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 138841, "scanner": "osv-scanner", "fingerprint": "e00906adacfcd916bd9da945e064ecd4380a4d1100af4efc187cc6c523d600d6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/helpers", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/helpers|CVE-2025-27789|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 138840, "scanner": "osv-scanner", "fingerprint": "3b7585e468c95257aa5631337abe989f2620831d6ec7c2f787d55b1b40fcf888", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 138836, "scanner": "osv-scanner", "fingerprint": "02081c5fecf23342d99513d8186b19eec3f80bf3d0f0668f678b6b52fa89602a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-g9mf-h72j-4rw9", "level": "warning", "message": {"text": "undici: GHSA-g9mf-h72j-4rw9"}, "properties": {"repobilityId": 138833, "scanner": "osv-scanner", "fingerprint": "fd47159b7365d52a46d861f7beb2e04ea15ec0d93bfc8e718f44ad3c31f34c8e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-22036"], "package": "undici", "rule_id": "GHSA-g9mf-h72j-4rw9", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-22036|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4992-7rv2-5pvq", "level": "warning", "message": {"text": "undici: GHSA-4992-7rv2-5pvq"}, "properties": {"repobilityId": 138831, "scanner": "osv-scanner", "fingerprint": "278467bffa5c04bf1b43debe614d90bdb33585ac4e6df25c7951fe17eb5b75c1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1527"], "package": "undici", "rule_id": "GHSA-4992-7rv2-5pvq", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1527|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2mjp-6q6p-2qxm", "level": "warning", "message": {"text": "undici: GHSA-2mjp-6q6p-2qxm"}, "properties": {"repobilityId": 138830, "scanner": "osv-scanner", "fingerprint": "3d00b5f27eb98bd9edadafde99779bad575fd01662f04702069b73563213fa28", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1525"], "package": "undici", "rule_id": "GHSA-2mjp-6q6p-2qxm", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1525|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8mj-m7cp-5q26", "level": "warning", "message": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "properties": {"repobilityId": 138811, "scanner": "osv-scanner", "fingerprint": "316ad46b796b002604d981fc0f3dbdf88ae618feda231347fe2fb059f590aa78", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-8723"], "package": "qs", "rule_id": "GHSA-q8mj-m7cp-5q26", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-8723|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6rw7-vpxm-498p", "level": "warning", "message": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "properties": {"repobilityId": 138810, "scanner": "osv-scanner", "fingerprint": "ce020db9fcbc5bb2c877a897bb8c02b3b0cadc3dce1cda5d5e177ec3f2f6ae2f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-15284"], "package": "qs", "rule_id": "GHSA-6rw7-vpxm-498p", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2025-15284|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q6x5-8v7m-xcrf", "level": "warning", "message": {"text": "protobufjs: GHSA-q6x5-8v7m-xcrf"}, "properties": {"repobilityId": 138808, "scanner": "osv-scanner", "fingerprint": "fc0e95a3d862aa1adfe20922af7ca981200e7b93a5baaede658c99efba491590", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44288"], "package": "protobufjs", "rule_id": "GHSA-q6x5-8v7m-xcrf", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44288|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jggg-4jg4-v7c6", "level": "warning", "message": {"text": "protobufjs: GHSA-jggg-4jg4-v7c6"}, "properties": {"repobilityId": 138806, "scanner": "osv-scanner", "fingerprint": "5a62a725fd3305bd0b95935657ea30ff87a7d3f400f37d21db95895f669774b6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45740"], "package": "protobufjs", "rule_id": "GHSA-jggg-4jg4-v7c6", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-45740|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fx83-v9x8-x52w", "level": "warning", "message": {"text": "protobufjs: GHSA-fx83-v9x8-x52w"}, "properties": {"repobilityId": 138805, "scanner": "osv-scanner", "fingerprint": "d9c958804402b379f1069377b18257194c635d6588e374f47f42373f51f96a81", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44292"], "package": "protobufjs", "rule_id": "GHSA-fx83-v9x8-x52w", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44292|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2pr8-phx7-x9h3", "level": "warning", "message": {"text": "protobufjs: GHSA-2pr8-phx7-x9h3"}, "properties": {"repobilityId": 138801, "scanner": "osv-scanner", "fingerprint": "6ab76cb7534a8cb41d5b43ab2c6aa74deabba06ed8ae0106a407a85deae16c3a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44294"], "package": "protobufjs", "rule_id": "GHSA-2pr8-phx7-x9h3", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44294|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 138799, "scanner": "osv-scanner", "fingerprint": "af0e6fd0920b76c3f2c540508d90195d723cc6e676c786299ab4fae4d999527e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6fx8-h7jm-663j", "level": "warning", "message": {"text": "parseuri: GHSA-6fx8-h7jm-663j"}, "properties": {"repobilityId": 138798, "scanner": "osv-scanner", "fingerprint": "b1720469a7b4708a642ac8c0760ef8d0e029b38edb12c0f0644aa1b813b3a594", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-36751"], "package": "parseuri", "rule_id": "GHSA-6fx8-h7jm-663j", "scanner": "osv-scanner", "correlation_key": "vuln|parseuri|CVE-2024-36751|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xxjr-mmjv-4gpg", "level": "warning", "message": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "properties": {"repobilityId": 138794, "scanner": "osv-scanner", "fingerprint": "b5636eb1ae2b0b82e93da987a656c2a5c344d9c37003baad504fd9965f8ed3ea", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-13465"], "package": "lodash", "rule_id": "GHSA-xxjr-mmjv-4gpg", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2025-13465|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f23m-r3pf-42rh", "level": "warning", "message": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "properties": {"repobilityId": 138792, "scanner": "osv-scanner", "fingerprint": "a4b1751ec97cd395dd2b806c1da087b90091bb59479f72fea91250d4519f831f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2950"], "package": "lodash", "rule_id": "GHSA-f23m-r3pf-42rh", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-2950|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qwph-4952-7xr6", "level": "warning", "message": {"text": "jsonwebtoken: GHSA-qwph-4952-7xr6"}, "properties": {"repobilityId": 138790, "scanner": "osv-scanner", "fingerprint": "af58a0817035cf7f745118b3867d34dccb98cce708d00cb63d0001c6355de7ae", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-23540"], "package": "jsonwebtoken", "rule_id": "GHSA-qwph-4952-7xr6", "scanner": "osv-scanner", "correlation_key": "vuln|jsonwebtoken|CVE-2022-23540|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hjrf-2m68-5959", "level": "warning", "message": {"text": "jsonwebtoken: GHSA-hjrf-2m68-5959"}, "properties": {"repobilityId": 138789, "scanner": "osv-scanner", "fingerprint": "a8909806ece6f9a2275934f91b1cb9f04a4f5f01f1b111f2cb0faa664c6601b0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-23541"], "package": "jsonwebtoken", "rule_id": "GHSA-hjrf-2m68-5959", "scanner": "osv-scanner", "correlation_key": "vuln|jsonwebtoken|CVE-2022-23541|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mh29-5h37-fv8m", "level": "warning", "message": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "properties": {"repobilityId": 138785, "scanner": "osv-scanner", "fingerprint": "d88be898324ea83d450ca2e5bbef7631b12f24d6ba4264b8fcdf36e8b5ae3b88", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64718"], "package": "js-yaml", "rule_id": "GHSA-mh29-5h37-fv8m", "scanner": "osv-scanner", "correlation_key": "vuln|js-yaml|CVE-2025-64718|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7rx3-28cr-v5wh", "level": "warning", "message": {"text": "handlebars: GHSA-7rx3-28cr-v5wh"}, "properties": {"repobilityId": 138781, "scanner": "osv-scanner", "fingerprint": "533a56282632df8ed337541ce79666d626dfd61914c45bc5e46f30b74316a21c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "handlebars", "rule_id": "GHSA-7rx3-28cr-v5wh", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|GHSA-7RX3-28CR-V5WH|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2qvq-rjwj-gvw9", "level": "warning", "message": {"text": "handlebars: GHSA-2qvq-rjwj-gvw9"}, "properties": {"repobilityId": 138777, "scanner": "osv-scanner", "fingerprint": "fae6bd9b71734fce9c2eb54b581d0ba1a877fc3245c9c711d96f0aaf6145f3c2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33916"], "package": "handlebars", "rule_id": "GHSA-2qvq-rjwj-gvw9", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33916|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pfrx-2q88-qq97", "level": "warning", "message": {"text": "got: GHSA-pfrx-2q88-qq97"}, "properties": {"repobilityId": 138776, "scanner": "osv-scanner", "fingerprint": "1568f20d664cd947d9ab5e7b6b23ba700679fc9b0573f05cda2af30d74e94592", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-33987"], "package": "got", "rule_id": "GHSA-pfrx-2q88-qq97", "scanner": "osv-scanner", "correlation_key": "vuln|got|CVE-2022-33987|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r4q5-vmmm-2653", "level": "warning", "message": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "properties": {"repobilityId": 138774, "scanner": "osv-scanner", "fingerprint": "206fab67b9d013f3da82a2eba29747776851f11ee707d6d3f2e7759558b0edd2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "follow-redirects", "rule_id": "GHSA-r4q5-vmmm-2653", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|GHSA-R4Q5-VMMM-2653|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5v7r-6r5c-r473", "level": "warning", "message": {"text": "file-type: GHSA-5v7r-6r5c-r473"}, "properties": {"repobilityId": 138773, "scanner": "osv-scanner", "fingerprint": "fb566aaa06a6b826850fd6d3c203b917279b939c43d109fcf4aa37df75c9e3ea", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-31808"], "package": "file-type", "rule_id": "GHSA-5v7r-6r5c-r473", "scanner": "osv-scanner", "correlation_key": "vuln|file-type|CVE-2026-31808|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jp2q-39xq-3w4g", "level": "warning", "message": {"text": "fast-xml-parser: GHSA-jp2q-39xq-3w4g"}, "properties": {"repobilityId": 138771, "scanner": "osv-scanner", "fingerprint": "96c961a9b2caa4efd15ea1717a4cfa53f7d412cc004a1f54c4d5059681dc61d2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33349"], "package": "fast-xml-parser", "rule_id": "GHSA-jp2q-39xq-3w4g", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-33349|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gh4j-gqv2-49f6", "level": "warning", "message": {"text": "fast-xml-parser: GHSA-gh4j-gqv2-49f6"}, "properties": {"repobilityId": 138770, "scanner": "osv-scanner", "fingerprint": "df8021bc6666ea2ed8e49905fe4ac429b720ed80caee6506bcdf276e8b7e22dc", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41650"], "package": "fast-xml-parser", "rule_id": "GHSA-gh4j-gqv2-49f6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-41650|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67mh-4wv8-2f99", "level": "warning", "message": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "properties": {"repobilityId": 138766, "scanner": "osv-scanner", "fingerprint": "506bff81939b888221ee568618b7c55561bffa853e94339c778bb960afa0bed3", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "esbuild", "rule_id": "GHSA-67mh-4wv8-2f99", "scanner": "osv-scanner", "correlation_key": "vuln|esbuild|GHSA-67MH-4WV8-2F99|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 138762, "scanner": "osv-scanner", "fingerprint": "8a28b919e5eeb56a60b70dd02c261ad3fbf93585e1df9edc9725d7f407702963", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-378v-28hj-76wf", "level": "warning", "message": {"text": "bn.js: GHSA-378v-28hj-76wf"}, "properties": {"repobilityId": 138761, "scanner": "osv-scanner", "fingerprint": "4440bfc0cadb2c445d2498bf7ba135068531bdce63a10c7b654905a88c15b6ef", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2739"], "package": "bn.js", "rule_id": "GHSA-378v-28hj-76wf", "scanner": "osv-scanner", "correlation_key": "vuln|bn.js|CVE-2026-2739|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xx6v-rp6x-q39c", "level": "warning", "message": {"text": "axios: GHSA-xx6v-rp6x-q39c"}, "properties": {"repobilityId": 138760, "scanner": "osv-scanner", "fingerprint": "c92d8bbaf7704fb7843241c3118a17b2b89e56adc8e27310f7509ce3c29f3c7c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42042"], "package": "axios", "rule_id": "GHSA-xx6v-rp6x-q39c", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42042|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w9j2-pvgh-6h63", "level": "warning", "message": {"text": "axios: GHSA-w9j2-pvgh-6h63"}, "properties": {"repobilityId": 138758, "scanner": "osv-scanner", "fingerprint": "71b254f2f0b3ce89b01059ad731bf86b2da723171f9dc7ae8a38ae44604968a9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42041"], "package": "axios", "rule_id": "GHSA-w9j2-pvgh-6h63", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42041|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vf2m-468p-8v99", "level": "warning", "message": {"text": "axios: GHSA-vf2m-468p-8v99"}, "properties": {"repobilityId": 138757, "scanner": "osv-scanner", "fingerprint": "423a81d2ea14361a560b3d71c0598b0390af1fcc219e80ad3f472ee18b4aa10a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42036"], "package": "axios", "rule_id": "GHSA-vf2m-468p-8v99", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42036|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m7pr-hjqh-92cm", "level": "warning", "message": {"text": "axios: GHSA-m7pr-hjqh-92cm"}, "properties": {"repobilityId": 138753, "scanner": "osv-scanner", "fingerprint": "30ff53590f777a12cd9ff14fee179d0ad0b300881c46c1ec1c62e5ec42b82692", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42038"], "package": "axios", "rule_id": "GHSA-m7pr-hjqh-92cm", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42038|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fvcv-3m26-pcqx", "level": "warning", "message": {"text": "axios: GHSA-fvcv-3m26-pcqx"}, "properties": {"repobilityId": 138750, "scanner": "osv-scanner", "fingerprint": "168aa30f672dcdd84daffcce47de50ec8bd1d8b59d64b2936267391bf4d4593d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-40175"], "package": "axios", "rule_id": "GHSA-fvcv-3m26-pcqx", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-40175|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-898c-q2cr-xwhg", "level": "warning", "message": {"text": "axios: GHSA-898c-q2cr-xwhg"}, "properties": {"repobilityId": 138749, "scanner": "osv-scanner", "fingerprint": "7401dcede3a872ef06e6bead77ff08598d354d368106d0e047a6c3bf0104eafc", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44490"], "package": "axios", "rule_id": "GHSA-898c-q2cr-xwhg", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44490|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-62hf-57xw-28j9", "level": "warning", "message": {"text": "axios: GHSA-62hf-57xw-28j9"}, "properties": {"repobilityId": 138746, "scanner": "osv-scanner", "fingerprint": "f15c2009f837b194aa2606255b113ff32c456fde23d8ce2b9b74b355710b8a58", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42039"], "package": "axios", "rule_id": "GHSA-62hf-57xw-28j9", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42039|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c9x-8gcm-mpgx", "level": "warning", "message": {"text": "axios: GHSA-5c9x-8gcm-mpgx"}, "properties": {"repobilityId": 138745, "scanner": "osv-scanner", "fingerprint": "579291e8f7a968231ab766c3d34479ddc906a58713fe5f12b1e58a84b647985d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42034"], "package": "axios", "rule_id": "GHSA-5c9x-8gcm-mpgx", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42034|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-445q-vr5w-6q77", "level": "warning", "message": {"text": "axios: GHSA-445q-vr5w-6q77"}, "properties": {"repobilityId": 138744, "scanner": "osv-scanner", "fingerprint": "0714efaf7eb78f6e4ff8860ad001565fa54de48e996a59f1781ca361a84d3f4a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42037"], "package": "axios", "rule_id": "GHSA-445q-vr5w-6q77", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42037|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3w6x-2g7m-8v23", "level": "warning", "message": {"text": "axios: GHSA-3w6x-2g7m-8v23"}, "properties": {"repobilityId": 138742, "scanner": "osv-scanner", "fingerprint": "43502d5ac56bc64032e5eb856894b56d3e9a3a87f47f8c1ff6617c281f01fcaa", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42044"], "package": "axios", "rule_id": "GHSA-3w6x-2g7m-8v23", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42044|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 138737, "scanner": "osv-scanner", "fingerprint": "e7beac3500467c3fe1eba46818987b60ada21d20b7fdd46748eae09dbee352c3", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q6x5-8v7m-xcrf", "level": "warning", "message": {"text": "@protobufjs/utf8: GHSA-q6x5-8v7m-xcrf"}, "properties": {"repobilityId": 138735, "scanner": "osv-scanner", "fingerprint": "bb613deef11355fbf0e1b683d40ca3945c858ae687ff195d703c593878336d57", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44288"], "package": "@protobufjs/utf8", "rule_id": "GHSA-q6x5-8v7m-xcrf", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs/utf8|CVE-2026-44288|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vhjm-w67q-g75c", "level": "warning", "message": {"text": "@hapi/wreck: GHSA-vhjm-w67q-g75c"}, "properties": {"repobilityId": 138734, "scanner": "osv-scanner", "fingerprint": "4570a704a115770655f7be04e4f3ddc75064b7804968bab98305adb9a4c13743", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44979"], "package": "@hapi/wreck", "rule_id": "GHSA-vhjm-w67q-g75c", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/wreck|CVE-2026-44979|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 138728, "scanner": "osv-scanner", "fingerprint": "3b67dcf73f1d36d09baca75ce9ee5539bb8e91ee830dd448505ac78ccc1a098e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 138724, "scanner": "osv-scanner", "fingerprint": "c1d00efdb7c5efbf67ae0f98534bfa77b6b60d7a45bdf26febd379144b0e7d2b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-g9mf-h72j-4rw9", "level": "warning", "message": {"text": "undici: GHSA-g9mf-h72j-4rw9"}, "properties": {"repobilityId": 138721, "scanner": "osv-scanner", "fingerprint": "2be32cb81b8df287b0ff2d0883d81332c463c1978252a0c929148e08ef9eaa41", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-22036"], "package": "undici", "rule_id": "GHSA-g9mf-h72j-4rw9", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-22036|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4992-7rv2-5pvq", "level": "warning", "message": {"text": "undici: GHSA-4992-7rv2-5pvq"}, "properties": {"repobilityId": 138718, "scanner": "osv-scanner", "fingerprint": "4845f7e9dab9e90194c2d6590b4352b535cbc38e710b67dd95a8f5bac1405235", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1527"], "package": "undici", "rule_id": "GHSA-4992-7rv2-5pvq", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1527|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2mjp-6q6p-2qxm", "level": "warning", "message": {"text": "undici: GHSA-2mjp-6q6p-2qxm"}, "properties": {"repobilityId": 138717, "scanner": "osv-scanner", "fingerprint": "7826b950fe7fc84b880096396c7c1f08cebc5a2f6c50020502b44a444bc48d52", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1525"], "package": "undici", "rule_id": "GHSA-2mjp-6q6p-2qxm", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1525|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qj8w-gfj5-8c6v", "level": "warning", "message": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "properties": {"repobilityId": 138696, "scanner": "osv-scanner", "fingerprint": "fbf1690435f82a4a35447a796f05807c704d7932201331c84888030ee55c2742", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34043"], "package": "serialize-javascript", "rule_id": "GHSA-qj8w-gfj5-8c6v", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2026-34043|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8mj-m7cp-5q26", "level": "warning", "message": {"text": "qs: GHSA-q8mj-m7cp-5q26"}, "properties": {"repobilityId": 138693, "scanner": "osv-scanner", "fingerprint": "801948d43d350277bbfc6f19ebed8ab222fb9748c64c2586bd9a0e4fa926cf52", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-8723"], "package": "qs", "rule_id": "GHSA-q8mj-m7cp-5q26", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-8723|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6rw7-vpxm-498p", "level": "warning", "message": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "properties": {"repobilityId": 138692, "scanner": "osv-scanner", "fingerprint": "37299f2fcbb70914a776140719e38d4ad098813300fad5090c1c3bcdf98b53d0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-15284"], "package": "qs", "rule_id": "GHSA-6rw7-vpxm-498p", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2025-15284|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q6x5-8v7m-xcrf", "level": "warning", "message": {"text": "protobufjs: GHSA-q6x5-8v7m-xcrf"}, "properties": {"repobilityId": 138690, "scanner": "osv-scanner", "fingerprint": "6d35f5177701b45bd4f8201a55cfbed86654e8f81088ee6d1bbebd6d41500b30", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44288"], "package": "protobufjs", "rule_id": "GHSA-q6x5-8v7m-xcrf", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44288|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jggg-4jg4-v7c6", "level": "warning", "message": {"text": "protobufjs: GHSA-jggg-4jg4-v7c6"}, "properties": {"repobilityId": 138688, "scanner": "osv-scanner", "fingerprint": "c91274a31697ecd8c5ef25d807726ee46a863a390601e6ebeac98affc733bdc6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45740"], "package": "protobufjs", "rule_id": "GHSA-jggg-4jg4-v7c6", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-45740|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fx83-v9x8-x52w", "level": "warning", "message": {"text": "protobufjs: GHSA-fx83-v9x8-x52w"}, "properties": {"repobilityId": 138687, "scanner": "osv-scanner", "fingerprint": "525f3c5b5228a3dbbbbee4a58023783fe1fcba8b6ca7a63065ec91b4d3fc93cd", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44292"], "package": "protobufjs", "rule_id": "GHSA-fx83-v9x8-x52w", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44292|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2pr8-phx7-x9h3", "level": "warning", "message": {"text": "protobufjs: GHSA-2pr8-phx7-x9h3"}, "properties": {"repobilityId": 138683, "scanner": "osv-scanner", "fingerprint": "ca2c4bd04f3f815b6a38b8bd3cb1ef162f9161de8ddcb5473bb5ddf502ebfb91", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44294"], "package": "protobufjs", "rule_id": "GHSA-2pr8-phx7-x9h3", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44294|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 138681, "scanner": "osv-scanner", "fingerprint": "18a9e703e7dffe80c26dd5e895adb3768ea183ead5a64c56b64ac550cee39cbd", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6fx8-h7jm-663j", "level": "warning", "message": {"text": "parseuri: GHSA-6fx8-h7jm-663j"}, "properties": {"repobilityId": 138680, "scanner": "osv-scanner", "fingerprint": "eafb3292a3a6c84d2f444729f9edf189b226c60b8f006ca553d7942310aeeb14", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-36751"], "package": "parseuri", "rule_id": "GHSA-6fx8-h7jm-663j", "scanner": "osv-scanner", "correlation_key": "vuln|parseuri|CVE-2024-36751|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xxjr-mmjv-4gpg", "level": "warning", "message": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "properties": {"repobilityId": 138676, "scanner": "osv-scanner", "fingerprint": "614ca743249616211d35586aff7558d698e9afde91095043aab1f44d0aeb2818", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-13465"], "package": "lodash", "rule_id": "GHSA-xxjr-mmjv-4gpg", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2025-13465|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f23m-r3pf-42rh", "level": "warning", "message": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "properties": {"repobilityId": 138674, "scanner": "osv-scanner", "fingerprint": "32c3384c88f6a1ec5e7cb61e0b63b78d886eee703ef22806b3982c6530dc3ab1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2950"], "package": "lodash", "rule_id": "GHSA-f23m-r3pf-42rh", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-2950|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qwph-4952-7xr6", "level": "warning", "message": {"text": "jsonwebtoken: GHSA-qwph-4952-7xr6"}, "properties": {"repobilityId": 138672, "scanner": "osv-scanner", "fingerprint": "471bb4708134984d1791c9bd43f13f98bf6794bd3a539ac273ad6dd2d13ddc4a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-23540"], "package": "jsonwebtoken", "rule_id": "GHSA-qwph-4952-7xr6", "scanner": "osv-scanner", "correlation_key": "vuln|jsonwebtoken|CVE-2022-23540|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hjrf-2m68-5959", "level": "warning", "message": {"text": "jsonwebtoken: GHSA-hjrf-2m68-5959"}, "properties": {"repobilityId": 138671, "scanner": "osv-scanner", "fingerprint": "973c8dd01d0fd7647bc0d8ee4cee26bcaceed0d2c41062372b8ed68970cf7106", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-23541"], "package": "jsonwebtoken", "rule_id": "GHSA-hjrf-2m68-5959", "scanner": "osv-scanner", "correlation_key": "vuln|jsonwebtoken|CVE-2022-23541|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mh29-5h37-fv8m", "level": "warning", "message": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "properties": {"repobilityId": 138667, "scanner": "osv-scanner", "fingerprint": "9a0bbe5f7601b2c50c6f0128233bb785a4528eaaa90146ae68cfb444ba65608d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64718"], "package": "js-yaml", "rule_id": "GHSA-mh29-5h37-fv8m", "scanner": "osv-scanner", "correlation_key": "vuln|js-yaml|CVE-2025-64718|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pfrx-2q88-qq97", "level": "warning", "message": {"text": "got: GHSA-pfrx-2q88-qq97"}, "properties": {"repobilityId": 138666, "scanner": "osv-scanner", "fingerprint": "460f597502bc6d9e47c15d8a5690ba5e2419b21c29ced5d2ac882acb0812d534", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-33987"], "package": "got", "rule_id": "GHSA-pfrx-2q88-qq97", "scanner": "osv-scanner", "correlation_key": "vuln|got|CVE-2022-33987|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r4q5-vmmm-2653", "level": "warning", "message": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "properties": {"repobilityId": 138662, "scanner": "osv-scanner", "fingerprint": "c0ae05756a3aadd27831daa8c8ae9195b6b60fee36a9269d7bf0ef505f88171c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "follow-redirects", "rule_id": "GHSA-r4q5-vmmm-2653", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|GHSA-R4Q5-VMMM-2653|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5v7r-6r5c-r473", "level": "warning", "message": {"text": "file-type: GHSA-5v7r-6r5c-r473"}, "properties": {"repobilityId": 138661, "scanner": "osv-scanner", "fingerprint": "bc4646f118ebbc17d3c4499f001d8e7d09fb601d4c6862ee3f4e44ffc851feca", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-31808"], "package": "file-type", "rule_id": "GHSA-5v7r-6r5c-r473", "scanner": "osv-scanner", "correlation_key": "vuln|file-type|CVE-2026-31808|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jp2q-39xq-3w4g", "level": "warning", "message": {"text": "fast-xml-parser: GHSA-jp2q-39xq-3w4g"}, "properties": {"repobilityId": 138659, "scanner": "osv-scanner", "fingerprint": "18e4d0182453c48b4b565fef2bddb1d43e8966045c88f47a3d01623ffd80ad89", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33349"], "package": "fast-xml-parser", "rule_id": "GHSA-jp2q-39xq-3w4g", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-33349|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gh4j-gqv2-49f6", "level": "warning", "message": {"text": "fast-xml-parser: GHSA-gh4j-gqv2-49f6"}, "properties": {"repobilityId": 138658, "scanner": "osv-scanner", "fingerprint": "41ebdbbd6a93cc4dcc2fdf62ba97dec44797d2d3b21fe0a40a0e34615e5feed7", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41650"], "package": "fast-xml-parser", "rule_id": "GHSA-gh4j-gqv2-49f6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-41650|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67mh-4wv8-2f99", "level": "warning", "message": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "properties": {"repobilityId": 138655, "scanner": "osv-scanner", "fingerprint": "bce9def800b4bf5b03299bc1aa381a1be91a891a710a76a30589ca3c907a0dcc", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "esbuild", "rule_id": "GHSA-67mh-4wv8-2f99", "scanner": "osv-scanner", "correlation_key": "vuln|esbuild|GHSA-67MH-4WV8-2F99|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 138651, "scanner": "osv-scanner", "fingerprint": "3f0697523a0f315710e75b113e1c62bdae2b6855607caa5d0557106c12989e46", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-378v-28hj-76wf", "level": "warning", "message": {"text": "bn.js: GHSA-378v-28hj-76wf"}, "properties": {"repobilityId": 138650, "scanner": "osv-scanner", "fingerprint": "2b5d1099c3d0d199f8957934e80ff986ed9d6cb411e1b648ca5f517ad439e918", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2739"], "package": "bn.js", "rule_id": "GHSA-378v-28hj-76wf", "scanner": "osv-scanner", "correlation_key": "vuln|bn.js|CVE-2026-2739|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xx6v-rp6x-q39c", "level": "warning", "message": {"text": "axios: GHSA-xx6v-rp6x-q39c"}, "properties": {"repobilityId": 138647, "scanner": "osv-scanner", "fingerprint": "5575bdbd9060216b19d327076ee44823611458b3d2eaf31b3c2c91556b3d4e43", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42042"], "package": "axios", "rule_id": "GHSA-xx6v-rp6x-q39c", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42042|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w9j2-pvgh-6h63", "level": "warning", "message": {"text": "axios: GHSA-w9j2-pvgh-6h63"}, "properties": {"repobilityId": 138645, "scanner": "osv-scanner", "fingerprint": "9d21fe69ab95ed17d1624031bc3f1b85a9f2983c3539a8d2ba9547285d90c9ee", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42041"], "package": "axios", "rule_id": "GHSA-w9j2-pvgh-6h63", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42041|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vf2m-468p-8v99", "level": "warning", "message": {"text": "axios: GHSA-vf2m-468p-8v99"}, "properties": {"repobilityId": 138644, "scanner": "osv-scanner", "fingerprint": "8c32298d26c51e5f4f6f6c0e990afb8a13530f5aaa31f2aa9ad2ccd0786cc3d6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42036"], "package": "axios", "rule_id": "GHSA-vf2m-468p-8v99", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42036|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m7pr-hjqh-92cm", "level": "warning", "message": {"text": "axios: GHSA-m7pr-hjqh-92cm"}, "properties": {"repobilityId": 138640, "scanner": "osv-scanner", "fingerprint": "95a915b4b150badf78f7c787668e9eaaeb092984df6b34667e65a6da6a8803e7", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42038"], "package": "axios", "rule_id": "GHSA-m7pr-hjqh-92cm", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42038|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fvcv-3m26-pcqx", "level": "warning", "message": {"text": "axios: GHSA-fvcv-3m26-pcqx"}, "properties": {"repobilityId": 138636, "scanner": "osv-scanner", "fingerprint": "d8eebaaf066a7bb2b09ca372afca6d2bf4f27e9566db4790cf3558670dca5ef6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-40175"], "package": "axios", "rule_id": "GHSA-fvcv-3m26-pcqx", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-40175|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-898c-q2cr-xwhg", "level": "warning", "message": {"text": "axios: GHSA-898c-q2cr-xwhg"}, "properties": {"repobilityId": 138635, "scanner": "osv-scanner", "fingerprint": "b4c3d8379da43fdd4f7a7a8ae151c4cc59b672f134717a69560a0a0fa92f96a1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44490"], "package": "axios", "rule_id": "GHSA-898c-q2cr-xwhg", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44490|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-62hf-57xw-28j9", "level": "warning", "message": {"text": "axios: GHSA-62hf-57xw-28j9"}, "properties": {"repobilityId": 138632, "scanner": "osv-scanner", "fingerprint": "10d9890397c8ba09fa5746e3fea00ad2a73a113dca3417aa0b39b7e5c9a22363", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42039"], "package": "axios", "rule_id": "GHSA-62hf-57xw-28j9", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42039|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c9x-8gcm-mpgx", "level": "warning", "message": {"text": "axios: GHSA-5c9x-8gcm-mpgx"}, "properties": {"repobilityId": 138631, "scanner": "osv-scanner", "fingerprint": "d6f74a4e04a8ab7121d4c2e192509fab9064ff142596f587e5e0a5f6beb02829", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42034"], "package": "axios", "rule_id": "GHSA-5c9x-8gcm-mpgx", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42034|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-445q-vr5w-6q77", "level": "warning", "message": {"text": "axios: GHSA-445q-vr5w-6q77"}, "properties": {"repobilityId": 138629, "scanner": "osv-scanner", "fingerprint": "dd454587b4724a6a811454f26768f40cacd03c898149c74e2c95f10030026936", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42037"], "package": "axios", "rule_id": "GHSA-445q-vr5w-6q77", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42037|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3w6x-2g7m-8v23", "level": "warning", "message": {"text": "axios: GHSA-3w6x-2g7m-8v23"}, "properties": {"repobilityId": 138627, "scanner": "osv-scanner", "fingerprint": "a3e4679a9481a2e56d032abe75097e26d2d512716b035be87574db8b1873dd1a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42044"], "package": "axios", "rule_id": "GHSA-3w6x-2g7m-8v23", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42044|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 138622, "scanner": "osv-scanner", "fingerprint": "5a6731f619cdb6207b31789850d213839a794809dd954cbc367d56d429fe5f51", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q6x5-8v7m-xcrf", "level": "warning", "message": {"text": "@protobufjs/utf8: GHSA-q6x5-8v7m-xcrf"}, "properties": {"repobilityId": 138620, "scanner": "osv-scanner", "fingerprint": "e8002cc7585f9c57a4222ad274b42ebb848448379d61b66702048a8b90cde739", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44288"], "package": "@protobufjs/utf8", "rule_id": "GHSA-q6x5-8v7m-xcrf", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs/utf8|CVE-2026-44288|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vhjm-w67q-g75c", "level": "warning", "message": {"text": "@hapi/wreck: GHSA-vhjm-w67q-g75c"}, "properties": {"repobilityId": 138619, "scanner": "osv-scanner", "fingerprint": "e4659b9e34b519ab455a7e271bd4015ffd939ace8230b5f9cf3441b9e9e38c6d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44979"], "package": "@hapi/wreck", "rule_id": "GHSA-vhjm-w67q-g75c", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/wreck|CVE-2026-44979|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/runtime: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 138614, "scanner": "osv-scanner", "fingerprint": "1485444cf0a087aa7921fd605ba5b2afef1a67457dc5eff7f3127e8b8fd20b5a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/runtime", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/runtime|CVE-2025-27789|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/helpers: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 138612, "scanner": "osv-scanner", "fingerprint": "13b479a6466cb9af005aa117344f17789f0ea141733c4660650e36fc66561053", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/helpers", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/helpers|CVE-2025-27789|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `dynamodb-local` image uses the latest tag"}, "properties": {"repobilityId": 138388, "scanner": "repobility-docker", "fingerprint": "df9b52772604cb4730d90b890f11f032ee2bf374717a098e6388685658fb5d15", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "amazon/dynamodb-local:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|df9b52772604cb4730d90b890f11f032ee2bf374717a098e6388685658fb5d15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/docker-compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 138387, "scanner": "repobility-docker", "fingerprint": "f36ea5beb8d9b20500c136b84abced9b299cf712bff912d10b9b495de33f346e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:20", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f36ea5beb8d9b20500c136b84abced9b299cf712bff912d10b9b495de33f346e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 138386, "scanner": "repobility-docker", "fingerprint": "03848048e2700c9f12c1bdf7de0f6d3004b6934d9cddf5738ae2dfb78636e9d8", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:20", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|03848048e2700c9f12c1bdf7de0f6d3004b6934d9cddf5738ae2dfb78636e9d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/rwa/perps/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 138385, "scanner": "repobility-docker", "fingerprint": "8b7e0c474d36d47137328b8f96df09d64324b69ff21f9b35c0d9ebf4fac76f3d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:20", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8b7e0c474d36d47137328b8f96df09d64324b69ff21f9b35c0d9ebf4fac76f3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/rwa/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 138384, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 138383, "scanner": "repobility-docker", "fingerprint": "f878ed38def4407c6e1c56c95105a9974c0ed341c8bb52d67097f124086d1242", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:20", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f878ed38def4407c6e1c56c95105a9974c0ed341c8bb52d67097f124086d1242"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 138381, "scanner": "repobility-threat-engine", "fingerprint": "3a051c8fb0cca7bbc43da35185c43db656bc5130d6d466dd3fe4eed39d46233d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "} catch (e) {\n    return null;\n  }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3a051c8fb0cca7bbc43da35185c43db656bc5130d6d466dd3fe4eed39d46233d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/utils/csvDataLoader.ts"}, "region": {"startLine": 90}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 138366, "scanner": "repobility-threat-engine", "fingerprint": "d5750c9e61f62201c27a7616894932342900cd89c5f5b0aa496a1116ad9a2e48", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random() - 0.5)\n  const skippedAdapterTypes = [\n    AdapterType.ACTIV", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d5750c9e61f62201c27a7616894932342900cd89c5f5b0aa496a1116ad9a2e48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/adaptors/handlers/storeAdaptorData/refillScript.ts"}, "region": {"startLine": 219}}}]}, {"ruleId": "SEC125", "level": "warning", "message": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim \u2014 production code with a literal placeholder string is a near-certain bug, and the value also leaks what credential type the system expects to authentication crawlers. CWE-1188. Distinctive AI footprint: the exact phrase shape `your-X-here` is uncommon in hand"}, "properties": {"repobilityId": 138363, "scanner": "repobility-threat-engine", "fingerprint": "02195830f2b8c72f336d91953e562298990b9fa46dac9f3d2fbc37f5007e346f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"REPLACE_ME\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC125", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|02195830f2b8c72f336d91953e562298990b9fa46dac9f3d2fbc37f5007e346f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/cli/updateCoinFields.ts"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 138357, "scanner": "repobility-threat-engine", "fingerprint": "3c569c0192e96bf3fe640356c13f65510ee64a133ecd457aa11c74a07d515abe", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new Function(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|142|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/cli/coingeckoUpdater.ts"}, "region": {"startLine": 142}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 138356, "scanner": "repobility-threat-engine", "fingerprint": "9b64a73b095440016da936ef3e7151939d936d38699db29cfc49ecf3a81d22df", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|174|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/utils/servingLayer.ts"}, "region": {"startLine": 174}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 138355, "scanner": "repobility-threat-engine", "fingerprint": "4bf39b9a2ae0227d21fa09ecae82ae73811d1874b06c29a27ed608bc8407fe23", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|131|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/utils/chRedisWrite.ts"}, "region": {"startLine": 131}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 138319, "scanner": "repobility-threat-engine", "fingerprint": "21315a3c3fc26d3dee255a8470e7fd5e0c061557ec928cdd3d06bfd5475f2c1f", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (e) { }", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|21315a3c3fc26d3dee255a8470e7fd5e0c061557ec928cdd3d06bfd5475f2c1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/utils.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 138318, "scanner": "repobility-threat-engine", "fingerprint": "c11239e5e2f1d779e53b3b13a43bb1a116c4783f91bb5b12936f9dcfb7874521", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (e) { }", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c11239e5e2f1d779e53b3b13a43bb1a116c4783f91bb5b12936f9dcfb7874521"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/cosmos.ts"}, "region": {"startLine": 122}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 138317, "scanner": "repobility-threat-engine", "fingerprint": "59a6d9addf46265d41f2494dcca72fa9ac35b5ba84a8358c8b69306db1ffeda1", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (e) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|59a6d9addf46265d41f2494dcca72fa9ac35b5ba84a8358c8b69306db1ffeda1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/env.js"}, "region": {"startLine": 3}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 138312, "scanner": "repobility-agent-runtime", "fingerprint": "e0ab5a6847f78ff9fa23dc687023f259f158405bfcc1bdde365e0b4614311b29", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|e0ab5a6847f78ff9fa23dc687023f259f158405bfcc1bdde365e0b4614311b29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/mini-apps/dim-status/public/index.html"}, "region": {"startLine": 324}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `redis` is 1 major version(s) behind (^5.11.0 -> 6.0.0)"}, "properties": {"repobilityId": 138309, "scanner": "repobility-dependency-currency", "fingerprint": "ecca582507b1da1e6771132f45b0b7e09305f223be0ea00a05ca4ce06c6b8b4b", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "redis", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.0.0", "correlation_key": "fp|ecca582507b1da1e6771132f45b0b7e09305f223be0ea00a05ca4ce06c6b8b4b", "current_version": "^5.11.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `pm2` is 2 major version(s) behind (5.3.1 -> 7.0.1)"}, "properties": {"repobilityId": 138307, "scanner": "repobility-dependency-currency", "fingerprint": "69356a2ff134e1a649eb53447301dd5cd16b6c37a15588c3c52f6f57b4fdfaed", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "pm2", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.0.1", "correlation_key": "fp|69356a2ff134e1a649eb53447301dd5cd16b6c37a15588c3c52f6f57b4fdfaed", "current_version": "5.3.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `pg-promise` is 1 major version(s) behind (11.6.0 -> 12.6.2)"}, "properties": {"repobilityId": 138306, "scanner": "repobility-dependency-currency", "fingerprint": "a19081daa37728afd5c44c99f2f3791fc9a07abcfc969369453a3ac21b3565b9", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "pg-promise", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "12.6.2", "correlation_key": "fp|a19081daa37728afd5c44c99f2f3791fc9a07abcfc969369453a3ac21b3565b9", "current_version": "11.6.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `p-limit` is 4 major version(s) behind (3.1.0 -> 7.3.0)"}, "properties": {"repobilityId": 138305, "scanner": "repobility-dependency-currency", "fingerprint": "7bb48340951f9d05fce3ef4878f55c94fb23c4e8724d994f4760249c9f1e0498", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "p-limit", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.3.0", "correlation_key": "fp|7bb48340951f9d05fce3ef4878f55c94fb23c4e8724d994f4760249c9f1e0498", "current_version": "3.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `node-fetch` is 1 major version(s) behind (2.7.0 -> 3.3.2)"}, "properties": {"repobilityId": 138304, "scanner": "repobility-dependency-currency", "fingerprint": "b620ff8c4bb6fad245ecf388c7cf96bd7b5d21dd587c9823359be8c8a22128f5", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "node-fetch", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.3.2", "correlation_key": "fp|b620ff8c4bb6fad245ecf388c7cf96bd7b5d21dd587c9823359be8c8a22128f5", "current_version": "2.7.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `dotenv` is 9 major version(s) behind (8.6.0 -> 17.4.2)"}, "properties": {"repobilityId": 138300, "scanner": "repobility-dependency-currency", "fingerprint": "d67d2e1fcbed8c0442925e33b928ec5b4fb978a094837a1050a37a9b8e3e1558", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "9 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "dotenv", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "17.4.2", "correlation_key": "fp|d67d2e1fcbed8c0442925e33b928ec5b4fb978a094837a1050a37a9b8e3e1558", "current_version": "8.6.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `bignumber.js` is 2 major version(s) behind (9.1.2 -> 11.1.3)"}, "properties": {"repobilityId": 138299, "scanner": "repobility-dependency-currency", "fingerprint": "1ed905f0a96fe0444bcd431cfd901364a5893be47871cf8a902f2422b539bad3", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "bignumber.js", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "11.1.3", "correlation_key": "fp|1ed905f0a96fe0444bcd431cfd901364a5893be47871cf8a902f2422b539bad3", "current_version": "9.1.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `ajv` is 2 major version(s) behind (6.12.6 -> 8.20.0)"}, "properties": {"repobilityId": 138297, "scanner": "repobility-dependency-currency", "fingerprint": "73794a635e29de516b040a6927c4241846a334ee5b19379f54dab01b2778434a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "ajv", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.20.0", "correlation_key": "fp|73794a635e29de516b040a6927c4241846a334ee5b19379f54dab01b2778434a", "current_version": "6.12.6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@types/jest` is 3 major version(s) behind (27.5.2 -> 30.0.0)"}, "properties": {"repobilityId": 138294, "scanner": "repobility-dependency-currency", "fingerprint": "3c95b08e5502a75bdf9941787fc9ec917dac76ba47ab57fd4751f5e0a5a296f2", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/jest", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "30.0.0", "correlation_key": "fp|3c95b08e5502a75bdf9941787fc9ec917dac76ba47ab57fd4751f5e0a5a296f2", "current_version": "27.5.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@types/ajv` is 1 major version(s) behind (^0.0.5 -> 1.0.4)"}, "properties": {"repobilityId": 138291, "scanner": "repobility-dependency-currency", "fingerprint": "d32b777bf152fcfb973c14b37fea29dd5dd8a4f9a3add9b751421f7440e444d8", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/ajv", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.0.4", "correlation_key": "fp|d32b777bf152fcfb973c14b37fea29dd5dd8a4f9a3add9b751421f7440e444d8", "current_version": "^0.0.5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@elastic/elasticsearch` is 1 major version(s) behind (8.13.1 -> 9.4.2)"}, "properties": {"repobilityId": 138289, "scanner": "repobility-dependency-currency", "fingerprint": "9630ac00ab2facafcc1cb518847aee12699c64598b7e8c94af9fbbc30f4cd508", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@elastic/elasticsearch", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "9.4.2", "correlation_key": "fp|9630ac00ab2facafcc1cb518847aee12699c64598b7e8c94af9fbbc30f4cd508", "current_version": "8.13.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_NO_README", "level": "warning", "message": {"text": "No README file found"}, "properties": {"repobilityId": 138241, "scanner": "repobility-core", "fingerprint": "b55c73163757fe6b2364bb829fcd26e87b9d9e7b367dd2a3307a814b02b29cbd", "category": "documentation", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_README", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_readme"}}}, {"ruleId": "GHSA-8fgc-7cc6-rx7x", "level": "note", "message": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "properties": {"repobilityId": 139103, "scanner": "osv-scanner", "fingerprint": "1826b0b6feee00054d48eeafcce8558f4ab6091ba6d03070924da66276271bb8", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68458"], "package": "webpack", "rule_id": "GHSA-8fgc-7cc6-rx7x", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68458|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38r7-794h-5758", "level": "note", "message": {"text": "webpack: GHSA-38r7-794h-5758"}, "properties": {"repobilityId": 139102, "scanner": "osv-scanner", "fingerprint": "ece5b779cda7aad48039b5c94cfa4fdc0fb5ddce871ee76e6e65f55e60022f04", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68157"], "package": "webpack", "rule_id": "GHSA-38r7-794h-5758", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68157|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w7fw-mjwx-w883", "level": "note", "message": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "properties": {"repobilityId": 139095, "scanner": "osv-scanner", "fingerprint": "d14f0b4d57740581234e17f256337dc1355be236e974859237784ec9e3ad70a5", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2391"], "package": "qs", "rule_id": "GHSA-w7fw-mjwx-w883", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-2391|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vpq2-c234-7xj6", "level": "note", "message": {"text": "@tootallnate/once: GHSA-vpq2-c234-7xj6"}, "properties": {"repobilityId": 139059, "scanner": "osv-scanner", "fingerprint": "fabe59897c1cf994e94cc9da87568f90cd1350c3c01c5bd1b115398cd4947339", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-3449"], "package": "@tootallnate/once", "rule_id": "GHSA-vpq2-c234-7xj6", "scanner": "osv-scanner", "correlation_key": "vuln|tootallnate/once|CVE-2026-3449|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8fgc-7cc6-rx7x", "level": "note", "message": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "properties": {"repobilityId": 139055, "scanner": "osv-scanner", "fingerprint": "c185c1ac0ea994eb837fdffbc7c118983b8372cbc3904b4308c89ad7343d3ea7", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68458"], "package": "webpack", "rule_id": "GHSA-8fgc-7cc6-rx7x", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68458|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38r7-794h-5758", "level": "note", "message": {"text": "webpack: GHSA-38r7-794h-5758"}, "properties": {"repobilityId": 139054, "scanner": "osv-scanner", "fingerprint": "aed16d7bd2774ebabc12e490ef808d86e2157e43f387c8f3b1e7894086a7b0d4", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68157"], "package": "webpack", "rule_id": "GHSA-38r7-794h-5758", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68157|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w7fw-mjwx-w883", "level": "note", "message": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "properties": {"repobilityId": 139029, "scanner": "osv-scanner", "fingerprint": "d70175c7a42ffb901b899a83a8bb5d8eb494a72d520d8b751875644492f819c4", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2391"], "package": "qs", "rule_id": "GHSA-w7fw-mjwx-w883", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-2391|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-x5gf-qvw8-r2rm", "level": "note", "message": {"text": "pm2: GHSA-x5gf-qvw8-r2rm"}, "properties": {"repobilityId": 139026, "scanner": "osv-scanner", "fingerprint": "8114323937ebb08ae66c7767a72a894afaebd7a82757ef46c35887020bc2fed7", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-5891"], "package": "pm2", "rule_id": "GHSA-x5gf-qvw8-r2rm", "scanner": "osv-scanner", "correlation_key": "vuln|pm2|CVE-2025-5891|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-442j-39wm-28r2", "level": "note", "message": {"text": "handlebars: GHSA-442j-39wm-28r2"}, "properties": {"repobilityId": 139011, "scanner": "osv-scanner", "fingerprint": "7c477803bc8dbdd5c241d666a3dc79e072f76a5c93783ffcde75be14542862c5", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "handlebars", "rule_id": "GHSA-442j-39wm-28r2", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|GHSA-442J-39WM-28R2|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fj3w-jwp8-x2g3", "level": "note", "message": {"text": "fast-xml-parser: GHSA-fj3w-jwp8-x2g3"}, "properties": {"repobilityId": 139001, "scanner": "osv-scanner", "fingerprint": "38e020f18cb0f1af461d974df57466b6eee282773cfea7fdda9f05e57a7a6753", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27942"], "package": "fast-xml-parser", "rule_id": "GHSA-fj3w-jwp8-x2g3", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-27942|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-73rr-hh4g-fpgx", "level": "note", "message": {"text": "diff: GHSA-73rr-hh4g-fpgx"}, "properties": {"repobilityId": 138993, "scanner": "osv-scanner", "fingerprint": "d2425e6e384264898ffa202f8d0862b74f704157df331ee58d07d6c325decdf0", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24001"], "package": "diff", "rule_id": "GHSA-73rr-hh4g-fpgx", "scanner": "osv-scanner", "correlation_key": "vuln|diff|CVE-2026-24001|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xhjh-pmcv-23jw", "level": "note", "message": {"text": "axios: GHSA-xhjh-pmcv-23jw"}, "properties": {"repobilityId": 138985, "scanner": "osv-scanner", "fingerprint": "d14c581795922f04f8b771780e43d256b7d363a7c86db82ace5d6b8139236128", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42040"], "package": "axios", "rule_id": "GHSA-xhjh-pmcv-23jw", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42040|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j965-2qgj-vjmq", "level": "note", "message": {"text": "aws-sdk: GHSA-j965-2qgj-vjmq"}, "properties": {"repobilityId": 138964, "scanner": "osv-scanner", "fingerprint": "cf20a2d0b02af0c31e0791ef6468fb001d5b59b98406085e6337078164997302", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "aws-sdk", "rule_id": "GHSA-j965-2qgj-vjmq", "scanner": "osv-scanner", "correlation_key": "vuln|aws-sdk|GHSA-J965-2QGJ-VJMQ|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6475-r3vj-m8vf", "level": "note", "message": {"text": "@smithy/config-resolver: GHSA-6475-r3vj-m8vf"}, "properties": {"repobilityId": 138962, "scanner": "osv-scanner", "fingerprint": "149b1588dcb356db2b46c18f9996fc4044f0238a4b6bfeb1e8b50d1b431478b2", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "@smithy/config-resolver", "rule_id": "GHSA-6475-r3vj-m8vf", "scanner": "osv-scanner", "correlation_key": "vuln|smithy/config-resolver|GHSA-6475-R3VJ-M8VF|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8fgc-7cc6-rx7x", "level": "note", "message": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "properties": {"repobilityId": 138955, "scanner": "osv-scanner", "fingerprint": "cb17dfe1a968e2492693c5396de9d79cfaeaf79f65da1d3282b3f48315ed9ae9", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68458"], "package": "webpack", "rule_id": "GHSA-8fgc-7cc6-rx7x", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68458|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38r7-794h-5758", "level": "note", "message": {"text": "webpack: GHSA-38r7-794h-5758"}, "properties": {"repobilityId": 138953, "scanner": "osv-scanner", "fingerprint": "26d2c0a7d7c33b8f9f3b18f691b305a2b2c8f6419d5f798c4b6382c831027f44", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68157"], "package": "webpack", "rule_id": "GHSA-38r7-794h-5758", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68157|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cxrh-j4jr-qwg3", "level": "note", "message": {"text": "undici: GHSA-cxrh-j4jr-qwg3"}, "properties": {"repobilityId": 138945, "scanner": "osv-scanner", "fingerprint": "dd638f6b55ee8ada1fdb2c087fa68c8b431eb057539c5c5c380b015d9db6d107", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-47279"], "package": "undici", "rule_id": "GHSA-cxrh-j4jr-qwg3", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2025-47279|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-52f5-9888-hmc6", "level": "note", "message": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "properties": {"repobilityId": 138939, "scanner": "osv-scanner", "fingerprint": "d6c9777b04185913fa4efa348a4bc63084d516040409025ef001303026a83a49", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-54798"], "package": "tmp", "rule_id": "GHSA-52f5-9888-hmc6", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2025-54798|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w7fw-mjwx-w883", "level": "note", "message": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "properties": {"repobilityId": 138919, "scanner": "osv-scanner", "fingerprint": "671189cd7036f2da07a10b417459d4d42017ea14d44740f02503e1b046f9a3a1", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2391"], "package": "qs", "rule_id": "GHSA-w7fw-mjwx-w883", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-2391|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-x5gf-qvw8-r2rm", "level": "note", "message": {"text": "pm2: GHSA-x5gf-qvw8-r2rm"}, "properties": {"repobilityId": 138916, "scanner": "osv-scanner", "fingerprint": "df0331d532e006a5cbfd75aa567cf119b9a5ce51206506053cb508ebc62336ac", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-5891"], "package": "pm2", "rule_id": "GHSA-x5gf-qvw8-r2rm", "scanner": "osv-scanner", "correlation_key": "vuln|pm2|CVE-2025-5891|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-75v8-2h7p-7m2m", "level": "note", "message": {"text": "formidable: GHSA-75v8-2h7p-7m2m"}, "properties": {"repobilityId": 138901, "scanner": "osv-scanner", "fingerprint": "93cd74ac6816f98fdd2adf92513e975466fbe4cfa5e2001014bdb6fc2d4d361c", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-46653"], "package": "formidable", "rule_id": "GHSA-75v8-2h7p-7m2m", "scanner": "osv-scanner", "correlation_key": "vuln|formidable|CVE-2025-46653|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fj3w-jwp8-x2g3", "level": "note", "message": {"text": "fast-xml-parser: GHSA-fj3w-jwp8-x2g3"}, "properties": {"repobilityId": 138892, "scanner": "osv-scanner", "fingerprint": "5edd235e2b9615b39ff5ba340ba77a8be9577d088d94fd5280e62c6f71a244a8", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27942"], "package": "fast-xml-parser", "rule_id": "GHSA-fj3w-jwp8-x2g3", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-27942|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-73rr-hh4g-fpgx", "level": "note", "message": {"text": "diff: GHSA-73rr-hh4g-fpgx"}, "properties": {"repobilityId": 138888, "scanner": "osv-scanner", "fingerprint": "66bae17a6e4fb000934bf0c17a328c29132f5a664f34dcf4d354ff6dfa0e6b8f", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24001"], "package": "diff", "rule_id": "GHSA-73rr-hh4g-fpgx", "scanner": "osv-scanner", "correlation_key": "vuln|diff|CVE-2026-24001|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pxg6-pf52-xh8x", "level": "note", "message": {"text": "cookie: GHSA-pxg6-pf52-xh8x"}, "properties": {"repobilityId": 138885, "scanner": "osv-scanner", "fingerprint": "48ae7a181b3e5989905a7019809c3629b59c253508726745376d0fce137d1c54", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47764"], "package": "cookie", "rule_id": "GHSA-pxg6-pf52-xh8x", "scanner": "osv-scanner", "correlation_key": "vuln|cookie|CVE-2024-47764|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v6h2-p8h4-qcjw", "level": "note", "message": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "properties": {"repobilityId": 138883, "scanner": "osv-scanner", "fingerprint": "dcb109010a8029d28c4e73f7618917cb6bfd69491bdc4090674b8ce40b28b621", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-5889"], "package": "brace-expansion", "rule_id": "GHSA-v6h2-p8h4-qcjw", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2025-5889|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xhjh-pmcv-23jw", "level": "note", "message": {"text": "axios: GHSA-xhjh-pmcv-23jw"}, "properties": {"repobilityId": 138873, "scanner": "osv-scanner", "fingerprint": "afec1713df203532aba272a5cc92d96b978e8411143decd6aeb2c4b867e34eab", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42040"], "package": "axios", "rule_id": "GHSA-xhjh-pmcv-23jw", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42040|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j965-2qgj-vjmq", "level": "note", "message": {"text": "aws-sdk: GHSA-j965-2qgj-vjmq"}, "properties": {"repobilityId": 138849, "scanner": "osv-scanner", "fingerprint": "1bbf3e3898001c7c1f51fb2ad1da3568c51ce9c3b9bafa6f1f343aed3ffbb4b2", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "aws-sdk", "rule_id": "GHSA-j965-2qgj-vjmq", "scanner": "osv-scanner", "correlation_key": "vuln|aws-sdk|GHSA-J965-2QGJ-VJMQ|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6475-r3vj-m8vf", "level": "note", "message": {"text": "@smithy/config-resolver: GHSA-6475-r3vj-m8vf"}, "properties": {"repobilityId": 138847, "scanner": "osv-scanner", "fingerprint": "c2ade538e6582648602a0d5a37897e08cca52c0d625b8dae48b41614f39607a7", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "@smithy/config-resolver", "rule_id": "GHSA-6475-r3vj-m8vf", "scanner": "osv-scanner", "correlation_key": "vuln|smithy/config-resolver|GHSA-6475-R3VJ-M8VF|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8fgc-7cc6-rx7x", "level": "note", "message": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "properties": {"repobilityId": 138839, "scanner": "osv-scanner", "fingerprint": "1ddad37fbe2f30b92ae14e751315a359d1e1f13bf2886c90a42742d289e5ac3f", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68458"], "package": "webpack", "rule_id": "GHSA-8fgc-7cc6-rx7x", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68458|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38r7-794h-5758", "level": "note", "message": {"text": "webpack: GHSA-38r7-794h-5758"}, "properties": {"repobilityId": 138838, "scanner": "osv-scanner", "fingerprint": "a81099ae8bdaae3d2985949b76ae4ae362b5f3a00286f967b72b63a1b5e5734b", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68157"], "package": "webpack", "rule_id": "GHSA-38r7-794h-5758", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68157|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-52f5-9888-hmc6", "level": "note", "message": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "properties": {"repobilityId": 138828, "scanner": "osv-scanner", "fingerprint": "08946c69f838919dc63e7be9d148a7b986854773197900776cc9cad5d9f67f04", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-54798"], "package": "tmp", "rule_id": "GHSA-52f5-9888-hmc6", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2025-54798|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w7fw-mjwx-w883", "level": "note", "message": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "properties": {"repobilityId": 138812, "scanner": "osv-scanner", "fingerprint": "3cf8f78f987edfa8f5673050d10d7a0650c87adfee64bcd76fd94b2f6fa344e3", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2391"], "package": "qs", "rule_id": "GHSA-w7fw-mjwx-w883", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-2391|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-442j-39wm-28r2", "level": "note", "message": {"text": "handlebars: GHSA-442j-39wm-28r2"}, "properties": {"repobilityId": 138780, "scanner": "osv-scanner", "fingerprint": "de30b08cdcbed066b2de4e429c18648edcd63cb7ee82186515f542fd7927c93f", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "handlebars", "rule_id": "GHSA-442j-39wm-28r2", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|GHSA-442J-39WM-28R2|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fj3w-jwp8-x2g3", "level": "note", "message": {"text": "fast-xml-parser: GHSA-fj3w-jwp8-x2g3"}, "properties": {"repobilityId": 138769, "scanner": "osv-scanner", "fingerprint": "00a7028a33eb7916a7f5c39cb05835e0ac6ae306b8cbd13153db421aee31bbf2", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27942"], "package": "fast-xml-parser", "rule_id": "GHSA-fj3w-jwp8-x2g3", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-27942|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-73rr-hh4g-fpgx", "level": "note", "message": {"text": "diff: GHSA-73rr-hh4g-fpgx"}, "properties": {"repobilityId": 138764, "scanner": "osv-scanner", "fingerprint": "f6038c9ae130f32c39c35f2eb2471afaf49fbc2825e41a182ac7973aba4beaef", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24001"], "package": "diff", "rule_id": "GHSA-73rr-hh4g-fpgx", "scanner": "osv-scanner", "correlation_key": "vuln|diff|CVE-2026-24001|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pxg6-pf52-xh8x", "level": "note", "message": {"text": "cookie: GHSA-pxg6-pf52-xh8x"}, "properties": {"repobilityId": 138763, "scanner": "osv-scanner", "fingerprint": "08919b6879feaa948b7da3a33c1e2a4c7e8320cb51b826c101611b56cdfbbe31", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47764"], "package": "cookie", "rule_id": "GHSA-pxg6-pf52-xh8x", "scanner": "osv-scanner", "correlation_key": "vuln|cookie|CVE-2024-47764|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xhjh-pmcv-23jw", "level": "note", "message": {"text": "axios: GHSA-xhjh-pmcv-23jw"}, "properties": {"repobilityId": 138759, "scanner": "osv-scanner", "fingerprint": "6229c1643226c43681e4e52b6cd17bdd1744e8eeac64c0740e6d46b1a0f3cc7e", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42040"], "package": "axios", "rule_id": "GHSA-xhjh-pmcv-23jw", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42040|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j965-2qgj-vjmq", "level": "note", "message": {"text": "aws-sdk: GHSA-j965-2qgj-vjmq"}, "properties": {"repobilityId": 138738, "scanner": "osv-scanner", "fingerprint": "a31511663c033a0be44aeaa2cc5d3214e4ee508923be27fc2a3b4e8fe78fcf81", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "aws-sdk", "rule_id": "GHSA-j965-2qgj-vjmq", "scanner": "osv-scanner", "correlation_key": "vuln|aws-sdk|GHSA-J965-2QGJ-VJMQ|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6475-r3vj-m8vf", "level": "note", "message": {"text": "@smithy/config-resolver: GHSA-6475-r3vj-m8vf"}, "properties": {"repobilityId": 138736, "scanner": "osv-scanner", "fingerprint": "77e3ff9ec9caf81f5859f91e47246136f6b2ed2ec9174eb970efd9c412ba371c", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "@smithy/config-resolver", "rule_id": "GHSA-6475-r3vj-m8vf", "scanner": "osv-scanner", "correlation_key": "vuln|smithy/config-resolver|GHSA-6475-R3VJ-M8VF|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8fgc-7cc6-rx7x", "level": "note", "message": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "properties": {"repobilityId": 138727, "scanner": "osv-scanner", "fingerprint": "9abb9370cb58226b5a3af848c911f42b63ce5942ed5227e7c9cf9330b3b20db2", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68458"], "package": "webpack", "rule_id": "GHSA-8fgc-7cc6-rx7x", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68458|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38r7-794h-5758", "level": "note", "message": {"text": "webpack: GHSA-38r7-794h-5758"}, "properties": {"repobilityId": 138726, "scanner": "osv-scanner", "fingerprint": "b64f149e090f5d0cefc2104046dd86906ddfbac05cdb221adaa54d727a21f1cc", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68157"], "package": "webpack", "rule_id": "GHSA-38r7-794h-5758", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68157|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cxrh-j4jr-qwg3", "level": "note", "message": {"text": "undici: GHSA-cxrh-j4jr-qwg3"}, "properties": {"repobilityId": 138719, "scanner": "osv-scanner", "fingerprint": "08688ce1009c89121edf76f926183ef6165084874a08ddbe044e81c0eb385a5d", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-47279"], "package": "undici", "rule_id": "GHSA-cxrh-j4jr-qwg3", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2025-47279|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-52f5-9888-hmc6", "level": "note", "message": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "properties": {"repobilityId": 138715, "scanner": "osv-scanner", "fingerprint": "484d760e0d2f45a3ee57680260b4cbddac662b2af434fad1619f157e164c82a0", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-54798"], "package": "tmp", "rule_id": "GHSA-52f5-9888-hmc6", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2025-54798|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w7fw-mjwx-w883", "level": "note", "message": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "properties": {"repobilityId": 138694, "scanner": "osv-scanner", "fingerprint": "3b8c34d8df509c55311301542f406de95f9e5e05464247552e216dbd550c4ee3", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2391"], "package": "qs", "rule_id": "GHSA-w7fw-mjwx-w883", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-2391|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-75v8-2h7p-7m2m", "level": "note", "message": {"text": "formidable: GHSA-75v8-2h7p-7m2m"}, "properties": {"repobilityId": 138664, "scanner": "osv-scanner", "fingerprint": "77e03f74a7ea1035e74efec79e37a603184f4c7121e8fb6c65b5a52040d9f14b", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-46653"], "package": "formidable", "rule_id": "GHSA-75v8-2h7p-7m2m", "scanner": "osv-scanner", "correlation_key": "vuln|formidable|CVE-2025-46653|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fj3w-jwp8-x2g3", "level": "note", "message": {"text": "fast-xml-parser: GHSA-fj3w-jwp8-x2g3"}, "properties": {"repobilityId": 138657, "scanner": "osv-scanner", "fingerprint": "1b685354440447f33a07c78e2a97b6206b913112a710a869af6bd6c36f5c0d63", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27942"], "package": "fast-xml-parser", "rule_id": "GHSA-fj3w-jwp8-x2g3", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-27942|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-73rr-hh4g-fpgx", "level": "note", "message": {"text": "diff: GHSA-73rr-hh4g-fpgx"}, "properties": {"repobilityId": 138654, "scanner": "osv-scanner", "fingerprint": "8619fd7778917009fef5fa8d828b2d1f40f6d382beb2270995079c83ebc1d105", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24001"], "package": "diff", "rule_id": "GHSA-73rr-hh4g-fpgx", "scanner": "osv-scanner", "correlation_key": "vuln|diff|CVE-2026-24001|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pxg6-pf52-xh8x", "level": "note", "message": {"text": "cookie: GHSA-pxg6-pf52-xh8x"}, "properties": {"repobilityId": 138653, "scanner": "osv-scanner", "fingerprint": "30fab91127dfcacfda4646832c7b5e1b28ad42b3092933671072ddbaf536e44e", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47764"], "package": "cookie", "rule_id": "GHSA-pxg6-pf52-xh8x", "scanner": "osv-scanner", "correlation_key": "vuln|cookie|CVE-2024-47764|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v6h2-p8h4-qcjw", "level": "note", "message": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "properties": {"repobilityId": 138652, "scanner": "osv-scanner", "fingerprint": "1dd9f3d3fff2cda32883ccea99c2d3662ce39c9ab716b7d8d4374026a829ad05", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-5889"], "package": "brace-expansion", "rule_id": "GHSA-v6h2-p8h4-qcjw", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2025-5889|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xhjh-pmcv-23jw", "level": "note", "message": {"text": "axios: GHSA-xhjh-pmcv-23jw"}, "properties": {"repobilityId": 138646, "scanner": "osv-scanner", "fingerprint": "dbef88112826c8d4d1bc9e4ccaff47296de8c8b8d0bc7b2397637927b708f638", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42040"], "package": "axios", "rule_id": "GHSA-xhjh-pmcv-23jw", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42040|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j965-2qgj-vjmq", "level": "note", "message": {"text": "aws-sdk: GHSA-j965-2qgj-vjmq"}, "properties": {"repobilityId": 138623, "scanner": "osv-scanner", "fingerprint": "b3de04c90d62d935601f3593e10c03f8b4260ab9616742b28d84729d8b98dc87", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "aws-sdk", "rule_id": "GHSA-j965-2qgj-vjmq", "scanner": "osv-scanner", "correlation_key": "vuln|aws-sdk|GHSA-J965-2QGJ-VJMQ|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6475-r3vj-m8vf", "level": "note", "message": {"text": "@smithy/config-resolver: GHSA-6475-r3vj-m8vf"}, "properties": {"repobilityId": 138621, "scanner": "osv-scanner", "fingerprint": "32a33783053d47b662f4decd7f1f76238d65d82f72a25ff8406f6826701d790c", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "@smithy/config-resolver", "rule_id": "GHSA-6475-r3vj-m8vf", "scanner": "osv-scanner", "correlation_key": "vuln|smithy/config-resolver|GHSA-6475-R3VJ-M8VF|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 138390, "scanner": "repobility-docker", "fingerprint": "f1228864b6018463263f060b05de2717aa792b514dac9283a3547cf3aa8fdacd", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "dynamodb-local", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|f1228864b6018463263f060b05de2717aa792b514dac9283a3547cf3aa8fdacd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/docker-compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 138389, "scanner": "repobility-docker", "fingerprint": "bd3e68c95ab81742f27bb93d7acecff2f7138edc5da8cca959f60b8f89372d1a", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "dynamodb-local", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|bd3e68c95ab81742f27bb93d7acecff2f7138edc5da8cca959f60b8f89372d1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/docker-compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 138382, "scanner": "repobility-docker", "fingerprint": "a611a9e40f10b62f4ea3268ce0bc7d149dae5ba62bebeaed1f5580c9b744c8cb", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a611a9e40f10b62f4ea3268ce0bc7d149dae5ba62bebeaed1f5580c9b744c8cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 138368, "scanner": "repobility-threat-engine", "fingerprint": "501627994a19e31626989f85b243c244de6ad45c8230eca538aa284431ebe35b", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'/chains2/' + category + '/table'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|501627994a19e31626989f85b243c244de6ad45c8230eca538aa284431ebe35b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/cron-task/genFormattedChains.ts"}, "region": {"startLine": 115}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 138367, "scanner": "repobility-threat-engine", "fingerprint": "ed001e2fe0c36809552510851d4642f915425b0c0ad553c9f7e460daf4daaa94", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'ignoring key: ' + k + ' in config for protocol '", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ed001e2fe0c36809552510851d4642f915425b0c0ad553c9f7e460daf4daaa94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/adaptors/scripts/old/moveConfig.ts"}, "region": {"startLine": 88}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@babel/preset-env` is minor version(s) behind (7.24.5 -> 7.29.7)"}, "properties": {"repobilityId": 138311, "scanner": "repobility-dependency-currency", "fingerprint": "795191f0843f3150ccca53eb94de3cee1deffb2aa8673b85e498ba869f35412a", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@babel/preset-env", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.29.7", "correlation_key": "fp|795191f0843f3150ccca53eb94de3cee1deffb2aa8673b85e498ba869f35412a", "current_version": "7.24.5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `reflect-metadata` is minor version(s) behind (0.1.14 -> 0.2.2)"}, "properties": {"repobilityId": 138310, "scanner": "repobility-dependency-currency", "fingerprint": "e56e74649ea2ea8c3f14b46bf6b376cf1b424325c60169a3876a3c141792cef6", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "reflect-metadata", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.2.2", "correlation_key": "fp|e56e74649ea2ea8c3f14b46bf6b376cf1b424325c60169a3876a3c141792cef6", "current_version": "0.1.14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `lodash` is minor version(s) behind (4.17.21 -> 4.18.1)"}, "properties": {"repobilityId": 138303, "scanner": "repobility-dependency-currency", "fingerprint": "7bb1a3a6df65f0cbc5c48ca96e839404a4b6cc65c44589b02d9bb65bbed9b73b", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "lodash", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.18.1", "correlation_key": "fp|7bb1a3a6df65f0cbc5c48ca96e839404a4b6cc65c44589b02d9bb65bbed9b73b", "current_version": "4.17.21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `hyper-express` is minor version(s) behind (6.16.1 -> 6.17.3)"}, "properties": {"repobilityId": 138302, "scanner": "repobility-dependency-currency", "fingerprint": "d4e4bd7d219efeb7124e6cda22547a4800a636dc4b41b47860cb5f65d196e520", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "hyper-express", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.17.3", "correlation_key": "fp|d4e4bd7d219efeb7124e6cda22547a4800a636dc4b41b47860cb5f65d196e520", "current_version": "6.16.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `ethers` is minor version(s) behind (6.12.1 -> 6.16.0)"}, "properties": {"repobilityId": 138301, "scanner": "repobility-dependency-currency", "fingerprint": "88fc3dc3b0986cbf08dc868e09a1199f98b2ef16389211e62704ec9e444bdca0", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "ethers", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.16.0", "correlation_key": "fp|88fc3dc3b0986cbf08dc868e09a1199f98b2ef16389211e62704ec9e444bdca0", "current_version": "6.12.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `axios` is minor version(s) behind (1.7.2 -> 1.17.0)"}, "properties": {"repobilityId": 138298, "scanner": "repobility-dependency-currency", "fingerprint": "834150f753d4ff00a98b5e60a4a7044735ba322d4f23140cc682fb4f7603400b", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "axios", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.17.0", "correlation_key": "fp|834150f753d4ff00a98b5e60a4a7044735ba322d4f23140cc682fb4f7603400b", "current_version": "1.7.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@supercharge/promise-pool` is minor version(s) behind (3.2.0 -> 3.3.0)"}, "properties": {"repobilityId": 138290, "scanner": "repobility-dependency-currency", "fingerprint": "b00945b4b5ad69590af4ec7e841867887c4b9f6039295f029a6f0f7839064508", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@supercharge/promise-pool", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.3.0", "correlation_key": "fp|b00945b4b5ad69590af4ec7e841867887c4b9f6039295f029a6f0f7839064508", "current_version": "3.2.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@aws-sdk/lib-dynamodb` is minor version(s) behind (^3.918.0 -> 3.1063.0)"}, "properties": {"repobilityId": 138287, "scanner": "repobility-dependency-currency", "fingerprint": "523c18c35166eee7d3f477e295a9053989630f01960703895426d96466f817b5", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@aws-sdk/lib-dynamodb", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.1063.0", "correlation_key": "fp|523c18c35166eee7d3f477e295a9053989630f01960703895426d96466f817b5", "current_version": "^3.918.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138265, "scanner": "repobility-ai-code-hygiene", "fingerprint": "983cd253f56ba80867e9742e04c4c1f43c09c55d00279a7bd65493e985671f13", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/getCurrentCoins.ts", "duplicate_line": 42, "correlation_key": "fp|983cd253f56ba80867e9742e04c4c1f43c09c55d00279a7bd65493e985671f13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/updateCoin.ts"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138264, "scanner": "repobility-ai-code-hygiene", "fingerprint": "25aa5c0c45d8f3f7496135035ee4e7d42c0f4bf5bdf2be389cd1b318869a747f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/getPercentageChange.ts", "duplicate_line": 16, "correlation_key": "fp|25aa5c0c45d8f3f7496135035ee4e7d42c0f4bf5bdf2be389cd1b318869a747f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/getVolume.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138263, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6aa6e14a699da41c8523f9418efb3ccba781df3f350f0ab79f085c8e6d251a39", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/getCoinFirstTimestamp.ts", "duplicate_line": 23, "correlation_key": "fp|6aa6e14a699da41c8523f9418efb3ccba781df3f350f0ab79f085c8e6d251a39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/getHistoricalCoins.ts"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138262, "scanner": "repobility-ai-code-hygiene", "fingerprint": "56f372c889e061968edb3f0d84820888a90b18bccc931cf04b7a392b877015bb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/getBatchHistoricalCoins.ts", "duplicate_line": 34, "correlation_key": "fp|56f372c889e061968edb3f0d84820888a90b18bccc931cf04b7a392b877015bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/getBatchHistoricalCoinsSpan.ts"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138261, "scanner": "repobility-ai-code-hygiene", "fingerprint": "08d357e241b1c31c0c2a26d33199f2730f0dc62ad675fb7cc1d42711149493a3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/yield/yearn/yearnV2.ts", "duplicate_line": 56, "correlation_key": "fp|08d357e241b1c31c0c2a26d33199f2730f0dc62ad675fb7cc1d42711149493a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/yield/yearn/yearnV3.ts"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138260, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4c0d641d62993d984dde8184cae972805b0c08a283dadb3b367bd7ad5ea79ee5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/markets/arrakis/arrakis.ts", "duplicate_line": 34, "correlation_key": "fp|4c0d641d62993d984dde8184cae972805b0c08a283dadb3b367bd7ad5ea79ee5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/yield/timeswap/timeswap.ts"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138259, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b992c548cfaddd90fb161e67bb7d2182b2c72d1baee157f7aa0cc12f768140a5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/markets/thena.ts", "duplicate_line": 17, "correlation_key": "fp|b992c548cfaddd90fb161e67bb7d2182b2c72d1baee157f7aa0cc12f768140a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/yield/gamma.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138258, "scanner": "repobility-ai-code-hygiene", "fingerprint": "99f4911a842c18bf640b35bf6cd45102d40903d38cccc5850b13d5b72461108e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/yield/concentrator/concentrator.ts", "duplicate_line": 13, "correlation_key": "fp|99f4911a842c18bf640b35bf6cd45102d40903d38cccc5850b13d5b72461108e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/yield/fx-protocol/fx-protocol.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138257, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f68ec02cc2b010c16b60c4871a75942feabd6b419792cd4b5d16f53497680018", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/rwa/asseto.ts", "duplicate_line": 1, "correlation_key": "fp|f68ec02cc2b010c16b60c4871a75942feabd6b419792cd4b5d16f53497680018"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/axc.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138256, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6734394e72a644dd0b37e951ca9a56a4b5bc6025964536c887e4881eb70a0beb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/other/steadefi_eth.ts", "duplicate_line": 11, "correlation_key": "fp|6734394e72a644dd0b37e951ca9a56a4b5bc6025964536c887e4881eb70a0beb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/steadefi_wbtc.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138255, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9b9cff6ff72c3bfb3d24c02d62b169f6f2d4d08f3d4e0d4e7904d6d4a071f261", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/other/steadefi_eth.ts", "duplicate_line": 11, "correlation_key": "fp|9b9cff6ff72c3bfb3d24c02d62b169f6f2d4d08f3d4e0d4e7904d6d4a071f261"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/steadefi_usdc_wbtc.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138254, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8ee1b37155623658dc338a1d77025779934db64d332925cc774b1c1c248234eb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/other/steadefi_usdc_arb.ts", "duplicate_line": 10, "correlation_key": "fp|8ee1b37155623658dc338a1d77025779934db64d332925cc774b1c1c248234eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/steadefi_usdc_wbtc.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138253, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6f08700b21406a0dacdbea824d0f482110244d4cef8bfb38af0c126d501b02ba", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/other/steadefi_eth.ts", "duplicate_line": 11, "correlation_key": "fp|6f08700b21406a0dacdbea824d0f482110244d4cef8bfb38af0c126d501b02ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/steadefi_usdc_link.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138252, "scanner": "repobility-ai-code-hygiene", "fingerprint": "191f2d45e51e62bfc8fd8bbc0761ba096366a743cc006dc0519fd547647d396a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/other/steadefi_usdc_arb.ts", "duplicate_line": 10, "correlation_key": "fp|191f2d45e51e62bfc8fd8bbc0761ba096366a743cc006dc0519fd547647d396a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/steadefi_usdc_link.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138251, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aac4901ca56796a0d5c5cbd051a9ab619f4b29264fff26eda09af9a8ae923b6a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/other/steadefi_eth.ts", "duplicate_line": 11, "correlation_key": "fp|aac4901ca56796a0d5c5cbd051a9ab619f4b29264fff26eda09af9a8ae923b6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/steadefi_usdc_eth.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138250, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c4776f74abccff8b1bc853185b535eff4598599265160d27139c5a0c2f4c46e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/other/steadefi_usdc_arb.ts", "duplicate_line": 10, "correlation_key": "fp|c4776f74abccff8b1bc853185b535eff4598599265160d27139c5a0c2f4c46e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/steadefi_usdc_eth.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138249, "scanner": "repobility-ai-code-hygiene", "fingerprint": "066d2cfd245c09253d9f9fdd402191ea81286b71e8dddd966ccede9d4b87e373", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/other/steadefi_eth.ts", "duplicate_line": 11, "correlation_key": "fp|066d2cfd245c09253d9f9fdd402191ea81286b71e8dddd966ccede9d4b87e373"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/steadefi_usdc_arb.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138248, "scanner": "repobility-ai-code-hygiene", "fingerprint": "12948a0544c0615d16c0053be758cb1343126f0a06ff5ab4b2b8a8d8c69d556f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/other/mooBvmEth.ts", "duplicate_line": 12, "correlation_key": "fp|12948a0544c0615d16c0053be758cb1343126f0a06ff5ab4b2b8a8d8c69d556f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/odpxWethLP.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138247, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1b4acd514b07345ca34782ac29b0c3c9301b233b497b892ba66012a6700840da", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/other/kSTRK.ts", "duplicate_line": 16, "correlation_key": "fp|1b4acd514b07345ca34782ac29b0c3c9301b233b497b892ba66012a6700840da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/nstSTRK.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138246, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ac24db39cc9235e484d9f9d26f1cd462b747d79bdb211019f2a95f82b0ff237b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/markets/minswap2.ts", "duplicate_line": 33, "correlation_key": "fp|ac24db39cc9235e484d9f9d26f1cd462b747d79bdb211019f2a95f82b0ff237b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/wingriders.ts"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138245, "scanner": "repobility-ai-code-hygiene", "fingerprint": "56cdc8b8f38560304eb762511cd5d58c4321c11c74c8b99208e5aa79a188b866", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/markets/balancer/balancer.ts", "duplicate_line": 115, "correlation_key": "fp|56cdc8b8f38560304eb762511cd5d58c4321c11c74c8b99208e5aa79a188b866"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/phux/phux.ts"}, "region": {"startLine": 96}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138244, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4404cfc222d99a10dbc8485fb0d4458fe82c8cd97c387ab373f80ff9cf78a3b0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/bridges/optimism.ts", "duplicate_line": 38, "correlation_key": "fp|4404cfc222d99a10dbc8485fb0d4458fe82c8cd97c387ab373f80ff9cf78a3b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/zeroDecimalMappings.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 138243, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d6621592c23e6c0152c707a71dedcad0a298008e87f43b8b9899845cff0a4e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "coins/src/adapters/bridges/base.ts", "duplicate_line": 1, "correlation_key": "fp|3d6621592c23e6c0152c707a71dedcad0a298008e87f43b8b9899845cff0a4e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/unichain.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 138242, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 138378, "scanner": "repobility-threat-engine", "fingerprint": "bfc46df8a5d70a51c5d394eb2df3494b16495785773ce52dd2a33610a1fd418f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bfc46df8a5d70a51c5d394eb2df3494b16495785773ce52dd2a33610a1fd418f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/cli/buildCoingeckoSymbols.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 138377, "scanner": "repobility-threat-engine", "fingerprint": "179636ab80dc2c7eb34ce25b65f6283893d21b8e48f5caea8c4fd4aff05b887d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|179636ab80dc2c7eb34ce25b65f6283893d21b8e48f5caea8c4fd4aff05b887d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/cli/buildCoingeckoSymbols.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC084", "level": "none", "message": {"text": "[SEC084] JS: require() with non-literal (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 138362, "scanner": "repobility-threat-engine", "fingerprint": "1ab24bd4307ac28d8fe949cb2ba0d619298592370da5c4874409946d0caac342", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|1ab24bd4307ac28d8fe949cb2ba0d619298592370da5c4874409946d0caac342"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 138358, "scanner": "repobility-threat-engine", "fingerprint": "2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 138354, "scanner": "repobility-threat-engine", "fingerprint": "62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "aggregated_count": 2}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 138353, "scanner": "repobility-threat-engine", "fingerprint": "309b96da7cca99dcdee8a7cb4e88c7a904cc8a57b9913ab5aab76a7854b58f41", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|309b96da7cca99dcdee8a7cb4e88c7a904cc8a57b9913ab5aab76a7854b58f41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/deploy/nginx.conf"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 138352, "scanner": "repobility-threat-engine", "fingerprint": "82fccbf431db816ca702b56a866cb01462ed31abce26ba1bb7a1f1f860e43a16", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|82fccbf431db816ca702b56a866cb01462ed31abce26ba1bb7a1f1f860e43a16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/utils/clickhouseClient.ts"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 138351, "scanner": "repobility-threat-engine", "fingerprint": "a967c54b14c123f4405601946575444461d620768cfd025afcdea1032bf33cab", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a967c54b14c123f4405601946575444461d620768cfd025afcdea1032bf33cab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/synthetix.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 138350, "scanner": "repobility-threat-engine", "fingerprint": "2b5c46b5f3a08f1c41ada92fd0b747d0c26d98cb06f117e6c5ce050c098609ac", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2b5c46b5f3a08f1c41ada92fd0b747d0c26d98cb06f117e6c5ce050c098609ac"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 138346, "scanner": "repobility-threat-engine", "fingerprint": "384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 64 more): Same pattern found in 64 additional files. Review if needed."}, "properties": {"repobilityId": 138340, "scanner": "repobility-threat-engine", "fingerprint": "a4abcac13e24ac13720b3aa5f409d45342c0c528a83f28208961789140fa5d9b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 64 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a4abcac13e24ac13720b3aa5f409d45342c0c528a83f28208961789140fa5d9b", "aggregated_count": 64}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 138339, "scanner": "repobility-threat-engine", "fingerprint": "1c3eee54c5c0138dee76ccbdabf35418ba7ac284a67cc71a2835d404ddd0bf15", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1c3eee54c5c0138dee76ccbdabf35418ba7ac284a67cc71a2835d404ddd0bf15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/zircuit.ts"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 138338, "scanner": "repobility-threat-engine", "fingerprint": "11372a90cb640526f7ff7fc601e64c758c6dcceb4cf82b42b3cc21a552fa5034", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|11372a90cb640526f7ff7fc601e64c758c6dcceb4cf82b42b3cc21a552fa5034"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/symbiosis.ts"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 138337, "scanner": "repobility-threat-engine", "fingerprint": "fd7fd84c9add13a0fe4af92894f3657ee2f4d7a2e95fbf5b793ba5812d8c9c10", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fd7fd84c9add13a0fe4af92894f3657ee2f4d7a2e95fbf5b793ba5812d8c9c10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/fuel.ts"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 392 more): Same pattern found in 392 additional files. Review if needed."}, "properties": {"repobilityId": 138336, "scanner": "repobility-threat-engine", "fingerprint": "6dd9c10f621b9594c5cb2d1aa9ea0b1900cf8812a8406b229eaa26f9621140cc", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 392 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|6dd9c10f621b9594c5cb2d1aa9ea0b1900cf8812a8406b229eaa26f9621140cc", "aggregated_count": 392}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 138335, "scanner": "repobility-threat-engine", "fingerprint": "c012e50f68e3bf32b9bf6231c3e2f67a19f51a0662a3a8f1f1b240d01b947046", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c012e50f68e3bf32b9bf6231c3e2f67a19f51a0662a3a8f1f1b240d01b947046"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/avax.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 138334, "scanner": "repobility-threat-engine", "fingerprint": "c73e1a32329dca4b32a7b1992ee2cab7b44331f4508aebf8b07ec50c736ca6ac", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c73e1a32329dca4b32a7b1992ee2cab7b44331f4508aebf8b07ec50c736ca6ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/astrzk.ts"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 138333, "scanner": "repobility-threat-engine", "fingerprint": "b8e543f37d1e5a124d88ff3f6c030c28dde3ed14c4c6723bb0ad3be8c010f91d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b8e543f37d1e5a124d88ff3f6c030c28dde3ed14c4c6723bb0ad3be8c010f91d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/anyswap.ts"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 138332, "scanner": "repobility-threat-engine", "fingerprint": "a5623d5d1a3aa8d7d93b3c10c7b3b23034f911e2b55f12e8628ffd2421678e91", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a5623d5d1a3aa8d7d93b3c10c7b3b23034f911e2b55f12e8628ffd2421678e91", "aggregated_count": 15}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 138331, "scanner": "repobility-threat-engine", "fingerprint": "f04499bd3878a0a1f98754d249271b0bd2f246613134a5784e27fca711c8cfec", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f04499bd3878a0a1f98754d249271b0bd2f246613134a5784e27fca711c8cfec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/moneyMarkets/euler/index.ts"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 138330, "scanner": "repobility-threat-engine", "fingerprint": "785fcd027fe3c0a22f7927f5e9feb7889a540ffd380d88be80fb8ad0aa24633f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|785fcd027fe3c0a22f7927f5e9feb7889a540ffd380d88be80fb8ad0aa24633f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/index.ts"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 138329, "scanner": "repobility-threat-engine", "fingerprint": "af4f4cfd2a836f19fcb1017a05cddef519a60589558b7ada1a82f8063ba6de56", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|af4f4cfd2a836f19fcb1017a05cddef519a60589558b7ada1a82f8063ba6de56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/anyswap.ts"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 226 more): Same pattern found in 226 additional files. Review if needed."}, "properties": {"repobilityId": 138328, "scanner": "repobility-threat-engine", "fingerprint": "0b4574c68732b66f1e0a1f8ddac4fb6e7c45ff214be752cf1ad60678298c6543", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 226 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0b4574c68732b66f1e0a1f8ddac4fb6e7c45ff214be752cf1ad60678298c6543", "aggregated_count": 226}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 138327, "scanner": "repobility-threat-engine", "fingerprint": "c86ed058bf2f0ff6bf0d793b6cc77e0ee45d8ed4e5675b4795cb53369a0a5a5a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c86ed058bf2f0ff6bf0d793b6cc77e0ee45d8ed4e5675b4795cb53369a0a5a5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/cosmos.ts"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 138326, "scanner": "repobility-threat-engine", "fingerprint": "13e3f5cc993836afe8df0b2330388f1b6020481442f8190e4db38facca158e1d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|13e3f5cc993836afe8df0b2330388f1b6020481442f8190e4db38facca158e1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/astrzk.ts"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 138325, "scanner": "repobility-threat-engine", "fingerprint": "d32900242bfc6051c8b4166fbe1c7b4f6c4b599c909449bb3c336b91b28f4544", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d32900242bfc6051c8b4166fbe1c7b4f6c4b599c909449bb3c336b91b28f4544"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/anyswap.ts"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 30 more): Same pattern found in 30 additional files. Review if needed."}, "properties": {"repobilityId": 138324, "scanner": "repobility-threat-engine", "fingerprint": "1486964fddabc4dbe0eca3ff5dab800d43de27623c4b1f0a4623d09e0bc356ac", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 30 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 30 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|1486964fddabc4dbe0eca3ff5dab800d43de27623c4b1f0a4623d09e0bc356ac"}}}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 138320, "scanner": "repobility-threat-engine", "fingerprint": "55853ef45b03bf09cbc44c6f24922b8041151d72d31f01248b6f89c0cb3102d5", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|55853ef45b03bf09cbc44c6f24922b8041151d72d31f01248b6f89c0cb3102d5"}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 157 more): Same pattern found in 157 additional files. Review if needed."}, "properties": {"repobilityId": 138316, "scanner": "repobility-threat-engine", "fingerprint": "340fe678e021e95fb390ed63c6b6908c2da8d4847093e5eee0b82d9b0781761e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 157 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|340fe678e021e95fb390ed63c6b6908c2da8d4847093e5eee0b82d9b0781761e", "aggregated_count": 157}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 138315, "scanner": "repobility-threat-engine", "fingerprint": "91e7e0bbbb2fa3cd102c6f1767bb8a618627de27fa4954d926a9e8ffae744ad6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|91e7e0bbbb2fa3cd102c6f1767bb8a618627de27fa4954d926a9e8ffae744ad6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/anyswap.ts"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 138314, "scanner": "repobility-threat-engine", "fingerprint": "d4a210b0b281e5c9b523b876926b976fc3d0492903247b83ec9018ff64f5052d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d4a210b0b281e5c9b523b876926b976fc3d0492903247b83ec9018ff64f5052d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/anvu.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 138313, "scanner": "repobility-threat-engine", "fingerprint": "dcd153f2b3e8a91d4763dcc9ab6019735f2b4c31618cd8d905a443d402a23a04", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dcd153f2b3e8a91d4763dcc9ab6019735f2b4c31618cd8d905a443d402a23a04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/coins2.ts"}, "region": {"startLine": 26}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `postgres` is patch version(s) behind (3.4.4 -> 3.4.9)"}, "properties": {"repobilityId": 138308, "scanner": "repobility-dependency-currency", "fingerprint": "8726d238d4870c4db8762144110de862d8d619f36c633fbb5688a9f18a31ee47", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "postgres", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.4.9", "correlation_key": "fp|8726d238d4870c4db8762144110de862d8d619f36c633fbb5688a9f18a31ee47", "current_version": "3.4.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@types/node-fetch` is patch version(s) behind (2.6.11 -> 2.6.13)"}, "properties": {"repobilityId": 138296, "scanner": "repobility-dependency-currency", "fingerprint": "5fd417b48098d224a5b8ef12d74406cd8ac8f7dd5b37d81053c22b7cf32ebfdd", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/node-fetch", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.6.13", "correlation_key": "fp|5fd417b48098d224a5b8ef12d74406cd8ac8f7dd5b37d81053c22b7cf32ebfdd", "current_version": "2.6.11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@types/lodash` is patch version(s) behind (4.17.4 -> 4.17.24)"}, "properties": {"repobilityId": 138295, "scanner": "repobility-dependency-currency", "fingerprint": "9cb83d2a5ba75f74bb14017b24fb43b8c19bfc789422bce251ae274b21727289", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/lodash", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.17.24", "correlation_key": "fp|9cb83d2a5ba75f74bb14017b24fb43b8c19bfc789422bce251ae274b21727289", "current_version": "4.17.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@types/aws-lambda` is patch version(s) behind (8.10.138 -> 8.10.161)"}, "properties": {"repobilityId": 138293, "scanner": "repobility-dependency-currency", "fingerprint": "b7badf52109cd70751d0cac1ff2c541d73606a6e5991f7172b03d1ea600badc4", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/aws-lambda", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.10.161", "correlation_key": "fp|b7badf52109cd70751d0cac1ff2c541d73606a6e5991f7172b03d1ea600badc4", "current_version": "8.10.138"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@types/async-retry` is patch version(s) behind (1.4.8 -> 1.4.9)"}, "properties": {"repobilityId": 138292, "scanner": "repobility-dependency-currency", "fingerprint": "8d5dee9f52aaa8b26fe0ebb946c3d83cd5bae351632313d7a7acf4c24efc1c30", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/async-retry", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.4.9", "correlation_key": "fp|8d5dee9f52aaa8b26fe0ebb946c3d83cd5bae351632313d7a7acf4c24efc1c30", "current_version": "1.4.8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@defillama/sdk` is patch version(s) behind (5.0.175 -> 5.0.215)"}, "properties": {"repobilityId": 138288, "scanner": "repobility-dependency-currency", "fingerprint": "af56f86caba9f5eafbc76fa62ba05131e57db2edc03f7dbdb2d8bf04ef381e0f", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@defillama/sdk", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "5.0.215", "correlation_key": "fp|af56f86caba9f5eafbc76fa62ba05131e57db2edc03f7dbdb2d8bf04ef381e0f", "current_version": "5.0.175"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qpx9-hpmf-5gmw", "level": "error", "message": {"text": "underscore: GHSA-qpx9-hpmf-5gmw"}, "properties": {"repobilityId": 139100, "scanner": "osv-scanner", "fingerprint": "eeb6cd4fc749cd287a9d4689ed72b5321265c8fbaad00057f9398c5cce3d55e3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27601"], "package": "underscore", "rule_id": "GHSA-qpx9-hpmf-5gmw", "scanner": "osv-scanner", "correlation_key": "vuln|underscore|CVE-2026-27601|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xpqw-6gx7-v673", "level": "error", "message": {"text": "svgo: GHSA-xpqw-6gx7-v673"}, "properties": {"repobilityId": 139099, "scanner": "osv-scanner", "fingerprint": "1a03c97c619a0d49b9cc13515e8f8df1d3f5250727f7bb7653c3e9a29f0d7de7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29074"], "package": "svgo", "rule_id": "GHSA-xpqw-6gx7-v673", "scanner": "osv-scanner", "correlation_key": "vuln|svgo|CVE-2026-29074|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c6j-r48x-rmvq", "level": "error", "message": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "properties": {"repobilityId": 139097, "scanner": "osv-scanner", "fingerprint": "30534dccaa1da346683408333458f7a240eb748d5246f6477194e692b024f7a1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "serialize-javascript", "rule_id": "GHSA-5c6j-r48x-rmvq", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|GHSA-5C6J-R48X-RMVQ|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mw96-cpmx-2vgc", "level": "error", "message": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "properties": {"repobilityId": 139096, "scanner": "osv-scanner", "fingerprint": "690ae86e9d98bde73403968a65fc2110849cd54cba0d1b78553e64caf2ccb26c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27606"], "package": "rollup", "rule_id": "GHSA-mw96-cpmx-2vgc", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2026-27606|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 139090, "scanner": "osv-scanner", "fingerprint": "14341b51466c39447fc1912b4feca43c9af30b93872e90a017f0d72ee824277f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j3q9-mxjg-w52f", "level": "error", "message": {"text": "path-to-regexp: GHSA-j3q9-mxjg-w52f"}, "properties": {"repobilityId": 139088, "scanner": "osv-scanner", "fingerprint": "a5f80d39670d63fcfb8d30b639fae063f87eb6ef59fb78bf4d006e89e961780e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4926"], "package": "path-to-regexp", "rule_id": "GHSA-j3q9-mxjg-w52f", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2026-4926|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-37ch-88jc-xwx2", "level": "error", "message": {"text": "path-to-regexp: GHSA-37ch-88jc-xwx2"}, "properties": {"repobilityId": 139086, "scanner": "osv-scanner", "fingerprint": "48367460d32419f5df4cf2ca313b15fc56182593b1083aa90b808dc4e9b25302", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4867"], "package": "path-to-regexp", "rule_id": "GHSA-37ch-88jc-xwx2", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2026-4867|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rp65-9cf3-cjxr", "level": "error", "message": {"text": "nth-check: GHSA-rp65-9cf3-cjxr"}, "properties": {"repobilityId": 139085, "scanner": "osv-scanner", "fingerprint": "2503df3f7ebc2e4e83690297b50910f179c9a4132d902eb2e6703c47bd17c22c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2021-3803"], "package": "nth-check", "rule_id": "GHSA-rp65-9cf3-cjxr", "scanner": "osv-scanner", "correlation_key": "vuln|nth-check|CVE-2021-3803|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q67f-28xg-22rw", "level": "error", "message": {"text": "node-forge: GHSA-q67f-28xg-22rw"}, "properties": {"repobilityId": 139084, "scanner": "osv-scanner", "fingerprint": "5c5e80ad41bda963efc8f894e3a071b8c2a502e58409824ab330bb9118f58461", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33895"], "package": "node-forge", "rule_id": "GHSA-q67f-28xg-22rw", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33895|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ppp5-5v6c-4jwp", "level": "error", "message": {"text": "node-forge: GHSA-ppp5-5v6c-4jwp"}, "properties": {"repobilityId": 139083, "scanner": "osv-scanner", "fingerprint": "0e0e039b937c6cddb7b1d5ff943e7d76ba42fa67591a8c918406078e5fe4f0dc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33894"], "package": "node-forge", "rule_id": "GHSA-ppp5-5v6c-4jwp", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33894|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5m6q-g25r-mvwx", "level": "error", "message": {"text": "node-forge: GHSA-5m6q-g25r-mvwx"}, "properties": {"repobilityId": 139081, "scanner": "osv-scanner", "fingerprint": "4e17027a843873eb9da949305e4731387f91f20a9f27fbd3de397ade521ee11f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33891"], "package": "node-forge", "rule_id": "GHSA-5m6q-g25r-mvwx", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33891|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5gfm-wpxj-wjgq", "level": "error", "message": {"text": "node-forge: GHSA-5gfm-wpxj-wjgq"}, "properties": {"repobilityId": 139080, "scanner": "osv-scanner", "fingerprint": "33bab97abced9d2d55cb1d8dd86bc39b7df1a189eea2fcff0092debf26d25bf7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-12816"], "package": "node-forge", "rule_id": "GHSA-5gfm-wpxj-wjgq", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-12816|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-554w-wpv2-vw27", "level": "error", "message": {"text": "node-forge: GHSA-554w-wpv2-vw27"}, "properties": {"repobilityId": 139079, "scanner": "osv-scanner", "fingerprint": "1552e42cf2be46d9fd4a27c71d5b180faa72c7844b23d7e5fe04e2f9fcb6272b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66031"], "package": "node-forge", "rule_id": "GHSA-554w-wpv2-vw27", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-66031|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2328-f5f3-gj25", "level": "error", "message": {"text": "node-forge: GHSA-2328-f5f3-gj25"}, "properties": {"repobilityId": 139078, "scanner": "osv-scanner", "fingerprint": "8a3e38da57f53710ceb2624513705fa30ed17e625117bcc9857a8a0b53e9886f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33896"], "package": "node-forge", "rule_id": "GHSA-2328-f5f3-gj25", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33896|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 139077, "scanner": "osv-scanner", "fingerprint": "cb1cb14ee4a04970dddf04937622fe20ab7e8a20d539cf122d6e592be3742ac4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 139076, "scanner": "osv-scanner", "fingerprint": "32c50d6b715a446447d110b1589141e7391a7444446a9eb3cbac003e5e6618fe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 139075, "scanner": "osv-scanner", "fingerprint": "0c3d8913caf2a4e4a0258e794c11a583c8bd791a4ce9a7b6221a6a6daf4d9cb2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 139073, "scanner": "osv-scanner", "fingerprint": "9c297db2cd81b5243a46353543e60d7f6343555d0872f6c3a136d13eb7e0fd5f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-4800|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-87r5-mp6g-5w5j", "level": "error", "message": {"text": "jsonpath: GHSA-87r5-mp6g-5w5j"}, "properties": {"repobilityId": 139071, "scanner": "osv-scanner", "fingerprint": "e0d84b85b2c272607677a175dc026e71fd31579140e2bcff1957cc74fb5a1b1c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1615"], "package": "jsonpath", "rule_id": "GHSA-87r5-mp6g-5w5j", "scanner": "osv-scanner", "correlation_key": "vuln|jsonpath|CVE-2026-1615|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5j98-mcp5-4vw2", "level": "error", "message": {"text": "glob: GHSA-5j98-mcp5-4vw2"}, "properties": {"repobilityId": 139068, "scanner": "osv-scanner", "fingerprint": "23a708e7dcc526e5160afd3ff7b7fe1b0ba5aa33beab6aa09abefe1af3eb263b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64756"], "package": "glob", "rule_id": "GHSA-5j98-mcp5-4vw2", "scanner": "osv-scanner", "correlation_key": "vuln|glob|CVE-2025-64756|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rf6f-7fwh-wjgh", "level": "error", "message": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "properties": {"repobilityId": 139066, "scanner": "osv-scanner", "fingerprint": "df62c62fe6980a09d43ce9356a609a870e6bdaf23d16966f39dea3189fa1e819", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33228"], "package": "flatted", "rule_id": "GHSA-rf6f-7fwh-wjgh", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-33228|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-25h7-pfq9-p65f", "level": "error", "message": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "properties": {"repobilityId": 139065, "scanner": "osv-scanner", "fingerprint": "9c555679b043692bfbf923fb1ef961e5d3485be9f22c47c8b38326c1d7d7f177", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-32141"], "package": "flatted", "rule_id": "GHSA-25h7-pfq9-p65f", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-32141|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v39h-62p7-jpjc", "level": "error", "message": {"text": "fast-uri: GHSA-v39h-62p7-jpjc"}, "properties": {"repobilityId": 139064, "scanner": "osv-scanner", "fingerprint": "76ce7302a7f544830b56ababaf98c59be6eca756e28ad80a307d9717fabea3f9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6322"], "package": "fast-uri", "rule_id": "GHSA-v39h-62p7-jpjc", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6322|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q3j6-qgpj-74h6", "level": "error", "message": {"text": "fast-uri: GHSA-q3j6-qgpj-74h6"}, "properties": {"repobilityId": 139063, "scanner": "osv-scanner", "fingerprint": "31990ed4f50c62009493b1fc35a3f1143fef5fdbaa4c06f42b825ef4305647a3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6321"], "package": "fast-uri", "rule_id": "GHSA-q3j6-qgpj-74h6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6321|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fv7c-fp4j-7gwp", "level": "error", "message": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "properties": {"repobilityId": 139058, "scanner": "osv-scanner", "fingerprint": "a990dcb1c9ef89ac593e0ba05680819c6a8241d4f06a9156f62da2d6472d9185", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44728"], "package": "@babel/plugin-transform-modules-systemjs", "rule_id": "GHSA-fv7c-fp4j-7gwp", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-44728|defi/ui-tool/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j658-c2gf-x6pq", "level": "error", "message": {"text": "velocityjs: GHSA-j658-c2gf-x6pq"}, "properties": {"repobilityId": 139053, "scanner": "osv-scanner", "fingerprint": "30885c3b69e5fb1518095c3af5e8dd61658135fddc39856fd59072f474dd002f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44966"], "package": "velocityjs", "rule_id": "GHSA-j658-c2gf-x6pq", "scanner": "osv-scanner", "correlation_key": "vuln|velocityjs|CVE-2026-44966|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vghf-hv5q-vc2g", "level": "error", "message": {"text": "validator: GHSA-vghf-hv5q-vc2g"}, "properties": {"repobilityId": 139052, "scanner": "osv-scanner", "fingerprint": "bee1dddd39b7df6625f6db6b74dc49bc223f661495cbdad724bc9eea34874b8a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-12758"], "package": "validator", "rule_id": "GHSA-vghf-hv5q-vc2g", "scanner": "osv-scanner", "correlation_key": "vuln|validator|CVE-2025-12758|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vrm6-8vpv-qv8q", "level": "error", "message": {"text": "undici: GHSA-vrm6-8vpv-qv8q"}, "properties": {"repobilityId": 139049, "scanner": "osv-scanner", "fingerprint": "744eaa0ca8d37b2b32736e5303aacef29fa8e114d50cb7be7bfe6865f8edc3cb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1526"], "package": "undici", "rule_id": "GHSA-vrm6-8vpv-qv8q", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1526|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v9p9-hfj2-hcw8", "level": "error", "message": {"text": "undici: GHSA-v9p9-hfj2-hcw8"}, "properties": {"repobilityId": 139048, "scanner": "osv-scanner", "fingerprint": "8479fa63e5eeda55b6089c54c67477c47cd25b36ba3d305d1dd512da9b257e96", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2229"], "package": "undici", "rule_id": "GHSA-v9p9-hfj2-hcw8", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-2229|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f269-vfmq-vjvj", "level": "error", "message": {"text": "undici: GHSA-f269-vfmq-vjvj"}, "properties": {"repobilityId": 139046, "scanner": "osv-scanner", "fingerprint": "de8337ba4b5e33133586a0cdeedb43da5c4d261361cd8e00dcd961e065c59b1a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1528"], "package": "undici", "rule_id": "GHSA-f269-vfmq-vjvj", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1528|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r6q2-hw4h-h46w", "level": "error", "message": {"text": "tar: GHSA-r6q2-hw4h-h46w"}, "properties": {"repobilityId": 139043, "scanner": "osv-scanner", "fingerprint": "68e7ab55b5d3d9d6ef041e51a388e689940c9b94189ca813cec655bb26490e5f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-23950"], "package": "tar", "rule_id": "GHSA-r6q2-hw4h-h46w", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23950|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qffp-2rhf-9h96", "level": "error", "message": {"text": "tar: GHSA-qffp-2rhf-9h96"}, "properties": {"repobilityId": 139042, "scanner": "osv-scanner", "fingerprint": "81945a8dac969070fce9ab92fdf8d6af19a1b7fdef1a94e39cd4a4e82c28cba2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29786"], "package": "tar", "rule_id": "GHSA-qffp-2rhf-9h96", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-29786|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9ppj-qmqm-q256", "level": "error", "message": {"text": "tar: GHSA-9ppj-qmqm-q256"}, "properties": {"repobilityId": 139041, "scanner": "osv-scanner", "fingerprint": "689a4d861845d178e4cc3febeaa1cf62e64dc1a9517a88743125f997345ace65", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-31802"], "package": "tar", "rule_id": "GHSA-9ppj-qmqm-q256", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-31802|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8qq5-rm4j-mr97", "level": "error", "message": {"text": "tar: GHSA-8qq5-rm4j-mr97"}, "properties": {"repobilityId": 139040, "scanner": "osv-scanner", "fingerprint": "2412be25717d698d7779cd60d501f8eb3b059c6f01d03046708f70a001e27fc3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-23745"], "package": "tar", "rule_id": "GHSA-8qq5-rm4j-mr97", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23745|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-83g3-92jg-28cx", "level": "error", "message": {"text": "tar: GHSA-83g3-92jg-28cx"}, "properties": {"repobilityId": 139039, "scanner": "osv-scanner", "fingerprint": "294c5ed334798b8d9e7d0b25f9390ee1a894b93de0fcb046d952346f18ab29d4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26960"], "package": "tar", "rule_id": "GHSA-83g3-92jg-28cx", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-26960|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-34x7-hfp2-rc4v", "level": "error", "message": {"text": "tar: GHSA-34x7-hfp2-rc4v"}, "properties": {"repobilityId": 139038, "scanner": "osv-scanner", "fingerprint": "f50727378beb2d87379804336b328c8dd88c9b7a10efa97ab2ba70b72a19dc16", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24842"], "package": "tar", "rule_id": "GHSA-34x7-hfp2-rc4v", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-24842|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wphj-fx3q-84ch", "level": "error", "message": {"text": "systeminformation: GHSA-wphj-fx3q-84ch"}, "properties": {"repobilityId": 139037, "scanner": "osv-scanner", "fingerprint": "14ca8548fbaf62f88d3aaddc54807b524a948c737ffbd30031a83b0572464769", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68154"], "package": "systeminformation", "rule_id": "GHSA-wphj-fx3q-84ch", "scanner": "osv-scanner", "correlation_key": "vuln|systeminformation|CVE-2025-68154|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hvx9-hwr7-wjj9", "level": "error", "message": {"text": "systeminformation: GHSA-hvx9-hwr7-wjj9"}, "properties": {"repobilityId": 139036, "scanner": "osv-scanner", "fingerprint": "f99bc8b39b6e00c70247dad6851f059fd105d429c1f157338b5bb7e8fe574e37", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44724"], "package": "systeminformation", "rule_id": "GHSA-hvx9-hwr7-wjj9", "scanner": "osv-scanner", "correlation_key": "vuln|systeminformation|CVE-2026-44724|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9c88-49p5-5ggf", "level": "error", "message": {"text": "systeminformation: GHSA-9c88-49p5-5ggf"}, "properties": {"repobilityId": 139035, "scanner": "osv-scanner", "fingerprint": "05dcd6e0ad7daeed3ddd1f5c2d30fb137930e131ebae4cf7ce0113f0cde21e21", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26280"], "package": "systeminformation", "rule_id": "GHSA-9c88-49p5-5ggf", "scanner": "osv-scanner", "correlation_key": "vuln|systeminformation|CVE-2026-26280|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5vv4-hvf7-2h46", "level": "error", "message": {"text": "systeminformation: GHSA-5vv4-hvf7-2h46"}, "properties": {"repobilityId": 139034, "scanner": "osv-scanner", "fingerprint": "7f5be48ce48f999598c3ad9315b2e90be2b45f811c871ed8439e8cbcf3a68e7f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26318"], "package": "systeminformation", "rule_id": "GHSA-5vv4-hvf7-2h46", "scanner": "osv-scanner", "correlation_key": "vuln|systeminformation|CVE-2026-26318|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jcxm-m3jx-f287", "level": "error", "message": {"text": "simple-git: GHSA-jcxm-m3jx-f287"}, "properties": {"repobilityId": 139032, "scanner": "osv-scanner", "fingerprint": "51016a867e7f7e2c26c93acbd659174caaae0f70c1549f43de3b93b9e3e14f4b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-28291"], "package": "simple-git", "rule_id": "GHSA-jcxm-m3jx-f287", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2026-28291|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hffm-xvc3-vprc", "level": "error", "message": {"text": "simple-git: GHSA-hffm-xvc3-vprc"}, "properties": {"repobilityId": 139031, "scanner": "osv-scanner", "fingerprint": "2a5fc6c578658171684f1d468e89b12af2eddd504b58ac403116104551949c38", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6951"], "package": "simple-git", "rule_id": "GHSA-hffm-xvc3-vprc", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2026-6951|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6457-6jrx-69cr", "level": "error", "message": {"text": "sequelize: GHSA-6457-6jrx-69cr"}, "properties": {"repobilityId": 139030, "scanner": "osv-scanner", "fingerprint": "d025c965bb758821590ec4e6ff0ffdeca2920d82ce31dc7b4ae7c75d28000ba9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-30951"], "package": "sequelize", "rule_id": "GHSA-6457-6jrx-69cr", "scanner": "osv-scanner", "correlation_key": "vuln|sequelize|CVE-2026-30951|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 139025, "scanner": "osv-scanner", "fingerprint": "0a16d3f9ecdf769c80415e1fae14080953c1eeccf26e00e2c5d826720827818c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 139023, "scanner": "osv-scanner", "fingerprint": "629b02be757865b03377e5076dab6b7e84595c7ca8f1942bcf476f29d11fb6c7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 139022, "scanner": "osv-scanner", "fingerprint": "8bfc30ed8e7896340ce64ddce39bed1e17a059be01fc50d2bdf15774eb70df9a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 139021, "scanner": "osv-scanner", "fingerprint": "f670dc8a3b0a67589bc5b4d335d887b4bfb2ee877153f82e6fe0d92de82f2156", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 139019, "scanner": "osv-scanner", "fingerprint": "0f76560db5cfe1c75be5905b361bd570f6b724e5926194d96c6afa9e07e41616", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-4800|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xjpj-3mr7-gcpf", "level": "error", "message": {"text": "handlebars: GHSA-xjpj-3mr7-gcpf"}, "properties": {"repobilityId": 139015, "scanner": "osv-scanner", "fingerprint": "0102f66b4f23b19b40c62c01e534d11f56de0f9f69131fbbe3518fad2ff8a9c0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33941"], "package": "handlebars", "rule_id": "GHSA-xjpj-3mr7-gcpf", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33941|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xhpv-hc6g-r9c6", "level": "error", "message": {"text": "handlebars: GHSA-xhpv-hc6g-r9c6"}, "properties": {"repobilityId": 139014, "scanner": "osv-scanner", "fingerprint": "278520c779dfdb26ed69b18d1240745ae58b5886a09050467d37f7f17bf3ec3e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33940"], "package": "handlebars", "rule_id": "GHSA-xhpv-hc6g-r9c6", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33940|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9cx6-37pm-9jff", "level": "error", "message": {"text": "handlebars: GHSA-9cx6-37pm-9jff"}, "properties": {"repobilityId": 139013, "scanner": "osv-scanner", "fingerprint": "4ae6c2b5c98cd84a7297e0f9fec56c07d3e90a76cb3ea26e3d5feec774c94c56", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33939"], "package": "handlebars", "rule_id": "GHSA-9cx6-37pm-9jff", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33939|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3mfm-83xf-c92r", "level": "error", "message": {"text": "handlebars: GHSA-3mfm-83xf-c92r"}, "properties": {"repobilityId": 139010, "scanner": "osv-scanner", "fingerprint": "ddc0aa5b1d1506d68574aaf73a394b5e1d3e4ba71c3218fb507f5fef30bb6d1a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33938"], "package": "handlebars", "rule_id": "GHSA-3mfm-83xf-c92r", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33938|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5j98-mcp5-4vw2", "level": "error", "message": {"text": "glob: GHSA-5j98-mcp5-4vw2"}, "properties": {"repobilityId": 139007, "scanner": "osv-scanner", "fingerprint": "c57813b867c4d13deb22310807d184e7f156241c8457cfc7f7034ca12b6153c1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64756"], "package": "glob", "rule_id": "GHSA-5j98-mcp5-4vw2", "scanner": "osv-scanner", "correlation_key": "vuln|glob|CVE-2025-64756|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8gc5-j5rx-235r", "level": "error", "message": {"text": "fast-xml-parser: GHSA-8gc5-j5rx-235r"}, "properties": {"repobilityId": 139000, "scanner": "osv-scanner", "fingerprint": "dc639940bf1f3f8eac705244652dd427bd46a2af62607493597bc44854719895", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-33036"], "package": "fast-xml-parser", "rule_id": "GHSA-8gc5-j5rx-235r", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-26278|defi/pnpm-lock.yaml", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-8gc5-j5rx-235r", "GHSA-jmr7-xgp7-cmfj"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["7b4efef2912fe9fc49318e4c4067b52c5ab7b3d11de0327730989ae029329a3b", "dc639940bf1f3f8eac705244652dd427bd46a2af62607493597bc44854719895"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-37qj-frw5-hhjh", "level": "error", "message": {"text": "fast-xml-parser: GHSA-37qj-frw5-hhjh"}, "properties": {"repobilityId": 138999, "scanner": "osv-scanner", "fingerprint": "8a8cf17537b308c1e98eb98f453c0d4b030d532f71b5b2fb76bfc74bf64e676b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25128"], "package": "fast-xml-parser", "rule_id": "GHSA-37qj-frw5-hhjh", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-25128|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v39h-62p7-jpjc", "level": "error", "message": {"text": "fast-uri: GHSA-v39h-62p7-jpjc"}, "properties": {"repobilityId": 138998, "scanner": "osv-scanner", "fingerprint": "b1f6895e8583632fc3d2d978f9bf01bfee2caa0e611489ec191b67aa39ea7c7d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6322"], "package": "fast-uri", "rule_id": "GHSA-v39h-62p7-jpjc", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6322|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q3j6-qgpj-74h6", "level": "error", "message": {"text": "fast-uri: GHSA-q3j6-qgpj-74h6"}, "properties": {"repobilityId": 138997, "scanner": "osv-scanner", "fingerprint": "07af2e24210a7ce0dad8d1cdc2a13d0315a534e9aa9861eb82c3283f56f69253", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6321"], "package": "fast-uri", "rule_id": "GHSA-q3j6-qgpj-74h6", "scanner": "osv-scanner", "correlation_key": "vuln|fast-uri|CVE-2026-6321|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38f7-945m-qr2g", "level": "error", "message": {"text": "effect: GHSA-38f7-945m-qr2g"}, "properties": {"repobilityId": 138995, "scanner": "osv-scanner", "fingerprint": "c0ac0b565859747e757233fb4d9d55532701548de7a5ac44a14e3a45931a293e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-32887"], "package": "effect", "rule_id": "GHSA-38f7-945m-qr2g", "scanner": "osv-scanner", "correlation_key": "vuln|effect|CVE-2026-32887|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rpmf-866q-6p89", "level": "error", "message": {"text": "basic-ftp: GHSA-rpmf-866q-6p89"}, "properties": {"repobilityId": 138990, "scanner": "osv-scanner", "fingerprint": "e257bee96e651d5403a12be39ab66fb3c35a91a43837131dce2e41f5bb9d21c7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44240"], "package": "basic-ftp", "rule_id": "GHSA-rpmf-866q-6p89", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-44240|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rp42-5vxx-qpwr", "level": "error", "message": {"text": "basic-ftp: GHSA-rp42-5vxx-qpwr"}, "properties": {"repobilityId": 138989, "scanner": "osv-scanner", "fingerprint": "b22fc097c033bf62884d8465a532c0d98d4d2439a577b0f2910f94a60fd2b24b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41324"], "package": "basic-ftp", "rule_id": "GHSA-rp42-5vxx-qpwr", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-41324|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6v7q-wjvx-w8wg", "level": "error", "message": {"text": "basic-ftp: GHSA-6v7q-wjvx-w8wg"}, "properties": {"repobilityId": 138988, "scanner": "osv-scanner", "fingerprint": "ab9ed804276be883c58e17e4f2b4641dc3aaf7ae9c8cf38bf0482922d3522749", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "basic-ftp", "rule_id": "GHSA-6v7q-wjvx-w8wg", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|GHSA-6V7Q-WJVX-W8WG|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8qp-cvcw-x6jj", "level": "error", "message": {"text": "axios: GHSA-q8qp-cvcw-x6jj"}, "properties": {"repobilityId": 138982, "scanner": "osv-scanner", "fingerprint": "04a17ff1d548d31cb6b975f050b6704dd81a54f0a33d788f14644648c69d0ab0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42264"], "package": "axios", "rule_id": "GHSA-q8qp-cvcw-x6jj", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42264|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pf86-5x62-jrwf", "level": "error", "message": {"text": "axios: GHSA-pf86-5x62-jrwf"}, "properties": {"repobilityId": 138981, "scanner": "osv-scanner", "fingerprint": "f7b84a551bdd7c1941972029b835b174875e0d8d526f34254486d67bfe4e572f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42033"], "package": "axios", "rule_id": "GHSA-pf86-5x62-jrwf", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42033|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-p92q-9vqr-4j8v", "level": "error", "message": {"text": "axios: GHSA-p92q-9vqr-4j8v"}, "properties": {"repobilityId": 138980, "scanner": "osv-scanner", "fingerprint": "c7ec7e9829ed7df6eae4fc19e6d64034106a4ec2377e3c38d10844d1105f81fe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44487"], "package": "axios", "rule_id": "GHSA-p92q-9vqr-4j8v", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44487|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j5f8-grm9-p9fc", "level": "error", "message": {"text": "axios: GHSA-j5f8-grm9-p9fc"}, "properties": {"repobilityId": 138978, "scanner": "osv-scanner", "fingerprint": "87f104aa41b492c52b1033c066f5a3893e28588489dbcbbd81119c693867428a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44486"], "package": "axios", "rule_id": "GHSA-j5f8-grm9-p9fc", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44486|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hfxv-24rg-xrqf", "level": "error", "message": {"text": "axios: GHSA-hfxv-24rg-xrqf"}, "properties": {"repobilityId": 138977, "scanner": "osv-scanner", "fingerprint": "97d624834f67022f281afcafa3dd2e0e7e33f5d714c15a2236b4e0fd4f2bdf68", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44496"], "package": "axios", "rule_id": "GHSA-hfxv-24rg-xrqf", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44496|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-777c-7fjr-54vf", "level": "error", "message": {"text": "axios: GHSA-777c-7fjr-54vf"}, "properties": {"repobilityId": 138974, "scanner": "osv-scanner", "fingerprint": "43afeea5ebccdd33b2094ec27bc4718f6c89f2cb97ddf53793d5fdd2a7a8283e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44488"], "package": "axios", "rule_id": "GHSA-777c-7fjr-54vf", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44488|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6chq-wfr3-2hj9", "level": "error", "message": {"text": "axios: GHSA-6chq-wfr3-2hj9"}, "properties": {"repobilityId": 138973, "scanner": "osv-scanner", "fingerprint": "3c78e142a8925736e1186a22665d6b1c3ab0c1704707a9ff9200a78d8c5283bc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42035"], "package": "axios", "rule_id": "GHSA-6chq-wfr3-2hj9", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42035|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-43fc-jf86-j433", "level": "error", "message": {"text": "axios: GHSA-43fc-jf86-j433"}, "properties": {"repobilityId": 138969, "scanner": "osv-scanner", "fingerprint": "7ac47c86c936e21dfa362fac3ec062f6a556a18c5f9658e4bcc50ae9698b545f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25639"], "package": "axios", "rule_id": "GHSA-43fc-jf86-j433", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-25639|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pjwm-pj3p-43mv", "level": "error", "message": {"text": "axios: GHSA-pjwm-pj3p-43mv"}, "properties": {"repobilityId": 138967, "scanner": "osv-scanner", "fingerprint": "9ac539e4d5ab5e97c9b91d6dcda1380eb740cdf37f47570d87e317a0cf64fa9f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44492"], "package": "axios", "rule_id": "GHSA-pjwm-pj3p-43mv", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2025-62718|defi/pnpm-lock.yaml", "duplicate_count": 2, "duplicate_rule_ids": ["GHSA-3p68-rc4w-qgx5", "GHSA-pjwm-pj3p-43mv", "GHSA-pmwg-cvhr-8vh7"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["88065746382798f4b91ba10e914e83c44a8ed29d4e9279d6b6c6adf1483d265b", "9ac539e4d5ab5e97c9b91d6dcda1380eb740cdf37f47570d87e317a0cf64fa9f", "f7aba2f9e0952f637d5d2429b4d54138f51558247839656329e3e42a0df88bbc"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3g43-6gmg-66jw", "level": "error", "message": {"text": "axios: GHSA-3g43-6gmg-66jw"}, "properties": {"repobilityId": 138966, "scanner": "osv-scanner", "fingerprint": "55fd974537fcf89efcb946067a8d1c558c64e834f4838518a95c3649103f8bd2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44495"], "package": "axios", "rule_id": "GHSA-3g43-6gmg-66jw", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44495|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-35jp-ww65-95wh", "level": "error", "message": {"text": "axios: GHSA-35jp-ww65-95wh"}, "properties": {"repobilityId": 138965, "scanner": "osv-scanner", "fingerprint": "5a4d446bda966b6d7e6321fc396ed6ab15eb4fdd754e76ca0bff3fb573535ec4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44494"], "package": "axios", "rule_id": "GHSA-35jp-ww65-95wh", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44494|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jg4p-7fhp-p32p", "level": "error", "message": {"text": "@hapi/content: GHSA-jg4p-7fhp-p32p"}, "properties": {"repobilityId": 138960, "scanner": "osv-scanner", "fingerprint": "374ea15c99a988b920f54e622774f46ac0f5794061ff10a389efa02794694c3b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-35213"], "package": "@hapi/content", "rule_id": "GHSA-jg4p-7fhp-p32p", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/content|CVE-2026-35213|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-36hh-x5p5-jgc8", "level": "error", "message": {"text": "@hapi/content: GHSA-36hh-x5p5-jgc8"}, "properties": {"repobilityId": 138959, "scanner": "osv-scanner", "fingerprint": "05f91b9b4b6b2da6f495fa1b21a994542d794542de2f814c617ea37b21b55cb5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44974"], "package": "@hapi/content", "rule_id": "GHSA-36hh-x5p5-jgc8", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/content|CVE-2026-44974|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fv7c-fp4j-7gwp", "level": "error", "message": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "properties": {"repobilityId": 138958, "scanner": "osv-scanner", "fingerprint": "6d14cbfccbe4f62782503cc1b02ec51a329f6162df1c9cef5ba702180d616af4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44728"], "package": "@babel/plugin-transform-modules-systemjs", "rule_id": "GHSA-fv7c-fp4j-7gwp", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-44728|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3h5v-q93c-6h6q", "level": "error", "message": {"text": "ws: GHSA-3h5v-q93c-6h6q"}, "properties": {"repobilityId": 138956, "scanner": "osv-scanner", "fingerprint": "8b4be0bbe4cb5ade33a2f3bd4a28e4206c1e4d6de6646d6f2bf0fb7a12c22d72", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-37890"], "package": "ws", "rule_id": "GHSA-3h5v-q93c-6h6q", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2024-37890|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j658-c2gf-x6pq", "level": "error", "message": {"text": "velocityjs: GHSA-j658-c2gf-x6pq"}, "properties": {"repobilityId": 138952, "scanner": "osv-scanner", "fingerprint": "c8c3a76e41df1d0af83f9a0029758884eacb7d1dce6e4f0a375d65e600ca99be", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44966"], "package": "velocityjs", "rule_id": "GHSA-j658-c2gf-x6pq", "scanner": "osv-scanner", "correlation_key": "vuln|velocityjs|CVE-2026-44966|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vghf-hv5q-vc2g", "level": "error", "message": {"text": "validator: GHSA-vghf-hv5q-vc2g"}, "properties": {"repobilityId": 138951, "scanner": "osv-scanner", "fingerprint": "c5fd280413ab746e85d48ad9e1fdfec4ec9f899af3eabdfce6f2554319d0954b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-12758"], "package": "validator", "rule_id": "GHSA-vghf-hv5q-vc2g", "scanner": "osv-scanner", "correlation_key": "vuln|validator|CVE-2025-12758|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vrm6-8vpv-qv8q", "level": "error", "message": {"text": "undici: GHSA-vrm6-8vpv-qv8q"}, "properties": {"repobilityId": 138948, "scanner": "osv-scanner", "fingerprint": "4dfbd997fac72ca04f0ff8a91286367ef45d062cca428868a59bd0a0dc0d99f2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1526"], "package": "undici", "rule_id": "GHSA-vrm6-8vpv-qv8q", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1526|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v9p9-hfj2-hcw8", "level": "error", "message": {"text": "undici: GHSA-v9p9-hfj2-hcw8"}, "properties": {"repobilityId": 138947, "scanner": "osv-scanner", "fingerprint": "4927cb4c8f422d025056e5a1467f70b1157fa20d5ca60e221d1edace5521cee3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2229"], "package": "undici", "rule_id": "GHSA-v9p9-hfj2-hcw8", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-2229|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q2pj-6v73-8rgj", "level": "error", "message": {"text": "typeorm: GHSA-q2pj-6v73-8rgj"}, "properties": {"repobilityId": 138941, "scanner": "osv-scanner", "fingerprint": "83c2e444f7c5bcc788d64f404c28066bfb5d3000df3accf18a8a26ba51b470eb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-60542"], "package": "typeorm", "rule_id": "GHSA-q2pj-6v73-8rgj", "scanner": "osv-scanner", "correlation_key": "vuln|typeorm|CVE-2025-60542|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ph9p-34f9-6g65", "level": "error", "message": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "properties": {"repobilityId": 138940, "scanner": "osv-scanner", "fingerprint": "656f8376050b4f7ca62ea4e0e1c66e86aa79ca6366f1db934b19b72199145964", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44705"], "package": "tmp", "rule_id": "GHSA-ph9p-34f9-6g65", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2026-44705|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r6q2-hw4h-h46w", "level": "error", "message": {"text": "tar: GHSA-r6q2-hw4h-h46w"}, "properties": {"repobilityId": 138938, "scanner": "osv-scanner", "fingerprint": "a1042559a51dcba8d41118deb013fa266d3afa66cc1fa06b60012cd3965bfa0b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-23950"], "package": "tar", "rule_id": "GHSA-r6q2-hw4h-h46w", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23950|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qffp-2rhf-9h96", "level": "error", "message": {"text": "tar: GHSA-qffp-2rhf-9h96"}, "properties": {"repobilityId": 138937, "scanner": "osv-scanner", "fingerprint": "ad6f3882a93fae69c06aba39317be522300e8d6d89769439b69abc0366384a3f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29786"], "package": "tar", "rule_id": "GHSA-qffp-2rhf-9h96", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-29786|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9ppj-qmqm-q256", "level": "error", "message": {"text": "tar: GHSA-9ppj-qmqm-q256"}, "properties": {"repobilityId": 138936, "scanner": "osv-scanner", "fingerprint": "ffd49e4c6452931696dc9f88ebd20a864a1d67be055ff96e9a3e51cd6b7444b2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-31802"], "package": "tar", "rule_id": "GHSA-9ppj-qmqm-q256", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-31802|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8qq5-rm4j-mr97", "level": "error", "message": {"text": "tar: GHSA-8qq5-rm4j-mr97"}, "properties": {"repobilityId": 138935, "scanner": "osv-scanner", "fingerprint": "6e7e4911814e4bbd104f71943790428f6def17e8ddf05820cb387f0246481913", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-23745"], "package": "tar", "rule_id": "GHSA-8qq5-rm4j-mr97", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23745|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-83g3-92jg-28cx", "level": "error", "message": {"text": "tar: GHSA-83g3-92jg-28cx"}, "properties": {"repobilityId": 138934, "scanner": "osv-scanner", "fingerprint": "6b0178d0f0a86e308d6caeeca443e0b4758f0f4f140d0412b27545f9a8d12d2a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26960"], "package": "tar", "rule_id": "GHSA-83g3-92jg-28cx", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-26960|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-34x7-hfp2-rc4v", "level": "error", "message": {"text": "tar: GHSA-34x7-hfp2-rc4v"}, "properties": {"repobilityId": 138933, "scanner": "osv-scanner", "fingerprint": "964e0155d5af02ddd1eb8dac4415c57cf40ef48432d2db43b8e51fef9d0d46df", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24842"], "package": "tar", "rule_id": "GHSA-34x7-hfp2-rc4v", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-24842|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wphj-fx3q-84ch", "level": "error", "message": {"text": "systeminformation: GHSA-wphj-fx3q-84ch"}, "properties": {"repobilityId": 138932, "scanner": "osv-scanner", "fingerprint": "b3818524b5769a29641cdb08a3f8ea620763b6cf257a55168d990e76c8dc5b94", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68154"], "package": "systeminformation", "rule_id": "GHSA-wphj-fx3q-84ch", "scanner": "osv-scanner", "correlation_key": "vuln|systeminformation|CVE-2025-68154|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hvx9-hwr7-wjj9", "level": "error", "message": {"text": "systeminformation: GHSA-hvx9-hwr7-wjj9"}, "properties": {"repobilityId": 138931, "scanner": "osv-scanner", "fingerprint": "73c7b00ae3698088782b9e298389b7cd2f6d57de8c4b42caf2e28d15019b42df", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44724"], "package": "systeminformation", "rule_id": "GHSA-hvx9-hwr7-wjj9", "scanner": "osv-scanner", "correlation_key": "vuln|systeminformation|CVE-2026-44724|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cvv5-9h9w-qp2m", "level": "error", "message": {"text": "systeminformation: GHSA-cvv5-9h9w-qp2m"}, "properties": {"repobilityId": 138930, "scanner": "osv-scanner", "fingerprint": "9756a119c3ca3cdfc502d28791b6d1db5ed9e3406699f741d641a669cec710ea", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-56334"], "package": "systeminformation", "rule_id": "GHSA-cvv5-9h9w-qp2m", "scanner": "osv-scanner", "correlation_key": "vuln|systeminformation|CVE-2024-56334|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9c88-49p5-5ggf", "level": "error", "message": {"text": "systeminformation: GHSA-9c88-49p5-5ggf"}, "properties": {"repobilityId": 138929, "scanner": "osv-scanner", "fingerprint": "3995699b52f7fb13602760d7f065f3abbbfc7e0f72e479772f08b1521b57d386", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26280"], "package": "systeminformation", "rule_id": "GHSA-9c88-49p5-5ggf", "scanner": "osv-scanner", "correlation_key": "vuln|systeminformation|CVE-2026-26280|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5vv4-hvf7-2h46", "level": "error", "message": {"text": "systeminformation: GHSA-5vv4-hvf7-2h46"}, "properties": {"repobilityId": 138928, "scanner": "osv-scanner", "fingerprint": "b6e63c582266cfff11a161a66f8a88bebffab8db823129b31dc3cea372b33578", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26318"], "package": "systeminformation", "rule_id": "GHSA-5vv4-hvf7-2h46", "scanner": "osv-scanner", "correlation_key": "vuln|systeminformation|CVE-2026-26318|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jcxm-m3jx-f287", "level": "error", "message": {"text": "simple-git: GHSA-jcxm-m3jx-f287"}, "properties": {"repobilityId": 138926, "scanner": "osv-scanner", "fingerprint": "2851a9f9b589364128df89eaeb842601faf37202faf64455387fa203f0ef99cf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-28291"], "package": "simple-git", "rule_id": "GHSA-jcxm-m3jx-f287", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2026-28291|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hffm-xvc3-vprc", "level": "error", "message": {"text": "simple-git: GHSA-hffm-xvc3-vprc"}, "properties": {"repobilityId": 138925, "scanner": "osv-scanner", "fingerprint": "9abed0aa55fd18b4cf2a43949d3ccbd387ad2ad6979e35a486fff6eb7e8e94a0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6951"], "package": "simple-git", "rule_id": "GHSA-hffm-xvc3-vprc", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2026-6951|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c6j-r48x-rmvq", "level": "error", "message": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "properties": {"repobilityId": 138922, "scanner": "osv-scanner", "fingerprint": "8637964aa9c57ff93ee8a68ec713005accf84d28a4ff89e7234c5ebf7c233b68", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "serialize-javascript", "rule_id": "GHSA-5c6j-r48x-rmvq", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|GHSA-5C6J-R48X-RMVQ|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6457-6jrx-69cr", "level": "error", "message": {"text": "sequelize: GHSA-6457-6jrx-69cr"}, "properties": {"repobilityId": 138921, "scanner": "osv-scanner", "fingerprint": "082f22f6db940d6058a6a4fa04bf2ab77b2f9ad33fc8b35f57a20db60f90b87a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-30951"], "package": "sequelize", "rule_id": "GHSA-6457-6jrx-69cr", "scanner": "osv-scanner", "correlation_key": "vuln|sequelize|CVE-2026-30951|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2qf-rxjj-qqgw", "level": "error", "message": {"text": "semver: GHSA-c2qf-rxjj-qqgw"}, "properties": {"repobilityId": 138920, "scanner": "osv-scanner", "fingerprint": "570ec995f97f5c3ab7bff523b58197d55826e829370c982ccfad1a7fb08c34f0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-25883"], "package": "semver", "rule_id": "GHSA-c2qf-rxjj-qqgw", "scanner": "osv-scanner", "correlation_key": "vuln|semver|CVE-2022-25883|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 138915, "scanner": "osv-scanner", "fingerprint": "0ba9a36594bd1b5ff5608d1f7e0b3791499365e8566a8cad4e57d50fca9dbc3e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 138913, "scanner": "osv-scanner", "fingerprint": "230ff7e5474cfc8af946aa133acc0223eb52ca5c4651cdc253fa3aec584b566d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 138912, "scanner": "osv-scanner", "fingerprint": "c4ef973dc1f137de194a9e9955c7df1c62bcad85cd108b283b54a91142acea57", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 138911, "scanner": "osv-scanner", "fingerprint": "dfcbcb3b9e668b85aa9bae3a7f2e805f85c0dcd423fccf03cfd03798e2c6b186", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 138908, "scanner": "osv-scanner", "fingerprint": "c8c6dd9c25ea42ecde886f3b86d654991a8027c33ac2cd600de56f047bfd9911", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-4800|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hw8r-x6gr-5gjp", "level": "error", "message": {"text": "jsonpath-plus: GHSA-hw8r-x6gr-5gjp"}, "properties": {"repobilityId": 138905, "scanner": "osv-scanner", "fingerprint": "c9716375f9e4addd26f4cddbf32be4a0dfa21b2f015b96f4ae84efbac27b4005", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-1302"], "package": "jsonpath-plus", "rule_id": "GHSA-hw8r-x6gr-5gjp", "scanner": "osv-scanner", "correlation_key": "vuln|jsonpath-plus|CVE-2025-1302|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5j98-mcp5-4vw2", "level": "error", "message": {"text": "glob: GHSA-5j98-mcp5-4vw2"}, "properties": {"repobilityId": 138902, "scanner": "osv-scanner", "fingerprint": "ac48db4486b7be8d921485db6eb89b4c8c29dc0d3f47fd8c41fae94c1668f145", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64756"], "package": "glob", "rule_id": "GHSA-5j98-mcp5-4vw2", "scanner": "osv-scanner", "correlation_key": "vuln|glob|CVE-2025-64756|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rf6f-7fwh-wjgh", "level": "error", "message": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "properties": {"repobilityId": 138898, "scanner": "osv-scanner", "fingerprint": "0b7410e2eeb8ad93f4dd724486fd6b7a4b07c235a4529109430ba1e5b66f9feb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33228"], "package": "flatted", "rule_id": "GHSA-rf6f-7fwh-wjgh", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-33228|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-25h7-pfq9-p65f", "level": "error", "message": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "properties": {"repobilityId": 138897, "scanner": "osv-scanner", "fingerprint": "f7c6afedaf590fb024e2d1f7d726533748f1f0e9376d4285c60b973cb7c989da", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-32141"], "package": "flatted", "rule_id": "GHSA-25h7-pfq9-p65f", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-32141|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8gc5-j5rx-235r", "level": "error", "message": {"text": "fast-xml-parser: GHSA-8gc5-j5rx-235r"}, "properties": {"repobilityId": 138891, "scanner": "osv-scanner", "fingerprint": "1b9771108a3b6f71bb0fb7b62d5a1a791ca3ffbd8200674ca87ba7642a2bb3a9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-33036"], "package": "fast-xml-parser", "rule_id": "GHSA-8gc5-j5rx-235r", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-26278|defi/package-lock.json", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-8gc5-j5rx-235r", "GHSA-jmr7-xgp7-cmfj"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1b9771108a3b6f71bb0fb7b62d5a1a791ca3ffbd8200674ca87ba7642a2bb3a9", "95e385e1f39c46ea502418ecad9ace1625c4ce36390ea727e65fc81d7f0db4d8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MAL-2022-2415", "level": "error", "message": {"text": "defillama-adapters: MAL-2022-2415"}, "properties": {"repobilityId": 138887, "scanner": "osv-scanner", "fingerprint": "a34f4a5cec09805c025f422ddef37880e59780dcc896efa6393568fd755cd405", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["GHSA-7g63-8cc5-vf9c"], "package": "defillama-adapters", "rule_id": "MAL-2022-2415", "scanner": "osv-scanner", "correlation_key": "vuln|defillama-adapters|GHSA-7G63-8CC5-VF9C|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3xgq-45jj-v275", "level": "error", "message": {"text": "cross-spawn: GHSA-3xgq-45jj-v275"}, "properties": {"repobilityId": 138886, "scanner": "osv-scanner", "fingerprint": "e97bf2ff0b2c742d55b197612694d35ae76736a5951e2cef417bc74643359a29", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21538"], "package": "cross-spawn", "rule_id": "GHSA-3xgq-45jj-v275", "scanner": "osv-scanner", "correlation_key": "vuln|cross-spawn|CVE-2024-21538|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-grv7-fg5c-xmjg", "level": "error", "message": {"text": "braces: GHSA-grv7-fg5c-xmjg"}, "properties": {"repobilityId": 138884, "scanner": "osv-scanner", "fingerprint": "0a046e41469c887840ab2bf0e7cecbbb50a30af81d0ea9b35d9224402a6a8251", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4068"], "package": "braces", "rule_id": "GHSA-grv7-fg5c-xmjg", "scanner": "osv-scanner", "correlation_key": "vuln|braces|CVE-2024-4068|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3gc7-fjrx-p6mg", "level": "error", "message": {"text": "bigint-buffer: GHSA-3gc7-fjrx-p6mg"}, "properties": {"repobilityId": 138880, "scanner": "osv-scanner", "fingerprint": "b6c8586a34040555e33d7172850aa3a536112e24c2fdbcb32ec56595169472a4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-3194"], "package": "bigint-buffer", "rule_id": "GHSA-3gc7-fjrx-p6mg", "scanner": "osv-scanner", "correlation_key": "vuln|bigint-buffer|CVE-2025-3194|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rpmf-866q-6p89", "level": "error", "message": {"text": "basic-ftp: GHSA-rpmf-866q-6p89"}, "properties": {"repobilityId": 138879, "scanner": "osv-scanner", "fingerprint": "6ae468b575f47f506aae00ee24592c1e955daf82fe8243ec179b94036d207bca", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44240"], "package": "basic-ftp", "rule_id": "GHSA-rpmf-866q-6p89", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-44240|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rp42-5vxx-qpwr", "level": "error", "message": {"text": "basic-ftp: GHSA-rp42-5vxx-qpwr"}, "properties": {"repobilityId": 138878, "scanner": "osv-scanner", "fingerprint": "6a886f28417b92573f5841ca1dc9662c3aeced1c81159968b1bc9462c3e81a65", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41324"], "package": "basic-ftp", "rule_id": "GHSA-rp42-5vxx-qpwr", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-41324|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6v7q-wjvx-w8wg", "level": "error", "message": {"text": "basic-ftp: GHSA-6v7q-wjvx-w8wg"}, "properties": {"repobilityId": 138877, "scanner": "osv-scanner", "fingerprint": "00170c6df1fda6d2bb46a1033ee16dd1c4d0796a049952b60f6e037021ae1e19", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "basic-ftp", "rule_id": "GHSA-6v7q-wjvx-w8wg", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|GHSA-6V7Q-WJVX-W8WG|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xq7p-g2vc-g82p", "level": "error", "message": {"text": "base-x: GHSA-xq7p-g2vc-g82p"}, "properties": {"repobilityId": 138875, "scanner": "osv-scanner", "fingerprint": "a7a7b39926c7fea5f2f2e49eee7bb22dea9a12cd7ec9f217715bd8a520f0b39d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27611"], "package": "base-x", "rule_id": "GHSA-xq7p-g2vc-g82p", "scanner": "osv-scanner", "correlation_key": "vuln|base-x|CVE-2025-27611|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8qp-cvcw-x6jj", "level": "error", "message": {"text": "axios: GHSA-q8qp-cvcw-x6jj"}, "properties": {"repobilityId": 138870, "scanner": "osv-scanner", "fingerprint": "947d49ce6bac29f0faa3ce17375b5a03cda88361f5b8f07830d36e71a06a1d44", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42264"], "package": "axios", "rule_id": "GHSA-q8qp-cvcw-x6jj", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42264|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pf86-5x62-jrwf", "level": "error", "message": {"text": "axios: GHSA-pf86-5x62-jrwf"}, "properties": {"repobilityId": 138869, "scanner": "osv-scanner", "fingerprint": "a9d2856fa4c95ca644ccc842361c4fd4c2e96dc423f62c33137e66aa2a6aaf0f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42033"], "package": "axios", "rule_id": "GHSA-pf86-5x62-jrwf", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42033|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-p92q-9vqr-4j8v", "level": "error", "message": {"text": "axios: GHSA-p92q-9vqr-4j8v"}, "properties": {"repobilityId": 138868, "scanner": "osv-scanner", "fingerprint": "e50578c500c08cc95b2699f9f70cef913ae63b531aef1aa6c296bfd891889914", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44487"], "package": "axios", "rule_id": "GHSA-p92q-9vqr-4j8v", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44487|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jr5f-v2jv-69x6", "level": "error", "message": {"text": "axios: GHSA-jr5f-v2jv-69x6"}, "properties": {"repobilityId": 138866, "scanner": "osv-scanner", "fingerprint": "e85aa0b170f76f872613d0ffed3502fac10212565214af7d1f918eeca8843c8c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27152"], "package": "axios", "rule_id": "GHSA-jr5f-v2jv-69x6", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2025-27152|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j5f8-grm9-p9fc", "level": "error", "message": {"text": "axios: GHSA-j5f8-grm9-p9fc"}, "properties": {"repobilityId": 138865, "scanner": "osv-scanner", "fingerprint": "5f99c05643cf7982fbb252d815ccd3db6e5d465e283bfb14eeb976c35b8c18c7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44486"], "package": "axios", "rule_id": "GHSA-j5f8-grm9-p9fc", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44486|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hfxv-24rg-xrqf", "level": "error", "message": {"text": "axios: GHSA-hfxv-24rg-xrqf"}, "properties": {"repobilityId": 138864, "scanner": "osv-scanner", "fingerprint": "1108301d80525c70f9620d149fe5935f80e40ababe2e79755642dc0dafcea24f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44496"], "package": "axios", "rule_id": "GHSA-hfxv-24rg-xrqf", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44496|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8hc4-vh64-cxmj", "level": "error", "message": {"text": "axios: GHSA-8hc4-vh64-cxmj"}, "properties": {"repobilityId": 138862, "scanner": "osv-scanner", "fingerprint": "7730ad500fb9a58ac67ca14a31d7c38614648f4d286617164de483db47e2bf2e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-39338"], "package": "axios", "rule_id": "GHSA-8hc4-vh64-cxmj", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2024-39338|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-777c-7fjr-54vf", "level": "error", "message": {"text": "axios: GHSA-777c-7fjr-54vf"}, "properties": {"repobilityId": 138860, "scanner": "osv-scanner", "fingerprint": "75b7d3d8a81c91b18fdda9729aabdd06da3525e29aa362bdb0d4c7fc58806350", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44488"], "package": "axios", "rule_id": "GHSA-777c-7fjr-54vf", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44488|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6chq-wfr3-2hj9", "level": "error", "message": {"text": "axios: GHSA-6chq-wfr3-2hj9"}, "properties": {"repobilityId": 138859, "scanner": "osv-scanner", "fingerprint": "d03c9b9dadbee53e4163b63231e22686d56f7e30357faba48cb8577f52441a02", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42035"], "package": "axios", "rule_id": "GHSA-6chq-wfr3-2hj9", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42035|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4hjh-wcwx-xvwj", "level": "error", "message": {"text": "axios: GHSA-4hjh-wcwx-xvwj"}, "properties": {"repobilityId": 138856, "scanner": "osv-scanner", "fingerprint": "6bf6d8fe40cb3e060c1c8373f0de7b47d4658e2cdad8be5db6019d5c0323e0b2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-58754"], "package": "axios", "rule_id": "GHSA-4hjh-wcwx-xvwj", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2025-58754|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-43fc-jf86-j433", "level": "error", "message": {"text": "axios: GHSA-43fc-jf86-j433"}, "properties": {"repobilityId": 138854, "scanner": "osv-scanner", "fingerprint": "52b646cb9efd64fa2e3eec53f6afba68b998e2077e82101c42c88a472cd3a3b4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25639"], "package": "axios", "rule_id": "GHSA-43fc-jf86-j433", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-25639|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pjwm-pj3p-43mv", "level": "error", "message": {"text": "axios: GHSA-pjwm-pj3p-43mv"}, "properties": {"repobilityId": 138852, "scanner": "osv-scanner", "fingerprint": "1112f9a5a72601e8852b1bd6935acf9cdc0b28e22756309ce6a05580cef02de3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44492"], "package": "axios", "rule_id": "GHSA-pjwm-pj3p-43mv", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2025-62718|defi/package-lock.json", "duplicate_count": 2, "duplicate_rule_ids": ["GHSA-3p68-rc4w-qgx5", "GHSA-pjwm-pj3p-43mv", "GHSA-pmwg-cvhr-8vh7"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1112f9a5a72601e8852b1bd6935acf9cdc0b28e22756309ce6a05580cef02de3", "95ab935b658d75b8d063dd207e8f4694c26d7466b10badf6e3328d28f3d03b94", "dd1bc57fd73d29aeeede3aa94cd3366c3caf10ecd2e1adb4e8a55353914682cf"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3g43-6gmg-66jw", "level": "error", "message": {"text": "axios: GHSA-3g43-6gmg-66jw"}, "properties": {"repobilityId": 138851, "scanner": "osv-scanner", "fingerprint": "d094b4562d88a6dbb40a3beb646b24c4e950736d9d2eba6cd07d1d5cbb704034", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44495"], "package": "axios", "rule_id": "GHSA-3g43-6gmg-66jw", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44495|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-35jp-ww65-95wh", "level": "error", "message": {"text": "axios: GHSA-35jp-ww65-95wh"}, "properties": {"repobilityId": 138850, "scanner": "osv-scanner", "fingerprint": "b710991f7c784a429ca504816ca2888d4d5cb1215111de185ababc446dcc025d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44494"], "package": "axios", "rule_id": "GHSA-35jp-ww65-95wh", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44494|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jg4p-7fhp-p32p", "level": "error", "message": {"text": "@hapi/content: GHSA-jg4p-7fhp-p32p"}, "properties": {"repobilityId": 138845, "scanner": "osv-scanner", "fingerprint": "df56ac45c7e3b3fe9bd4275759890b55db7c21579dc116eb31f1f76d73b3f61b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-35213"], "package": "@hapi/content", "rule_id": "GHSA-jg4p-7fhp-p32p", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/content|CVE-2026-35213|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-36hh-x5p5-jgc8", "level": "error", "message": {"text": "@hapi/content: GHSA-36hh-x5p5-jgc8"}, "properties": {"repobilityId": 138844, "scanner": "osv-scanner", "fingerprint": "96703f16f6051562f0da5073b57c87d55ea950a2552c70a310b2f4af08925c81", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44974"], "package": "@hapi/content", "rule_id": "GHSA-36hh-x5p5-jgc8", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/content|CVE-2026-44974|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fv7c-fp4j-7gwp", "level": "error", "message": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "properties": {"repobilityId": 138842, "scanner": "osv-scanner", "fingerprint": "1dabf5fa188e81afab872f7ae94925d889861ba58d3594c3bd16503997744957", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44728"], "package": "@babel/plugin-transform-modules-systemjs", "rule_id": "GHSA-fv7c-fp4j-7gwp", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-44728|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j658-c2gf-x6pq", "level": "error", "message": {"text": "velocityjs: GHSA-j658-c2gf-x6pq"}, "properties": {"repobilityId": 138837, "scanner": "osv-scanner", "fingerprint": "27824184334899f873783769fd59a015966b5bfa35fec421f3c060daad6e6d93", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44966"], "package": "velocityjs", "rule_id": "GHSA-j658-c2gf-x6pq", "scanner": "osv-scanner", "correlation_key": "vuln|velocityjs|CVE-2026-44966|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vrm6-8vpv-qv8q", "level": "error", "message": {"text": "undici: GHSA-vrm6-8vpv-qv8q"}, "properties": {"repobilityId": 138835, "scanner": "osv-scanner", "fingerprint": "9debb80c5f24caaaf5075f9312752f9eeb28d0bc3e4ccb933dea4d59d69a67b3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1526"], "package": "undici", "rule_id": "GHSA-vrm6-8vpv-qv8q", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1526|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v9p9-hfj2-hcw8", "level": "error", "message": {"text": "undici: GHSA-v9p9-hfj2-hcw8"}, "properties": {"repobilityId": 138834, "scanner": "osv-scanner", "fingerprint": "cbfba7c0b2389da3cb3b11c9af1a3ba2a2b8c6bcec5727e2bc3db673b12e3f87", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2229"], "package": "undici", "rule_id": "GHSA-v9p9-hfj2-hcw8", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-2229|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f269-vfmq-vjvj", "level": "error", "message": {"text": "undici: GHSA-f269-vfmq-vjvj"}, "properties": {"repobilityId": 138832, "scanner": "osv-scanner", "fingerprint": "bcf9c49b1b79952c2fc8405ab04e79507e22512d6e081104ef8c4f048741d069", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1528"], "package": "undici", "rule_id": "GHSA-f269-vfmq-vjvj", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1528|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ph9p-34f9-6g65", "level": "error", "message": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "properties": {"repobilityId": 138829, "scanner": "osv-scanner", "fingerprint": "698587b21568f3b711143f9516336599ea32272c051c439ec2ba657867e9504a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44705"], "package": "tmp", "rule_id": "GHSA-ph9p-34f9-6g65", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2026-44705|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r6q2-hw4h-h46w", "level": "error", "message": {"text": "tar: GHSA-r6q2-hw4h-h46w"}, "properties": {"repobilityId": 138827, "scanner": "osv-scanner", "fingerprint": "e894b0557d59d5f03b791920b9253bd9dc39af3b9892bc3ba0d1b3d3ee69966f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-23950"], "package": "tar", "rule_id": "GHSA-r6q2-hw4h-h46w", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23950|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qffp-2rhf-9h96", "level": "error", "message": {"text": "tar: GHSA-qffp-2rhf-9h96"}, "properties": {"repobilityId": 138826, "scanner": "osv-scanner", "fingerprint": "d8aaf2a509305115b13634894fa4d43690dcf58f34dbbd5809d6a08c0ae647b6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29786"], "package": "tar", "rule_id": "GHSA-qffp-2rhf-9h96", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-29786|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9ppj-qmqm-q256", "level": "error", "message": {"text": "tar: GHSA-9ppj-qmqm-q256"}, "properties": {"repobilityId": 138825, "scanner": "osv-scanner", "fingerprint": "a17dca7f141289034f4a6012e387da62943079137429d71fe56be6269eef31d2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-31802"], "package": "tar", "rule_id": "GHSA-9ppj-qmqm-q256", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-31802|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8qq5-rm4j-mr97", "level": "error", "message": {"text": "tar: GHSA-8qq5-rm4j-mr97"}, "properties": {"repobilityId": 138824, "scanner": "osv-scanner", "fingerprint": "34fec9e9967ad60492d45f57ac903d6379f53f274688c38809c23c88c312c567", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-23745"], "package": "tar", "rule_id": "GHSA-8qq5-rm4j-mr97", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23745|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-83g3-92jg-28cx", "level": "error", "message": {"text": "tar: GHSA-83g3-92jg-28cx"}, "properties": {"repobilityId": 138823, "scanner": "osv-scanner", "fingerprint": "d892541ef7698f15699d1e1407613f4be2d01fd260fab8fdfcfe614245bc1a77", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26960"], "package": "tar", "rule_id": "GHSA-83g3-92jg-28cx", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-26960|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-34x7-hfp2-rc4v", "level": "error", "message": {"text": "tar: GHSA-34x7-hfp2-rc4v"}, "properties": {"repobilityId": 138822, "scanner": "osv-scanner", "fingerprint": "bad147af2e81c4cf984bf091c2cad0ee80e60876e50d3a69dffdb26e70955708", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24842"], "package": "tar", "rule_id": "GHSA-34x7-hfp2-rc4v", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-24842|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-677m-j7p3-52f9", "level": "error", "message": {"text": "socket.io-parser: GHSA-677m-j7p3-52f9"}, "properties": {"repobilityId": 138821, "scanner": "osv-scanner", "fingerprint": "e559e8c35e2d380290c8e0a60de36bdfb7b723056623b216cecc612d2b65b849", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33151"], "package": "socket.io-parser", "rule_id": "GHSA-677m-j7p3-52f9", "scanner": "osv-scanner", "correlation_key": "vuln|socket.io-parser|CVE-2026-33151|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jcxm-m3jx-f287", "level": "error", "message": {"text": "simple-git: GHSA-jcxm-m3jx-f287"}, "properties": {"repobilityId": 138819, "scanner": "osv-scanner", "fingerprint": "cf4c51ec13fc83794580c343b64508b502d4fce9b0874cf833e741b028ad7a85", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-28291"], "package": "simple-git", "rule_id": "GHSA-jcxm-m3jx-f287", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2026-28291|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hffm-xvc3-vprc", "level": "error", "message": {"text": "simple-git: GHSA-hffm-xvc3-vprc"}, "properties": {"repobilityId": 138818, "scanner": "osv-scanner", "fingerprint": "5ae008d3e219ac557c2643accd786ebbcff5667954602e05b135eb3d9c5ee1e7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6951"], "package": "simple-git", "rule_id": "GHSA-hffm-xvc3-vprc", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2026-6951|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9p95-fxvg-qgq2", "level": "error", "message": {"text": "simple-git: GHSA-9p95-fxvg-qgq2"}, "properties": {"repobilityId": 138816, "scanner": "osv-scanner", "fingerprint": "8cc35c3bb6df5e0d1f6145942d0fc913d511ba31ff083453725a3307e86d149c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-25912"], "package": "simple-git", "rule_id": "GHSA-9p95-fxvg-qgq2", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2022-25912|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3f95-r44v-8mrg", "level": "error", "message": {"text": "simple-git: GHSA-3f95-r44v-8mrg"}, "properties": {"repobilityId": 138815, "scanner": "osv-scanner", "fingerprint": "5c2f9d2303ceaa32e266fd17eb6c8a7fa9d21b48620bec080b49b55f00f1ed7d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-24433"], "package": "simple-git", "rule_id": "GHSA-3f95-r44v-8mrg", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2022-24433|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-28xr-mwxg-3qc8", "level": "error", "message": {"text": "simple-git: GHSA-28xr-mwxg-3qc8"}, "properties": {"repobilityId": 138814, "scanner": "osv-scanner", "fingerprint": "db20bafdf3bbc49b3011464ec53a7dfb209a1c519c6b1294d99ab09b0fbe0003", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-24066"], "package": "simple-git", "rule_id": "GHSA-28xr-mwxg-3qc8", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2022-24066|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jvwf-75h9-cwgg", "level": "error", "message": {"text": "protobufjs: GHSA-jvwf-75h9-cwgg"}, "properties": {"repobilityId": 138807, "scanner": "osv-scanner", "fingerprint": "09cf757392d21c4229845acdc06d829765eb9201ef5fb92c09174b3ca6d1b361", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44290"], "package": "protobufjs", "rule_id": "GHSA-jvwf-75h9-cwgg", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44290|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-75px-5xx7-5xc7", "level": "error", "message": {"text": "protobufjs: GHSA-75px-5xx7-5xc7"}, "properties": {"repobilityId": 138804, "scanner": "osv-scanner", "fingerprint": "89e09c88c8f66542dd0473e2a1937eca4d97a895eac651a27b7f1c1ca04775ab", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44291"], "package": "protobufjs", "rule_id": "GHSA-75px-5xx7-5xc7", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44291|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-685m-2w69-288q", "level": "error", "message": {"text": "protobufjs: GHSA-685m-2w69-288q"}, "properties": {"repobilityId": 138803, "scanner": "osv-scanner", "fingerprint": "1b0139b17b927a08847d3d7a9481894604768fdbfd6140de5c881b7d76fe4015", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44289"], "package": "protobufjs", "rule_id": "GHSA-685m-2w69-288q", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44289|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-66ff-xgx4-vchm", "level": "error", "message": {"text": "protobufjs: GHSA-66ff-xgx4-vchm"}, "properties": {"repobilityId": 138802, "scanner": "osv-scanner", "fingerprint": "81416787d909df6c60e90a2f295ad557e08ba81eca005e4c7c3f4ad7c45dfd18", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44293"], "package": "protobufjs", "rule_id": "GHSA-66ff-xgx4-vchm", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44293|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 138800, "scanner": "osv-scanner", "fingerprint": "e7c889e4b739ed3bb6aa5ab207a1ee0880765f0e9bcd73d71d5eca22d0b3d4c6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 138797, "scanner": "osv-scanner", "fingerprint": "4040e42f8d5ba3d74aab20a16f4fcbe18e355c9cf9e3e831ba63e944ecb679f0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 138796, "scanner": "osv-scanner", "fingerprint": "a68103334b36c31e36fdab5a9b74690bd6eddf26101d5480f6bd85a293499809", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 138795, "scanner": "osv-scanner", "fingerprint": "1556976a89d163989fd3991571db0118a2913defe3869ecb5b06b85e3102fe7f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 138793, "scanner": "osv-scanner", "fingerprint": "a53b7932c5789c3a5ae2fb5492e04d7315cf2960fa0ef3236105919709cd6e0e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-4800|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-869p-cjfg-cm3x", "level": "error", "message": {"text": "jws: GHSA-869p-cjfg-cm3x"}, "properties": {"repobilityId": 138791, "scanner": "osv-scanner", "fingerprint": "e9c7a40d40c52213e8c1dbe13b961210f945e22487db6ef6f3f56a87b51c91b6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-65945"], "package": "jws", "rule_id": "GHSA-869p-cjfg-cm3x", "scanner": "osv-scanner", "correlation_key": "vuln|jws|CVE-2025-65945|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8cf7-32gw-wr33", "level": "error", "message": {"text": "jsonwebtoken: GHSA-8cf7-32gw-wr33"}, "properties": {"repobilityId": 138788, "scanner": "osv-scanner", "fingerprint": "6d5b8e76b6d4f904c84a6438b3aa9bbae5745db7a22dddaea5baba3bdaa13639", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-23539"], "package": "jsonwebtoken", "rule_id": "GHSA-8cf7-32gw-wr33", "scanner": "osv-scanner", "correlation_key": "vuln|jsonwebtoken|CVE-2022-23539|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hw8r-x6gr-5gjp", "level": "error", "message": {"text": "jsonpath-plus: GHSA-hw8r-x6gr-5gjp"}, "properties": {"repobilityId": 138786, "scanner": "osv-scanner", "fingerprint": "2128be15f901a01ec20d1c8de290103ceb55ad3ee56bd5d57ff2762252b313fc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-1302"], "package": "jsonpath-plus", "rule_id": "GHSA-hw8r-x6gr-5gjp", "scanner": "osv-scanner", "correlation_key": "vuln|jsonpath-plus|CVE-2025-1302|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xjpj-3mr7-gcpf", "level": "error", "message": {"text": "handlebars: GHSA-xjpj-3mr7-gcpf"}, "properties": {"repobilityId": 138784, "scanner": "osv-scanner", "fingerprint": "57f72691bafbd5078ecc4fd33bf023cc3bd1c17e37556877d64a3c212991d695", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33941"], "package": "handlebars", "rule_id": "GHSA-xjpj-3mr7-gcpf", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33941|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xhpv-hc6g-r9c6", "level": "error", "message": {"text": "handlebars: GHSA-xhpv-hc6g-r9c6"}, "properties": {"repobilityId": 138783, "scanner": "osv-scanner", "fingerprint": "d4d32f9afd35d07ada09b977eae7c47753178f84aae4b73238327b21ff81a16a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33940"], "package": "handlebars", "rule_id": "GHSA-xhpv-hc6g-r9c6", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33940|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9cx6-37pm-9jff", "level": "error", "message": {"text": "handlebars: GHSA-9cx6-37pm-9jff"}, "properties": {"repobilityId": 138782, "scanner": "osv-scanner", "fingerprint": "88f1d16a9a46042f5fb3be0dbcfdecdacbb02f877e0117a841ab3da8bcbc72a2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33939"], "package": "handlebars", "rule_id": "GHSA-9cx6-37pm-9jff", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33939|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3mfm-83xf-c92r", "level": "error", "message": {"text": "handlebars: GHSA-3mfm-83xf-c92r"}, "properties": {"repobilityId": 138779, "scanner": "osv-scanner", "fingerprint": "60435e1ce8eb44a622a099f87acde6a14e922564e96e1c41b5040dc45cfc7122", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33938"], "package": "handlebars", "rule_id": "GHSA-3mfm-83xf-c92r", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33938|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "MAL-2025-21003", "level": "error", "message": {"text": "fs: MAL-2025-21003"}, "properties": {"repobilityId": 138775, "scanner": "osv-scanner", "fingerprint": "d5b6a95cda55696513454c6e589846b8df07fa2eae43bd0bca98c7f57202ed51", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "fs", "rule_id": "MAL-2025-21003", "scanner": "osv-scanner", "correlation_key": "fp|d5b6a95cda55696513454c6e589846b8df07fa2eae43bd0bca98c7f57202ed51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8gc5-j5rx-235r", "level": "error", "message": {"text": "fast-xml-parser: GHSA-8gc5-j5rx-235r"}, "properties": {"repobilityId": 138768, "scanner": "osv-scanner", "fingerprint": "3262bbf8891f1a52162b60b3207440016216a6629004d02831976a9a9f44dfb4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-33036"], "package": "fast-xml-parser", "rule_id": "GHSA-8gc5-j5rx-235r", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-26278|coins/pnpm-lock.yaml", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-8gc5-j5rx-235r", "GHSA-jmr7-xgp7-cmfj"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["3262bbf8891f1a52162b60b3207440016216a6629004d02831976a9a9f44dfb4", "b1f7a85293531a9cb794d6266b278db92fa24b012a6a1487303cd50a1e38761e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-37qj-frw5-hhjh", "level": "error", "message": {"text": "fast-xml-parser: GHSA-37qj-frw5-hhjh"}, "properties": {"repobilityId": 138767, "scanner": "osv-scanner", "fingerprint": "5e3eb21d7908e577c575083537d78c254ca0c2c78ed031a9ad9229b238af9fa7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25128"], "package": "fast-xml-parser", "rule_id": "GHSA-37qj-frw5-hhjh", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-25128|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38f7-945m-qr2g", "level": "error", "message": {"text": "effect: GHSA-38f7-945m-qr2g"}, "properties": {"repobilityId": 138765, "scanner": "osv-scanner", "fingerprint": "b607890f984b9bc71741d1b11f51b1bd580d5f8d680e1d5ac1ebe5a85c00c744", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-32887"], "package": "effect", "rule_id": "GHSA-38f7-945m-qr2g", "scanner": "osv-scanner", "correlation_key": "vuln|effect|CVE-2026-32887|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8qp-cvcw-x6jj", "level": "error", "message": {"text": "axios: GHSA-q8qp-cvcw-x6jj"}, "properties": {"repobilityId": 138756, "scanner": "osv-scanner", "fingerprint": "2102ddcec89be9bc9fd67dc69c759f1f6c1c1debf2ba0a8df20d2b2637aa3649", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42264"], "package": "axios", "rule_id": "GHSA-q8qp-cvcw-x6jj", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42264|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pf86-5x62-jrwf", "level": "error", "message": {"text": "axios: GHSA-pf86-5x62-jrwf"}, "properties": {"repobilityId": 138755, "scanner": "osv-scanner", "fingerprint": "f38bd6962fb288cad2615d6a40bc09ec19b97a552777bf3993c580dfbdfe0673", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42033"], "package": "axios", "rule_id": "GHSA-pf86-5x62-jrwf", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42033|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-p92q-9vqr-4j8v", "level": "error", "message": {"text": "axios: GHSA-p92q-9vqr-4j8v"}, "properties": {"repobilityId": 138754, "scanner": "osv-scanner", "fingerprint": "4a0fa0e17951e98d5d743a19ecdfac00a36105eb0433475c3038741b18e87591", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44487"], "package": "axios", "rule_id": "GHSA-p92q-9vqr-4j8v", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44487|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j5f8-grm9-p9fc", "level": "error", "message": {"text": "axios: GHSA-j5f8-grm9-p9fc"}, "properties": {"repobilityId": 138752, "scanner": "osv-scanner", "fingerprint": "4494363f6b38f10cafa23f0d065dd5dd9bcdc8eef9be65c2c833403bdfc82fc6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44486"], "package": "axios", "rule_id": "GHSA-j5f8-grm9-p9fc", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44486|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hfxv-24rg-xrqf", "level": "error", "message": {"text": "axios: GHSA-hfxv-24rg-xrqf"}, "properties": {"repobilityId": 138751, "scanner": "osv-scanner", "fingerprint": "24f55a5bfbb8e68947b46b8c301d00b879dd4db43ea096b343b402611e366e35", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44496"], "package": "axios", "rule_id": "GHSA-hfxv-24rg-xrqf", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44496|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-777c-7fjr-54vf", "level": "error", "message": {"text": "axios: GHSA-777c-7fjr-54vf"}, "properties": {"repobilityId": 138748, "scanner": "osv-scanner", "fingerprint": "daa09b340bd87b660e64e277df55a5ad15dc3f830066b3684218d7fafdf53652", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44488"], "package": "axios", "rule_id": "GHSA-777c-7fjr-54vf", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44488|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6chq-wfr3-2hj9", "level": "error", "message": {"text": "axios: GHSA-6chq-wfr3-2hj9"}, "properties": {"repobilityId": 138747, "scanner": "osv-scanner", "fingerprint": "872ccc84d34e66de35f33d1538c89d78fbe7ca3f61a45bd17962fcc7443592f0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42035"], "package": "axios", "rule_id": "GHSA-6chq-wfr3-2hj9", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42035|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-43fc-jf86-j433", "level": "error", "message": {"text": "axios: GHSA-43fc-jf86-j433"}, "properties": {"repobilityId": 138743, "scanner": "osv-scanner", "fingerprint": "b56580f9088420394ff7dc3cc21ab560671fc70639eab5696ba3e61a24290830", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25639"], "package": "axios", "rule_id": "GHSA-43fc-jf86-j433", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-25639|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pjwm-pj3p-43mv", "level": "error", "message": {"text": "axios: GHSA-pjwm-pj3p-43mv"}, "properties": {"repobilityId": 138741, "scanner": "osv-scanner", "fingerprint": "44f18cfd41a4ac0ed90e0f3e64ec7ba45cc0ac4d90c18b5b7c70dd0fba0cd697", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44492"], "package": "axios", "rule_id": "GHSA-pjwm-pj3p-43mv", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2025-62718|coins/pnpm-lock.yaml", "duplicate_count": 2, "duplicate_rule_ids": ["GHSA-3p68-rc4w-qgx5", "GHSA-pjwm-pj3p-43mv", "GHSA-pmwg-cvhr-8vh7"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["44f18cfd41a4ac0ed90e0f3e64ec7ba45cc0ac4d90c18b5b7c70dd0fba0cd697", "55393f4c5ffc6f4f668caea54f818c90ac6a1368860035cf365f0c6b4f110584", "e91bc1b06b23d54d569dd81ccdcae7d12245a5bab6cfe0f17faafb52e29226d3"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3g43-6gmg-66jw", "level": "error", "message": {"text": "axios: GHSA-3g43-6gmg-66jw"}, "properties": {"repobilityId": 138740, "scanner": "osv-scanner", "fingerprint": "fb6eb2ebd8768f92a4c64c0b0b41be664576bb316aab25bd64feecca915993f5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44495"], "package": "axios", "rule_id": "GHSA-3g43-6gmg-66jw", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44495|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-35jp-ww65-95wh", "level": "error", "message": {"text": "axios: GHSA-35jp-ww65-95wh"}, "properties": {"repobilityId": 138739, "scanner": "osv-scanner", "fingerprint": "ff8e1e98fd9693596f9c4b8071869873a7c89713e5718a7c0826144bd8771743", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44494"], "package": "axios", "rule_id": "GHSA-35jp-ww65-95wh", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44494|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-g9cg-h3jm-cwrc", "level": "error", "message": {"text": "@hapi/pez: GHSA-g9cg-h3jm-cwrc"}, "properties": {"repobilityId": 138733, "scanner": "osv-scanner", "fingerprint": "745d8659842440ad7fd79ab85c8030944b1c2e2b2827935795e3dbd1e2dec610", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "@hapi/pez", "rule_id": "GHSA-g9cg-h3jm-cwrc", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/pez|GHSA-G9CG-H3JM-CWRC|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jg4p-7fhp-p32p", "level": "error", "message": {"text": "@hapi/content: GHSA-jg4p-7fhp-p32p"}, "properties": {"repobilityId": 138732, "scanner": "osv-scanner", "fingerprint": "f18effee06ba93f0187846f7264242b74156edf3a4d464da968ddf80d001812e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-35213"], "package": "@hapi/content", "rule_id": "GHSA-jg4p-7fhp-p32p", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/content|CVE-2026-35213|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3wqh-h42r-x8fq", "level": "error", "message": {"text": "@hapi/content: GHSA-3wqh-h42r-x8fq"}, "properties": {"repobilityId": 138731, "scanner": "osv-scanner", "fingerprint": "cac21d70ceff84aadc17e0817cd38de48a40abe26c933f97f6e59cfa7b6b018e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "@hapi/content", "rule_id": "GHSA-3wqh-h42r-x8fq", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/content|GHSA-3WQH-H42R-X8FQ|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-36hh-x5p5-jgc8", "level": "error", "message": {"text": "@hapi/content: GHSA-36hh-x5p5-jgc8"}, "properties": {"repobilityId": 138730, "scanner": "osv-scanner", "fingerprint": "b52744c130fa13274b1fcc373fc6bfd87d3080ab31aea18050277e431740c7e8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44974"], "package": "@hapi/content", "rule_id": "GHSA-36hh-x5p5-jgc8", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/content|CVE-2026-44974|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fv7c-fp4j-7gwp", "level": "error", "message": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "properties": {"repobilityId": 138729, "scanner": "osv-scanner", "fingerprint": "144ad619265b5033008a70fbc91adc3a13169ab2df2e4c9ca598120d837e4bc0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44728"], "package": "@babel/plugin-transform-modules-systemjs", "rule_id": "GHSA-fv7c-fp4j-7gwp", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-44728|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j658-c2gf-x6pq", "level": "error", "message": {"text": "velocityjs: GHSA-j658-c2gf-x6pq"}, "properties": {"repobilityId": 138725, "scanner": "osv-scanner", "fingerprint": "a0fad5123f5d9c80cce451c6fbe7a15510da6b36f8b8c894b33a5caf02dffdf8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44966"], "package": "velocityjs", "rule_id": "GHSA-j658-c2gf-x6pq", "scanner": "osv-scanner", "correlation_key": "vuln|velocityjs|CVE-2026-44966|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vrm6-8vpv-qv8q", "level": "error", "message": {"text": "undici: GHSA-vrm6-8vpv-qv8q"}, "properties": {"repobilityId": 138723, "scanner": "osv-scanner", "fingerprint": "9e94e01e6952c523bb20979a404e116607a203b9d4a654d0efecd920b28c261d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1526"], "package": "undici", "rule_id": "GHSA-vrm6-8vpv-qv8q", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1526|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v9p9-hfj2-hcw8", "level": "error", "message": {"text": "undici: GHSA-v9p9-hfj2-hcw8"}, "properties": {"repobilityId": 138722, "scanner": "osv-scanner", "fingerprint": "65cbf7dfd2ececdfaf98108544b3dad3d02c9414301cd423677bf8d529b52fb2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2229"], "package": "undici", "rule_id": "GHSA-v9p9-hfj2-hcw8", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-2229|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f269-vfmq-vjvj", "level": "error", "message": {"text": "undici: GHSA-f269-vfmq-vjvj"}, "properties": {"repobilityId": 138720, "scanner": "osv-scanner", "fingerprint": "eb812a221f3d3591b3a428e5a8f09a074d887e8d1c1880d74d44d2d330df147e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1528"], "package": "undici", "rule_id": "GHSA-f269-vfmq-vjvj", "scanner": "osv-scanner", "correlation_key": "vuln|undici|CVE-2026-1528|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ph9p-34f9-6g65", "level": "error", "message": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "properties": {"repobilityId": 138716, "scanner": "osv-scanner", "fingerprint": "135eac612da93805c217b000c2532cba755dc75d1d56073e248b73225aeb52ec", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44705"], "package": "tmp", "rule_id": "GHSA-ph9p-34f9-6g65", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2026-44705|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vj76-c3g6-qr5v", "level": "error", "message": {"text": "tar-fs: GHSA-vj76-c3g6-qr5v"}, "properties": {"repobilityId": 138714, "scanner": "osv-scanner", "fingerprint": "0045158e0317d59f989e1c3519d21176ac69b2c92c8591a04763a2f8600cbaae", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-59343"], "package": "tar-fs", "rule_id": "GHSA-vj76-c3g6-qr5v", "scanner": "osv-scanner", "correlation_key": "vuln|tar-fs|CVE-2025-59343|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pq67-2wwv-3xjx", "level": "error", "message": {"text": "tar-fs: GHSA-pq67-2wwv-3xjx"}, "properties": {"repobilityId": 138713, "scanner": "osv-scanner", "fingerprint": "9d51e9a0e34a85d5e6e5bed2430cc5ad323486477d04efd936377434f5a6b96f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-12905"], "package": "tar-fs", "rule_id": "GHSA-pq67-2wwv-3xjx", "scanner": "osv-scanner", "correlation_key": "vuln|tar-fs|CVE-2024-12905|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8cj5-5rvv-wf4v", "level": "error", "message": {"text": "tar-fs: GHSA-8cj5-5rvv-wf4v"}, "properties": {"repobilityId": 138712, "scanner": "osv-scanner", "fingerprint": "385e5cc599dd8405fd453dfb9e03a7225ea5589b0f12d7f480a07d56e5b756ac", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-48387"], "package": "tar-fs", "rule_id": "GHSA-8cj5-5rvv-wf4v", "scanner": "osv-scanner", "correlation_key": "vuln|tar-fs|CVE-2025-48387|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r6q2-hw4h-h46w", "level": "error", "message": {"text": "tar: GHSA-r6q2-hw4h-h46w"}, "properties": {"repobilityId": 138711, "scanner": "osv-scanner", "fingerprint": "7aaa7ce358f050e5c9b79840e86c68ccadf31682d134281e753d7247479401f9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-23950"], "package": "tar", "rule_id": "GHSA-r6q2-hw4h-h46w", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23950|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qffp-2rhf-9h96", "level": "error", "message": {"text": "tar: GHSA-qffp-2rhf-9h96"}, "properties": {"repobilityId": 138710, "scanner": "osv-scanner", "fingerprint": "e09b99220801ff637bfaaf9dea89f2b402c35c81d19b7a3d5697ee5b2c29d0a7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29786"], "package": "tar", "rule_id": "GHSA-qffp-2rhf-9h96", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-29786|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9ppj-qmqm-q256", "level": "error", "message": {"text": "tar: GHSA-9ppj-qmqm-q256"}, "properties": {"repobilityId": 138709, "scanner": "osv-scanner", "fingerprint": "a6b9a59b30bf3afe8f8f38fa3e45c36a8734b10553f785cdf6df07484a08cd37", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-31802"], "package": "tar", "rule_id": "GHSA-9ppj-qmqm-q256", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-31802|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8qq5-rm4j-mr97", "level": "error", "message": {"text": "tar: GHSA-8qq5-rm4j-mr97"}, "properties": {"repobilityId": 138708, "scanner": "osv-scanner", "fingerprint": "741e53c0b3b885d44bde1477d2f3d5d9b234a8322e45617836a920a55a6c6069", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-23745"], "package": "tar", "rule_id": "GHSA-8qq5-rm4j-mr97", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-23745|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-83g3-92jg-28cx", "level": "error", "message": {"text": "tar: GHSA-83g3-92jg-28cx"}, "properties": {"repobilityId": 138707, "scanner": "osv-scanner", "fingerprint": "81de64ed9a5885a863648efaeed4329bb6870cfe64fd0cd28f8f22c99d753c37", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26960"], "package": "tar", "rule_id": "GHSA-83g3-92jg-28cx", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-26960|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-34x7-hfp2-rc4v", "level": "error", "message": {"text": "tar: GHSA-34x7-hfp2-rc4v"}, "properties": {"repobilityId": 138706, "scanner": "osv-scanner", "fingerprint": "b2d041473dba0e5132355e607ee59e6fc125e3ee9995a1bf05062062dd21bfa5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-24842"], "package": "tar", "rule_id": "GHSA-34x7-hfp2-rc4v", "scanner": "osv-scanner", "correlation_key": "vuln|tar|CVE-2026-24842|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-677m-j7p3-52f9", "level": "error", "message": {"text": "socket.io-parser: GHSA-677m-j7p3-52f9"}, "properties": {"repobilityId": 138705, "scanner": "osv-scanner", "fingerprint": "930a4dccee465330b6923555221ecda878f0210610e49dfd9b7c1e4fe735f776", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33151"], "package": "socket.io-parser", "rule_id": "GHSA-677m-j7p3-52f9", "scanner": "osv-scanner", "correlation_key": "vuln|socket.io-parser|CVE-2026-33151|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jcxm-m3jx-f287", "level": "error", "message": {"text": "simple-git: GHSA-jcxm-m3jx-f287"}, "properties": {"repobilityId": 138703, "scanner": "osv-scanner", "fingerprint": "75a4b09a7241f244d595ae3ba0cc2e7285c7b838f36ec10ebecb8c5fb843742e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-28291"], "package": "simple-git", "rule_id": "GHSA-jcxm-m3jx-f287", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2026-28291|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hffm-xvc3-vprc", "level": "error", "message": {"text": "simple-git: GHSA-hffm-xvc3-vprc"}, "properties": {"repobilityId": 138702, "scanner": "osv-scanner", "fingerprint": "d0099f3775a5545bfcf4bcfcc2b586049e6a2829af57cc38372111fa077520a2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6951"], "package": "simple-git", "rule_id": "GHSA-hffm-xvc3-vprc", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2026-6951|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9p95-fxvg-qgq2", "level": "error", "message": {"text": "simple-git: GHSA-9p95-fxvg-qgq2"}, "properties": {"repobilityId": 138700, "scanner": "osv-scanner", "fingerprint": "89c1bf452dc21528681ef7bf60a2969f419b8dd16c29d5e5138d82a9096fd495", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-25912"], "package": "simple-git", "rule_id": "GHSA-9p95-fxvg-qgq2", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2022-25912|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3f95-r44v-8mrg", "level": "error", "message": {"text": "simple-git: GHSA-3f95-r44v-8mrg"}, "properties": {"repobilityId": 138699, "scanner": "osv-scanner", "fingerprint": "e136c6479a9cdc469320670730bc340daa7ac6ebf8ccc77e04ef53024c298c3e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-24433"], "package": "simple-git", "rule_id": "GHSA-3f95-r44v-8mrg", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2022-24433|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-28xr-mwxg-3qc8", "level": "error", "message": {"text": "simple-git: GHSA-28xr-mwxg-3qc8"}, "properties": {"repobilityId": 138698, "scanner": "osv-scanner", "fingerprint": "c5c67fa01af56e5ea3a6267cb0535f166b4d1ed94ac48e872469d3c0b6b2d72b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-24066"], "package": "simple-git", "rule_id": "GHSA-28xr-mwxg-3qc8", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2022-24066|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c6j-r48x-rmvq", "level": "error", "message": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "properties": {"repobilityId": 138695, "scanner": "osv-scanner", "fingerprint": "7a8612de91f030a6ff2b977d11416b24158a8e5431cf3f14a58c5f987cc92d5e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "serialize-javascript", "rule_id": "GHSA-5c6j-r48x-rmvq", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|GHSA-5C6J-R48X-RMVQ|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jvwf-75h9-cwgg", "level": "error", "message": {"text": "protobufjs: GHSA-jvwf-75h9-cwgg"}, "properties": {"repobilityId": 138689, "scanner": "osv-scanner", "fingerprint": "23c23947d785c2b46184d2e5080c11f8fc14e1daf4911e4f18344a6e2d646a71", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44290"], "package": "protobufjs", "rule_id": "GHSA-jvwf-75h9-cwgg", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44290|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-75px-5xx7-5xc7", "level": "error", "message": {"text": "protobufjs: GHSA-75px-5xx7-5xc7"}, "properties": {"repobilityId": 138686, "scanner": "osv-scanner", "fingerprint": "a8698087888884887fabfa49c540d334c95a8efb5f112619f96c7d364fae7d8f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44291"], "package": "protobufjs", "rule_id": "GHSA-75px-5xx7-5xc7", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44291|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-685m-2w69-288q", "level": "error", "message": {"text": "protobufjs: GHSA-685m-2w69-288q"}, "properties": {"repobilityId": 138685, "scanner": "osv-scanner", "fingerprint": "b67879e2cfbdfcdfebfb62b24d81b4036a968569274172b659f1ba4b459471fc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44289"], "package": "protobufjs", "rule_id": "GHSA-685m-2w69-288q", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44289|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-66ff-xgx4-vchm", "level": "error", "message": {"text": "protobufjs: GHSA-66ff-xgx4-vchm"}, "properties": {"repobilityId": 138684, "scanner": "osv-scanner", "fingerprint": "86763417eafa4d46dc07685e32321c63e462a188d6d3f91760a1f55e95c9199b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44293"], "package": "protobufjs", "rule_id": "GHSA-66ff-xgx4-vchm", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-44293|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 138682, "scanner": "osv-scanner", "fingerprint": "3132134a43b349c2f083b49a9e820432efb00c9ed5ae905cc81a98110d090340", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 138679, "scanner": "osv-scanner", "fingerprint": "53e59325cc61a511977341e65a37fd99e94e906e66c935182a2a654860710731", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 138678, "scanner": "osv-scanner", "fingerprint": "95dffa25af3fa6085d05ecaeef19e1b36f28585725b49ff05a11e2e620fca602", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 138677, "scanner": "osv-scanner", "fingerprint": "2903fd9b8e517ba43e3595ae29abd449f706cf82ea986bd9e65c0017f640ac4d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 138675, "scanner": "osv-scanner", "fingerprint": "a4696e124aa1ac403a91ee21c6d36b30c09075e2d3823243ae1ff79051e7fdef", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-4800|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-869p-cjfg-cm3x", "level": "error", "message": {"text": "jws: GHSA-869p-cjfg-cm3x"}, "properties": {"repobilityId": 138673, "scanner": "osv-scanner", "fingerprint": "0e387ecbde3abfb6ae9cb3dda83b9e6225e9b6aad483c7454a987a745beb1f67", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-65945"], "package": "jws", "rule_id": "GHSA-869p-cjfg-cm3x", "scanner": "osv-scanner", "correlation_key": "vuln|jws|CVE-2025-65945|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8cf7-32gw-wr33", "level": "error", "message": {"text": "jsonwebtoken: GHSA-8cf7-32gw-wr33"}, "properties": {"repobilityId": 138670, "scanner": "osv-scanner", "fingerprint": "d43883532416ff26c0f6c6d4e3ea1890db0c8502bef4dd1d8eea142e74fdac8d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-23539"], "package": "jsonwebtoken", "rule_id": "GHSA-8cf7-32gw-wr33", "scanner": "osv-scanner", "correlation_key": "vuln|jsonwebtoken|CVE-2022-23539|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hw8r-x6gr-5gjp", "level": "error", "message": {"text": "jsonpath-plus: GHSA-hw8r-x6gr-5gjp"}, "properties": {"repobilityId": 138668, "scanner": "osv-scanner", "fingerprint": "75c3d91cd74245d2bf9361644b9489fc442fc06151bbc6a6c6442b5f8aa0a7d4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-1302"], "package": "jsonpath-plus", "rule_id": "GHSA-hw8r-x6gr-5gjp", "scanner": "osv-scanner", "correlation_key": "vuln|jsonpath-plus|CVE-2025-1302|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MAL-2025-21003", "level": "error", "message": {"text": "fs: MAL-2025-21003"}, "properties": {"repobilityId": 138665, "scanner": "osv-scanner", "fingerprint": "6335823ff63d9b675fbec15d7d5519c32c47df7ebd2688c4d8d29799fc393f9f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "fs", "rule_id": "MAL-2025-21003", "scanner": "osv-scanner", "correlation_key": "fp|6335823ff63d9b675fbec15d7d5519c32c47df7ebd2688c4d8d29799fc393f9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8gc5-j5rx-235r", "level": "error", "message": {"text": "fast-xml-parser: GHSA-8gc5-j5rx-235r"}, "properties": {"repobilityId": 138656, "scanner": "osv-scanner", "fingerprint": "6cb4e77a0818ff8944da682e93e0641643db92af5446e3c838b5f49e4fb697d9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-33036"], "package": "fast-xml-parser", "rule_id": "GHSA-8gc5-j5rx-235r", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-26278|coins/package-lock.json", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-8gc5-j5rx-235r", "GHSA-jmr7-xgp7-cmfj"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["35d089e3d776187e6a6f78400dfb2fb774988f90a346029ffc7076f41058d665", "6cb4e77a0818ff8944da682e93e0641643db92af5446e3c838b5f49e4fb697d9"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3gc7-fjrx-p6mg", "level": "error", "message": {"text": "bigint-buffer: GHSA-3gc7-fjrx-p6mg"}, "properties": {"repobilityId": 138649, "scanner": "osv-scanner", "fingerprint": "75fd3d4d1c9e5252bcb270e7155a1bdd298381bfd93a5b37e41054b3c7fb1431", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-3194"], "package": "bigint-buffer", "rule_id": "GHSA-3gc7-fjrx-p6mg", "scanner": "osv-scanner", "correlation_key": "vuln|bigint-buffer|CVE-2025-3194|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xq7p-g2vc-g82p", "level": "error", "message": {"text": "base-x: GHSA-xq7p-g2vc-g82p"}, "properties": {"repobilityId": 138648, "scanner": "osv-scanner", "fingerprint": "dabe1cfa8631c7372503a4517b923fe82b40f1b39c2df77c9061d3f5ccb87fa5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27611"], "package": "base-x", "rule_id": "GHSA-xq7p-g2vc-g82p", "scanner": "osv-scanner", "correlation_key": "vuln|base-x|CVE-2025-27611|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q8qp-cvcw-x6jj", "level": "error", "message": {"text": "axios: GHSA-q8qp-cvcw-x6jj"}, "properties": {"repobilityId": 138643, "scanner": "osv-scanner", "fingerprint": "ad36afb029c22fa64ff8e51d3317288d36738e70206f6a576614055205ae1b04", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42264"], "package": "axios", "rule_id": "GHSA-q8qp-cvcw-x6jj", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42264|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pf86-5x62-jrwf", "level": "error", "message": {"text": "axios: GHSA-pf86-5x62-jrwf"}, "properties": {"repobilityId": 138642, "scanner": "osv-scanner", "fingerprint": "cf6fb9b926f0f48d51bbb37b034ff924372896bee01a42e898f4f328216480dc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42033"], "package": "axios", "rule_id": "GHSA-pf86-5x62-jrwf", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42033|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-p92q-9vqr-4j8v", "level": "error", "message": {"text": "axios: GHSA-p92q-9vqr-4j8v"}, "properties": {"repobilityId": 138641, "scanner": "osv-scanner", "fingerprint": "35c29906d9d2dee6829bebf96fb836f53ccb9211042e7c3779a24b6022f8d79d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44487"], "package": "axios", "rule_id": "GHSA-p92q-9vqr-4j8v", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44487|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jr5f-v2jv-69x6", "level": "error", "message": {"text": "axios: GHSA-jr5f-v2jv-69x6"}, "properties": {"repobilityId": 138639, "scanner": "osv-scanner", "fingerprint": "1ffad432c9a04c9a577646a10df29835e0a849df0743a18fa032422ffe9c20ae", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27152"], "package": "axios", "rule_id": "GHSA-jr5f-v2jv-69x6", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2025-27152|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j5f8-grm9-p9fc", "level": "error", "message": {"text": "axios: GHSA-j5f8-grm9-p9fc"}, "properties": {"repobilityId": 138638, "scanner": "osv-scanner", "fingerprint": "4acefa1a83aeed3d4e25e6e9c4a2bb1ba0ff4fef6ff2273d35210acb8202b129", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44486"], "package": "axios", "rule_id": "GHSA-j5f8-grm9-p9fc", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44486|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hfxv-24rg-xrqf", "level": "error", "message": {"text": "axios: GHSA-hfxv-24rg-xrqf"}, "properties": {"repobilityId": 138637, "scanner": "osv-scanner", "fingerprint": "e80e48b8bbcf7756539c0b83903682413cd19feb84e1b7b78e675d6ccaae02e1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44496"], "package": "axios", "rule_id": "GHSA-hfxv-24rg-xrqf", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44496|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-777c-7fjr-54vf", "level": "error", "message": {"text": "axios: GHSA-777c-7fjr-54vf"}, "properties": {"repobilityId": 138634, "scanner": "osv-scanner", "fingerprint": "64b5d017425765184177503b9f49cf5393a41aebe13693291a74579dd2862324", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44488"], "package": "axios", "rule_id": "GHSA-777c-7fjr-54vf", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44488|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6chq-wfr3-2hj9", "level": "error", "message": {"text": "axios: GHSA-6chq-wfr3-2hj9"}, "properties": {"repobilityId": 138633, "scanner": "osv-scanner", "fingerprint": "e13b92cf95fd95e4679a9b7a5b4b59ea60ac0109b07840d4b7d41f972314765c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42035"], "package": "axios", "rule_id": "GHSA-6chq-wfr3-2hj9", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-42035|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4hjh-wcwx-xvwj", "level": "error", "message": {"text": "axios: GHSA-4hjh-wcwx-xvwj"}, "properties": {"repobilityId": 138630, "scanner": "osv-scanner", "fingerprint": "3ea5ca4c2f86cb27f5a3f1772d4cde01cce094d294580e7539afc1ea80e6017c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-58754"], "package": "axios", "rule_id": "GHSA-4hjh-wcwx-xvwj", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2025-58754|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-43fc-jf86-j433", "level": "error", "message": {"text": "axios: GHSA-43fc-jf86-j433"}, "properties": {"repobilityId": 138628, "scanner": "osv-scanner", "fingerprint": "d082ff432d3e25544d62d52c7ae9126acc9d3ea719a458acb5dceb9330c46c5d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25639"], "package": "axios", "rule_id": "GHSA-43fc-jf86-j433", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-25639|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pjwm-pj3p-43mv", "level": "error", "message": {"text": "axios: GHSA-pjwm-pj3p-43mv"}, "properties": {"repobilityId": 138626, "scanner": "osv-scanner", "fingerprint": "e82aaa38c9934042b6aeb270ce96a47a990b380270fea10a7bc36a611f842baa", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44492"], "package": "axios", "rule_id": "GHSA-pjwm-pj3p-43mv", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2025-62718|coins/package-lock.json", "duplicate_count": 2, "duplicate_rule_ids": ["GHSA-3p68-rc4w-qgx5", "GHSA-pjwm-pj3p-43mv", "GHSA-pmwg-cvhr-8vh7"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1749816ec1a30ac0b28c16f6ecd84291476f0ac1b962c982cabd6d7c71d9071f", "97943eaf97ad30c6fbb18833a9c5e237b8180d57b61e2b9a8708bd38aa773928", "e82aaa38c9934042b6aeb270ce96a47a990b380270fea10a7bc36a611f842baa"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3g43-6gmg-66jw", "level": "error", "message": {"text": "axios: GHSA-3g43-6gmg-66jw"}, "properties": {"repobilityId": 138625, "scanner": "osv-scanner", "fingerprint": "d6dbb9553aea8cee04ecad9dedad04de1536cb3430ebb44d9eb1ee774696052e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44495"], "package": "axios", "rule_id": "GHSA-3g43-6gmg-66jw", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44495|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-35jp-ww65-95wh", "level": "error", "message": {"text": "axios: GHSA-35jp-ww65-95wh"}, "properties": {"repobilityId": 138624, "scanner": "osv-scanner", "fingerprint": "2f4e7e57b98f357a774f810c044d4fb57670e94b4986c3df9d59b773193d1c9d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44494"], "package": "axios", "rule_id": "GHSA-35jp-ww65-95wh", "scanner": "osv-scanner", "correlation_key": "vuln|axios|CVE-2026-44494|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-g9cg-h3jm-cwrc", "level": "error", "message": {"text": "@hapi/pez: GHSA-g9cg-h3jm-cwrc"}, "properties": {"repobilityId": 138618, "scanner": "osv-scanner", "fingerprint": "9c2e553bd89fa974c7f8d21c62939e8b344a703002c1a4623cad5550d1055bb6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "@hapi/pez", "rule_id": "GHSA-g9cg-h3jm-cwrc", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/pez|GHSA-G9CG-H3JM-CWRC|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jg4p-7fhp-p32p", "level": "error", "message": {"text": "@hapi/content: GHSA-jg4p-7fhp-p32p"}, "properties": {"repobilityId": 138617, "scanner": "osv-scanner", "fingerprint": "b2fe366947a2f8cca9f5ea08ad96ad893318367b5c67b17ea6328e9eebbc6ca1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-35213"], "package": "@hapi/content", "rule_id": "GHSA-jg4p-7fhp-p32p", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/content|CVE-2026-35213|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3wqh-h42r-x8fq", "level": "error", "message": {"text": "@hapi/content: GHSA-3wqh-h42r-x8fq"}, "properties": {"repobilityId": 138616, "scanner": "osv-scanner", "fingerprint": "68b74eed13bb7fe25c08183f17482fee6637a36b68cca345e77e0a37f1bdd1f3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "@hapi/content", "rule_id": "GHSA-3wqh-h42r-x8fq", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/content|GHSA-3WQH-H42R-X8FQ|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-36hh-x5p5-jgc8", "level": "error", "message": {"text": "@hapi/content: GHSA-36hh-x5p5-jgc8"}, "properties": {"repobilityId": 138615, "scanner": "osv-scanner", "fingerprint": "2459ff3612b38f5dee17b3a9c8445c06c5405b8e64c98bdbf3fd33a7f1fbb31a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44974"], "package": "@hapi/content", "rule_id": "GHSA-36hh-x5p5-jgc8", "scanner": "osv-scanner", "correlation_key": "vuln|hapi/content|CVE-2026-44974|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fv7c-fp4j-7gwp", "level": "error", "message": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "properties": {"repobilityId": 138613, "scanner": "osv-scanner", "fingerprint": "ae388223fc0863858127d82ece69ab85bd85053f997e5de2e5f07ca0b5c3ce5e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44728"], "package": "@babel/plugin-transform-modules-systemjs", "rule_id": "GHSA-fv7c-fp4j-7gwp", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-44728|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 138376, "scanner": "repobility-threat-engine", "fingerprint": "bbfd09eaee0032792962f5f795d6dcb1422f931f5909edcbe3bd7a1f3adb5cfb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bbfd09eaee0032792962f5f795d6dcb1422f931f5909edcbe3bd7a1f3adb5cfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/cli/buildCoingeckoSymbols.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC113", "level": "error", "message": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "properties": {"repobilityId": 138375, "scanner": "repobility-threat-engine", "fingerprint": "a0d1ab89a15cbab53b11eca319af3c0b8beeb60e33ec4da6ccb470342f854a28", "category": "crypto", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "StrictHostKeyChecking=no", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC113", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|36|sec113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/scripts/docker_prod_start.sh"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC100", "level": "error", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "properties": {"repobilityId": 138374, "scanner": "repobility-threat-engine", "fingerprint": "f19f158b2e8a175d8eb017cae0c9efea76c8b0dc01307696fc7e6d8be1d1a479", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Access-Control-Allow-Origin\": \"*\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f19f158b2e8a175d8eb017cae0c9efea76c8b0dc01307696fc7e6d8be1d1a479"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/utils/shared/lambda-response.ts"}, "region": {"startLine": 163}}}]}, {"ruleId": "SEC100", "level": "error", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "properties": {"repobilityId": 138373, "scanner": "repobility-threat-engine", "fingerprint": "8490192ac21ba7d320e8ce8049eb9769af7065ed92a92de6bea71663d72a86b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'Access-Control-Allow-Origin', '*'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8490192ac21ba7d320e8ce8049eb9769af7065ed92a92de6bea71663d72a86b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/rwa/perps/server.ts"}, "region": {"startLine": 259}}}]}, {"ruleId": "SEC100", "level": "error", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "properties": {"repobilityId": 138372, "scanner": "repobility-threat-engine", "fingerprint": "c70c9ae3c8e9ed014feb0e765bc35f4f8dd546d1a07f6876cc0503188590d684", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'Access-Control-Allow-Origin', '*'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c70c9ae3c8e9ed014feb0e765bc35f4f8dd546d1a07f6876cc0503188590d684"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/index.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 138371, "scanner": "repobility-threat-engine", "fingerprint": "e278c1f4eeb64b662dbed2ae0ed08dbe8adbac9627b9fbf47d5d1dbefa6b7c28", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(content", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e278c1f4eeb64b662dbed2ae0ed08dbe8adbac9627b9fbf47d5d1dbefa6b7c28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/src/api-tests.ts"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 138370, "scanner": "repobility-threat-engine", "fingerprint": "85a455f6e0d728cae0384be3f07fd0717b82802bcca81b17758f22391d01c309", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(content", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|85a455f6e0d728cae0384be3f07fd0717b82802bcca81b17758f22391d01c309"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/cli/mapForkedFromtoId.ts"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 138369, "scanner": "repobility-threat-engine", "fingerprint": "a9a5c713f80a3c3232b76c612486e6e89634d6881fb13959d6a7f9fad26dd9a8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "execSync(command", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a9a5c713f80a3c3232b76c612486e6e89634d6881fb13959d6a7f9fad26dd9a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/adaptors/utils.ts"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED028", "level": "error", "message": {"text": "[MINED028] Ts Ignore Comment: // @ts-ignore silences all type errors on the next line."}, "properties": {"repobilityId": 138365, "scanner": "repobility-threat-engine", "fingerprint": "177e9d037682679e9aad8e3afb2c18399258c722b8f883be462eaf4cd36c46ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-ignore-comment", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347964+00:00", "triaged_in_corpus": 15, "observations_count": 9364, "ai_coder_pattern_id": 99}, "scanner": "repobility-threat-engine", "correlation_key": "fp|177e9d037682679e9aad8e3afb2c18399258c722b8f883be462eaf4cd36c46ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/governance/getLogs.ts"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED028", "level": "error", "message": {"text": "[MINED028] Ts Ignore Comment: // @ts-ignore silences all type errors on the next line."}, "properties": {"repobilityId": 138364, "scanner": "repobility-threat-engine", "fingerprint": "06299c60e157bd1a0e204698564762d5e1958552450779878e7f7e413da26b15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-ignore-comment", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347964+00:00", "triaged_in_corpus": 15, "observations_count": 9364, "ai_coder_pattern_id": 99}, "scanner": "repobility-threat-engine", "correlation_key": "fp|06299c60e157bd1a0e204698564762d5e1958552450779878e7f7e413da26b15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/utils/cache/getLogs.ts"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 138349, "scanner": "repobility-threat-engine", "fingerprint": "e23aad2c86463cfdf16a78b21d0f75410d3521d334dc309b45e59781927e4ab5", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(\n    (t, i) => `${unknownSymbols[i].output}-${t}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e23aad2c86463cfdf16a78b21d0f75410d3521d334dc309b45e59781927e4ab5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/utils/erc20.ts"}, "region": {"startLine": 174}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 138348, "scanner": "repobility-threat-engine", "fingerprint": "bdd36e7e6f7d69c138f30d4f7ba6dd4ca46c76654e8ed16d10dcdb5d1f396994", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "reduce((p: string, c: string) => `${p},${c}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bdd36e7e6f7d69c138f30d4f7ba6dd4ca46c76654e8ed16d10dcdb5d1f396994"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/synthetix.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 138347, "scanner": "repobility-threat-engine", "fingerprint": "7dde1f8e6a4a69c7214dafa6c3991bdf8eaec40b4d38fbe59e25680fb103a0c8", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((log: any) => `0x${log.topics[1].substring(26)}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7dde1f8e6a4a69c7214dafa6c3991bdf8eaec40b4d38fbe59e25680fb103a0c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/moneyMarkets/silo.ts"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 138345, "scanner": "repobility-threat-engine", "fingerprint": "c6c5ed150992a3b8eff6aef769666aa173eb256cf4642abb25e917a729a7201b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tokenSet.delete(address)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c6c5ed150992a3b8eff6aef769666aa173eb256cf4642abb25e917a729a7201b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/solana/util/tokenMetadata.ts"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 138344, "scanner": "repobility-threat-engine", "fingerprint": "58bfb51623a2970a0b3dc0ec9ae80f3a39b8636603cce39953aefdf3974ab9ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Promise.all(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|58bfb51623a2970a0b3dc0ec9ae80f3a39b8636603cce39953aefdf3974ab9ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/liquity.ts"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 138343, "scanner": "repobility-threat-engine", "fingerprint": "01df6b28465245edb1ca94dc8f3e4cb3981bed13fc9568762e1e62d06f3c9872", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Promise.all(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|01df6b28465245edb1ca94dc8f3e4cb3981bed13fc9568762e1e62d06f3c9872"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/samm.ts"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 138342, "scanner": "repobility-threat-engine", "fingerprint": "39849c61e93f895aa360b8310ee0796a2879a6a3dc606c14bd5cfdde8f2e927a", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|39849c61e93f895aa360b8310ee0796a2879a6a3dc606c14bd5cfdde8f2e927a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/api-tests/utils/config/endpoints.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 138341, "scanner": "repobility-threat-engine", "fingerprint": "ff2568a7f1e0c48330f5a22b94d93d6cc5919926967dd511a03da6e02efc2acb", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(q", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ff2568a7f1e0c48330f5a22b94d93d6cc5919926967dd511a03da6e02efc2acb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/initia.ts"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 138323, "scanner": "repobility-threat-engine", "fingerprint": "904dbf68ff864aea1147651ff6d0c51449daa484e2d3f240bbdfb6f8d7fc0614", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.error('wingriders: error fetching token data', token, (e as any)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|4|console.error wingriders: error fetching token data token e as any"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/wingriders.ts"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 138322, "scanner": "repobility-threat-engine", "fingerprint": "428d1f99998c669a32e2bf4314337092ff98863e9d259fe77b4e6b5335c6915a", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.error('minswap: error fetching token data', token, (e as any)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|5|console.error minswap: error fetching token data token e as any"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/minswap2.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 138321, "scanner": "repobility-threat-engine", "fingerprint": "75fe729d7fe94005ccb2f101460b26fbc8c2809e0727e882d83f7fc7d739f3a1", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.log(`Weird token on`, token)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|6|console.log weird token on token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/bridges/anyswap.ts"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 138286, "scanner": "repobility-supply-chain", "fingerprint": "7d7405ae0cc06ed1b18bfe94c57364e00043b35fee544a27ea181058b75a6e59", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7d7405ae0cc06ed1b18bfe94c57364e00043b35fee544a27ea181058b75a6e59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/coins.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pnpm/action-setup` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 138285, "scanner": "repobility-supply-chain", "fingerprint": "0b60e30e80cb33bd9b3350f4e29e1eb100220aff624fc0a93718884d3ee48527", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0b60e30e80cb33bd9b3350f4e29e1eb100220aff624fc0a93718884d3ee48527"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/coins.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 138284, "scanner": "repobility-supply-chain", "fingerprint": "175a5b88380fe5e03a1bc7d5a7b89e420a884db18403cf00fac9974a541ea3e2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|175a5b88380fe5e03a1bc7d5a7b89e420a884db18403cf00fac9974a541ea3e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/coins.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 138283, "scanner": "repobility-supply-chain", "fingerprint": "5dcdbd14a7e0b1473b957549b775597e46598e3ac74c7787133415389faf3385", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5dcdbd14a7e0b1473b957549b775597e46598e3ac74c7787133415389faf3385"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/coins.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 138282, "scanner": "repobility-supply-chain", "fingerprint": "f60a5dd75a45eef30045c949374e72dc19541da532ac90467d6182466d2ddef4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f60a5dd75a45eef30045c949374e72dc19541da532ac90467d6182466d2ddef4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-urls.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 138281, "scanner": "repobility-supply-chain", "fingerprint": "3ff16ab414b01efe4f80275be9b33038d9dcd4fe2f9b9f9de6a02e47949e9549", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3ff16ab414b01efe4f80275be9b33038d9dcd4fe2f9b9f9de6a02e47949e9549"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/defi.yml"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 138280, "scanner": "repobility-supply-chain", "fingerprint": "0e9cc159a35318a19c283b0a450daff24844b8e562caaa0043c9d4a3e6c95784", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0e9cc159a35318a19c283b0a450daff24844b8e562caaa0043c9d4a3e6c95784"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/defi.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pnpm/action-setup` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 138279, "scanner": "repobility-supply-chain", "fingerprint": "9aa156ddd3277cddd8092c280fe753aaf29f6ab062293e53b04df2dad6b06078", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9aa156ddd3277cddd8092c280fe753aaf29f6ab062293e53b04df2dad6b06078"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/defi.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 138278, "scanner": "repobility-supply-chain", "fingerprint": "63a8284785ca2cc15cac58e1c43172acdc887565baaf02326afa5578a90d0e42", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|63a8284785ca2cc15cac58e1c43172acdc887565baaf02326afa5578a90d0e42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/defi.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 138277, "scanner": "repobility-supply-chain", "fingerprint": "9286944311a298fc932680e86543ce809d13b6b22f9e28f2e23fe58433a0f577", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9286944311a298fc932680e86543ce809d13b6b22f9e28f2e23fe58433a0f577"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/defi.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `node:20` not pinned by digest"}, "properties": {"repobilityId": 138276, "scanner": "repobility-supply-chain", "fingerprint": "86ee6b92fe82f815384c3799d1dad2fec87017eac7bcd54e3a6b222cf02f2365", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|86ee6b92fe82f815384c3799d1dad2fec87017eac7bcd54e3a6b222cf02f2365"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/rwa/perps/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `node:20` not pinned by digest"}, "properties": {"repobilityId": 138275, "scanner": "repobility-supply-chain", "fingerprint": "3d38540f2564bcf2eade1c92a906a444d08cdb6e9240098a4b0e377a79c988c5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3d38540f2564bcf2eade1c92a906a444d08cdb6e9240098a4b0e377a79c988c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/rwa/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `node:20` not pinned by digest"}, "properties": {"repobilityId": 138274, "scanner": "repobility-supply-chain", "fingerprint": "47e237d5d268acf3887feb0353c088428ffc1d0e5628206c2106cb36392999b7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|47e237d5d268acf3887feb0353c088428ffc1d0e5628206c2106cb36392999b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `node:20` not pinned by digest"}, "properties": {"repobilityId": 138273, "scanner": "repobility-supply-chain", "fingerprint": "9a9273cdff63290324eaf42a48a98090813d98b4e68b5a45b77b9f0d233963bc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9a9273cdff63290324eaf42a48a98090813d98b4e68b5a45b77b9f0d233963bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/ui-tool/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST /historicalLiquidity/:token has no auth"}, "properties": {"repobilityId": 138272, "scanner": "repobility-route-auth", "fingerprint": "91c7837b1a3b1e09dbbf3366d84001cb888bc2fef0347aed9f352dc3fd57e4a8", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|91c7837b1a3b1e09dbbf3366d84001cb888bc2fef0347aed9f352dc3fd57e4a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/routes/index.ts"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST /storeBlacklistPermit has no auth"}, "properties": {"repobilityId": 138271, "scanner": "repobility-route-auth", "fingerprint": "e2b2bc9089162f138354707bac9103a8829a5b3ce5d91480ac6828fc6864b8e4", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|e2b2bc9089162f138354707bac9103a8829a5b3ce5d91480ac6828fc6864b8e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/routes/index.ts"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST /storeAggregatorEvent has no auth"}, "properties": {"repobilityId": 138270, "scanner": "repobility-route-auth", "fingerprint": "1f4f4f19709583edfb7bfcae5bb58e46f0bab8c46fdfc73c360d8b42118c4aa6", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|1f4f4f19709583edfb7bfcae5bb58e46f0bab8c46fdfc73c360d8b42118c4aa6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/routes/index.ts"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST /reportSupport has no auth"}, "properties": {"repobilityId": 138269, "scanner": "repobility-route-auth", "fingerprint": "e7ed3b83a8c9d0435acc06fcfaaa4211b1c5e945b72475e67556455d45b99d3b", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|e7ed3b83a8c9d0435acc06fcfaaa4211b1c5e945b72475e67556455d45b99d3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/routes/index.ts"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST /reportError has no auth"}, "properties": {"repobilityId": 138268, "scanner": "repobility-route-auth", "fingerprint": "7be9a9310b147054f38f94ae93c7db162313d212a49cd71863d2797e62e0a658", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|7be9a9310b147054f38f94ae93c7db162313d212a49cd71863d2797e62e0a658"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/routes/index.ts"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express POST /inflows/batch has no auth"}, "properties": {"repobilityId": 138267, "scanner": "repobility-route-auth", "fingerprint": "61137817e97cb01a9b6c78932bac8ed64730bfe46c3f006e172d80f1b153a8d7", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|61137817e97cb01a9b6c78932bac8ed64730bfe46c3f006e172d80f1b153a8d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/routes/index.ts"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "Express DELETE /debug-pg/* has no auth"}, "properties": {"repobilityId": 138266, "scanner": "repobility-route-auth", "fingerprint": "f48893fa8b8cd762ba0fe34bc64efa1dc723c8752f81d21f11111e10126e4cb7", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|f48893fa8b8cd762ba0fe34bc64efa1dc723c8752f81d21f11111e10126e4cb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/routes/internalRoutes.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "GHSA-r275-fr43-pm7q", "level": "error", "message": {"text": "simple-git: GHSA-r275-fr43-pm7q"}, "properties": {"repobilityId": 139033, "scanner": "osv-scanner", "fingerprint": "6844f0d4eee856643d5566caac4e83d69b75bd29610f19fac304e4b25bf9757b", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-28292"], "package": "simple-git", "rule_id": "GHSA-r275-fr43-pm7q", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2026-28292|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2w6w-674q-4c4q", "level": "error", "message": {"text": "handlebars: GHSA-2w6w-674q-4c4q"}, "properties": {"repobilityId": 139009, "scanner": "osv-scanner", "fingerprint": "aaa8e7a2cb1a9a72693e4a65fa391697bf093a2665beb1d0fda920223d47f23d", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33937"], "package": "handlebars", "rule_id": "GHSA-2w6w-674q-4c4q", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33937|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m7jm-9gc2-mpf2", "level": "error", "message": {"text": "fast-xml-parser: GHSA-m7jm-9gc2-mpf2"}, "properties": {"repobilityId": 139004, "scanner": "osv-scanner", "fingerprint": "a53ee780701f4353af66d71158b422b5f0a789a681c105ab1343a46565ced2ee", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25896"], "package": "fast-xml-parser", "rule_id": "GHSA-m7jm-9gc2-mpf2", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-25896|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5rq4-664w-9x2c", "level": "error", "message": {"text": "basic-ftp: GHSA-5rq4-664w-9x2c"}, "properties": {"repobilityId": 138987, "scanner": "osv-scanner", "fingerprint": "a014fb125ab0dbb490135ab73a163ed59fcc2cbe583ad94e221846ea5d684c7b", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27699"], "package": "basic-ftp", "rule_id": "GHSA-5rq4-664w-9x2c", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-27699|defi/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r275-fr43-pm7q", "level": "error", "message": {"text": "simple-git: GHSA-r275-fr43-pm7q"}, "properties": {"repobilityId": 138927, "scanner": "osv-scanner", "fingerprint": "9eef88bb2f9b4ef0eb76b0941c9a1542358ba5f2e67f9f5685443bef245eb6a2", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-28292"], "package": "simple-git", "rule_id": "GHSA-r275-fr43-pm7q", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2026-28292|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-95m3-7q98-8xr5", "level": "error", "message": {"text": "sha.js: GHSA-95m3-7q98-8xr5"}, "properties": {"repobilityId": 138924, "scanner": "osv-scanner", "fingerprint": "b7001b81222eeb3a490fbc229ad154ac240b3286b855d1323162363a0e05cfc5", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-9288"], "package": "sha.js", "rule_id": "GHSA-95m3-7q98-8xr5", "scanner": "osv-scanner", "correlation_key": "vuln|sha.js|CVE-2025-9288|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pppg-cpfq-h7wr", "level": "error", "message": {"text": "jsonpath-plus: GHSA-pppg-cpfq-h7wr"}, "properties": {"repobilityId": 138906, "scanner": "osv-scanner", "fingerprint": "67644b48940328f821ae24a93c681ecc8da01491890b0a96a1b07257e58cf601", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21534"], "package": "jsonpath-plus", "rule_id": "GHSA-pppg-cpfq-h7wr", "scanner": "osv-scanner", "correlation_key": "vuln|jsonpath-plus|CVE-2024-21534|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fjxv-7rqg-78g4", "level": "error", "message": {"text": "form-data: GHSA-fjxv-7rqg-78g4"}, "properties": {"repobilityId": 138900, "scanner": "osv-scanner", "fingerprint": "f97c37429e526f0f9b3d7cb8ff7422acb6fb45c49cadeb9a62345ef52446ec33", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-7783"], "package": "form-data", "rule_id": "GHSA-fjxv-7rqg-78g4", "scanner": "osv-scanner", "correlation_key": "vuln|form-data|CVE-2025-7783|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m7jm-9gc2-mpf2", "level": "error", "message": {"text": "fast-xml-parser: GHSA-m7jm-9gc2-mpf2"}, "properties": {"repobilityId": 138895, "scanner": "osv-scanner", "fingerprint": "4fba2ac0bd4f9ff60e25bb6b90461984b03546400a02a2170854fdd7abfbedf8", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25896"], "package": "fast-xml-parser", "rule_id": "GHSA-m7jm-9gc2-mpf2", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-25896|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5rq4-664w-9x2c", "level": "error", "message": {"text": "basic-ftp: GHSA-5rq4-664w-9x2c"}, "properties": {"repobilityId": 138876, "scanner": "osv-scanner", "fingerprint": "0b1ef6a2fd773cfd46a4c6e80f5f7e309ed2ecec09044f838e4b59c144490c2c", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27699"], "package": "basic-ftp", "rule_id": "GHSA-5rq4-664w-9x2c", "scanner": "osv-scanner", "correlation_key": "vuln|basic-ftp|CVE-2026-27699|defi/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r275-fr43-pm7q", "level": "error", "message": {"text": "simple-git: GHSA-r275-fr43-pm7q"}, "properties": {"repobilityId": 138820, "scanner": "osv-scanner", "fingerprint": "9de31d3c7b623e1481b4f44ae4b28045747eb4296897336d9001bac74a5ec7c2", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-28292"], "package": "simple-git", "rule_id": "GHSA-r275-fr43-pm7q", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2026-28292|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9w5j-4mwv-2wj8", "level": "error", "message": {"text": "simple-git: GHSA-9w5j-4mwv-2wj8"}, "properties": {"repobilityId": 138817, "scanner": "osv-scanner", "fingerprint": "9d99d3bb019e5fd0fe1c9afe78df81f5e710ff2f0b8d1a9011c844b419577265", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-25860"], "package": "simple-git", "rule_id": "GHSA-9w5j-4mwv-2wj8", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2022-25860|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h97f-5258-5593", "level": "error", "message": {"text": "serverless-offline: GHSA-h97f-5258-5593"}, "properties": {"repobilityId": 138813, "scanner": "osv-scanner", "fingerprint": "81aefb35580aa2aa06918d07cb6bb544bf405d0c515c55385925490092252ac0", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2021-38384"], "package": "serverless-offline", "rule_id": "GHSA-h97f-5258-5593", "scanner": "osv-scanner", "correlation_key": "vuln|serverless-offline|CVE-2021-38384|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xq3m-2v4x-88gg", "level": "error", "message": {"text": "protobufjs: GHSA-xq3m-2v4x-88gg"}, "properties": {"repobilityId": 138809, "scanner": "osv-scanner", "fingerprint": "5d153fd39e31482885a7c291a262479c96ba160f3e52bad6eb19bd488dbd9d82", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41242"], "package": "protobufjs", "rule_id": "GHSA-xq3m-2v4x-88gg", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-41242|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pppg-cpfq-h7wr", "level": "error", "message": {"text": "jsonpath-plus: GHSA-pppg-cpfq-h7wr"}, "properties": {"repobilityId": 138787, "scanner": "osv-scanner", "fingerprint": "7067bbd341287b7c5fd7e152a7838e69c66d3aacc87cf01874063b0d2b2e6d5d", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21534"], "package": "jsonpath-plus", "rule_id": "GHSA-pppg-cpfq-h7wr", "scanner": "osv-scanner", "correlation_key": "vuln|jsonpath-plus|CVE-2024-21534|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2w6w-674q-4c4q", "level": "error", "message": {"text": "handlebars: GHSA-2w6w-674q-4c4q"}, "properties": {"repobilityId": 138778, "scanner": "osv-scanner", "fingerprint": "f2e35d7571181eadc1e929c3735f5264419cc738c52ec4d857628204d9ccd05a", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33937"], "package": "handlebars", "rule_id": "GHSA-2w6w-674q-4c4q", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33937|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m7jm-9gc2-mpf2", "level": "error", "message": {"text": "fast-xml-parser: GHSA-m7jm-9gc2-mpf2"}, "properties": {"repobilityId": 138772, "scanner": "osv-scanner", "fingerprint": "9990cdd64cceb10eea16073a0eef13dc9697288dce5dd9a6619780ee42e75777", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25896"], "package": "fast-xml-parser", "rule_id": "GHSA-m7jm-9gc2-mpf2", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-25896|coins/pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r275-fr43-pm7q", "level": "error", "message": {"text": "simple-git: GHSA-r275-fr43-pm7q"}, "properties": {"repobilityId": 138704, "scanner": "osv-scanner", "fingerprint": "a082e549cb581fade69a24990052ca14d54e95eaa542e4e73c709dcb5b7327ee", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-28292"], "package": "simple-git", "rule_id": "GHSA-r275-fr43-pm7q", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2026-28292|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9w5j-4mwv-2wj8", "level": "error", "message": {"text": "simple-git: GHSA-9w5j-4mwv-2wj8"}, "properties": {"repobilityId": 138701, "scanner": "osv-scanner", "fingerprint": "a4c1f481a57fc0af1c2c4537e06aa28e5ed1d899728810e98bb04cc1a963d314", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-25860"], "package": "simple-git", "rule_id": "GHSA-9w5j-4mwv-2wj8", "scanner": "osv-scanner", "correlation_key": "vuln|simple-git|CVE-2022-25860|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h97f-5258-5593", "level": "error", "message": {"text": "serverless-offline: GHSA-h97f-5258-5593"}, "properties": {"repobilityId": 138697, "scanner": "osv-scanner", "fingerprint": "8d1a6ba51e1dd454b59820c78579579998d3e9c2b15175d3c9afb4f174c08963", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2021-38384"], "package": "serverless-offline", "rule_id": "GHSA-h97f-5258-5593", "scanner": "osv-scanner", "correlation_key": "vuln|serverless-offline|CVE-2021-38384|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xq3m-2v4x-88gg", "level": "error", "message": {"text": "protobufjs: GHSA-xq3m-2v4x-88gg"}, "properties": {"repobilityId": 138691, "scanner": "osv-scanner", "fingerprint": "b1f15c967fb396a8010f176915c12568a62a95dc394d43cb3286b1010bfaf307", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41242"], "package": "protobufjs", "rule_id": "GHSA-xq3m-2v4x-88gg", "scanner": "osv-scanner", "correlation_key": "vuln|protobufjs|CVE-2026-41242|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pppg-cpfq-h7wr", "level": "error", "message": {"text": "jsonpath-plus: GHSA-pppg-cpfq-h7wr"}, "properties": {"repobilityId": 138669, "scanner": "osv-scanner", "fingerprint": "fde6ee0452228e0f196e67d751c31b0a2140197293b1f7f4156dbc657e186c21", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21534"], "package": "jsonpath-plus", "rule_id": "GHSA-pppg-cpfq-h7wr", "scanner": "osv-scanner", "correlation_key": "vuln|jsonpath-plus|CVE-2024-21534|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fjxv-7rqg-78g4", "level": "error", "message": {"text": "form-data: GHSA-fjxv-7rqg-78g4"}, "properties": {"repobilityId": 138663, "scanner": "osv-scanner", "fingerprint": "767b6cd94e80ee1b86fe54a1d91acecd80bd29f95b4f978c9e8d15d9c46fb679", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-7783"], "package": "form-data", "rule_id": "GHSA-fjxv-7rqg-78g4", "scanner": "osv-scanner", "correlation_key": "vuln|form-data|CVE-2025-7783|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m7jm-9gc2-mpf2", "level": "error", "message": {"text": "fast-xml-parser: GHSA-m7jm-9gc2-mpf2"}, "properties": {"repobilityId": 138660, "scanner": "osv-scanner", "fingerprint": "e1157a4964733724e6144361de856648fa200cbc9348989cf21d43cbd57598c0", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25896"], "package": "fast-xml-parser", "rule_id": "GHSA-m7jm-9gc2-mpf2", "scanner": "osv-scanner", "correlation_key": "vuln|fast-xml-parser|CVE-2026-25896|coins/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138611, "scanner": "gitleaks", "fingerprint": "017993bcb6b8c88097fc31436b506683d4e25e07ac57c9b1dd24d5ec3372f1b9", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|5823|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 58232}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138610, "scanner": "gitleaks", "fingerprint": "ef68d1f8708eca08800d3d015564fa130644f164950ab6894c5d365c84375803", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|5339|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 53393}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138609, "scanner": "gitleaks", "fingerprint": "9132bac0d0f5be1010615c0be18abd3aeec72a47055c44e5dc5d777c0335b02a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|4516|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 45162}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138608, "scanner": "gitleaks", "fingerprint": "bf0de7c976c4221be7e91f2d00fe84b01aea9ae4dcb6bed4a0cf8a48573d14b6", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|4423|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 44233}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138607, "scanner": "gitleaks", "fingerprint": "6410e13de544a5ec7354c72e45c291cdaf0597e4548080c551f443155660d7af", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|4126|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 41266}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138606, "scanner": "gitleaks", "fingerprint": "dad06daa7081bf9f68b071ccd7294234b1925a74fcabbb977bf995069d84edc2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|3993|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 39932}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138605, "scanner": "gitleaks", "fingerprint": "069a1a9f7a98d656f76316b719419911bbac2c1949352b25050705525253d173", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|3940|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 39405}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138604, "scanner": "gitleaks", "fingerprint": "9255a1dfa7987a5cd7d30a19c6487ee9b9bcc6cb695cd4accb06a7c1690bead2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|3786|token redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["8755e08d7f387390eac22961841ff8c6ee1bc2cf96a512d39f16e2e2e2c679ee", "9255a1dfa7987a5cd7d30a19c6487ee9b9bcc6cb695cd4accb06a7c1690bead2"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 37866}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138603, "scanner": "gitleaks", "fingerprint": "902b9531d5e0bb1fcc332a2c58e26f84364bddf9da919165519e486a22ff36b1", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|3622|token redacted", "duplicate_count": 2, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["3149b7983a5d6eb1f4e1ddf64846119f46c745b0017202d6dd3fac479589c292", "902b9531d5e0bb1fcc332a2c58e26f84364bddf9da919165519e486a22ff36b1", "ab3ba84ad94aa71e52d8ceb3ccad3e673b7ca1fb49617930022c41cfa0ae8afa"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 36227}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138602, "scanner": "gitleaks", "fingerprint": "55176a10775a3dbda825bc931429a85e6b1a3cce16269a81c8a184e748de5b77", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "API3Oracle address : REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|3588|api3oracle address : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 35885}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138601, "scanner": "gitleaks", "fingerprint": "b55af8ab71eb5b7c9154e559bf283406b295cc9d0e322515f9a0acebf19fe183", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|3286|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 32870}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138600, "scanner": "gitleaks", "fingerprint": "9dc9ee5cbd907a1ea311144a4a531fdaf652716552a5aff08db1e59d5e9153ea", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|3142|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 31428}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138599, "scanner": "gitleaks", "fingerprint": "5dcef661df2d8165522a8e32d020bacdde70b7ba0dd6dcccd54c1be6568e7c2d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|3135|token redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["34a47fa561b78d1f7ee290fc8b9dbbb841ffd47e5b794925707e3b1a59d89c13", "5dcef661df2d8165522a8e32d020bacdde70b7ba0dd6dcccd54c1be6568e7c2d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 31352}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138598, "scanner": "gitleaks", "fingerprint": "028241b295d634ad2f677ffe9e4db02f7aa3dab9aac2cbf062a30fda46566bf6", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|3108|token redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["028241b295d634ad2f677ffe9e4db02f7aa3dab9aac2cbf062a30fda46566bf6", "63e58baf5f333d3fc35d87c4e24bc8b20416924854441ba6d338960811aeb4a4"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 31086}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138597, "scanner": "gitleaks", "fingerprint": "165e7d4cfd75b9575efbeaeedbce92c297f6c2794e1858daf350f243990712ca", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|3006|token redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["165e7d4cfd75b9575efbeaeedbce92c297f6c2794e1858daf350f243990712ca", "84963e5f76042010070a13fee6d768971dc75d7a98bab36e1708646bb49ead46"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 30069}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138596, "scanner": "gitleaks", "fingerprint": "664cadb7f9b9662952f1b9c6bd9ca55dea678fcd83477b2287a6691317c9ffd9", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|2982|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 29830}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138595, "scanner": "gitleaks", "fingerprint": "c34c2499e411718cfef82d5d427729ff879762f3c0dffa7ef130bdf01fa8f1e4", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data2.ts|2810|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data2.ts"}, "region": {"startLine": 28107}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138594, "scanner": "gitleaks", "fingerprint": "20cf39142e688dea8b90eef86fa729a33cb9bc606a1ed669387b2e36df72db31", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data2.ts|2784|token redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["20cf39142e688dea8b90eef86fa729a33cb9bc606a1ed669387b2e36df72db31", "f66cf5acf21f87aa084e2866427646b92f0be481e12a7174255a51be93a6efa1"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data2.ts"}, "region": {"startLine": 27845}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138593, "scanner": "gitleaks", "fingerprint": "97b8faaf4bf24b70508bc76657b87626ed819c5683612edf9644165883b32b30", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|2452|token redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["1ec0167eeed83d61b42f71f48ad2b5ec9baf3eab780789d57e6de7f1f274c222", "97b8faaf4bf24b70508bc76657b87626ed819c5683612edf9644165883b32b30"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 24522}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138592, "scanner": "gitleaks", "fingerprint": "95980c3312e4122c73247c65fcfa41a0eb20f51f58843fd317f7f5aa6c3ac4d4", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|2441|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 24416}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138591, "scanner": "gitleaks", "fingerprint": "e87cb10046d94401c221e865803f1cfdb287951b3fd5057af277472c49152131", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|2259|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 22599}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138590, "scanner": "gitleaks", "fingerprint": "117ad712f479b285daf0b51b9a43590d173fbba00c6f785114d2acee03db858f", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "secret:<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|2186|secret: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 21865}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138589, "scanner": "gitleaks", "fingerprint": "384c5e6e005c8b7d583b0d23d105047b5b56e07d56adc0fe5de5f59525321898", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data4.ts|2589|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data4.ts"}, "region": {"startLine": 25894}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138588, "scanner": "gitleaks", "fingerprint": "f79f67a9d993466178713b31adec7bfbd1aa3721e00af25bdfe17aa9d999da4a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|2153|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 21531}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138587, "scanner": "gitleaks", "fingerprint": "aa1c0f5ce26898a691e0f79816663c1c608b4f30bc1e3613dcce7274e4fa89e2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data2.ts|2212|token redacted", "duplicate_count": 2, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["30b0a581eade0cb1b24f2c7105cc9426d4d680873e0fab364a194ab6ad70e551", "a7d1c40eeefc1b75455dc3c9c4052760604b5f600bf15e1ae8bf2765855a4a52", "aa1c0f5ce26898a691e0f79816663c1c608b4f30bc1e3613dcce7274e4fa89e2"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data2.ts"}, "region": {"startLine": 22125}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138586, "scanner": "gitleaks", "fingerprint": "4dba202de9f0c999d53efd53928cd3a2d862f176363a1e171120eb7f5c7f3a55", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data1.ts|2465|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data1.ts"}, "region": {"startLine": 24660}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138585, "scanner": "gitleaks", "fingerprint": "aa14d9019a6fe4f5500bb24b8addbc3e21a9ab48dd2b9499fc9f2a4b2adecbeb", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data4.ts|2332|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data4.ts"}, "region": {"startLine": 23329}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138584, "scanner": "gitleaks", "fingerprint": "e084dd9ef5e59db52fa8078ac40a7a4ba43ecf47d18aed23994b7fd0d84d9c08", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data2.ts|2007|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data2.ts"}, "region": {"startLine": 20080}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138583, "scanner": "gitleaks", "fingerprint": "16ea9119e777259a4a49b2fbbd162960a4555226e94aeff2492a8d6c59d43b70", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|1809|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 18099}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138582, "scanner": "gitleaks", "fingerprint": "a12e42cadf659535f6dadcf002f3d4deba01502d8e0807f87ae3a3367a421150", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|1807|token redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["29f2f13455cf5f5ccd9c4e0e5b917c6dc0dbc6e418beb81da6169c7224b57061", "a12e42cadf659535f6dadcf002f3d4deba01502d8e0807f87ae3a3367a421150"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 18076}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138581, "scanner": "gitleaks", "fingerprint": "5541f8370fefd25873e00db8057c05c4e47cfb41c39e6f45a4a3a72a68e9a8a2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data4.ts|1673|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data4.ts"}, "region": {"startLine": 16734}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138580, "scanner": "gitleaks", "fingerprint": "264a13daf0f6ba040fc21bb5d34667e04eaa933c8d9e0ba9f3e0bdf24a06a2cf", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data4.ts|1655|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data4.ts"}, "region": {"startLine": 16557}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138579, "scanner": "gitleaks", "fingerprint": "2660a475a986711f17dfd321397f5858dd35b7fdabd893c40073f7284f748f99", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data2.ts|1409|token redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["06ab38eb054588189f40828386cb3fc7f35ed4252ed92a0c810ab57a7fd5183d", "2660a475a986711f17dfd321397f5858dd35b7fdabd893c40073f7284f748f99"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data2.ts"}, "region": {"startLine": 14098}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138578, "scanner": "gitleaks", "fingerprint": "6048d06d2d18772daa8b2d32059734031514cd2f30c478a50f03b7018ee6ba4e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|1384|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 13845}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138577, "scanner": "gitleaks", "fingerprint": "a57eb2cd61887562cd2b339aaa81cf8424732cd947e559ff3c8a2925e17f69b0", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data1.ts|1443|token redacted", "duplicate_count": 2, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["7ca9041a5a0166b3b8b937a558f9e21e3e8065cd1b4520f6c9621d15129af631", "a57eb2cd61887562cd2b339aaa81cf8424732cd947e559ff3c8a2925e17f69b0", "e8cfc03f68cd1eec12ee9251cfeec55352c4365d1b5f332fa62e5e6d9348343e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data1.ts"}, "region": {"startLine": 14431}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138576, "scanner": "gitleaks", "fingerprint": "cdf723e2dad60cdd7130c6484732f22c90c987738afdc997cb1e0bcd4c6a8867", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data1.ts|1442|token redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["b92899cb4ca49e373db91f85b7103636da6fe47efb6d9a078cd674a715d1d402", "cdf723e2dad60cdd7130c6484732f22c90c987738afdc997cb1e0bcd4c6a8867"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data1.ts"}, "region": {"startLine": 14429}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138575, "scanner": "gitleaks", "fingerprint": "80fd2d30a9a408b07bd85d8198b99ef901c29edde1f0160e75a1b665958ff777", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|1286|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 12867}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138574, "scanner": "gitleaks", "fingerprint": "b53f8c8687e34df780f7ce07873f983c4f3811a3d7d47418238772a971f8011e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data5.ts|1416|token redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["b53f8c8687e34df780f7ce07873f983c4f3811a3d7d47418238772a971f8011e", "e455cac6945acac3314477f3175d7d5c493cb8583f95755622746f34cb81c646"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data5.ts"}, "region": {"startLine": 14161}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138573, "scanner": "gitleaks", "fingerprint": "129b75da9a35c78ba1435eb59b858dd702dad157924af979b73e66a2405504f3", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data5.ts|1415|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data5.ts"}, "region": {"startLine": 14160}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138572, "scanner": "gitleaks", "fingerprint": "a9ae788e17a449a892b87a6aad3dc49a51a1a4b59f6a6cf9cbddb33f94ad3e04", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data2.ts|902|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data2.ts"}, "region": {"startLine": 9029}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138571, "scanner": "gitleaks", "fingerprint": "2a4c53f49a8fdfb2ade977700baef00de470cb0f5fde482cd464348622d7a662", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data4.ts|946|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data4.ts"}, "region": {"startLine": 9464}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138570, "scanner": "gitleaks", "fingerprint": "0fe1af56ec72d121764875a682a6a2f63c29a2b4c31f0ccff3d5ada58a46e812", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data4.ts|915|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data4.ts"}, "region": {"startLine": 9151}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138569, "scanner": "gitleaks", "fingerprint": "ab574df321a5ed241328d6ea69a51059471572220cec615ddcb6853cf4b1b88a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data5.ts|1101|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data5.ts"}, "region": {"startLine": 11017}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138568, "scanner": "gitleaks", "fingerprint": "5595a2e332e6b10dc4d5d68e0975d0282ee57441a67458bb8f14349718e1fd3c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data1.ts|1005|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data1.ts"}, "region": {"startLine": 10059}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138567, "scanner": "gitleaks", "fingerprint": "ada00f73cb30c5539717f11436ead3addd03c2a95f2a4da8cbd333a9d8d33436", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data4.ts|817|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data4.ts"}, "region": {"startLine": 8178}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138566, "scanner": "gitleaks", "fingerprint": "17bbd17edffad3964b5211b0cd2fe2300ea3fda7f25f8d0f4a32321b31ec8e3a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data2.ts|800|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data2.ts"}, "region": {"startLine": 8006}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138565, "scanner": "gitleaks", "fingerprint": "676f56aeee7b7167fd7d8613aad39f712ea43cf2203cff90672bc0c983032bd1", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "secret:<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data2.ts|687|secret: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data2.ts"}, "region": {"startLine": 6877}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138564, "scanner": "gitleaks", "fingerprint": "fef2be3f251cfa6e52dc92b6eb73bd29b97529f0ec6284633616216537a73d2b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data4.ts|623|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data4.ts"}, "region": {"startLine": 6232}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138563, "scanner": "gitleaks", "fingerprint": "3f9685767a55ffca7925b7802fbd4d0f3ac0519aa9bd5b62d5e7a5a92b49d093", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data2.ts|564|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data2.ts"}, "region": {"startLine": 5646}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138562, "scanner": "gitleaks", "fingerprint": "8870031dc8cf513d0ecaf3c13450547748f69d53cd06f434cfbf0f1786f97409", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "secret:<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|805|secret: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 8060}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138561, "scanner": "gitleaks", "fingerprint": "97a9b28e6f299110a662dbcf69dd5c5d5e6fb6bd94cbd94ccc7a894be5d5e6dd", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data4.ts|551|token redacted", "duplicate_count": 2, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["3cd1c444566b11c41da0fb223d60a55895400ad258ea30eb9d36aef12bf3950e", "97a9b28e6f299110a662dbcf69dd5c5d5e6fb6bd94cbd94ccc7a894be5d5e6dd", "c3e6188dd9886bcc1e6757675ad1c6f00285a64b2a3d13897cc4fb43d53bdc0f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data4.ts"}, "region": {"startLine": 5518}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138560, "scanner": "gitleaks", "fingerprint": "aa491fe14c3fc17cee120797430f08c56a1c4402a403511c69f0b5dcffea1db7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data4.ts|525|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data4.ts"}, "region": {"startLine": 5252}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138559, "scanner": "gitleaks", "fingerprint": "57ccd8397baba77634bf119c147d3a6687926f659be6e19a83abb018e3c4ee41", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data1.ts|582|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data1.ts"}, "region": {"startLine": 5826}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138558, "scanner": "gitleaks", "fingerprint": "35b470bbc902d7d360dba51130e4652f7ca7389ab5024243235b3d7964b0bfbb", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "secret:<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data2.ts|199|secret: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data2.ts"}, "region": {"startLine": 1991}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138557, "scanner": "gitleaks", "fingerprint": "c63dd5f2c93f33d591d9ae33c13017a8ea646734091e75979be5c1bfdbe5baf7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data2.ts|189|token redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["c50226669e360dbe8693ef77158eca4178866f3a2186ecc793b6fb8f7b2268af", "c63dd5f2c93f33d591d9ae33c13017a8ea646734091e75979be5c1bfdbe5baf7"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data2.ts"}, "region": {"startLine": 1891}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138556, "scanner": "gitleaks", "fingerprint": "ad1f74333623a3390bc4b6a64df9d00102e13e646bb5dbc5682359ef4466da6b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data2.ts|138|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data2.ts"}, "region": {"startLine": 1390}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138555, "scanner": "gitleaks", "fingerprint": "65f9c779a2f78bee4e915376bb08b68cbd94d8e39532b141429cf13498f046a6", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data4.ts|394|token redacted", "duplicate_count": 2, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["65f9c779a2f78bee4e915376bb08b68cbd94d8e39532b141429cf13498f046a6", "7a7f2a90cc82c99ac37fb5f5e54e2a576332fb46f620ef077abb46aeca2071b8", "e32d6752ea0e1c4719a928b806f7ce2004300a8ca69bf9754abe252f3c37421e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data4.ts"}, "region": {"startLine": 3947}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138554, "scanner": "gitleaks", "fingerprint": "96f154183a9a01ea79226081e23e5d2e90035208434cebecffa2841845257927", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data5.ts|197|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data5.ts"}, "region": {"startLine": 1979}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138553, "scanner": "gitleaks", "fingerprint": "4031db45c2e19fc31c41cdc21d282131b4b1adcbb758a47dcb0577568e4214e7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data5.ts|190|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data5.ts"}, "region": {"startLine": 1903}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138552, "scanner": "gitleaks", "fingerprint": "e30276fda9940a723b947195ea3ffa4307990557168daadc4746c8335c9078c8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|418|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 4181}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138551, "scanner": "gitleaks", "fingerprint": "53d802ade03947a8fdc6a73646956f0a6c67364f16141f51e241d96b3f5ff06e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|417|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 4180}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138550, "scanner": "gitleaks", "fingerprint": "6c628eb416552553d5e921973730ea47550aa7990b9862fb9d1c032ddf8f6d09", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data6.ts|173|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data6.ts"}, "region": {"startLine": 1737}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138549, "scanner": "gitleaks", "fingerprint": "a0012d9071832bf9441ba31479d8d903cc91086b2170d3dd29748eb146353a61", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|385|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 3859}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138548, "scanner": "gitleaks", "fingerprint": "8779b6bf6f82c6b6057f6e323b89af6e981f798be89f65b7eae3c459497a05bb", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token=<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|defi/src/protocols/data3.ts|354|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/protocols/data3.ts"}, "region": {"startLine": 3546}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138547, "scanner": "gitleaks", "fingerprint": "5296abffa66f08753a88075934e64a1b52bbad003169b32c6a9b0af945fd82ef", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "storeKey: 'REDACTED'", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|60|storekey: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/api2/cron-task/dimensions.ts"}, "region": {"startLine": 610}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138546, "scanner": "gitleaks", "fingerprint": "6a3932c24795f11a087a49548de1a87951eb8b0fbe3cb39d2222a5f4d6acdc29", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tokenAddress === 'REDACTED'", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|9|tokenaddress redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/proof-of-reserves/adapters/universal-bridge/tokens.ts"}, "region": {"startLine": 95}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138545, "scanner": "gitleaks", "fingerprint": "ed7614f4a885c78bb3ba938dae99e1933514572ee3de535e6f271574ea21bdf9", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|88|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 890}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138544, "scanner": "gitleaks", "fingerprint": "e44c51231a089464604ffb2b32525482e842ed1b97925b9a5dcd98607924c27e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|88|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 887}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138543, "scanner": "gitleaks", "fingerprint": "df496b6dbbb6bf89790ba9065848e897fad2e6fc533833e0cd1fb1e58974174c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|88|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 885}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138542, "scanner": "gitleaks", "fingerprint": "4f0930b5da8acc453837d15a8734d29377f444fe4427369d36dc6580d5d6ac43", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|87|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 878}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138541, "scanner": "gitleaks", "fingerprint": "df430dc5187862c4cfe74b0f8585110eea3740a02076489cffc08705d93c7487", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|87|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 875}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138540, "scanner": "gitleaks", "fingerprint": "6aa8f452bef55d93d40e42797df34597d234a23105737ae10a23117c1d718480", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|87|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 873}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138539, "scanner": "gitleaks", "fingerprint": "d157490057fb2b4dfd3496320b07cdf6ead3e8c36a26f04498c45eb29766f3cf", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l1CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|86|l1canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 865}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138538, "scanner": "gitleaks", "fingerprint": "cc1e7560b3ddbbe0989f16941f05e0a2df79950705ed8e8d0113455ae4ff0cb7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|85|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 859}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138537, "scanner": "gitleaks", "fingerprint": "aadabab4e81b7efbec207d23f9f52bcaf120736979c74664b8536d97c816be8c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|85|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 856}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138536, "scanner": "gitleaks", "fingerprint": "02fe77de744ab1f9bbb39ed7e2128c606e71a92c6737dca154bca174912366a8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|85|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 854}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138535, "scanner": "gitleaks", "fingerprint": "b0c65d0c6608163017f846045ad0421f06de37df9617a3d484fa1874f68494d7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|84|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 847}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138534, "scanner": "gitleaks", "fingerprint": "11cd5cd6d80e2e74ed1e5785dd12a9960eaa6fad832de488a28f5dee2c4ea833", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|84|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 844}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138533, "scanner": "gitleaks", "fingerprint": "ef98526e4cedbd6b7da578c256ca82699e5cae6bf5c18369457c5c334389ad22", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|84|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 842}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138532, "scanner": "gitleaks", "fingerprint": "cd0e6a97b121bb194b051ebace79edeb21017504435b4c683dc72554455afdec", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l1CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|83|l1canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 834}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138531, "scanner": "gitleaks", "fingerprint": "650fbce2222468d9084eeb588be5174c02bbdb2196a6ba08f44f154717e80579", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|82|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 828}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138530, "scanner": "gitleaks", "fingerprint": "84a961074da99e00e5e6c0638c4e04ff36fbd2b1f1fa3eb019a5edca18ceb3e7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|82|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 825}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138529, "scanner": "gitleaks", "fingerprint": "2a3d7daa54c906e87fe086b899565e3110e963ee4d1246245c0e1421d86e335a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|82|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 823}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138528, "scanner": "gitleaks", "fingerprint": "b302e4e3228a255f5e7ef9896381bf339595a892baf04821695d2ed62a7f0f9b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l1CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|81|l1canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 815}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138527, "scanner": "gitleaks", "fingerprint": "191e078634bd2e15f3f3605e24ea1c8e69f9579f9ce0ef422b907dca6751357e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|80|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 809}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138526, "scanner": "gitleaks", "fingerprint": "23f2d4b7a33ce625033ea27ec89801e32746a58ee0862cb119da6b3a838504d2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|80|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 806}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138525, "scanner": "gitleaks", "fingerprint": "b5b5fffac1f1c2a8f9e42e8474091c42376b6022ba429373eafce27f0a7f631e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|80|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 804}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138524, "scanner": "gitleaks", "fingerprint": "e554f0aecfa3c68000f9a53be933f04e5143a95825914cf7a28df76f152c3fe3", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l1CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|79|l1canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 796}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138523, "scanner": "gitleaks", "fingerprint": "dff08e8d50b5e26258766f388c7f0cd5a93602cd9ed3ee8cff7eed2209df7f22", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|78|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 787}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138522, "scanner": "gitleaks", "fingerprint": "f7844ad8f4f055d98f91d1ee12c849428ecf56cd4eaa86889e81bba3da3fd349", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|78|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 785}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138521, "scanner": "gitleaks", "fingerprint": "a007274aa469cfeb2a4acfff08cc92783977dde713b4c1ed50b95a00ea8a503d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|77|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 775}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138520, "scanner": "gitleaks", "fingerprint": "f63f42d696c3224a1ffde17953beb7b16a2181a1c50b0eb2b753322a5d493341", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|77|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 773}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138519, "scanner": "gitleaks", "fingerprint": "d084e5b13c7ab2e0af32daa03da47c29093d649b39a423f69b550396a95763ca", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|76|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 763}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138518, "scanner": "gitleaks", "fingerprint": "923c2cee7f4438abfe832e818f9c4d27c0a68a8fdd5aeb3e8626517759329bf2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|76|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 761}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138517, "scanner": "gitleaks", "fingerprint": "87a2aa2b5b00493261259b2d86bf30b37f8acb0c2505bddc21be350866985e9d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|75|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 751}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138516, "scanner": "gitleaks", "fingerprint": "07bf54e790bd89396d9a741abcf67d8f980b8b1e60e5bc605c4b3f2e85251ff2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|74|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 749}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138515, "scanner": "gitleaks", "fingerprint": "a47cc7344ef9d42156246c1ef6ec82254f762a05a949811e0f13ba6f7e75e63f", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|73|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 735}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138514, "scanner": "gitleaks", "fingerprint": "cdbd601fb6ce386e87962d24dda427008bb77da856a53753630e63cb34d67021", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|73|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 733}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138513, "scanner": "gitleaks", "fingerprint": "8e9a8ae0c849ab1be4be1fabc529398757f74125bebea48eea2e7a458e07a3d6", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|72|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 721}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138512, "scanner": "gitleaks", "fingerprint": "6accace4d2ee3e0d3f76697300ad0b7455d37bb56d03e7df5cedc5f6c2aadf96", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|71|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 719}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138511, "scanner": "gitleaks", "fingerprint": "435a4fc21cb3bf482372f3995172d2c75f6e4e4ad168fc4b6e926e9eaf94cfc2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l1CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|71|l1canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 711}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138510, "scanner": "gitleaks", "fingerprint": "2e631f1897b9e32d40988d7eb6f41fa808e889a83141f8f98d174239351904db", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|70|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 705}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138509, "scanner": "gitleaks", "fingerprint": "df0d7797fdd54fa0d766c1ee902dd16879c44eb0516c960418d325fcfe4c62a5", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|70|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 702}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138508, "scanner": "gitleaks", "fingerprint": "7cd21b004f7f6243ba20b8946aac793564ccf5951df8c1c4a2db4224aa9984a0", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|69|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 693}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138507, "scanner": "gitleaks", "fingerprint": "b3da5fe9dfa9ef32779024907651c2e5f4878905371c4ca91f9829f4557de7fe", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|68|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 690}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138506, "scanner": "gitleaks", "fingerprint": "c8f41122d63f046de7639119bc69d56a2cc05ea3894893347f2bd8821adebad8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|68|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 688}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138505, "scanner": "gitleaks", "fingerprint": "795ac22804ff60b749f829ebab338e39484cf33d65b0173e9d3478fae31e9b35", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|68|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 681}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138504, "scanner": "gitleaks", "fingerprint": "3b1b9f890ef60ff61e61d1f849e2794288361f384be2f52b134057b65424dd3c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|67|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 678}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138503, "scanner": "gitleaks", "fingerprint": "6ea0fa1b866019ec0636b873624626af233873fdd1194bb675e99ccccd751d7e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|67|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 676}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138502, "scanner": "gitleaks", "fingerprint": "820bb2608394d12988eef442ba10d687421b286b1a3c1b4426d08b8a38b5d77d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|66|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 669}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138501, "scanner": "gitleaks", "fingerprint": "5a9410149e384713ba4bc44316c9492d8a392ca0f3452bbad6b18bd49824f2a7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|66|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 666}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138500, "scanner": "gitleaks", "fingerprint": "f243c33596bc8bdd213b0cb507ffec626a9b97d90100710f4a833b38be5ed21d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|65|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 653}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138499, "scanner": "gitleaks", "fingerprint": "8404e28374fd8502842d33b5590056ebb6fe4a4b1ec102c46b0e7d07c84555f3", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|64|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 650}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138498, "scanner": "gitleaks", "fingerprint": "fd4b94b7735c40ede6883e391bbaea359af4b84eec7d145bd8d6be3b5b71dc96", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|64|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 648}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138497, "scanner": "gitleaks", "fingerprint": "e64a9a06a4fe98f823ea2fbf22e08a8bf0abd6fd132068099f0fdaa8a64b0a06", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|63|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 639}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138496, "scanner": "gitleaks", "fingerprint": "41bbdb134ece438487e50503148d6c09a6f98f1e359bd16c0cbdfd9b7616c89b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|63|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 636}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138495, "scanner": "gitleaks", "fingerprint": "e5d41fca77eb8f9e83e20404a7f571d0d6c892940187013e9f171403a9dfc51f", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|63|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 634}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138494, "scanner": "gitleaks", "fingerprint": "7bee14594b9415bdb5568a710b3eb81ffab3f2cd9dce9e2d86c291bace6a4fce", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|61|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 620}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138493, "scanner": "gitleaks", "fingerprint": "5b7c1f01869be0a4304a45d6338ee7cada32353b3a809697f421460446767e1b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|61|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 617}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138492, "scanner": "gitleaks", "fingerprint": "d33b0b44d621a0901b1cdddd68beaa5386a96cc55fc3b29ecbd151562773560e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|61|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 615}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138491, "scanner": "gitleaks", "fingerprint": "a5a85306d4a7945f48a47200da5a0812c2acc4acac6db470d03283cdb8e2622a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|60|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 608}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138490, "scanner": "gitleaks", "fingerprint": "abd001ad5e4e3cde9338f4add7f11c0cbb1566dd59fe0a5221e664b3ec076d1e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|60|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 605}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138489, "scanner": "gitleaks", "fingerprint": "e524ae293576eee13d381dd93ed70eaf5b23bf7bc86b3235b64a293e7d21e707", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|60|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 603}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138488, "scanner": "gitleaks", "fingerprint": "9e069833c9c02ed5b63b3d1363d564703f0edbfb7993718d216f0d588a7fda1c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|59|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 592}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138487, "scanner": "gitleaks", "fingerprint": "2e56d2946b27a8e176104fb658672a3f8b54f3ff4f055026b6edaa2b7f775faa", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|58|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 589}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138486, "scanner": "gitleaks", "fingerprint": "ebc4f0446ee431c5f893e698b24657cfcf1709e745cb047d1a2b227f4d01f286", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|58|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 587}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138485, "scanner": "gitleaks", "fingerprint": "579cd4544a02b3abf0bb6891b6f8e3bd618d0560c7365f22cf4c4c8588761422", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|57|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 578}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138484, "scanner": "gitleaks", "fingerprint": "20711f2cdf50504f35a352486f3f713cb39a5735eea5e3dba4f0e70173634d11", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|57|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 575}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138483, "scanner": "gitleaks", "fingerprint": "a38066ec3f0acb1cb4434f88863c557db2bea244f7eef242b4cd382bd2a77f46", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|57|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 573}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138482, "scanner": "gitleaks", "fingerprint": "6de80b50c6ba0e92bb79f955e738399ca8282312affe074510637ce83e4ceefb", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l1CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|56|l1canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 565}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138481, "scanner": "gitleaks", "fingerprint": "a4afdb9e6d6f83215d8a69696551150d3fa8d13c4a378b20e25b0d70f9920137", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|55|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 555}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138480, "scanner": "gitleaks", "fingerprint": "d6a78ebb05a2d221911e37367380345ccc7118867920b8a5203d60c1c0077b54", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|55|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 552}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138479, "scanner": "gitleaks", "fingerprint": "befd9367af67ad3802b74e15e26ca9f1cb92e5f51609be508c222dd00d5941a0", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|54|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 550}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138478, "scanner": "gitleaks", "fingerprint": "5c6cb6e8d8709852a7f4318f093e551de3128735a8073401028636d8c07f5148", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|54|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 541}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138477, "scanner": "gitleaks", "fingerprint": "60267872db963f61053dab38417f55461fac248af8d87a2066609dba8370504b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|53|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 538}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138476, "scanner": "gitleaks", "fingerprint": "c79efa63a8b68e0a0efaaad34c2adb13b51923f120c194c51b568bec47a10327", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|53|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 536}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138475, "scanner": "gitleaks", "fingerprint": "d7db1d9e9e5b9c52014d23de6a9d914463606e5fe8cd9d7ca4dfe22d0f59bd1b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l1CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|52|l1canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 528}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138474, "scanner": "gitleaks", "fingerprint": "871bd98b4a9c41cc32b4a3a59dc787cd42a2bdfed5db1f215912373b8bc2d196", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|52|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 522}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138473, "scanner": "gitleaks", "fingerprint": "1b762de43bdc81f376693b240d3ee959ca67b12aec732178908a3e1361ca506d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|51|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 519}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138472, "scanner": "gitleaks", "fingerprint": "8a1f0f8e91705fc4852a2ffb2e68e1b34165fb0f8528696553d0fd3ae5bec00d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|51|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 517}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138471, "scanner": "gitleaks", "fingerprint": "eeaf4da0790ce57873f870a28f25d75b7e9d0db172785bb77767b8b2fb5157e1", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|50|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 510}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138470, "scanner": "gitleaks", "fingerprint": "0bb1fcc7e5934f4b0879d71c23c8b7023ba2d5ca521b02320756dac9eccbcd14", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|50|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 507}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138469, "scanner": "gitleaks", "fingerprint": "9fa3883f4fa2bfc9d892b800ac52e31a5e26f82c7cdcf7ca250da5207cfa92f0", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|50|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 505}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138468, "scanner": "gitleaks", "fingerprint": "4ae48c323f6a32cf34de6dcd3e877c835beb45087184fb71d722411aa1a18f53", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|49|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 494}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138467, "scanner": "gitleaks", "fingerprint": "91c32b8ee8478e298899ef1e77743c84f4c5dfc2ab922368fa23ce75c30ddaae", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|49|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 491}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138466, "scanner": "gitleaks", "fingerprint": "d33d2927d95bb070c1cb735a9856fa59797b852e626a87375ef3fea936042048", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|48|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 489}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138465, "scanner": "gitleaks", "fingerprint": "a542802bf9aeb1b95f6e9dc33f8c3aa16b2a74ed4fdf6a637d8831cb1ed150be", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|47|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 480}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138464, "scanner": "gitleaks", "fingerprint": "188ef7e570031920833dee67660684d29137040ddc37519c6435a0f6bfcd219a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|47|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 477}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138463, "scanner": "gitleaks", "fingerprint": "6fd27bcc529d9e036430265cd4855960816128f37c8eba7cb0be9a1479145528", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|47|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 475}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138462, "scanner": "gitleaks", "fingerprint": "d95c4f2f4d2a6e0f73201f4d338930340c71fa56778bbc7ca0e81935c99e3c61", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l1CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|46|l1canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 467}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138461, "scanner": "gitleaks", "fingerprint": "3563f4187e31aacaac4bedb69e848e5fc2b82673ae7c8b4e6e6468ea465005c6", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|46|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 461}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138460, "scanner": "gitleaks", "fingerprint": "de234d0a4ddf7462a0e63e4d6d87f131bfe836b7aa1e7e7b45f90e8e033bce0a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|45|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 458}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138459, "scanner": "gitleaks", "fingerprint": "9b7a7ad2b77e4cf3df55d8ba185f930d358b1d583486d2f337457c65695f4031", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|45|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 456}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138458, "scanner": "gitleaks", "fingerprint": "e21b0fc0407923aaafd14154f9426ba0f067c6f4e496032069fa69d1ae1ff1e3", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|44|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 449}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138457, "scanner": "gitleaks", "fingerprint": "36b6af421133305a9d0d6fa9fe2b136ce9ee1696721e9e18dd54c680269717ee", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|44|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 446}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138456, "scanner": "gitleaks", "fingerprint": "89b3d1ae6e8f147a19d35a17bf7d8e3343db5f2414bb4cfdf221803339205967", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|44|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 444}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138455, "scanner": "gitleaks", "fingerprint": "55fe86efde446340d6a0d6ebe7333a72f71731e967424e3389f6dd22aed396e9", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|43|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 437}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138454, "scanner": "gitleaks", "fingerprint": "41432afdcdf26a7f73b747c70f67ba786f50278f83aa3924056a20a45b001be7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|43|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 434}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138453, "scanner": "gitleaks", "fingerprint": "89863f253f57787d10d0f144acce10c1a1d92d5646ea6852d246e2d4e0c2f202", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|43|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 432}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138452, "scanner": "gitleaks", "fingerprint": "1b26398a7c311e9206acff21736c857e27082df8bc100dd136f0a5645f464bfd", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|42|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 421}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138451, "scanner": "gitleaks", "fingerprint": "93ec21f9888c1b20f41b0c77a9ee58a16f303d9df86eaf1c58e4f20c8d000969", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|41|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 418}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138450, "scanner": "gitleaks", "fingerprint": "4391d311b9a3401aea66b07743c628b3e7ed31198e7798288e3969823310d50b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|41|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 416}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138449, "scanner": "gitleaks", "fingerprint": "5e8478f54cd9ec3d81b17bd37826d34f54144208a9b30bdbca1e5535313b031a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2SaddleLpToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|40|l2saddlelptoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 407}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138448, "scanner": "gitleaks", "fingerprint": "80dd41a406d15d7756f155d453e4b45519ded8f357a4800dd665ebbf1fd95da8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2HopBridgeToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|40|l2hopbridgetoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 404}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138447, "scanner": "gitleaks", "fingerprint": "b309d87208ba0968404b8366c1a22282b5d35375f14000fe142241f2b667c88c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l2CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|40|l2canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 402}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138446, "scanner": "gitleaks", "fingerprint": "f18d83bd713fa4362b1a7cf34577cf0832d012ef03168fa8d6d4097fff244252", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "l1CanonicalToken\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|39|l1canonicaltoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/hop/addresses.json"}, "region": {"startLine": 394}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138445, "scanner": "gitleaks", "fingerprint": "e118b236580e9312c5ade9d162495317daf3fb0582d2e16da1426ba987eb94c1", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tokenBMint: \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|11|tokenbmint: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/solana/saber/index.ts"}, "region": {"startLine": 117}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138444, "scanner": "gitleaks", "fingerprint": "e5fb74f2cc7193ca67299c3cb9b2b0fd81cb98b4b1bbe761b9ecf0adcfb92d32", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tokenBMint: \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|10|tokenbmint: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/solana/saber/index.ts"}, "region": {"startLine": 107}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138443, "scanner": "gitleaks", "fingerprint": "aa0802613fced6636a3c3e1bb2fc94c18b307a53e032abe3a160d3026768d59a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "keyrockUSDC\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|15|keyrockusdc : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/yield/misc4626/tokens.json"}, "region": {"startLine": 158}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138442, "scanner": "gitleaks", "fingerprint": "aa18b6d6f8d4acc1aceb30c44306c496a7e4ab456dc51ac3128266b7bcff8b13", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|23|token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/index.ts"}, "region": {"startLine": 240}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138441, "scanner": "gitleaks", "fingerprint": "4dd8d7549e86dc210e3b92a0927e0e3b354800313bb8d379afa89a17d67674f2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token = '<redacted>'", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|11|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/yield/yield-protocol/yield-protocol.ts"}, "region": {"startLine": 117}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138440, "scanner": "gitleaks", "fingerprint": "825094cfca654a498ff8cd22b5d707b27e42ae56aaf9edae045b793afb9a6055", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token = '<redacted>'", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|10|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/yield/yield-protocol/yield-protocol.ts"}, "region": {"startLine": 102}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138439, "scanner": "gitleaks", "fingerprint": "9dca204aec4c40a338cabf96c9b2c538c8143199d202e57212b264efb8ac0c38", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token1: \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|token1: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/yield/fxsp.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138438, "scanner": "gitleaks", "fingerprint": "582dba73a4d66935fde4f3944c5a08ecefbdb30dfd8d8fab51ec2bd5631e7b15", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token0: \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|token0: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/yield/fxsp.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138437, "scanner": "gitleaks", "fingerprint": "3424af4cd9e69abdd55db3a6a4b49eae7750bcda7a75e48c66e44f0da76bf003", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "xaueToken = \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|xauetoken redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/xaue.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138436, "scanner": "gitleaks", "fingerprint": "f2d12c1ccff5f17af3e1b3328f5d2ce393145203810aaa80dd761f0492f40566", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "quoteToken: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|quotetoken: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["b744c0e7900731ce9d48a553570a4a80ffe93845c7bc8c5b2af9658f858d013b", "f2d12c1ccff5f17af3e1b3328f5d2ce393145203810aaa80dd761f0492f40566"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/dinari.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138435, "scanner": "gitleaks", "fingerprint": "04492c6d81e9c5aaa003b2e4144a294f7e7fdd5e902b2fd08ae0ff393e6209eb", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "quoteToken: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|2|quotetoken: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/dinari.ts"}, "region": {"startLine": 28}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138434, "scanner": "gitleaks", "fingerprint": "df7ca0588877b57a7c9c2f5ca89dfe6d46ae9e9d408d6bc4a002fd956d1d3ed3", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "quoteToken: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|quotetoken: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["df7ca0588877b57a7c9c2f5ca89dfe6d46ae9e9d408d6bc4a002fd956d1d3ed3", "f93c79e8eb1b33e7f43218f4aa07f30bbe8a1a1114fddae0bb4e1f9b933f4216"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/dinari.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138433, "scanner": "gitleaks", "fingerprint": "be1cc46f425e524d23b24af2853d55b648c0b353f89d7fed59ccc92863334f2f", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|22|token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 224}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138432, "scanner": "gitleaks", "fingerprint": "bb9603b53b54eb6654c84c17328da40ec3f55c244677bf103b0c8f881af0554a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: '<redacted>'", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|21|token: redacted", "duplicate_count": 2, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["51a76cf3fba4eef38cfd105c78dc3f8b6da30b97c73da95da62dcf5b2c408c33", "73525f28661ed5f8630a1ea40e52226d969c27217d6dae1651cabf1c950c666d", "bb9603b53b54eb6654c84c17328da40ec3f55c244677bf103b0c8f881af0554a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 213}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138431, "scanner": "gitleaks", "fingerprint": "ffa0860ad97a5857604fcc5e0fb7343c006a4f248f2a32b157d0eae2e3f33b59", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|20|token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 207}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138430, "scanner": "gitleaks", "fingerprint": "12ff7a4c22a75c3a7d9f6469053491158b02a89bec2342f0cb0d4566f64f7ed5", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|19|token: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["12ff7a4c22a75c3a7d9f6469053491158b02a89bec2342f0cb0d4566f64f7ed5", "8fc57f022efb6bc1e88e3ca3706621be428aefead607b5571e19b4fd535fa621"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 192}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138429, "scanner": "gitleaks", "fingerprint": "67f9723835593df592cfc0b241a29efa4f5e1d0e6a13970bcc27377451c216b2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|18|token: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["3b9b5ce2c6896fb8a159633c6201b55fbecbd0dcd09f41524e4c121a54ef967a", "67f9723835593df592cfc0b241a29efa4f5e1d0e6a13970bcc27377451c216b2"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 182}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138428, "scanner": "gitleaks", "fingerprint": "3ab8eca052ec3fe5cb8a868e7e6c8df1948b876223dcdfa70acb3e8af3ccd1a4", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|17|token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 177}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138427, "scanner": "gitleaks", "fingerprint": "edeb2803859d52a9ca8278211c5524b6de9756c2144a42c66d1d7de8d9d27640", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|16|token: redacted", "duplicate_count": 5, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["2a6661c2f033ce5f61c4e67ccbf32c275b2c64118f32bb59a3b68b46390efe7c", "47d265bc2bffaa3313ade664f3187631300996a8d865f7a84df90393071607c7", "a10a036859de91384ce63da1438d9592991111683bebafa3e15f76230ebdbb68", "eab0bc6e8e38e12ef043a17cbfae4d358247c47dcf33a0db6568a89a61629a88", "edeb2803859d52a9ca8278211c5524b6de9756c2144a42c66d1d7de8d9d27640", "f57f13f627480a8f5cd6a9532d05c82c82426f13910d101cc33893b0de6ae661"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 161}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138426, "scanner": "gitleaks", "fingerprint": "c85ea4c79539f5ec75ab90f590113e73927813448d993a8efa7a8a7f3b9ede3a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|15|token: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["83ffeb886a2257055f5ddb932da6e57a2af19c9b87812d3b754b2cf452897147", "c85ea4c79539f5ec75ab90f590113e73927813448d993a8efa7a8a7f3b9ede3a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 153}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138425, "scanner": "gitleaks", "fingerprint": "bcdb40c7361b98859c950fb0c11356746db452f2e2a30ce506844aed04af7b5c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|14|token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 148}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138424, "scanner": "gitleaks", "fingerprint": "57a35ad2f4ef09ca5d9e38684d89c22235d25f316c6cb8e10b053613c85b1c1c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|13|token: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["071e7019e6d03b01240394b4344b41eee5c75af45720a26dde9118ede9f83b5a", "57a35ad2f4ef09ca5d9e38684d89c22235d25f316c6cb8e10b053613c85b1c1c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 132}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138423, "scanner": "gitleaks", "fingerprint": "435e81c6b6f44219794408566367d34653267cc311890ce5ac1a0d6766f1b528", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|12|token: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["435e81c6b6f44219794408566367d34653267cc311890ce5ac1a0d6766f1b528", "de1978f3e52acec73036c819e7841d2f6d0544cf21b90003d2ecca5d59b79bfc"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 121}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138422, "scanner": "gitleaks", "fingerprint": "028586033ca2801305cdc3ebdf60511a184f69bee7be8749cf3e2ba24e412b18", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 4 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|11|token: redacted", "duplicate_count": 4, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["028586033ca2801305cdc3ebdf60511a184f69bee7be8749cf3e2ba24e412b18", "8a8bee92041b14012c02a922254fec577d013fbb6958e45bb98676d99f6d9738", "988680cefaeb528aaa9f8ed18d10c8d4f07e52150ea676d5926dfc5e095fedd1", "d5c66263027a5f59047d7a9f4ef4eecd0b8f21d4b9c6c82a241b9027297b0f7c", "e25d69bf458bd6b77d99ca404c1860a92592736f0dc9e938b0ebc8e1e7988fac"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 111}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138421, "scanner": "gitleaks", "fingerprint": "bfa0e18b935c3ed9b9accaf3d76a2968e7946993eec88487aec4c6c88d8de1d6", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|10|token: redacted", "duplicate_count": 3, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["6a7cbecaf7f48f6500ff68148632380f75e0e6d55e46ba162ce9e29898103567", "ae703276753369b90f7828f72a80953e5d522bace752dbab799073d9cc7ff7a5", "bfa0e18b935c3ed9b9accaf3d76a2968e7946993eec88487aec4c6c88d8de1d6", "d46c71c30a730d1df4db31a01a414bd20139d77dec9dc89c2c3fae77f618aa93"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 101}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138420, "scanner": "gitleaks", "fingerprint": "7610b4e1658c9a0cc0feb8d905bb123c26af6e457f865588188478f52df481ac", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 4 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|9|token: redacted", "duplicate_count": 4, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["0710d18bc8447627cd64358775c1eed3e478a17bc058860b705df7e9e917e917", "0f5ac0c39b3b5bf0d1900291d50e12c5833d799e1911e883ed3c15e97567be15", "7254f2f610177454767f0cf232ef9c051bfb9da8743aafe45c5baedfff90b17e", "7610b4e1658c9a0cc0feb8d905bb123c26af6e457f865588188478f52df481ac", "92cae7cf215f0d46b27e76fd99765e3bc0af1619c63edbad26ac75c9e22a6448"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 95}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138419, "scanner": "gitleaks", "fingerprint": "b1e5a29c7f35ac3705aaa8d56b751b451b343616260538a9cb313bcdc76dcc1a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|8|token: redacted", "duplicate_count": 3, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["2cf7fb492c69ed34676bcc08b2e1de1f5375a8648205d7f46266d55867844fc2", "3fc481288ae96b7d061f39ca29824d4e4b496725af889559f36bc99734399309", "b1e5a29c7f35ac3705aaa8d56b751b451b343616260538a9cb313bcdc76dcc1a", "b1e62490ee453c247c49c5cdabec7da5ba0cb8803f8a02595249eea2e21967c6"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 85}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138418, "scanner": "gitleaks", "fingerprint": "87ec7ffea1d44b5eb4b0ffb92fef0c874668e0681ee5ac16b588adac445062b3", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|7|token: redacted", "duplicate_count": 3, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["654342acd908dbb31a28115ebbe52d33ec3388452473afca4fe8cd7329bb2ca5", "87ec7ffea1d44b5eb4b0ffb92fef0c874668e0681ee5ac16b588adac445062b3", "a30f9ba01ee78282ee734dc1f1edac54ffcec934976cfcbfa4d61dd77ec372c7", "e44cb60cbef274eb791de01784d83f135618761354441f6d69381b079caf0756"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 74}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138417, "scanner": "gitleaks", "fingerprint": "6a57de5ca0847ac211f360c5907c26ef37130e73c5ed821543d98cb024bbfcdb", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|6|token: redacted", "duplicate_count": 3, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["02b37be7ec950dd134db0899b0e6f9dd7cb5d3a6bced9597867069fa4ab6cb66", "4f9f8ce5f9156f81027d469e6ed53f1b24f8c95727bf1a74bd6801440c5d662d", "6a57de5ca0847ac211f360c5907c26ef37130e73c5ed821543d98cb024bbfcdb", "b5c1611eebcd2258b2c5c30526bce46e4f4640da08323d8202b1320088cbc52e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 64}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138416, "scanner": "gitleaks", "fingerprint": "ec0d46562a981262d7b4239ea968e0b4a2c9c83163cb3ae2349941ac4e210f84", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|4|token: redacted", "duplicate_count": 2, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["3a046dd18d0df5a47daf6099d104085dbb992be94e5610ad4f3fe49c86e88c2f", "c7aa20f27dcfe7e9c81d39ab2d20d942b85b0213fb564139293a999b98a1fdda", "ec0d46562a981262d7b4239ea968e0b4a2c9c83163cb3ae2349941ac4e210f84"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/midas.ts"}, "region": {"startLine": 48}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138415, "scanner": "gitleaks", "fingerprint": "4bdd1964b493d2278087081a5199ded428dc2050429175425d71bcb43a0ce673", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "ethToken: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|7|ethtoken: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/backed.ts"}, "region": {"startLine": 71}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138414, "scanner": "gitleaks", "fingerprint": "33fdcd6c4fdf70c2ef97d5534ddc3f3918f5c4587727b85d10902141925e571a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "ethToken: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|6|ethtoken: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/backed.ts"}, "region": {"startLine": 65}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138413, "scanner": "gitleaks", "fingerprint": "2d31d37732e94bdab57be8868967e18952eb6da841d23e463131b49013e362e7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "ethToken: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|5|ethtoken: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["2d31d37732e94bdab57be8868967e18952eb6da841d23e463131b49013e362e7", "83956dd240a4ce9ae6d2f3185556852f2b24e8ec77c46117138d011ed8770f12"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/backed.ts"}, "region": {"startLine": 53}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138412, "scanner": "gitleaks", "fingerprint": "21392f3f2f0b0fa29edf0a743a0e6ab07b71f79200596af0d0f386137534f2cb", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "ethToken: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|4|ethtoken: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["141bbab172b3afc4c8dfcc858acbfdcdf9d4d1100cad38e72d4e765b95acabb3", "21392f3f2f0b0fa29edf0a743a0e6ab07b71f79200596af0d0f386137534f2cb"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/backed.ts"}, "region": {"startLine": 41}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138411, "scanner": "gitleaks", "fingerprint": "8868c8781c5a5105ca64153309ee7c715a178b248e1b8b3706ca5cf10e974f91", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "ethToken: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|ethtoken: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/backed.ts"}, "region": {"startLine": 35}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138410, "scanner": "gitleaks", "fingerprint": "82937ea512755ff30a627b9ba56d8499b20a923c47121f26c7e929c25a827da5", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "ethToken: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|2|ethtoken: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["82937ea512755ff30a627b9ba56d8499b20a923c47121f26c7e929c25a827da5", "90ba61e23ba7758078639f8210efb9011f7cea48e458e325057b9f77eeec36c5"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/backed.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138409, "scanner": "gitleaks", "fingerprint": "a9e6f4bf772df5c6d7380834d90c402b418905909e3d662ebcafdac0d1a941ac", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "ethToken: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|ethtoken: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["80014521dc387bef93dcd53082f8a7433638121db63aa0123314495e8c5af45a", "a9e6f4bf772df5c6d7380834d90c402b418905909e3d662ebcafdac0d1a941ac"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/backed.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138408, "scanner": "gitleaks", "fingerprint": "5f7b448a25612342b4f7d5264c0871794828ec852c0109ec0f7930d18d958281", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 3 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|2|token: redacted", "duplicate_count": 3, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["02e652c3ba7310b35a06bca13afc51945a78c304c7470dfe485ed5acc561e859", "4faf8b5689a56463c580fb0922d4481e0516a8d86491a66e809b5d2013301cd0", "5f7b448a25612342b4f7d5264c0871794828ec852c0109ec0f7930d18d958281", "a7428c75444a0c18b6c6ed8a312b24af4dfa168b529f622f18b18e2819d217c4"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/strato.ts"}, "region": {"startLine": 22}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138407, "scanner": "gitleaks", "fingerprint": "d2a201baa54fc33eb04030df20d235e68c408009071edbdf0fc0c5b2b6c25452", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "unknownToken =<redacted> \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|5|unknowntoken redacted redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/unknownToken.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138406, "scanner": "gitleaks", "fingerprint": "365704d005ddb671d1576475432d8224ca415e9011e383ae197f41fc2a047cb7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token = \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|27|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/others2.ts"}, "region": {"startLine": 278}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138405, "scanner": "gitleaks", "fingerprint": "291d91115992663f0a8be603caa0b7c479b8859638b3e86421d15b7a35f7c63d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token = \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|26|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/others2.ts"}, "region": {"startLine": 263}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138404, "scanner": "gitleaks", "fingerprint": "1185ff3eb3320d0c4c05a87f9f25bc482096788398882cd715ad8f351c18ff2b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token = \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|24|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/others2.ts"}, "region": {"startLine": 248}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138403, "scanner": "gitleaks", "fingerprint": "0da33f76f509aeb98877c747e0eb84f6ea5750ed93d0bda6d777e4319e5656ef", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token = \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|23|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/others2.ts"}, "region": {"startLine": 233}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138402, "scanner": "gitleaks", "fingerprint": "e6dffb62dd52ed7172ecb5c47a77099eb6e2783bef98ef469aa492ff872b28ac", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tapioPool = 'REDACTED'", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|16|tapiopool redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/others2.ts"}, "region": {"startLine": 163}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138401, "scanner": "gitleaks", "fingerprint": "088693e0625842932fea53ef4961feebd51978158d59da983b02902132a67154", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token = '<redacted>'", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|16|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/others2.ts"}, "region": {"startLine": 162}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138400, "scanner": "gitleaks", "fingerprint": "65f299f0b9a9c184b9f7fe0230b845db98e9587166f6d071b4f7d092289f92e6", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tokenAccount: 'REDACTED'", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|tokenaccount: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/others2.ts"}, "region": {"startLine": 17}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138399, "scanner": "gitleaks", "fingerprint": "487dbeb71ddea3eed122662c4ee79de82692eca9d85171cb33f2fcdf0ac73f10", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 5 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|5|token: redacted", "duplicate_count": 5, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["0c45862a572bf4cd5a35fb4002129f019e2a5929de2aca5809c6491e5172431a", "0dc2b10bf9e7ae91a705ae25aefef416f70a33c85540f752d204de6c33d050de", "487dbeb71ddea3eed122662c4ee79de82692eca9d85171cb33f2fcdf0ac73f10", "5b61c5cc4346f76c907876ad6f8f1dcf171ee883e5933efcade961c991ee33f8", "96e6225df9dee5b315bc509c5413815f260786e3b847fea9628f3dc6f92c66a6", "a564dc62f9dc09d78f4b8a5346a06b14ccc6ae3f76889bc4739cb2d3973d1392"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/uniswap/v4.ts"}, "region": {"startLine": 51}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138398, "scanner": "gitleaks", "fingerprint": "f084f9409e86d3ec1f2813bdf3357d9be48170c8e9e8250944def84151d7c8b8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|token: redacted", "duplicate_count": 2, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["40253807e2e3c39925788fbad15120d1c5be4c9430ad22ca0c4837f06c349111", "63ca1379dd6bccc63763957a6e25df1b1d8244f360a6cab7ed1c92e353864911", "f084f9409e86d3ec1f2813bdf3357d9be48170c8e9e8250944def84151d7c8b8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/markets/uniswap/v4.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138397, "scanner": "gitleaks", "fingerprint": "f71ccc3dbf0a76a9922e29dba29deb0455532d2a82a96a471dba400027fdd137", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tokenAddress: \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|4|tokenaddress: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/asseto.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138396, "scanner": "gitleaks", "fingerprint": "b8f26762f9abec5b3cafc51cdd6212ddeceddeae18143cc82e509a9df3ad6b38", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tokenAddress: \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|tokenaddress: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/asseto.ts"}, "region": {"startLine": 33}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138395, "scanner": "gitleaks", "fingerprint": "abee1c23f1fc626566474575b61c3824d1e59d4898a42eb85df5a4e63b253df1", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "tokenAddress: \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|2|tokenaddress: redacted", "duplicate_count": 2, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["8bc8fa3e23b951c642cd725a096b43614f412b23f7ec3811b2a05f8f632d32ec", "abee1c23f1fc626566474575b61c3824d1e59d4898a42eb85df5a4e63b253df1", "ed9b32e6a344e63f69fb4f6739ab4a5623b07c299ac1cf0fdd0ca7773ade36d4"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/rwa/axc.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138394, "scanner": "gitleaks", "fingerprint": "3bac806f9eaf73b9477a2e86ff213ce6aa4b542c7a81ed83095722e275fabab2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "dCOMPToken = \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|dcomptoken redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/dCOMP.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138393, "scanner": "gitleaks", "fingerprint": "8d22a4fa53da2489cab2204cecc90026e807a64a750724c02e961d55f25cc3d2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 4 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "TOKEN =\n  \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|token redacted", "duplicate_count": 4, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["167e3af339e51f098ca7e8b75732a7f6efb8a5262490d6d1272ae194851e3750", "2779f941801c0d7d7e24fd795f0634ae2199a3d38449bf95314137d41309a019", "69bf2de7a8821cc4807d79ffaa4fddb638985bff3a80811a6e5333cd7985a213", "8d22a4fa53da2489cab2204cecc90026e807a64a750724c02e961d55f25cc3d2", "8d6d06afdb5af4fb3273bcc3d2aa4dfc9bd0478dd3d134bf5c8fce38f43f682f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/other/kSTRK.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138392, "scanner": "gitleaks", "fingerprint": "d49fff6111f525a9958e1349efd6b9cbfc806bb554d1f69dca070d2a5b1da789", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 9 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token: \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|token: redacted", "duplicate_count": 9, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["0dc4ca5eb2f715ab1c61f3bba48952bdeadd74f400b5bbed25ec6ca3b10907a2", "0fec13a25c0c83df5a3e860e3aea417df67796200a142d48a61ce2afe3ce0bd6", "1feca7cefa87e96ad800c8c8d33faa590a7e9c253360ef3942fd71ca2b807eae", "279cd1b9d2ca3662f518ba412a905380f9b71e1ee11975729e24475cf811c6d6", "2bcab31d93a97ababee660f4745a1250e37014666e19b2f02dab3a511997d807", "5e297c3d3792dee03e1e9b9c4f6ccd088a894324d6ec915ad880a290c4691825", "79e2ceec8805d0011c89bdb22c00b0c7e18c44ea6f593f834a28870b47b67540", "882978da3a545116a6602040c0f2fd1eb329f6be274eac08cf077b6e2ad1a8ff", "d49fff6111f525a9958e1349efd6b9cbfc806bb554d1f69dca070d2a5b1da789", "d7be989f29395b006290c67ccacd8309c22381449654cad3c4057f8f5c5b63fa"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/nft/chainlink/priceFeeds_jpegd.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 138391, "scanner": "gitleaks", "fingerprint": "9e1f5d983105c2ca55260ea2c7a1364f16ec538c704f97b9a7690342f7092c7d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "token\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|token : redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["9e1f5d983105c2ca55260ea2c7a1364f16ec538c704f97b9a7690342f7092c7d", "c7ea7402ac0fc3bfb25ec548e3aa5a1b65304c3662182346d51f39821d9c0520"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/liquidStaking/axlp.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED035", "level": "error", "message": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "properties": {"repobilityId": 138380, "scanner": "repobility-threat-engine", "fingerprint": "83c59180114131d5756ba299356cd926eae10dfe41f83445306b07697a9713d1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-new-function", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347980+00:00", "triaged_in_corpus": 20, "observations_count": 2547, "ai_coder_pattern_id": 104}, "scanner": "repobility-threat-engine", "correlation_key": "fp|83c59180114131d5756ba299356cd926eae10dfe41f83445306b07697a9713d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/cli/coingeckoUpdaterParent.ts"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED035", "level": "error", "message": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "properties": {"repobilityId": 138379, "scanner": "repobility-threat-engine", "fingerprint": "4b6f3e8e40fe71515a40ab9236c0174032b818fbf9c36140ec0742f269dd1593", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-new-function", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347980+00:00", "triaged_in_corpus": 20, "observations_count": 2547, "ai_coder_pattern_id": 104}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4b6f3e8e40fe71515a40ab9236c0174032b818fbf9c36140ec0742f269dd1593"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/cli/coingeckoUpdater.ts"}, "region": {"startLine": 142}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 138361, "scanner": "repobility-threat-engine", "fingerprint": "55d776568032708ad1e307b0727349e8464c5d2e03d2059eadfdb43e504799c5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(data", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|55d776568032708ad1e307b0727349e8464c5d2e03d2059eadfdb43e504799c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/src/cli/buildTvlModuleData.js"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 138360, "scanner": "repobility-threat-engine", "fingerprint": "33363e1fbf5e2870bbbc60343441611b591632c2b9cac7419c6382b7876b90b1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(adapterFile", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|33363e1fbf5e2870bbbc60343441611b591632c2b9cac7419c6382b7876b90b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "defi/proof-of-reserves/cli/test.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 138359, "scanner": "repobility-threat-engine", "fingerprint": "4aebf52feed50b23d090ea9c08c62eb000b8a516dfca44a494f10e17758bf13c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(tmFile", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4aebf52feed50b23d090ea9c08c62eb000b8a516dfca44a494f10e17758bf13c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "coins/src/adapters/utils/updateTokenMapping.js"}, "region": {"startLine": 4}}}]}]}]}