{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "A Content Security Policy reduces the blast radius of injected scripts if the app is ever served through preview, static hosting, or a web container outside its normal sandbox."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "GHSA-48c2-rrv3-qjmp", "name": "yaml: GHSA-48c2-rrv3-qjmp", "shortDescription": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "fullDescription": {"text": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-58qx-3vcg-4xpx", "name": "ws: GHSA-58qx-3vcg-4xpx", "shortDescription": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "fullDescription": {"text": "ws: Uninitialized memory disclosure"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j8xg-fqg3-53r7", "name": "word-wrap: GHSA-j8xg-fqg3-53r7", "shortDescription": {"text": "word-wrap: GHSA-j8xg-fqg3-53r7"}, "fullDescription": {"text": "word-wrap vulnerable to Regular Expression Denial of Service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9jgg-88mc-972h", "name": "webpack-dev-server: GHSA-9jgg-88mc-972h", "shortDescription": {"text": "webpack-dev-server: GHSA-9jgg-88mc-972h"}, "fullDescription": {"text": "webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-79cf-xcqc-c78w", "name": "webpack-dev-server: GHSA-79cf-xcqc-c78w", "shortDescription": {"text": "webpack-dev-server: GHSA-79cf-xcqc-c78w"}, "fullDescription": {"text": "webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4v9v-hfq4-rm2v", "name": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v", "shortDescription": {"text": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v"}, "fullDescription": {"text": "webpack-dev-server users' source code may be stolen when they access a malicious web site"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4vvj-4cpr-p986", "name": "webpack: GHSA-4vvj-4cpr-p986", "shortDescription": {"text": "webpack: GHSA-4vvj-4cpr-p986"}, "fullDescription": {"text": "Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w5hq-g745-h8pq", "name": "uuid: GHSA-w5hq-g745-h8pq", "shortDescription": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "fullDescription": {"text": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-72xf-g2v4-qvf3", "name": "tough-cookie: GHSA-72xf-g2v4-qvf3", "shortDescription": {"text": "tough-cookie: GHSA-72xf-g2v4-qvf3"}, "fullDescription": {"text": "tough-cookie Prototype Pollution vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qj8w-gfj5-8c6v", "name": "serialize-javascript: GHSA-qj8w-gfj5-8c6v", "shortDescription": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "fullDescription": {"text": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-76p7-773f-r4q5", "name": "serialize-javascript: GHSA-76p7-773f-r4q5", "shortDescription": {"text": "serialize-javascript: GHSA-76p7-773f-r4q5"}, "fullDescription": {"text": "Cross-site Scripting (XSS) in serialize-javascript"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6rw7-vpxm-498p", "name": "qs: GHSA-6rw7-vpxm-498p", "shortDescription": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "fullDescription": {"text": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qx2v-qp2m-jg93", "name": "postcss: GHSA-qx2v-qp2m-jg93", "shortDescription": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "fullDescription": {"text": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7fh5-64p2-3v2j", "name": "postcss: GHSA-7fh5-64p2-3v2j", "shortDescription": {"text": "postcss: GHSA-7fh5-64p2-3v2j"}, "fullDescription": {"text": "PostCSS line return parsing error"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3v7f-55p6-f55p", "name": "picomatch: GHSA-3v7f-55p6-f55p", "shortDescription": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "fullDescription": {"text": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-65ch-62r8-g69g", "name": "node-forge: GHSA-65ch-62r8-g69g", "shortDescription": {"text": "node-forge: GHSA-65ch-62r8-g69g"}, "fullDescription": {"text": "node-forge is vulnerable to ASN.1 OID Integer Truncation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mwcw-c2x4-8c55", "name": "nanoid: GHSA-mwcw-c2x4-8c55", "shortDescription": {"text": "nanoid: GHSA-mwcw-c2x4-8c55"}, "fullDescription": {"text": "Predictable results in nanoid generation when given non-integer values"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v78c-4p63-2j6c", "name": "moment-timezone: GHSA-v78c-4p63-2j6c", "shortDescription": {"text": "moment-timezone: GHSA-v78c-4p63-2j6c"}, "fullDescription": {"text": "Cleartext Transmission of Sensitive Information in moment-timezone"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-952p-6rrq-rcjv", "name": "micromatch: GHSA-952p-6rrq-rcjv", "shortDescription": {"text": "micromatch: GHSA-952p-6rrq-rcjv"}, "fullDescription": {"text": "Regular Expression Denial of Service (ReDoS) in micromatch"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xxjr-mmjv-4gpg", "name": "lodash: GHSA-xxjr-mmjv-4gpg", "shortDescription": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "fullDescription": {"text": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f23m-r3pf-42rh", "name": "lodash: GHSA-f23m-r3pf-42rh", "shortDescription": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "fullDescription": {"text": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mh29-5h37-fv8m", "name": "js-yaml: GHSA-mh29-5h37-fv8m", "shortDescription": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "fullDescription": {"text": "js-yaml has prototype pollution in merge (<<)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9gqv-wp59-fq42", "name": "http-proxy-middleware: GHSA-9gqv-wp59-fq42", "shortDescription": {"text": "http-proxy-middleware: GHSA-9gqv-wp59-fq42"}, "fullDescription": {"text": "http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4www-5p9h-95mh", "name": "http-proxy-middleware: GHSA-4www-5p9h-95mh", "shortDescription": {"text": "http-proxy-middleware: GHSA-4www-5p9h-95mh"}, "fullDescription": {"text": "http-proxy-middleware can call writeBody twice because \"else if\" is not used"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r4q5-vmmm-2653", "name": "follow-redirects: GHSA-r4q5-vmmm-2653", "shortDescription": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "fullDescription": {"text": "follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jchw-25xp-jwwc", "name": "follow-redirects: GHSA-jchw-25xp-jwwc", "shortDescription": {"text": "follow-redirects: GHSA-jchw-25xp-jwwc"}, "fullDescription": {"text": "Follow Redirects improperly handles URLs in the url.parse() function"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cxjh-pqwp-8mfp", "name": "follow-redirects: GHSA-cxjh-pqwp-8mfp", "shortDescription": {"text": "follow-redirects: GHSA-cxjh-pqwp-8mfp"}, "fullDescription": {"text": "follow-redirects' Proxy-Authorization header kept across hosts"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rv95-896h-c2vc", "name": "express: GHSA-rv95-896h-c2vc", "shortDescription": {"text": "express: GHSA-rv95-896h-c2vc"}, "fullDescription": {"text": "Express.js Open Redirect in malformed URLs"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ghr5-ch3p-vcr6", "name": "ejs: GHSA-ghr5-ch3p-vcr6", "shortDescription": {"text": "ejs: GHSA-ghr5-ch3p-vcr6"}, "fullDescription": {"text": "ejs lacks certain pollution protection"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f886-m6hf-6m8v", "name": "brace-expansion: GHSA-f886-m6hf-6m8v", "shortDescription": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "fullDescription": {"text": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2g4f-4pwh-qvx6", "name": "ajv: GHSA-2g4f-4pwh-qvx6", "shortDescription": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "fullDescription": {"text": "ajv has ReDoS when using `$data` option"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-968p-4wvh-cqc8", "name": "@babel/runtime-corejs3: GHSA-968p-4wvh-cqc8", "shortDescription": {"text": "@babel/runtime-corejs3: GHSA-968p-4wvh-cqc8"}, "fullDescription": {"text": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-prr3-c3m5-p7q2", "name": "@adobe/css-tools: GHSA-prr3-c3m5-p7q2", "shortDescription": {"text": "@adobe/css-tools: GHSA-prr3-c3m5-p7q2"}, "fullDescription": {"text": "@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hpx4-r86g-5jrg", "name": "@adobe/css-tools: GHSA-hpx4-r86g-5jrg", "shortDescription": {"text": "@adobe/css-tools: GHSA-hpx4-r86g-5jrg"}, "fullDescription": {"text": "@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `web-vitals` is 3 major version(s) behind (2.1.4 -> 5.3.0)", "shortDescription": {"text": "npm package `web-vitals` is 3 major version(s) behind (2.1.4 -> 5.3.0)"}, "fullDescription": {"text": "`web-vitals` is pinned/resolved at 2.1.4 but the latest stable release on the npm registry is 5.3.0 (3 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "AI coding agents increasingly read llms.txt to find canonical docs and API workflows. Without it, agents are more likely to browse pages repeatedly or use stale instructions."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "A sitemap gives search engines, docs crawlers, and AI agents a structured list of public pages. Without one, important docs and product pages are easy to miss."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "GHSA-8fgc-7cc6-rx7x", "name": "webpack: GHSA-8fgc-7cc6-rx7x", "shortDescription": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "fullDescription": {"text": "webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-38r7-794h-5758", "name": "webpack: GHSA-38r7-794h-5758", "shortDescription": {"text": "webpack: GHSA-38r7-794h-5758"}, "fullDescription": {"text": "webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects \u2192 SSRF + cache persistence"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cm22-4g7w-348p", "name": "serve-static: GHSA-cm22-4g7w-348p", "shortDescription": {"text": "serve-static: GHSA-cm22-4g7w-348p"}, "fullDescription": {"text": "serve-static vulnerable to template injection that can lead to XSS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-m6fv-jmcg-4jfg", "name": "send: GHSA-m6fv-jmcg-4jfg", "shortDescription": {"text": "send: GHSA-m6fv-jmcg-4jfg"}, "fullDescription": {"text": "send vulnerable to template injection that can lead to XSS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w7fw-mjwx-w883", "name": "qs: GHSA-w7fw-mjwx-w883", "shortDescription": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "fullDescription": {"text": "qs's arrayLimit bypass in comma parsing allows denial of service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-76c9-3jph-rj3q", "name": "on-headers: GHSA-76c9-3jph-rj3q", "shortDescription": {"text": "on-headers: GHSA-76c9-3jph-rj3q"}, "fullDescription": {"text": "on-headers is vulnerable to http response header manipulation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-56x4-j7p9-fcf9", "name": "moment-timezone: GHSA-56x4-j7p9-fcf9", "shortDescription": {"text": "moment-timezone: GHSA-56x4-j7p9-fcf9"}, "fullDescription": {"text": "Command Injection in moment-timezone"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qw6h-vgh9-j6wx", "name": "express: GHSA-qw6h-vgh9-j6wx", "shortDescription": {"text": "express: GHSA-qw6h-vgh9-j6wx"}, "fullDescription": {"text": "express vulnerable to XSS via response.redirect()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pxg6-pf52-xh8x", "name": "cookie: GHSA-pxg6-pf52-xh8x", "shortDescription": {"text": "cookie: GHSA-pxg6-pf52-xh8x"}, "fullDescription": {"text": "cookie accepts cookie name, path, and domain with out of bounds characters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v6h2-p8h4-qcjw", "name": "brace-expansion: GHSA-v6h2-p8h4-qcjw", "shortDescription": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "fullDescription": {"text": "brace-expansion Regular Expression Denial of Service vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vpq2-c234-7xj6", "name": "@tootallnate/once: GHSA-vpq2-c234-7xj6", "shortDescription": {"text": "@tootallnate/once: GHSA-vpq2-c234-7xj6"}, "fullDescription": {"text": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-3h5v-q93c-6h6q", "name": "ws: GHSA-3h5v-q93c-6h6q", "shortDescription": {"text": "ws: GHSA-3h5v-q93c-6h6q"}, "fullDescription": {"text": "ws affected by a DoS when handling a request with many HTTP headers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-wr3j-pwj9-hqq6", "name": "webpack-dev-middleware: GHSA-wr3j-pwj9-hqq6", "shortDescription": {"text": "webpack-dev-middleware: GHSA-wr3j-pwj9-hqq6"}, "fullDescription": {"text": "Path traversal in webpack-dev-middleware"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xpqw-6gx7-v673", "name": "svgo: GHSA-xpqw-6gx7-v673", "shortDescription": {"text": "svgo: GHSA-xpqw-6gx7-v673"}, "fullDescription": {"text": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5c6j-r48x-rmvq", "name": "serialize-javascript: GHSA-5c6j-r48x-rmvq", "shortDescription": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "fullDescription": {"text": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2qf-rxjj-qqgw", "name": "semver: GHSA-c2qf-rxjj-qqgw", "shortDescription": {"text": "semver: GHSA-c2qf-rxjj-qqgw"}, "fullDescription": {"text": "semver vulnerable to Regular Expression Denial of Service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mw96-cpmx-2vgc", "name": "rollup: GHSA-mw96-cpmx-2vgc", "shortDescription": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "fullDescription": {"text": "Rollup 4 has Arbitrary File Write via Path Traversal"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gcx4-mw62-g8wm", "name": "rollup: GHSA-gcx4-mw62-g8wm", "shortDescription": {"text": "rollup: GHSA-gcx4-mw62-g8wm"}, "fullDescription": {"text": "DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2c7-rcm5-vvqj", "name": "picomatch: GHSA-c2c7-rcm5-vvqj", "shortDescription": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "fullDescription": {"text": "Picomatch has a ReDoS vulnerability via extglob quantifiers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rhx6-c78j-4q9w", "name": "path-to-regexp: GHSA-rhx6-c78j-4q9w", "shortDescription": {"text": "path-to-regexp: GHSA-rhx6-c78j-4q9w"}, "fullDescription": {"text": "path-to-regexp contains a ReDoS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9wv6-86v2-598j", "name": "path-to-regexp: GHSA-9wv6-86v2-598j", "shortDescription": {"text": "path-to-regexp: GHSA-9wv6-86v2-598j"}, "fullDescription": {"text": "path-to-regexp outputs backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-37ch-88jc-xwx2", "name": "path-to-regexp: GHSA-37ch-88jc-xwx2", "shortDescription": {"text": "path-to-regexp: GHSA-37ch-88jc-xwx2"}, "fullDescription": {"text": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rp65-9cf3-cjxr", "name": "nth-check: GHSA-rp65-9cf3-cjxr", "shortDescription": {"text": "nth-check: GHSA-rp65-9cf3-cjxr"}, "fullDescription": {"text": "Inefficient Regular Expression Complexity in nth-check"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q67f-28xg-22rw", "name": "node-forge: GHSA-q67f-28xg-22rw", "shortDescription": {"text": "node-forge: GHSA-q67f-28xg-22rw"}, "fullDescription": {"text": "Forge has signature forgery in Ed25519 due to missing S > L check"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ppp5-5v6c-4jwp", "name": "node-forge: GHSA-ppp5-5v6c-4jwp", "shortDescription": {"text": "node-forge: GHSA-ppp5-5v6c-4jwp"}, "fullDescription": {"text": "Forge has signature forgery in RSA-PKCS due to ASN.1 extra field  "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5m6q-g25r-mvwx", "name": "node-forge: GHSA-5m6q-g25r-mvwx", "shortDescription": {"text": "node-forge: GHSA-5m6q-g25r-mvwx"}, "fullDescription": {"text": "Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5gfm-wpxj-wjgq", "name": "node-forge: GHSA-5gfm-wpxj-wjgq", "shortDescription": {"text": "node-forge: GHSA-5gfm-wpxj-wjgq"}, "fullDescription": {"text": "node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-554w-wpv2-vw27", "name": "node-forge: GHSA-554w-wpv2-vw27", "shortDescription": {"text": "node-forge: GHSA-554w-wpv2-vw27"}, "fullDescription": {"text": "node-forge has ASN.1 Unbounded Recursion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2328-f5f3-gj25", "name": "node-forge: GHSA-2328-f5f3-gj25", "shortDescription": {"text": "node-forge: GHSA-2328-f5f3-gj25"}, "fullDescription": {"text": "Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f8q6-p94x-37v3", "name": "minimatch: GHSA-f8q6-p94x-37v3", "shortDescription": {"text": "minimatch: GHSA-f8q6-p94x-37v3"}, "fullDescription": {"text": "minimatch ReDoS vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7r86-cg39-jmmj", "name": "minimatch: GHSA-7r86-cg39-jmmj", "shortDescription": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "fullDescription": {"text": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3ppc-4f35-3m26", "name": "minimatch: GHSA-3ppc-4f35-3m26", "shortDescription": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "fullDescription": {"text": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-23c5-xmqv-rm74", "name": "minimatch: GHSA-23c5-xmqv-rm74", "shortDescription": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "fullDescription": {"text": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r5fr-rjxr-66jc", "name": "lodash: GHSA-r5fr-rjxr-66jc", "shortDescription": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "fullDescription": {"text": "lodash vulnerable to Code Injection via `_.template` imports key names"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hhq3-ff78-jv3g", "name": "loader-utils: GHSA-hhq3-ff78-jv3g", "shortDescription": {"text": "loader-utils: GHSA-hhq3-ff78-jv3g"}, "fullDescription": {"text": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3rfm-jhwj-7488", "name": "loader-utils: GHSA-3rfm-jhwj-7488", "shortDescription": {"text": "loader-utils: GHSA-3rfm-jhwj-7488"}, "fullDescription": {"text": "loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9c47-m6qq-7p4h", "name": "json5: GHSA-9c47-m6qq-7p4h", "shortDescription": {"text": "json5: GHSA-9c47-m6qq-7p4h"}, "fullDescription": {"text": "Prototype Pollution in JSON5 via Parse Method"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-wf6x-7x77-mvgw", "name": "immutable: GHSA-wf6x-7x77-mvgw", "shortDescription": {"text": "immutable: GHSA-wf6x-7x77-mvgw"}, "fullDescription": {"text": "Immutable is vulnerable to Prototype Pollution"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c7qv-q95q-8v27", "name": "http-proxy-middleware: GHSA-c7qv-q95q-8v27", "shortDescription": {"text": "http-proxy-middleware: GHSA-c7qv-q95q-8v27"}, "fullDescription": {"text": "Denial of service in http-proxy-middleware"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rf6f-7fwh-wjgh", "name": "flatted: GHSA-rf6f-7fwh-wjgh", "shortDescription": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "fullDescription": {"text": "Prototype Pollution via parse() in NodeJS flatted"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-25h7-pfq9-p65f", "name": "flatted: GHSA-25h7-pfq9-p65f", "shortDescription": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "fullDescription": {"text": "flatted vulnerable to unbounded recursion DoS in parse() revive phase"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3xgq-45jj-v275", "name": "cross-spawn: GHSA-3xgq-45jj-v275", "shortDescription": {"text": "cross-spawn: GHSA-3xgq-45jj-v275"}, "fullDescription": {"text": "Regular Expression Denial of Service (ReDoS) in cross-spawn"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-grv7-fg5c-xmjg", "name": "braces: GHSA-grv7-fg5c-xmjg", "shortDescription": {"text": "braces: GHSA-grv7-fg5c-xmjg"}, "fullDescription": {"text": "Uncontrolled resource consumption in braces"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qwcr-r2fm-qrc7", "name": "body-parser: GHSA-qwcr-r2fm-qrc7", "shortDescription": {"text": "body-parser: GHSA-qwcr-r2fm-qrc7"}, "fullDescription": {"text": "body-parser vulnerable to denial of service when url encoding is enabled"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fv7c-fp4j-7gwp", "name": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp", "shortDescription": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "fullDescription": {"text": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hc6q-2mpp-qw7j", "name": "webpack: GHSA-hc6q-2mpp-qw7j", "shortDescription": {"text": "webpack: GHSA-hc6q-2mpp-qw7j"}, "fullDescription": {"text": "Cross-realm object access in Webpack 5"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-76p3-8jx3-jpfq", "name": "loader-utils: GHSA-76p3-8jx3-jpfq", "shortDescription": {"text": "loader-utils: GHSA-76p3-8jx3-jpfq"}, "fullDescription": {"text": "Prototype pollution in webpack loader-utils"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fjxv-7rqg-78g4", "name": "form-data: GHSA-fjxv-7rqg-78g4", "shortDescription": {"text": "form-data: GHSA-fjxv-7rqg-78g4"}, "fullDescription": {"text": "form-data uses unsafe random function in form-data for choosing boundary"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-67hx-6x53-jw92", "name": "@babel/traverse: GHSA-67hx-6x53-jw92", "shortDescription": {"text": "@babel/traverse: GHSA-67hx-6x53-jw92"}, "fullDescription": {"text": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1104"}, "properties": {"repository": "Azim-Ahmed/Automation-workflow", "repoUrl": "https://github.com/Azim-Ahmed/Automation-workflow", "branch": "master"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 108798, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 108797, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-48c2-rrv3-qjmp", "level": "warning", "message": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "properties": {"repobilityId": 108793, "scanner": "osv-scanner", "fingerprint": "70d0d7460be007a4193e90cfe82eaea7100a07bfac6179c6be94dea5dedb7db0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33532"], "package": "yaml", "rule_id": "GHSA-48c2-rrv3-qjmp", "scanner": "osv-scanner", "correlation_key": "vuln|yaml|CVE-2026-33532|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 108792, "scanner": "osv-scanner", "fingerprint": "de906a0edbb25093a2e18157d27e7650c5d59dfb14b06382f6f170c04d020630", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j8xg-fqg3-53r7", "level": "warning", "message": {"text": "word-wrap: GHSA-j8xg-fqg3-53r7"}, "properties": {"repobilityId": 108790, "scanner": "osv-scanner", "fingerprint": "155b2e48e0522aa2f44c527f2197dc0631ed232ccc8ec184e8ce8c9d43c39846", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26115"], "package": "word-wrap", "rule_id": "GHSA-j8xg-fqg3-53r7", "scanner": "osv-scanner", "correlation_key": "vuln|word-wrap|CVE-2023-26115|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9jgg-88mc-972h", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-9jgg-88mc-972h"}, "properties": {"repobilityId": 108789, "scanner": "osv-scanner", "fingerprint": "fb09520fde1a4f84497af33937c571ff33f5a999d173c0c4f6e01ec825d9cf94", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-30360"], "package": "webpack-dev-server", "rule_id": "GHSA-9jgg-88mc-972h", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2025-30360|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-79cf-xcqc-c78w", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-79cf-xcqc-c78w"}, "properties": {"repobilityId": 108788, "scanner": "osv-scanner", "fingerprint": "1e32bfd8f5f15c2b79a2ab7f97395b72ecd1e2b62a9021c254ab19741e717999", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6402"], "package": "webpack-dev-server", "rule_id": "GHSA-79cf-xcqc-c78w", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2026-6402|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4v9v-hfq4-rm2v", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v"}, "properties": {"repobilityId": 108787, "scanner": "osv-scanner", "fingerprint": "1d4c33131915734da58bcd31a8095da17f72f842ce2c37a2c8e6e415426f344d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-30359"], "package": "webpack-dev-server", "rule_id": "GHSA-4v9v-hfq4-rm2v", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2025-30359|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4vvj-4cpr-p986", "level": "warning", "message": {"text": "webpack: GHSA-4vvj-4cpr-p986"}, "properties": {"repobilityId": 108783, "scanner": "osv-scanner", "fingerprint": "71cdd46db3b7008ab6a77a6dcf99b940ad6579adee0fdb02dc69c35626dbf619", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43788"], "package": "webpack", "rule_id": "GHSA-4vvj-4cpr-p986", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2024-43788|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 108781, "scanner": "osv-scanner", "fingerprint": "43ffcb0a2ce37f02f11229414b326bf3461eff0a2313382f704b9797828a6315", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-72xf-g2v4-qvf3", "level": "warning", "message": {"text": "tough-cookie: GHSA-72xf-g2v4-qvf3"}, "properties": {"repobilityId": 108780, "scanner": "osv-scanner", "fingerprint": "e23e9578ce623bfa10f448bab1b472d86f9465fc137b1ebcec06c146ce70104d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26136"], "package": "tough-cookie", "rule_id": "GHSA-72xf-g2v4-qvf3", "scanner": "osv-scanner", "correlation_key": "vuln|tough-cookie|CVE-2023-26136|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qj8w-gfj5-8c6v", "level": "warning", "message": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "properties": {"repobilityId": 108777, "scanner": "osv-scanner", "fingerprint": "1c59ef4afe92099f003e3ffa513ad410d787a2b56fa73570cd1239ea05bfa2d4", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34043"], "package": "serialize-javascript", "rule_id": "GHSA-qj8w-gfj5-8c6v", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2026-34043|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-76p7-773f-r4q5", "level": "warning", "message": {"text": "serialize-javascript: GHSA-76p7-773f-r4q5"}, "properties": {"repobilityId": 108776, "scanner": "osv-scanner", "fingerprint": "654b8274e8396c27b09579959931df8c9fbccb0ce111d6aa8dfd8a7197bb1806", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-11831"], "package": "serialize-javascript", "rule_id": "GHSA-76p7-773f-r4q5", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2024-11831|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6rw7-vpxm-498p", "level": "warning", "message": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "properties": {"repobilityId": 108769, "scanner": "osv-scanner", "fingerprint": "c779d54649dfa2aea4b3707fb8234eaa558924c2a9cef66e77ea99b5ca63f967", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-15284"], "package": "qs", "rule_id": "GHSA-6rw7-vpxm-498p", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2025-15284|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 108768, "scanner": "osv-scanner", "fingerprint": "88e6b1a808a46d1254fb003a71496f6f03cc18938cf18c56646c44245e0d824a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7fh5-64p2-3v2j", "level": "warning", "message": {"text": "postcss: GHSA-7fh5-64p2-3v2j"}, "properties": {"repobilityId": 108767, "scanner": "osv-scanner", "fingerprint": "69b33eb0acfc3533b8ac1117f647b15a9d1dde9f768514bfd25f4671304264d8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-44270"], "package": "postcss", "rule_id": "GHSA-7fh5-64p2-3v2j", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2023-44270|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 108765, "scanner": "osv-scanner", "fingerprint": "462b6f9a41343b35a2309e55c043ca31f20f04b7f9e15cb869e7180ff7fc1d96", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-65ch-62r8-g69g", "level": "warning", "message": {"text": "node-forge: GHSA-65ch-62r8-g69g"}, "properties": {"repobilityId": 108757, "scanner": "osv-scanner", "fingerprint": "232e3c82353060cd62b877d2e5d07ac6731f93acfdd90a3aa5416735c07613c2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66030"], "package": "node-forge", "rule_id": "GHSA-65ch-62r8-g69g", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-66030|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mwcw-c2x4-8c55", "level": "warning", "message": {"text": "nanoid: GHSA-mwcw-c2x4-8c55"}, "properties": {"repobilityId": 108752, "scanner": "osv-scanner", "fingerprint": "b46495bb996b07b4016922b4f008333e26310d8940f96a6ae884b6e8bfb6a123", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-55565"], "package": "nanoid", "rule_id": "GHSA-mwcw-c2x4-8c55", "scanner": "osv-scanner", "correlation_key": "vuln|nanoid|CVE-2024-55565|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v78c-4p63-2j6c", "level": "warning", "message": {"text": "moment-timezone: GHSA-v78c-4p63-2j6c"}, "properties": {"repobilityId": 108751, "scanner": "osv-scanner", "fingerprint": "b89bf33752f780914ee6b8ac85d6890669fb3dcf2870c16d53a7ded613c765dc", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "moment-timezone", "rule_id": "GHSA-v78c-4p63-2j6c", "scanner": "osv-scanner", "correlation_key": "vuln|moment-timezone|GHSA-V78C-4P63-2J6C|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-952p-6rrq-rcjv", "level": "warning", "message": {"text": "micromatch: GHSA-952p-6rrq-rcjv"}, "properties": {"repobilityId": 108745, "scanner": "osv-scanner", "fingerprint": "1844d4adcb808b3531a9ec10043983ee4443488011c1df185a2f0a5192524f70", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4067"], "package": "micromatch", "rule_id": "GHSA-952p-6rrq-rcjv", "scanner": "osv-scanner", "correlation_key": "vuln|micromatch|CVE-2024-4067|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xxjr-mmjv-4gpg", "level": "warning", "message": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "properties": {"repobilityId": 108744, "scanner": "osv-scanner", "fingerprint": "0427cc1b83db25772dd274a032fe254d85953b384c3b3531b80429e8cc479457", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-13465"], "package": "lodash", "rule_id": "GHSA-xxjr-mmjv-4gpg", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2025-13465|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f23m-r3pf-42rh", "level": "warning", "message": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "properties": {"repobilityId": 108742, "scanner": "osv-scanner", "fingerprint": "174be1ded9183860e3d5e821e9b0862b5a7d9031f040161d32e9de5dd713e808", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2950"], "package": "lodash", "rule_id": "GHSA-f23m-r3pf-42rh", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-2950|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mh29-5h37-fv8m", "level": "warning", "message": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "properties": {"repobilityId": 108737, "scanner": "osv-scanner", "fingerprint": "a6fb91e8f613cd9af90c71675d02191330b4012dbca773f6ae2506c416145b90", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64718"], "package": "js-yaml", "rule_id": "GHSA-mh29-5h37-fv8m", "scanner": "osv-scanner", "correlation_key": "vuln|js-yaml|CVE-2025-64718|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9gqv-wp59-fq42", "level": "warning", "message": {"text": "http-proxy-middleware: GHSA-9gqv-wp59-fq42"}, "properties": {"repobilityId": 108734, "scanner": "osv-scanner", "fingerprint": "4bd582b3e150bceaf42669a8bd7a99950ef804d2955d3a4223af34075bf17735", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-32997"], "package": "http-proxy-middleware", "rule_id": "GHSA-9gqv-wp59-fq42", "scanner": "osv-scanner", "correlation_key": "vuln|http-proxy-middleware|CVE-2025-32997|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4www-5p9h-95mh", "level": "warning", "message": {"text": "http-proxy-middleware: GHSA-4www-5p9h-95mh"}, "properties": {"repobilityId": 108733, "scanner": "osv-scanner", "fingerprint": "48b4de469779029bfdba6b6b15b601e0bec2cd0753e2f9fb43d8844396ccc8df", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-32996"], "package": "http-proxy-middleware", "rule_id": "GHSA-4www-5p9h-95mh", "scanner": "osv-scanner", "correlation_key": "vuln|http-proxy-middleware|CVE-2025-32996|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r4q5-vmmm-2653", "level": "warning", "message": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "properties": {"repobilityId": 108731, "scanner": "osv-scanner", "fingerprint": "7f5e23cd7a08776d807d82a9403b2d99acd2805bce2a7f200327957657d49d10", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "follow-redirects", "rule_id": "GHSA-r4q5-vmmm-2653", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|GHSA-R4Q5-VMMM-2653|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jchw-25xp-jwwc", "level": "warning", "message": {"text": "follow-redirects: GHSA-jchw-25xp-jwwc"}, "properties": {"repobilityId": 108730, "scanner": "osv-scanner", "fingerprint": "2b45d13044a8e9feafd4e3b092480a72b3415d9d0cfa4a08a230c4f17431fd3a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26159"], "package": "follow-redirects", "rule_id": "GHSA-jchw-25xp-jwwc", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|CVE-2023-26159|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cxjh-pqwp-8mfp", "level": "warning", "message": {"text": "follow-redirects: GHSA-cxjh-pqwp-8mfp"}, "properties": {"repobilityId": 108729, "scanner": "osv-scanner", "fingerprint": "2f09d553ce1317fa389df720b5dde778d7532ccd29242505d140b2ece7f28bdc", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-28849"], "package": "follow-redirects", "rule_id": "GHSA-cxjh-pqwp-8mfp", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|CVE-2024-28849|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rv95-896h-c2vc", "level": "warning", "message": {"text": "express: GHSA-rv95-896h-c2vc"}, "properties": {"repobilityId": 108726, "scanner": "osv-scanner", "fingerprint": "b5d202f32ddc3b24fe26669cbb8a0a41b14b013e5639c5d7dfbf79eac7829dd9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-29041"], "package": "express", "rule_id": "GHSA-rv95-896h-c2vc", "scanner": "osv-scanner", "correlation_key": "vuln|express|CVE-2024-29041|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ghr5-ch3p-vcr6", "level": "warning", "message": {"text": "ejs: GHSA-ghr5-ch3p-vcr6"}, "properties": {"repobilityId": 108724, "scanner": "osv-scanner", "fingerprint": "45a72add54ac331e0c0f1e97113e3798473f4cabef2bcb0129acfa271fbb1c74", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-33883"], "package": "ejs", "rule_id": "GHSA-ghr5-ch3p-vcr6", "scanner": "osv-scanner", "correlation_key": "vuln|ejs|CVE-2024-33883|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 108719, "scanner": "osv-scanner", "fingerprint": "d4b419a31e0e9347bcfafa58b7ad490de2bf201d666b0f13dc4b2518b663d57c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 108717, "scanner": "osv-scanner", "fingerprint": "128d26ea5f5b40a60e9c47ea7ffd50a69def1874a9520acb5439503c3ca8a9e7", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/runtime-corejs3: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 108714, "scanner": "osv-scanner", "fingerprint": "4797124e3b2a0f59fc61308cbb3696677dd8d50cf7832488bdf58c62b937b213", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/runtime-corejs3", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/runtime-corejs3|CVE-2025-27789|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/runtime: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 108713, "scanner": "osv-scanner", "fingerprint": "51f589bb23167d7f3187da2b247ac3c84f30fe6965633ac81e12b7c3bf7d3f84", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/runtime", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/runtime|CVE-2025-27789|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/helpers: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 108711, "scanner": "osv-scanner", "fingerprint": "0317e860dd98cf6e3994a385479616ff4dfbdec5fc4f213e13763c29937de720", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/helpers", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/helpers|CVE-2025-27789|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-prr3-c3m5-p7q2", "level": "warning", "message": {"text": "@adobe/css-tools: GHSA-prr3-c3m5-p7q2"}, "properties": {"repobilityId": 108710, "scanner": "osv-scanner", "fingerprint": "38b2ec2ba1d58264a7275078a15b0158b516cc27411651fad496cd4819bbc4bf", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-48631"], "package": "@adobe/css-tools", "rule_id": "GHSA-prr3-c3m5-p7q2", "scanner": "osv-scanner", "correlation_key": "vuln|adobe/css-tools|CVE-2023-48631|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hpx4-r86g-5jrg", "level": "warning", "message": {"text": "@adobe/css-tools: GHSA-hpx4-r86g-5jrg"}, "properties": {"repobilityId": 108709, "scanner": "osv-scanner", "fingerprint": "554d0010d11f852f99cd37aa030d0cca39386fa6eb1b6d2727437bf08b806cb7", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26364"], "package": "@adobe/css-tools", "rule_id": "GHSA-hpx4-r86g-5jrg", "scanner": "osv-scanner", "correlation_key": "vuln|adobe/css-tools|CVE-2023-26364|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-48c2-rrv3-qjmp", "level": "warning", "message": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "properties": {"repobilityId": 108708, "scanner": "osv-scanner", "fingerprint": "50bb42596af5c9f077010621340b47a31a4c2078f9d0e01ee2b787647b74301a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33532"], "package": "yaml", "rule_id": "GHSA-48c2-rrv3-qjmp", "scanner": "osv-scanner", "correlation_key": "vuln|yaml|CVE-2026-33532|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 108707, "scanner": "osv-scanner", "fingerprint": "d698c0969dae25e950d4f8b65b021df28bdeb91476dcc255cdcc9ca9ba3ee73e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j8xg-fqg3-53r7", "level": "warning", "message": {"text": "word-wrap: GHSA-j8xg-fqg3-53r7"}, "properties": {"repobilityId": 108705, "scanner": "osv-scanner", "fingerprint": "4cf5dc1a701ada3b753d7bd2d5922996312f060a13eaafd5b9603bc17ffba1f2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26115"], "package": "word-wrap", "rule_id": "GHSA-j8xg-fqg3-53r7", "scanner": "osv-scanner", "correlation_key": "vuln|word-wrap|CVE-2023-26115|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9jgg-88mc-972h", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-9jgg-88mc-972h"}, "properties": {"repobilityId": 108704, "scanner": "osv-scanner", "fingerprint": "2058e0841f8e55a21d21b12194f8d27e99c57090ef4921cf0366699e34ed92e8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-30360"], "package": "webpack-dev-server", "rule_id": "GHSA-9jgg-88mc-972h", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2025-30360|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-79cf-xcqc-c78w", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-79cf-xcqc-c78w"}, "properties": {"repobilityId": 108703, "scanner": "osv-scanner", "fingerprint": "bf17a1b8032e08e83dd69d78b623ced845743d9cdd4b2f534bd150c450160d90", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6402"], "package": "webpack-dev-server", "rule_id": "GHSA-79cf-xcqc-c78w", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2026-6402|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4v9v-hfq4-rm2v", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v"}, "properties": {"repobilityId": 108702, "scanner": "osv-scanner", "fingerprint": "bad564efe556f5e9874abc9f9973628c4b13601dd518627d1dbca7909481552d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-30359"], "package": "webpack-dev-server", "rule_id": "GHSA-4v9v-hfq4-rm2v", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2025-30359|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4vvj-4cpr-p986", "level": "warning", "message": {"text": "webpack: GHSA-4vvj-4cpr-p986"}, "properties": {"repobilityId": 108698, "scanner": "osv-scanner", "fingerprint": "e5ce1bf36a9be1c39b2b409aab9888d2fde1927805589b1deb4e282053f61a7d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43788"], "package": "webpack", "rule_id": "GHSA-4vvj-4cpr-p986", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2024-43788|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 108696, "scanner": "osv-scanner", "fingerprint": "fdef028f4a816ff49a3feddc8fea57767b8bd7a5285d824fe826196183701971", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-72xf-g2v4-qvf3", "level": "warning", "message": {"text": "tough-cookie: GHSA-72xf-g2v4-qvf3"}, "properties": {"repobilityId": 108695, "scanner": "osv-scanner", "fingerprint": "fd2ca9c694dd2862ef55697b23559a0590c3f65183e3c0b7eeaf8f7832685514", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26136"], "package": "tough-cookie", "rule_id": "GHSA-72xf-g2v4-qvf3", "scanner": "osv-scanner", "correlation_key": "vuln|tough-cookie|CVE-2023-26136|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qj8w-gfj5-8c6v", "level": "warning", "message": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "properties": {"repobilityId": 108692, "scanner": "osv-scanner", "fingerprint": "e5adc7b8147d0f39d78debfb9b91e31cc337ef1e8ecd400a17dea5cbe1b23197", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34043"], "package": "serialize-javascript", "rule_id": "GHSA-qj8w-gfj5-8c6v", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2026-34043|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-76p7-773f-r4q5", "level": "warning", "message": {"text": "serialize-javascript: GHSA-76p7-773f-r4q5"}, "properties": {"repobilityId": 108691, "scanner": "osv-scanner", "fingerprint": "91beecbe6a55c822108f2eeae6c3c6bc8cbecfefb76c65b350543535243e62bb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-11831"], "package": "serialize-javascript", "rule_id": "GHSA-76p7-773f-r4q5", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2024-11831|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6rw7-vpxm-498p", "level": "warning", "message": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "properties": {"repobilityId": 108684, "scanner": "osv-scanner", "fingerprint": "6d22fb6d155cd92273923764c4a42ac64c943a3e96e9afc41e845a7b5d2f24b9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-15284"], "package": "qs", "rule_id": "GHSA-6rw7-vpxm-498p", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2025-15284|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 108683, "scanner": "osv-scanner", "fingerprint": "0b1dff5c952a767b7990e67b0d60cc580116a9b63b14cf0d44b920a59028efbf", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7fh5-64p2-3v2j", "level": "warning", "message": {"text": "postcss: GHSA-7fh5-64p2-3v2j"}, "properties": {"repobilityId": 108682, "scanner": "osv-scanner", "fingerprint": "13f4a1be9b2032a3827d595ce27cf15ddcdff688424cf4aeb754429be33561c0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-44270"], "package": "postcss", "rule_id": "GHSA-7fh5-64p2-3v2j", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2023-44270|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 108680, "scanner": "osv-scanner", "fingerprint": "d9d26d972991fffb51a1613b08ac1e8e722be1c10191fb43cced54b770250e8d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-65ch-62r8-g69g", "level": "warning", "message": {"text": "node-forge: GHSA-65ch-62r8-g69g"}, "properties": {"repobilityId": 108672, "scanner": "osv-scanner", "fingerprint": "7ae3cf73266e9f04815d7265db86772c37f224fb8fd8cfab836e3620a2ca8501", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66030"], "package": "node-forge", "rule_id": "GHSA-65ch-62r8-g69g", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-66030|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mwcw-c2x4-8c55", "level": "warning", "message": {"text": "nanoid: GHSA-mwcw-c2x4-8c55"}, "properties": {"repobilityId": 108667, "scanner": "osv-scanner", "fingerprint": "5ab29893c2d14e0bfbe5c589bd65659abd6616e61aac03ab1c5fa9b6c850b05a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-55565"], "package": "nanoid", "rule_id": "GHSA-mwcw-c2x4-8c55", "scanner": "osv-scanner", "correlation_key": "vuln|nanoid|CVE-2024-55565|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v78c-4p63-2j6c", "level": "warning", "message": {"text": "moment-timezone: GHSA-v78c-4p63-2j6c"}, "properties": {"repobilityId": 108666, "scanner": "osv-scanner", "fingerprint": "e64a141a2068273dc12929b75d1cd9e4584920355ba6583f1df786381baf0eb2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "moment-timezone", "rule_id": "GHSA-v78c-4p63-2j6c", "scanner": "osv-scanner", "correlation_key": "vuln|moment-timezone|GHSA-V78C-4P63-2J6C|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-952p-6rrq-rcjv", "level": "warning", "message": {"text": "micromatch: GHSA-952p-6rrq-rcjv"}, "properties": {"repobilityId": 108661, "scanner": "osv-scanner", "fingerprint": "7f5b885c50f81ed0daa6171ed0eeb8291fc1168ed770191f145325d8b2c16280", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4067"], "package": "micromatch", "rule_id": "GHSA-952p-6rrq-rcjv", "scanner": "osv-scanner", "correlation_key": "vuln|micromatch|CVE-2024-4067|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xxjr-mmjv-4gpg", "level": "warning", "message": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "properties": {"repobilityId": 108660, "scanner": "osv-scanner", "fingerprint": "75f1cf8ff29d8d132d579513aad4027dbb5a93646863d8e7bc0c89343d3402ef", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-13465"], "package": "lodash", "rule_id": "GHSA-xxjr-mmjv-4gpg", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2025-13465|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f23m-r3pf-42rh", "level": "warning", "message": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "properties": {"repobilityId": 108658, "scanner": "osv-scanner", "fingerprint": "529a8e201067f66e4bcd0d6408bc6eece689220a5a65ec65438a230ab5b7cf66", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2950"], "package": "lodash", "rule_id": "GHSA-f23m-r3pf-42rh", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-2950|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mh29-5h37-fv8m", "level": "warning", "message": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "properties": {"repobilityId": 108656, "scanner": "osv-scanner", "fingerprint": "e1f1eee28e3c43746c892494085b271496e4ce012a6f7a57876b5d7ed32ae261", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64718"], "package": "js-yaml", "rule_id": "GHSA-mh29-5h37-fv8m", "scanner": "osv-scanner", "correlation_key": "vuln|js-yaml|CVE-2025-64718|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9gqv-wp59-fq42", "level": "warning", "message": {"text": "http-proxy-middleware: GHSA-9gqv-wp59-fq42"}, "properties": {"repobilityId": 108653, "scanner": "osv-scanner", "fingerprint": "ca333b7def2de43fb65853c34054d47dfabe0257fd1539cd0ad0efaa2675769c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-32997"], "package": "http-proxy-middleware", "rule_id": "GHSA-9gqv-wp59-fq42", "scanner": "osv-scanner", "correlation_key": "vuln|http-proxy-middleware|CVE-2025-32997|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4www-5p9h-95mh", "level": "warning", "message": {"text": "http-proxy-middleware: GHSA-4www-5p9h-95mh"}, "properties": {"repobilityId": 108652, "scanner": "osv-scanner", "fingerprint": "7cfc5c114ac0625d7609b3088539dc7bbc03f40458dc4c5cc8e75e76b7ad4d0b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-32996"], "package": "http-proxy-middleware", "rule_id": "GHSA-4www-5p9h-95mh", "scanner": "osv-scanner", "correlation_key": "vuln|http-proxy-middleware|CVE-2025-32996|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r4q5-vmmm-2653", "level": "warning", "message": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "properties": {"repobilityId": 108650, "scanner": "osv-scanner", "fingerprint": "6f390e2ea2dc5e15147a7d495e55d42a4ae00467d7b3f2ca1cebb7aa445a73b9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "follow-redirects", "rule_id": "GHSA-r4q5-vmmm-2653", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|GHSA-R4Q5-VMMM-2653|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jchw-25xp-jwwc", "level": "warning", "message": {"text": "follow-redirects: GHSA-jchw-25xp-jwwc"}, "properties": {"repobilityId": 108649, "scanner": "osv-scanner", "fingerprint": "e13ed5f19213d31e704862682165eb5d2d53d44c25b01b88b916ba2a35f602a2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26159"], "package": "follow-redirects", "rule_id": "GHSA-jchw-25xp-jwwc", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|CVE-2023-26159|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cxjh-pqwp-8mfp", "level": "warning", "message": {"text": "follow-redirects: GHSA-cxjh-pqwp-8mfp"}, "properties": {"repobilityId": 108648, "scanner": "osv-scanner", "fingerprint": "41755343e0246e4ba2ea797835588d31e40bbdf5cf112cdcb1015af5d99e93bc", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-28849"], "package": "follow-redirects", "rule_id": "GHSA-cxjh-pqwp-8mfp", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|CVE-2024-28849|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rv95-896h-c2vc", "level": "warning", "message": {"text": "express: GHSA-rv95-896h-c2vc"}, "properties": {"repobilityId": 108645, "scanner": "osv-scanner", "fingerprint": "0806f4ec14c30bd1d1e2349020cad8d98c0c0404e6e25fb160be197890efa61a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-29041"], "package": "express", "rule_id": "GHSA-rv95-896h-c2vc", "scanner": "osv-scanner", "correlation_key": "vuln|express|CVE-2024-29041|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ghr5-ch3p-vcr6", "level": "warning", "message": {"text": "ejs: GHSA-ghr5-ch3p-vcr6"}, "properties": {"repobilityId": 108643, "scanner": "osv-scanner", "fingerprint": "3c7905ec774c10a6334c69ef51be4a1cf5c405b1eb9a3ecefdca017c57d6eefb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-33883"], "package": "ejs", "rule_id": "GHSA-ghr5-ch3p-vcr6", "scanner": "osv-scanner", "correlation_key": "vuln|ejs|CVE-2024-33883|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 108638, "scanner": "osv-scanner", "fingerprint": "6ed3e11856b985dfd38b234bdeafe6eb9fdd6ace1789aa46a716324dba77d441", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 108636, "scanner": "osv-scanner", "fingerprint": "0b4075edd70eccc9e81ce84656b8a0c1040ecc83769ba1ed4fe7ce3796321c93", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/runtime-corejs3: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 108633, "scanner": "osv-scanner", "fingerprint": "42f4f4ffcc430fc83b23b61da79bc37607931c1263d36809a56149ec47e0c387", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/runtime-corejs3", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/runtime-corejs3|CVE-2025-27789|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/runtime: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 108632, "scanner": "osv-scanner", "fingerprint": "8226570f1a95192aa4fd0dc6689ea75a67b6fd3ba8d5359cbc505423970e95e0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/runtime", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/runtime|CVE-2025-27789|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/helpers: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 108630, "scanner": "osv-scanner", "fingerprint": "3a0104bfb3ec3bf02245db9a88e298a0a988506e4b5222804d06ffce39376224", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/helpers", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/helpers|CVE-2025-27789|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-prr3-c3m5-p7q2", "level": "warning", "message": {"text": "@adobe/css-tools: GHSA-prr3-c3m5-p7q2"}, "properties": {"repobilityId": 108629, "scanner": "osv-scanner", "fingerprint": "6fdda4270395558429be156975d713b6911adae400ea47fde859e1ef844b7eaa", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-48631"], "package": "@adobe/css-tools", "rule_id": "GHSA-prr3-c3m5-p7q2", "scanner": "osv-scanner", "correlation_key": "vuln|adobe/css-tools|CVE-2023-48631|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hpx4-r86g-5jrg", "level": "warning", "message": {"text": "@adobe/css-tools: GHSA-hpx4-r86g-5jrg"}, "properties": {"repobilityId": 108628, "scanner": "osv-scanner", "fingerprint": "f083091262a2b5427c19aad8fb8b27113df58c18dc574893e19276d8959853f9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26364"], "package": "@adobe/css-tools", "rule_id": "GHSA-hpx4-r86g-5jrg", "scanner": "osv-scanner", "correlation_key": "vuln|adobe/css-tools|CVE-2023-26364|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-48c2-rrv3-qjmp", "level": "warning", "message": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "properties": {"repobilityId": 108627, "scanner": "osv-scanner", "fingerprint": "f23c81ca1bf7793083d58c8b09cd6bf208ab392998a2d9a3bb3322561a728d6b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33532"], "package": "yaml", "rule_id": "GHSA-48c2-rrv3-qjmp", "scanner": "osv-scanner", "correlation_key": "vuln|yaml|CVE-2026-33532|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 108626, "scanner": "osv-scanner", "fingerprint": "1b788fa8525382946c739270c1849aaa868327cf2c4216daf211eef3de5db45b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j8xg-fqg3-53r7", "level": "warning", "message": {"text": "word-wrap: GHSA-j8xg-fqg3-53r7"}, "properties": {"repobilityId": 108624, "scanner": "osv-scanner", "fingerprint": "0a3553b5adddbf423c8b88bc190be2bd4b6c230ac4332be849298da6f27b9d50", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26115"], "package": "word-wrap", "rule_id": "GHSA-j8xg-fqg3-53r7", "scanner": "osv-scanner", "correlation_key": "vuln|word-wrap|CVE-2023-26115|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9jgg-88mc-972h", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-9jgg-88mc-972h"}, "properties": {"repobilityId": 108623, "scanner": "osv-scanner", "fingerprint": "d1a28b9a042bfc28a4ab9f84493472aa0ceb149446ec763c2df92095c044b8b2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-30360"], "package": "webpack-dev-server", "rule_id": "GHSA-9jgg-88mc-972h", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2025-30360|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-79cf-xcqc-c78w", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-79cf-xcqc-c78w"}, "properties": {"repobilityId": 108622, "scanner": "osv-scanner", "fingerprint": "684ef2e955258e7ac9b018cb59a57c756fefce7f72ddc2b844d92be26a1b10c6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6402"], "package": "webpack-dev-server", "rule_id": "GHSA-79cf-xcqc-c78w", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2026-6402|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4v9v-hfq4-rm2v", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v"}, "properties": {"repobilityId": 108621, "scanner": "osv-scanner", "fingerprint": "ff91999a7dfcd5c4d0e3c337ae3504cc71277a5f5fccbb3765123bbe5580d7f8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-30359"], "package": "webpack-dev-server", "rule_id": "GHSA-4v9v-hfq4-rm2v", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2025-30359|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4vvj-4cpr-p986", "level": "warning", "message": {"text": "webpack: GHSA-4vvj-4cpr-p986"}, "properties": {"repobilityId": 108617, "scanner": "osv-scanner", "fingerprint": "2fd00426550afcc498159d3e892b597473e0d9cf7c4b6398b6cb4c749dc9641b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43788"], "package": "webpack", "rule_id": "GHSA-4vvj-4cpr-p986", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2024-43788|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 108615, "scanner": "osv-scanner", "fingerprint": "2f6e44d3056f0549be14ae43b720d756ca97d735468761433ea29a9ddf340eaa", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-72xf-g2v4-qvf3", "level": "warning", "message": {"text": "tough-cookie: GHSA-72xf-g2v4-qvf3"}, "properties": {"repobilityId": 108614, "scanner": "osv-scanner", "fingerprint": "9312444564db3259ff3baca946d1de0e510333d4b6ad2cc139492995a0ed6e56", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26136"], "package": "tough-cookie", "rule_id": "GHSA-72xf-g2v4-qvf3", "scanner": "osv-scanner", "correlation_key": "vuln|tough-cookie|CVE-2023-26136|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qj8w-gfj5-8c6v", "level": "warning", "message": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "properties": {"repobilityId": 108611, "scanner": "osv-scanner", "fingerprint": "861c9140d2458e85a1dd789a1de43fb0746f37a04647da29356e9e95fb4647ef", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34043"], "package": "serialize-javascript", "rule_id": "GHSA-qj8w-gfj5-8c6v", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2026-34043|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-76p7-773f-r4q5", "level": "warning", "message": {"text": "serialize-javascript: GHSA-76p7-773f-r4q5"}, "properties": {"repobilityId": 108610, "scanner": "osv-scanner", "fingerprint": "74c8e54d8d2647b04201a388f885aab99eedda9b7bece01a5dd65462321576bc", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-11831"], "package": "serialize-javascript", "rule_id": "GHSA-76p7-773f-r4q5", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2024-11831|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6rw7-vpxm-498p", "level": "warning", "message": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "properties": {"repobilityId": 108603, "scanner": "osv-scanner", "fingerprint": "fa80c0113a31d4aa749588a85511874d731a5f17963bf03bd5aa107cf81d4b3f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-15284"], "package": "qs", "rule_id": "GHSA-6rw7-vpxm-498p", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2025-15284|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 108602, "scanner": "osv-scanner", "fingerprint": "33aa829b4458c5ef73d832c9e568cf3032217bd31f4b18cc6a572d90111a50bb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7fh5-64p2-3v2j", "level": "warning", "message": {"text": "postcss: GHSA-7fh5-64p2-3v2j"}, "properties": {"repobilityId": 108601, "scanner": "osv-scanner", "fingerprint": "10ed0be82059e97c27fa0390e21b9e11a083bbd4fe100bff5e00c3725d08fa51", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-44270"], "package": "postcss", "rule_id": "GHSA-7fh5-64p2-3v2j", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2023-44270|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 108599, "scanner": "osv-scanner", "fingerprint": "d01f2097e7b318fed09051dc9486d1856dda99f71ea520983bca2d575128e70d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-65ch-62r8-g69g", "level": "warning", "message": {"text": "node-forge: GHSA-65ch-62r8-g69g"}, "properties": {"repobilityId": 108591, "scanner": "osv-scanner", "fingerprint": "fdcdff9efc13682e8a57a04b193e7253de4f457030335af8d1d0b27fce29a23b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66030"], "package": "node-forge", "rule_id": "GHSA-65ch-62r8-g69g", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-66030|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mwcw-c2x4-8c55", "level": "warning", "message": {"text": "nanoid: GHSA-mwcw-c2x4-8c55"}, "properties": {"repobilityId": 108586, "scanner": "osv-scanner", "fingerprint": "17aa9cc2e8026cc24dc5e114a937e54b03ea8b7b6868431635040b50227ddd2c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-55565"], "package": "nanoid", "rule_id": "GHSA-mwcw-c2x4-8c55", "scanner": "osv-scanner", "correlation_key": "vuln|nanoid|CVE-2024-55565|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v78c-4p63-2j6c", "level": "warning", "message": {"text": "moment-timezone: GHSA-v78c-4p63-2j6c"}, "properties": {"repobilityId": 108585, "scanner": "osv-scanner", "fingerprint": "8f3010c45714572b133e2992056e90b9be9c3b79705381f08cd9556a3e1b7dbf", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "moment-timezone", "rule_id": "GHSA-v78c-4p63-2j6c", "scanner": "osv-scanner", "correlation_key": "vuln|moment-timezone|GHSA-V78C-4P63-2J6C|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-952p-6rrq-rcjv", "level": "warning", "message": {"text": "micromatch: GHSA-952p-6rrq-rcjv"}, "properties": {"repobilityId": 108579, "scanner": "osv-scanner", "fingerprint": "6074fdd4d1c7ccc86350f1ed269ae01ecab6612eecc17984fef4f3c455e1e6a6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4067"], "package": "micromatch", "rule_id": "GHSA-952p-6rrq-rcjv", "scanner": "osv-scanner", "correlation_key": "vuln|micromatch|CVE-2024-4067|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xxjr-mmjv-4gpg", "level": "warning", "message": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "properties": {"repobilityId": 108578, "scanner": "osv-scanner", "fingerprint": "f047ccc7d9c1109aced3a5c21f0b53a27d6582174ed7660bc0f4dfe83bf08a1a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-13465"], "package": "lodash", "rule_id": "GHSA-xxjr-mmjv-4gpg", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2025-13465|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f23m-r3pf-42rh", "level": "warning", "message": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "properties": {"repobilityId": 108576, "scanner": "osv-scanner", "fingerprint": "de986ead824c9cd2225230d6fcc7a484a3f62fc4668bd948eb33bf3de3e73e26", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2950"], "package": "lodash", "rule_id": "GHSA-f23m-r3pf-42rh", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-2950|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mh29-5h37-fv8m", "level": "warning", "message": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "properties": {"repobilityId": 108571, "scanner": "osv-scanner", "fingerprint": "28d729fc1155c54fc66f4fb51841604d700ad2e22c31e413765f6dd36f601211", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64718"], "package": "js-yaml", "rule_id": "GHSA-mh29-5h37-fv8m", "scanner": "osv-scanner", "correlation_key": "vuln|js-yaml|CVE-2025-64718|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9gqv-wp59-fq42", "level": "warning", "message": {"text": "http-proxy-middleware: GHSA-9gqv-wp59-fq42"}, "properties": {"repobilityId": 108568, "scanner": "osv-scanner", "fingerprint": "42df8948f99e62f71461a6fc517418ebb6d003429ba259f2fa1b5723d1c7f773", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-32997"], "package": "http-proxy-middleware", "rule_id": "GHSA-9gqv-wp59-fq42", "scanner": "osv-scanner", "correlation_key": "vuln|http-proxy-middleware|CVE-2025-32997|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4www-5p9h-95mh", "level": "warning", "message": {"text": "http-proxy-middleware: GHSA-4www-5p9h-95mh"}, "properties": {"repobilityId": 108567, "scanner": "osv-scanner", "fingerprint": "a14aa4b6810d53b031372ed07929ea85a0a429b34c32c810b53b860fc75dcde5", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-32996"], "package": "http-proxy-middleware", "rule_id": "GHSA-4www-5p9h-95mh", "scanner": "osv-scanner", "correlation_key": "vuln|http-proxy-middleware|CVE-2025-32996|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r4q5-vmmm-2653", "level": "warning", "message": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "properties": {"repobilityId": 108565, "scanner": "osv-scanner", "fingerprint": "248c1e434ec83c5a892dfdf2f0e0aa80ddc9030d3cbaccddc0f5a14a5c6577be", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "follow-redirects", "rule_id": "GHSA-r4q5-vmmm-2653", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|GHSA-R4Q5-VMMM-2653|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jchw-25xp-jwwc", "level": "warning", "message": {"text": "follow-redirects: GHSA-jchw-25xp-jwwc"}, "properties": {"repobilityId": 108564, "scanner": "osv-scanner", "fingerprint": "725ce5430a478e66058ead598e899020df5d47084a465fa2252da6a5f670f779", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26159"], "package": "follow-redirects", "rule_id": "GHSA-jchw-25xp-jwwc", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|CVE-2023-26159|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cxjh-pqwp-8mfp", "level": "warning", "message": {"text": "follow-redirects: GHSA-cxjh-pqwp-8mfp"}, "properties": {"repobilityId": 108563, "scanner": "osv-scanner", "fingerprint": "0a83074d81c41498aa4d6d174e23dfe39f0b8a461cbd294d61e81c20e7f080a4", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-28849"], "package": "follow-redirects", "rule_id": "GHSA-cxjh-pqwp-8mfp", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|CVE-2024-28849|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rv95-896h-c2vc", "level": "warning", "message": {"text": "express: GHSA-rv95-896h-c2vc"}, "properties": {"repobilityId": 108560, "scanner": "osv-scanner", "fingerprint": "35ed9bd1f40391298ac08894143ce89d16fa5faa02f5dfa0f7a98a7c4294b104", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-29041"], "package": "express", "rule_id": "GHSA-rv95-896h-c2vc", "scanner": "osv-scanner", "correlation_key": "vuln|express|CVE-2024-29041|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ghr5-ch3p-vcr6", "level": "warning", "message": {"text": "ejs: GHSA-ghr5-ch3p-vcr6"}, "properties": {"repobilityId": 108558, "scanner": "osv-scanner", "fingerprint": "f741d82e0a49eb3ffb46bc0be796477f8426a5fc8663dcbb582fbfb9b7a9748e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-33883"], "package": "ejs", "rule_id": "GHSA-ghr5-ch3p-vcr6", "scanner": "osv-scanner", "correlation_key": "vuln|ejs|CVE-2024-33883|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 108553, "scanner": "osv-scanner", "fingerprint": "e8eb0ab1ffbb15b3b127c7436af364aa04d69dbc42fb22d21fcb4f304d428269", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 108551, "scanner": "osv-scanner", "fingerprint": "b6e4ab66cc3522d009fa9b7b4cb49ad3d9a60843a6d25559c80bbc6b5b65b8d7", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/runtime-corejs3: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 108548, "scanner": "osv-scanner", "fingerprint": "7bf233e0bfc5aa9e205a7999007df9475e9ad4f5821cce3419c33d7d45d83d1f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/runtime-corejs3", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/runtime-corejs3|CVE-2025-27789|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/runtime: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 108547, "scanner": "osv-scanner", "fingerprint": "1a021c51241fa6b167e8ea883b0ad2124ec3f45610123342d66941a8ba97193b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/runtime", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/runtime|CVE-2025-27789|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/helpers: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 108545, "scanner": "osv-scanner", "fingerprint": "a2744c3dc4514686546d37b3766fd7426464a5ddd60df990e0fd10cd70ff8afb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/helpers", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/helpers|CVE-2025-27789|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-prr3-c3m5-p7q2", "level": "warning", "message": {"text": "@adobe/css-tools: GHSA-prr3-c3m5-p7q2"}, "properties": {"repobilityId": 108544, "scanner": "osv-scanner", "fingerprint": "b77985b2e40a6696ca98bdd77baac141a1a8878acfd3888aa89660f014c04b04", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-48631"], "package": "@adobe/css-tools", "rule_id": "GHSA-prr3-c3m5-p7q2", "scanner": "osv-scanner", "correlation_key": "vuln|adobe/css-tools|CVE-2023-48631|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hpx4-r86g-5jrg", "level": "warning", "message": {"text": "@adobe/css-tools: GHSA-hpx4-r86g-5jrg"}, "properties": {"repobilityId": 108543, "scanner": "osv-scanner", "fingerprint": "5a917e5412437837402d129acdb8422b23373b1e04676bc67cb81e762dc4350b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26364"], "package": "@adobe/css-tools", "rule_id": "GHSA-hpx4-r86g-5jrg", "scanner": "osv-scanner", "correlation_key": "vuln|adobe/css-tools|CVE-2023-26364|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `web-vitals` is 3 major version(s) behind (2.1.4 -> 5.3.0)"}, "properties": {"repobilityId": 108539, "scanner": "repobility-dependency-currency", "fingerprint": "de5bb755510abbbb09802de16380759e1e70246aa94b036ba098c14f63cdfb33", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "web-vitals", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "5.3.0", "correlation_key": "fp|de5bb755510abbbb09802de16380759e1e70246aa94b036ba098c14f63cdfb33", "current_version": "2.1.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@tisoap/react-flow-smart-edge` is 2 major version(s) behind (2.0.0 -> 4.3.0)"}, "properties": {"repobilityId": 108532, "scanner": "repobility-dependency-currency", "fingerprint": "3f73003ba0db14720a831520fe5923b56de94ad7f305cdc8bb908fb1686c3c18", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@tisoap/react-flow-smart-edge", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.3.0", "correlation_key": "fp|3f73003ba0db14720a831520fe5923b56de94ad7f305cdc8bb908fb1686c3c18", "current_version": "2.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@testing-library/user-event` is 1 major version(s) behind (13.5.0 -> 14.6.1)"}, "properties": {"repobilityId": 108531, "scanner": "repobility-dependency-currency", "fingerprint": "713c0a69ecd1dd23b9f4b82ed51c894668f3d12cb667383b474356948d4e1a2b", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@testing-library/user-event", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "14.6.1", "correlation_key": "fp|713c0a69ecd1dd23b9f4b82ed51c894668f3d12cb667383b474356948d4e1a2b", "current_version": "13.5.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@testing-library/react` is 3 major version(s) behind (13.3.0 -> 16.3.2)"}, "properties": {"repobilityId": 108530, "scanner": "repobility-dependency-currency", "fingerprint": "34e86de78e3ef35341b685476c2c17a3c1739fe5989d5b4a644cec4893a44269", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@testing-library/react", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "16.3.2", "correlation_key": "fp|34e86de78e3ef35341b685476c2c17a3c1739fe5989d5b4a644cec4893a44269", "current_version": "13.3.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@testing-library/jest-dom` is 1 major version(s) behind (5.16.5 -> 6.9.1)"}, "properties": {"repobilityId": 108529, "scanner": "repobility-dependency-currency", "fingerprint": "a4017cc0a7e174ff6449cf669b3da2c26c2cddb7392bd8ded5890b1a1f75b2da", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@testing-library/jest-dom", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.9.1", "correlation_key": "fp|a4017cc0a7e174ff6449cf669b3da2c26c2cddb7392bd8ded5890b1a1f75b2da", "current_version": "5.16.5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@ant-design/icons` is 2 major version(s) behind (4.7.0 -> 6.2.5)"}, "properties": {"repobilityId": 108526, "scanner": "repobility-dependency-currency", "fingerprint": "7d8a03f927fab57cdc49486053176514611c9a29bee37e07cc1a77ed3d26d031", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@ant-design/icons", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.2.5", "correlation_key": "fp|7d8a03f927fab57cdc49486053176514611c9a29bee37e07cc1a77ed3d26d031", "current_version": "4.7.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 108523, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 108799, "scanner": "repobility-web-presence", "fingerprint": "12d1aab6ee1a443feb14574bf5d0fbdb1f0693f388e4ba974e05b2dfd78786e8", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|12d1aab6ee1a443feb14574bf5d0fbdb1f0693f388e4ba974e05b2dfd78786e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "public/robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 108796, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 108795, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 108794, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8fgc-7cc6-rx7x", "level": "note", "message": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "properties": {"repobilityId": 108784, "scanner": "osv-scanner", "fingerprint": "1d1496f3f5463d27a84b1945a0710436b7fcb4f9b8a8ad083b13e770574f8af2", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68458"], "package": "webpack", "rule_id": "GHSA-8fgc-7cc6-rx7x", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68458|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38r7-794h-5758", "level": "note", "message": {"text": "webpack: GHSA-38r7-794h-5758"}, "properties": {"repobilityId": 108782, "scanner": "osv-scanner", "fingerprint": "acb299e492e670bc1421e7fa1604c058c3132a5f962a2ee11f5a832c3e6e4925", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68157"], "package": "webpack", "rule_id": "GHSA-38r7-794h-5758", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68157|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cm22-4g7w-348p", "level": "note", "message": {"text": "serve-static: GHSA-cm22-4g7w-348p"}, "properties": {"repobilityId": 108778, "scanner": "osv-scanner", "fingerprint": "e9d42731245b86568f012f1a6bf30bf1855dd836405326e11334043609ed6601", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43800"], "package": "serve-static", "rule_id": "GHSA-cm22-4g7w-348p", "scanner": "osv-scanner", "correlation_key": "vuln|serve-static|CVE-2024-43800|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m6fv-jmcg-4jfg", "level": "note", "message": {"text": "send: GHSA-m6fv-jmcg-4jfg"}, "properties": {"repobilityId": 108774, "scanner": "osv-scanner", "fingerprint": "08b87a2b6f5060068473ff2f1f77f4f1f3a84860127ea9a0108b9e11c5f2e2d5", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43799"], "package": "send", "rule_id": "GHSA-m6fv-jmcg-4jfg", "scanner": "osv-scanner", "correlation_key": "vuln|send|CVE-2024-43799|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w7fw-mjwx-w883", "level": "note", "message": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "properties": {"repobilityId": 108770, "scanner": "osv-scanner", "fingerprint": "a73d559c3c203e434714cc09b29fe257901a825a427fc4bb71e23c8c69ec3490", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2391"], "package": "qs", "rule_id": "GHSA-w7fw-mjwx-w883", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-2391|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-76c9-3jph-rj3q", "level": "note", "message": {"text": "on-headers: GHSA-76c9-3jph-rj3q"}, "properties": {"repobilityId": 108761, "scanner": "osv-scanner", "fingerprint": "a7985f273708d19405671548c594a791d212fdc268ac7eb3aecf4a00ab7e5e50", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-7339"], "package": "on-headers", "rule_id": "GHSA-76c9-3jph-rj3q", "scanner": "osv-scanner", "correlation_key": "vuln|on-headers|CVE-2025-7339|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-56x4-j7p9-fcf9", "level": "note", "message": {"text": "moment-timezone: GHSA-56x4-j7p9-fcf9"}, "properties": {"repobilityId": 108750, "scanner": "osv-scanner", "fingerprint": "1f1b06c167423ed65279757da3b51e450a394c4146fb77a3b8b5bc38fcd2f653", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "moment-timezone", "rule_id": "GHSA-56x4-j7p9-fcf9", "scanner": "osv-scanner", "correlation_key": "vuln|moment-timezone|GHSA-56X4-J7P9-FCF9|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qw6h-vgh9-j6wx", "level": "note", "message": {"text": "express: GHSA-qw6h-vgh9-j6wx"}, "properties": {"repobilityId": 108725, "scanner": "osv-scanner", "fingerprint": "aed8227dd4329e2940830cc2918837192b939adf896c0bcf23135111ea4ee068", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43796"], "package": "express", "rule_id": "GHSA-qw6h-vgh9-j6wx", "scanner": "osv-scanner", "correlation_key": "vuln|express|CVE-2024-43796|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pxg6-pf52-xh8x", "level": "note", "message": {"text": "cookie: GHSA-pxg6-pf52-xh8x"}, "properties": {"repobilityId": 108722, "scanner": "osv-scanner", "fingerprint": "e4b330f5630ed01c82fba254f81c5567f3250984aca049c77d39a36c9f96533b", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47764"], "package": "cookie", "rule_id": "GHSA-pxg6-pf52-xh8x", "scanner": "osv-scanner", "correlation_key": "vuln|cookie|CVE-2024-47764|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v6h2-p8h4-qcjw", "level": "note", "message": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "properties": {"repobilityId": 108720, "scanner": "osv-scanner", "fingerprint": "1854d9dd5eb370302d7119641e8b8517081a2f7d14cd0cb0730993d4c09eb4d6", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-5889"], "package": "brace-expansion", "rule_id": "GHSA-v6h2-p8h4-qcjw", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2025-5889|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vpq2-c234-7xj6", "level": "note", "message": {"text": "@tootallnate/once: GHSA-vpq2-c234-7xj6"}, "properties": {"repobilityId": 108716, "scanner": "osv-scanner", "fingerprint": "0ef18dda7b85626926b854aa196699c8b8d982a1d5f3be718d15521643f4f62c", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-3449"], "package": "@tootallnate/once", "rule_id": "GHSA-vpq2-c234-7xj6", "scanner": "osv-scanner", "correlation_key": "vuln|tootallnate/once|CVE-2026-3449|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8fgc-7cc6-rx7x", "level": "note", "message": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "properties": {"repobilityId": 108699, "scanner": "osv-scanner", "fingerprint": "1993c610a1e199945bd3223101121d865411366cc66303a7a26ce1368fa7ffb3", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68458"], "package": "webpack", "rule_id": "GHSA-8fgc-7cc6-rx7x", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68458|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38r7-794h-5758", "level": "note", "message": {"text": "webpack: GHSA-38r7-794h-5758"}, "properties": {"repobilityId": 108697, "scanner": "osv-scanner", "fingerprint": "f17ee9fc81b3ebbf6275da2f4ff0c137ea8a2828a01f73eb453ed488df735491", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68157"], "package": "webpack", "rule_id": "GHSA-38r7-794h-5758", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68157|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cm22-4g7w-348p", "level": "note", "message": {"text": "serve-static: GHSA-cm22-4g7w-348p"}, "properties": {"repobilityId": 108693, "scanner": "osv-scanner", "fingerprint": "2b16cfe0f73c52465b79a7d69fdef3783acde2f48e25327223ff1eb9aab05855", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43800"], "package": "serve-static", "rule_id": "GHSA-cm22-4g7w-348p", "scanner": "osv-scanner", "correlation_key": "vuln|serve-static|CVE-2024-43800|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m6fv-jmcg-4jfg", "level": "note", "message": {"text": "send: GHSA-m6fv-jmcg-4jfg"}, "properties": {"repobilityId": 108689, "scanner": "osv-scanner", "fingerprint": "1143f7d2db88d250f93c4e49897b0d83c03c973b7ff75dd7e0fe661b03acb8da", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43799"], "package": "send", "rule_id": "GHSA-m6fv-jmcg-4jfg", "scanner": "osv-scanner", "correlation_key": "vuln|send|CVE-2024-43799|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w7fw-mjwx-w883", "level": "note", "message": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "properties": {"repobilityId": 108685, "scanner": "osv-scanner", "fingerprint": "a8ebfae1708877f4dd9d37cacb9e0f82aeb99b56d968b81a86d1302c6d3af0c2", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2391"], "package": "qs", "rule_id": "GHSA-w7fw-mjwx-w883", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-2391|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-76c9-3jph-rj3q", "level": "note", "message": {"text": "on-headers: GHSA-76c9-3jph-rj3q"}, "properties": {"repobilityId": 108676, "scanner": "osv-scanner", "fingerprint": "97283a2a7d20560a818693b916d6753fd7fbd4236d8d8c1aaa6f41727217c1ce", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-7339"], "package": "on-headers", "rule_id": "GHSA-76c9-3jph-rj3q", "scanner": "osv-scanner", "correlation_key": "vuln|on-headers|CVE-2025-7339|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-56x4-j7p9-fcf9", "level": "note", "message": {"text": "moment-timezone: GHSA-56x4-j7p9-fcf9"}, "properties": {"repobilityId": 108665, "scanner": "osv-scanner", "fingerprint": "c7802fbee3b8c4c65d2280b0f248c23378d4067f502c37ebbf6ae6701cbdd3d0", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "moment-timezone", "rule_id": "GHSA-56x4-j7p9-fcf9", "scanner": "osv-scanner", "correlation_key": "vuln|moment-timezone|GHSA-56X4-J7P9-FCF9|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qw6h-vgh9-j6wx", "level": "note", "message": {"text": "express: GHSA-qw6h-vgh9-j6wx"}, "properties": {"repobilityId": 108644, "scanner": "osv-scanner", "fingerprint": "43700f9cc061210478d598e796a23269a2965f70acf23e6bffffc1367f09269d", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43796"], "package": "express", "rule_id": "GHSA-qw6h-vgh9-j6wx", "scanner": "osv-scanner", "correlation_key": "vuln|express|CVE-2024-43796|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pxg6-pf52-xh8x", "level": "note", "message": {"text": "cookie: GHSA-pxg6-pf52-xh8x"}, "properties": {"repobilityId": 108641, "scanner": "osv-scanner", "fingerprint": "353decb9f04d1c421e622b52000e1e4d5e7fb4b271c2145ccbdb51a43491ec5e", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47764"], "package": "cookie", "rule_id": "GHSA-pxg6-pf52-xh8x", "scanner": "osv-scanner", "correlation_key": "vuln|cookie|CVE-2024-47764|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v6h2-p8h4-qcjw", "level": "note", "message": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "properties": {"repobilityId": 108639, "scanner": "osv-scanner", "fingerprint": "3e70f19011b58b157f75487899fec2e42cb88c0a653227b585f67c95414d291b", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-5889"], "package": "brace-expansion", "rule_id": "GHSA-v6h2-p8h4-qcjw", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2025-5889|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vpq2-c234-7xj6", "level": "note", "message": {"text": "@tootallnate/once: GHSA-vpq2-c234-7xj6"}, "properties": {"repobilityId": 108635, "scanner": "osv-scanner", "fingerprint": "573ec4a58862875e8ce61f54e2504d06b2ca4d339b9ec7540be71ab58ff09e02", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-3449"], "package": "@tootallnate/once", "rule_id": "GHSA-vpq2-c234-7xj6", "scanner": "osv-scanner", "correlation_key": "vuln|tootallnate/once|CVE-2026-3449|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8fgc-7cc6-rx7x", "level": "note", "message": {"text": "webpack: GHSA-8fgc-7cc6-rx7x"}, "properties": {"repobilityId": 108618, "scanner": "osv-scanner", "fingerprint": "885831ec9a185235867071859b61a882e0ef92e6f19d618957bda24e6b9a1eff", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68458"], "package": "webpack", "rule_id": "GHSA-8fgc-7cc6-rx7x", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68458|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38r7-794h-5758", "level": "note", "message": {"text": "webpack: GHSA-38r7-794h-5758"}, "properties": {"repobilityId": 108616, "scanner": "osv-scanner", "fingerprint": "cb693bda54a38b47305c57915d671e4fec7e8595eb17860c0919230b8f1f3165", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-68157"], "package": "webpack", "rule_id": "GHSA-38r7-794h-5758", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2025-68157|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cm22-4g7w-348p", "level": "note", "message": {"text": "serve-static: GHSA-cm22-4g7w-348p"}, "properties": {"repobilityId": 108612, "scanner": "osv-scanner", "fingerprint": "3f92cf99b7266fd92694dec1247fc325fbbd55e290ddef605cc722f8233de4e1", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43800"], "package": "serve-static", "rule_id": "GHSA-cm22-4g7w-348p", "scanner": "osv-scanner", "correlation_key": "vuln|serve-static|CVE-2024-43800|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m6fv-jmcg-4jfg", "level": "note", "message": {"text": "send: GHSA-m6fv-jmcg-4jfg"}, "properties": {"repobilityId": 108608, "scanner": "osv-scanner", "fingerprint": "213ef8c0fe4b2512080c6f73a4780b227b36c89d63ae60778e88f9fbd66f760c", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43799"], "package": "send", "rule_id": "GHSA-m6fv-jmcg-4jfg", "scanner": "osv-scanner", "correlation_key": "vuln|send|CVE-2024-43799|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w7fw-mjwx-w883", "level": "note", "message": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "properties": {"repobilityId": 108604, "scanner": "osv-scanner", "fingerprint": "f166fc9bedc798a4405ffae4db362d32e9e4c74b30e882f3e29ef038e180f732", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2391"], "package": "qs", "rule_id": "GHSA-w7fw-mjwx-w883", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-2391|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-76c9-3jph-rj3q", "level": "note", "message": {"text": "on-headers: GHSA-76c9-3jph-rj3q"}, "properties": {"repobilityId": 108595, "scanner": "osv-scanner", "fingerprint": "b19b477eba251d202694d21eb44ca539c8d105334bd48a80ef54406acde345d2", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-7339"], "package": "on-headers", "rule_id": "GHSA-76c9-3jph-rj3q", "scanner": "osv-scanner", "correlation_key": "vuln|on-headers|CVE-2025-7339|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-56x4-j7p9-fcf9", "level": "note", "message": {"text": "moment-timezone: GHSA-56x4-j7p9-fcf9"}, "properties": {"repobilityId": 108584, "scanner": "osv-scanner", "fingerprint": "bd7c17503e58ba259a6f0bd45e4cf4761f872d1654455c796cee1ab20574a91c", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "moment-timezone", "rule_id": "GHSA-56x4-j7p9-fcf9", "scanner": "osv-scanner", "correlation_key": "vuln|moment-timezone|GHSA-56X4-J7P9-FCF9|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qw6h-vgh9-j6wx", "level": "note", "message": {"text": "express: GHSA-qw6h-vgh9-j6wx"}, "properties": {"repobilityId": 108559, "scanner": "osv-scanner", "fingerprint": "990f2ebb95cdcb4aebc43ac94674042a3848cfc2f3dba0ed36b62338cee5ca37", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43796"], "package": "express", "rule_id": "GHSA-qw6h-vgh9-j6wx", "scanner": "osv-scanner", "correlation_key": "vuln|express|CVE-2024-43796|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pxg6-pf52-xh8x", "level": "note", "message": {"text": "cookie: GHSA-pxg6-pf52-xh8x"}, "properties": {"repobilityId": 108556, "scanner": "osv-scanner", "fingerprint": "2fe2969dde5115d1dc26e75c9a8a189ef083d9cc0522a63920f825aaf7a8914e", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47764"], "package": "cookie", "rule_id": "GHSA-pxg6-pf52-xh8x", "scanner": "osv-scanner", "correlation_key": "vuln|cookie|CVE-2024-47764|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v6h2-p8h4-qcjw", "level": "note", "message": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "properties": {"repobilityId": 108554, "scanner": "osv-scanner", "fingerprint": "3b771ed61f472eab02b4c9eb792b38e138cfec35c8ab51f877acaaca0e374b2d", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-5889"], "package": "brace-expansion", "rule_id": "GHSA-v6h2-p8h4-qcjw", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2025-5889|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vpq2-c234-7xj6", "level": "note", "message": {"text": "@tootallnate/once: GHSA-vpq2-c234-7xj6"}, "properties": {"repobilityId": 108550, "scanner": "osv-scanner", "fingerprint": "b94d4faf3f807316e62a27fde64604e4453cde679a07570857443686cccdd76d", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-3449"], "package": "@tootallnate/once", "rule_id": "GHSA-vpq2-c234-7xj6", "scanner": "osv-scanner", "correlation_key": "vuln|tootallnate/once|CVE-2026-3449|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `sass` is minor version(s) behind (1.54.3 -> 1.100.0)"}, "properties": {"repobilityId": 108538, "scanner": "repobility-dependency-currency", "fingerprint": "9f96fa4cacff33688b1a2704f49211619b92eda310ebeeb10a4c93ba921acf35", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "sass", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.100.0", "correlation_key": "fp|9f96fa4cacff33688b1a2704f49211619b92eda310ebeeb10a4c93ba921acf35", "current_version": "1.54.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `moment-timezone` is minor version(s) behind (0.5.34 -> 0.6.2)"}, "properties": {"repobilityId": 108536, "scanner": "repobility-dependency-currency", "fingerprint": "f5b67e6f8dd80264a71abae9d765e0da5ed884fc727ad0fe4ffbefd04051facc", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "moment-timezone", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.6.2", "correlation_key": "fp|f5b67e6f8dd80264a71abae9d765e0da5ed884fc727ad0fe4ffbefd04051facc", "current_version": "0.5.34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `fp-ts` is minor version(s) behind (2.11.7 -> 2.16.11)"}, "properties": {"repobilityId": 108534, "scanner": "repobility-dependency-currency", "fingerprint": "f60d55ff9e436dc631feaf34f3a06467dd9ea222cc35dbea4b80d57ac9327f98", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "fp-ts", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.16.11", "correlation_key": "fp|f60d55ff9e436dc631feaf34f3a06467dd9ea222cc35dbea4b80d57ac9327f98", "current_version": "2.11.7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@xyflow/react` is minor version(s) behind (12.1.1 -> 12.11.0)"}, "properties": {"repobilityId": 108533, "scanner": "repobility-dependency-currency", "fingerprint": "2da3731a370a6fc671b94b114992e7086f70c1e6f56f3df2753c64aee93117ab", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@xyflow/react", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "12.11.0", "correlation_key": "fp|2da3731a370a6fc671b94b114992e7086f70c1e6f56f3df2753c64aee93117ab", "current_version": "12.1.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@emotion/css` is minor version(s) behind (11.7.1 -> 11.13.5)"}, "properties": {"repobilityId": 108528, "scanner": "repobility-dependency-currency", "fingerprint": "8992edab8bf92af895d72a9e405c9b72ba196a237f909021265e26f7490cca65", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@emotion/css", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "11.13.5", "correlation_key": "fp|8992edab8bf92af895d72a9e405c9b72ba196a237f909021265e26f7490cca65", "current_version": "11.7.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@contactlab/ds-tokens` is minor version(s) behind (3.3.0 -> 3.6.0)"}, "properties": {"repobilityId": 108527, "scanner": "repobility-dependency-currency", "fingerprint": "eee0c32055dfb90c7c039732d9ed1d226a9dc1105ca2a5a1486e191c985e9beb", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@contactlab/ds-tokens", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.6.0", "correlation_key": "fp|eee0c32055dfb90c7c039732d9ed1d226a9dc1105ca2a5a1486e191c985e9beb", "current_version": "3.3.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108525, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b38790db0ae77bb0e309294bcc7f6ba390e5d1883c4ab16a5ac6609d91cea711", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/Data/Elements1.jsx", "duplicate_line": 29, "correlation_key": "fp|b38790db0ae77bb0e309294bcc7f6ba390e5d1883c4ab16a5ac6609d91cea711"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Data/Elements2.jsx"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108524, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2e821a993bd55bea7069099f9caaf764615ae018daa76e0c8462bae0ef9f9854", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/Data/Elements.jsx", "duplicate_line": 82, "correlation_key": "fp|2e821a993bd55bea7069099f9caaf764615ae018daa76e0c8462bae0ef9f9854"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Data/Elements1.jsx"}, "region": {"startLine": 103}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 108522, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 108542, "scanner": "repobility-threat-engine", "fingerprint": "6c5cd135b4b8e2f82d761a9e92b7e109426e3531deb6f45e2c3b1da9fcc2c159", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6c5cd135b4b8e2f82d761a9e92b7e109426e3531deb6f45e2c3b1da9fcc2c159"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Edges/Edges.jsx"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 108541, "scanner": "repobility-threat-engine", "fingerprint": "affe5eaf5f5061d4fd031e9841f516ed1f7829b4d0fbe46d633899eedbbc7503", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|affe5eaf5f5061d4fd031e9841f516ed1f7829b4d0fbe46d633899eedbbc7503"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Utils/WorkflowElementUtils.js"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 108540, "scanner": "repobility-threat-engine", "fingerprint": "1f54e4872acfd93639c955e5226c72fdac9decbf5ce34b47c906c48e957b9f8f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1f54e4872acfd93639c955e5226c72fdac9decbf5ce34b47c906c48e957b9f8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/App.js"}, "region": {"startLine": 51}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `react-flow-renderer` is patch version(s) behind (10.3.12 -> 10.3.17)"}, "properties": {"repobilityId": 108537, "scanner": "repobility-dependency-currency", "fingerprint": "ef42788e07923762d3878e6415c767cc80e2b4cbb35bc483323df4d478288768", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "react-flow-renderer", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "10.3.17", "correlation_key": "fp|ef42788e07923762d3878e6415c767cc80e2b4cbb35bc483323df4d478288768", "current_version": "10.3.12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `io-ts` is patch version(s) behind (2.2.16 -> 2.2.22)"}, "properties": {"repobilityId": 108535, "scanner": "repobility-dependency-currency", "fingerprint": "f1d87282a2ca02d35a01e9257fdbcb7c29e5a284fc5bea5da8be8ab1fb2d8d54", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "io-ts", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.2.22", "correlation_key": "fp|f1d87282a2ca02d35a01e9257fdbcb7c29e5a284fc5bea5da8be8ab1fb2d8d54", "current_version": "2.2.16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3h5v-q93c-6h6q", "level": "error", "message": {"text": "ws: GHSA-3h5v-q93c-6h6q"}, "properties": {"repobilityId": 108791, "scanner": "osv-scanner", "fingerprint": "2eae87ce778e87d74e791a8fc5de8be762fe93a135c285aa5b156041a72a9ffd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-37890"], "package": "ws", "rule_id": "GHSA-3h5v-q93c-6h6q", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2024-37890|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wr3j-pwj9-hqq6", "level": "error", "message": {"text": "webpack-dev-middleware: GHSA-wr3j-pwj9-hqq6"}, "properties": {"repobilityId": 108786, "scanner": "osv-scanner", "fingerprint": "e1a3ee9b19df8ced3facdce65c24aba090f31145b5e3c3b4818c45889676504a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-29180"], "package": "webpack-dev-middleware", "rule_id": "GHSA-wr3j-pwj9-hqq6", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-middleware|CVE-2024-29180|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xpqw-6gx7-v673", "level": "error", "message": {"text": "svgo: GHSA-xpqw-6gx7-v673"}, "properties": {"repobilityId": 108779, "scanner": "osv-scanner", "fingerprint": "f051f88a209c8782d870fe249e2d77f50a94bebeb934779c0bf5d44e16193bd7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29074"], "package": "svgo", "rule_id": "GHSA-xpqw-6gx7-v673", "scanner": "osv-scanner", "correlation_key": "vuln|svgo|CVE-2026-29074|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c6j-r48x-rmvq", "level": "error", "message": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "properties": {"repobilityId": 108775, "scanner": "osv-scanner", "fingerprint": "1ef775a47df378c856c07b625124fda8dffefc3e2824185640a1944e77134c56", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "serialize-javascript", "rule_id": "GHSA-5c6j-r48x-rmvq", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|GHSA-5C6J-R48X-RMVQ|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2qf-rxjj-qqgw", "level": "error", "message": {"text": "semver: GHSA-c2qf-rxjj-qqgw"}, "properties": {"repobilityId": 108773, "scanner": "osv-scanner", "fingerprint": "a06744873de3c2e471d3ec587834ed8ebb60a9e5a34cbfa678929ea66cf22ead", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-25883"], "package": "semver", "rule_id": "GHSA-c2qf-rxjj-qqgw", "scanner": "osv-scanner", "correlation_key": "vuln|semver|CVE-2022-25883|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mw96-cpmx-2vgc", "level": "error", "message": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "properties": {"repobilityId": 108772, "scanner": "osv-scanner", "fingerprint": "73f564d6a3431a4b0c52ce5f7f721287d73dc9c95a1b664e1059f3ee63a81309", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27606"], "package": "rollup", "rule_id": "GHSA-mw96-cpmx-2vgc", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2026-27606|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gcx4-mw62-g8wm", "level": "error", "message": {"text": "rollup: GHSA-gcx4-mw62-g8wm"}, "properties": {"repobilityId": 108771, "scanner": "osv-scanner", "fingerprint": "bc648eb2b305e88faced732632f4a42066a56117b7bb6035ce920edc25fa0bda", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47068"], "package": "rollup", "rule_id": "GHSA-gcx4-mw62-g8wm", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2024-47068|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 108766, "scanner": "osv-scanner", "fingerprint": "ecad408982c8a867788b1b169f9773cfa4c952dae95c6913e1d2a58e3f6235b4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rhx6-c78j-4q9w", "level": "error", "message": {"text": "path-to-regexp: GHSA-rhx6-c78j-4q9w"}, "properties": {"repobilityId": 108764, "scanner": "osv-scanner", "fingerprint": "b1725ea62d0be4473ba2ac0d618cf54a859f1f15d693a6401003b6fe282ef5f7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-52798"], "package": "path-to-regexp", "rule_id": "GHSA-rhx6-c78j-4q9w", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2024-52798|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9wv6-86v2-598j", "level": "error", "message": {"text": "path-to-regexp: GHSA-9wv6-86v2-598j"}, "properties": {"repobilityId": 108763, "scanner": "osv-scanner", "fingerprint": "235aa913e4ed3107705d6e4657282956bd9334be581edd8d08923f0cc986f049", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-45296"], "package": "path-to-regexp", "rule_id": "GHSA-9wv6-86v2-598j", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2024-45296|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-37ch-88jc-xwx2", "level": "error", "message": {"text": "path-to-regexp: GHSA-37ch-88jc-xwx2"}, "properties": {"repobilityId": 108762, "scanner": "osv-scanner", "fingerprint": "5742c339a39ab768b3eccf36b77e764e80f572d1c2004fb943c094a904543ff2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4867"], "package": "path-to-regexp", "rule_id": "GHSA-37ch-88jc-xwx2", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2026-4867|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rp65-9cf3-cjxr", "level": "error", "message": {"text": "nth-check: GHSA-rp65-9cf3-cjxr"}, "properties": {"repobilityId": 108760, "scanner": "osv-scanner", "fingerprint": "1ad20722c6524647126ef54c050ae4bbb4c2747f932d744da6150fb769925057", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2021-3803"], "package": "nth-check", "rule_id": "GHSA-rp65-9cf3-cjxr", "scanner": "osv-scanner", "correlation_key": "vuln|nth-check|CVE-2021-3803|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q67f-28xg-22rw", "level": "error", "message": {"text": "node-forge: GHSA-q67f-28xg-22rw"}, "properties": {"repobilityId": 108759, "scanner": "osv-scanner", "fingerprint": "43fb970be98a452fd99c176264dece721b2453225d08eca95d7d5a2999b4dbe4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33895"], "package": "node-forge", "rule_id": "GHSA-q67f-28xg-22rw", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33895|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ppp5-5v6c-4jwp", "level": "error", "message": {"text": "node-forge: GHSA-ppp5-5v6c-4jwp"}, "properties": {"repobilityId": 108758, "scanner": "osv-scanner", "fingerprint": "6b8cf59444f2239e6de25b8d18a6950d9fd91ccd8ee47cc0a509854c6c8546af", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33894"], "package": "node-forge", "rule_id": "GHSA-ppp5-5v6c-4jwp", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33894|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5m6q-g25r-mvwx", "level": "error", "message": {"text": "node-forge: GHSA-5m6q-g25r-mvwx"}, "properties": {"repobilityId": 108756, "scanner": "osv-scanner", "fingerprint": "6d3ca1f811fba33887bb8f62dea5c3066b38e0f33ce500df41842d8149f9fccd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33891"], "package": "node-forge", "rule_id": "GHSA-5m6q-g25r-mvwx", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33891|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5gfm-wpxj-wjgq", "level": "error", "message": {"text": "node-forge: GHSA-5gfm-wpxj-wjgq"}, "properties": {"repobilityId": 108755, "scanner": "osv-scanner", "fingerprint": "59a69c59f06bbffe35bee5356593e822251ec8d103202f50601c2ea96439a329", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-12816"], "package": "node-forge", "rule_id": "GHSA-5gfm-wpxj-wjgq", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-12816|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-554w-wpv2-vw27", "level": "error", "message": {"text": "node-forge: GHSA-554w-wpv2-vw27"}, "properties": {"repobilityId": 108754, "scanner": "osv-scanner", "fingerprint": "3f0d80d84286c0537cf5b9a0dc3c5ea135114a640a02837f7cca21657e4e7a8b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66031"], "package": "node-forge", "rule_id": "GHSA-554w-wpv2-vw27", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-66031|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2328-f5f3-gj25", "level": "error", "message": {"text": "node-forge: GHSA-2328-f5f3-gj25"}, "properties": {"repobilityId": 108753, "scanner": "osv-scanner", "fingerprint": "b465e7c54ffb8b50ab9e2b46bede355127e198fa857142efcbd686b486b3f13a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33896"], "package": "node-forge", "rule_id": "GHSA-2328-f5f3-gj25", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33896|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f8q6-p94x-37v3", "level": "error", "message": {"text": "minimatch: GHSA-f8q6-p94x-37v3"}, "properties": {"repobilityId": 108749, "scanner": "osv-scanner", "fingerprint": "50aec8093049806c1c7e12059db3d0507690b80356c2ad87e48c67dd21928620", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-3517"], "package": "minimatch", "rule_id": "GHSA-f8q6-p94x-37v3", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2022-3517|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 108748, "scanner": "osv-scanner", "fingerprint": "155d5f86682d4cca28cde02dfe1b84c1837cf98c6feba6adf8f141619cbe7278", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 108747, "scanner": "osv-scanner", "fingerprint": "09e3156d77e314926a52fbc6f5aec96b0f979198ea66c485cce13e20587eb10d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 108746, "scanner": "osv-scanner", "fingerprint": "221b16994c1c62dd68d3c52e72deae94054e851fa81062e507d061a803f51227", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 108743, "scanner": "osv-scanner", "fingerprint": "1e427b2a7906f8eadfed6f4e3eca44082674f46bb2550d3973211626ec08136c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-4800|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hhq3-ff78-jv3g", "level": "error", "message": {"text": "loader-utils: GHSA-hhq3-ff78-jv3g"}, "properties": {"repobilityId": 108741, "scanner": "osv-scanner", "fingerprint": "7e8bf8068ab66afc0fe02dc761025537af13572ec0ac891c9c3287e953b42c16", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-37599"], "package": "loader-utils", "rule_id": "GHSA-hhq3-ff78-jv3g", "scanner": "osv-scanner", "correlation_key": "vuln|loader-utils|CVE-2022-37599|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3rfm-jhwj-7488", "level": "error", "message": {"text": "loader-utils: GHSA-3rfm-jhwj-7488"}, "properties": {"repobilityId": 108739, "scanner": "osv-scanner", "fingerprint": "0ef7df1ffefcdfefd0c2750d3b74a1877b26c992bd761563ae65a7116e7eb71e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-37603"], "package": "loader-utils", "rule_id": "GHSA-3rfm-jhwj-7488", "scanner": "osv-scanner", "correlation_key": "vuln|loader-utils|CVE-2022-37603|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9c47-m6qq-7p4h", "level": "error", "message": {"text": "json5: GHSA-9c47-m6qq-7p4h"}, "properties": {"repobilityId": 108738, "scanner": "osv-scanner", "fingerprint": "cea4c3964758efcdc5f35caf69fa2dc37d8f424a2978421d76abf305cfad08c9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-46175"], "package": "json5", "rule_id": "GHSA-9c47-m6qq-7p4h", "scanner": "osv-scanner", "correlation_key": "vuln|json5|CVE-2022-46175|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wf6x-7x77-mvgw", "level": "error", "message": {"text": "immutable: GHSA-wf6x-7x77-mvgw"}, "properties": {"repobilityId": 108736, "scanner": "osv-scanner", "fingerprint": "10fdad38e2f0c8bed8d5fefff42c5eec6cb9a2f5ccc21ffbc5080a35391cbca7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29063"], "package": "immutable", "rule_id": "GHSA-wf6x-7x77-mvgw", "scanner": "osv-scanner", "correlation_key": "vuln|immutable|CVE-2026-29063|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c7qv-q95q-8v27", "level": "error", "message": {"text": "http-proxy-middleware: GHSA-c7qv-q95q-8v27"}, "properties": {"repobilityId": 108735, "scanner": "osv-scanner", "fingerprint": "13428644976a3ebba474afc13666ef0289ed2fa62762534c9a1077e75c580d62", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21536"], "package": "http-proxy-middleware", "rule_id": "GHSA-c7qv-q95q-8v27", "scanner": "osv-scanner", "correlation_key": "vuln|http-proxy-middleware|CVE-2024-21536|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rf6f-7fwh-wjgh", "level": "error", "message": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "properties": {"repobilityId": 108728, "scanner": "osv-scanner", "fingerprint": "d0b9234ec2966d5cd1ae83b092076fc6f5a32dfd776078904598a2fa7f33a0c2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33228"], "package": "flatted", "rule_id": "GHSA-rf6f-7fwh-wjgh", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-33228|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-25h7-pfq9-p65f", "level": "error", "message": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "properties": {"repobilityId": 108727, "scanner": "osv-scanner", "fingerprint": "c35df0a8f45b3093e14eb6817663ff04a68616414e8781d73a25447d74f0932f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-32141"], "package": "flatted", "rule_id": "GHSA-25h7-pfq9-p65f", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-32141|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3xgq-45jj-v275", "level": "error", "message": {"text": "cross-spawn: GHSA-3xgq-45jj-v275"}, "properties": {"repobilityId": 108723, "scanner": "osv-scanner", "fingerprint": "9cc1de1071c2e2f2fdc8c844fe693a4651cd7dd56d5ed46ed510d674489c61ea", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21538"], "package": "cross-spawn", "rule_id": "GHSA-3xgq-45jj-v275", "scanner": "osv-scanner", "correlation_key": "vuln|cross-spawn|CVE-2024-21538|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-grv7-fg5c-xmjg", "level": "error", "message": {"text": "braces: GHSA-grv7-fg5c-xmjg"}, "properties": {"repobilityId": 108721, "scanner": "osv-scanner", "fingerprint": "de698ba9d47cdaec1afb55cc773057536cee3b0c6ab5ca361872935bfe85dc87", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4068"], "package": "braces", "rule_id": "GHSA-grv7-fg5c-xmjg", "scanner": "osv-scanner", "correlation_key": "vuln|braces|CVE-2024-4068|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qwcr-r2fm-qrc7", "level": "error", "message": {"text": "body-parser: GHSA-qwcr-r2fm-qrc7"}, "properties": {"repobilityId": 108718, "scanner": "osv-scanner", "fingerprint": "536667bdf74a40f24b05f9f53b8334700de36cb4003f97fb11224b48ba6950c1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-45590"], "package": "body-parser", "rule_id": "GHSA-qwcr-r2fm-qrc7", "scanner": "osv-scanner", "correlation_key": "vuln|body-parser|CVE-2024-45590|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fv7c-fp4j-7gwp", "level": "error", "message": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "properties": {"repobilityId": 108712, "scanner": "osv-scanner", "fingerprint": "c2dc1a09078c71856886d8ce45758b5e18c5cb783464c9542246579d238e3b46", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44728"], "package": "@babel/plugin-transform-modules-systemjs", "rule_id": "GHSA-fv7c-fp4j-7gwp", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-44728|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3h5v-q93c-6h6q", "level": "error", "message": {"text": "ws: GHSA-3h5v-q93c-6h6q"}, "properties": {"repobilityId": 108706, "scanner": "osv-scanner", "fingerprint": "67365cbbddd2d99a07d4e13e9b7430eaba7cc9787e11ce99eb5228395cb10643", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-37890"], "package": "ws", "rule_id": "GHSA-3h5v-q93c-6h6q", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2024-37890|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wr3j-pwj9-hqq6", "level": "error", "message": {"text": "webpack-dev-middleware: GHSA-wr3j-pwj9-hqq6"}, "properties": {"repobilityId": 108701, "scanner": "osv-scanner", "fingerprint": "6c803174cbabb6656ceb9a9e567c33a8d117cf8e618f2ab2cb983c2c1f54d4c0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-29180"], "package": "webpack-dev-middleware", "rule_id": "GHSA-wr3j-pwj9-hqq6", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-middleware|CVE-2024-29180|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xpqw-6gx7-v673", "level": "error", "message": {"text": "svgo: GHSA-xpqw-6gx7-v673"}, "properties": {"repobilityId": 108694, "scanner": "osv-scanner", "fingerprint": "70866ed2196d4e87ffd96cdb1e096bba65e3231e36ef306168b523e7203f83fa", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29074"], "package": "svgo", "rule_id": "GHSA-xpqw-6gx7-v673", "scanner": "osv-scanner", "correlation_key": "vuln|svgo|CVE-2026-29074|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c6j-r48x-rmvq", "level": "error", "message": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "properties": {"repobilityId": 108690, "scanner": "osv-scanner", "fingerprint": "de4935b665c57173b6330e6fb3d06a59e8b21f8a73cc30ee4bd8c133ec29eb0f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "serialize-javascript", "rule_id": "GHSA-5c6j-r48x-rmvq", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|GHSA-5C6J-R48X-RMVQ|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2qf-rxjj-qqgw", "level": "error", "message": {"text": "semver: GHSA-c2qf-rxjj-qqgw"}, "properties": {"repobilityId": 108688, "scanner": "osv-scanner", "fingerprint": "6c4cd43c0156f568d5d30f476fa572f759018b0e94f9244bea61e9af87c6b7c6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-25883"], "package": "semver", "rule_id": "GHSA-c2qf-rxjj-qqgw", "scanner": "osv-scanner", "correlation_key": "vuln|semver|CVE-2022-25883|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mw96-cpmx-2vgc", "level": "error", "message": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "properties": {"repobilityId": 108687, "scanner": "osv-scanner", "fingerprint": "0425e8b734fe5759a8789ed8ef46f76963f44ca5145876702e82443bdd19a5ab", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27606"], "package": "rollup", "rule_id": "GHSA-mw96-cpmx-2vgc", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2026-27606|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gcx4-mw62-g8wm", "level": "error", "message": {"text": "rollup: GHSA-gcx4-mw62-g8wm"}, "properties": {"repobilityId": 108686, "scanner": "osv-scanner", "fingerprint": "195a05c1ccd7789a2defbb9605939c0a934efc309890ddfdd282c3082c1f4bf0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47068"], "package": "rollup", "rule_id": "GHSA-gcx4-mw62-g8wm", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2024-47068|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 108681, "scanner": "osv-scanner", "fingerprint": "a3dd2390244022d96de63689cdd673fb906d1165f495d6a42a0980e956db632d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rhx6-c78j-4q9w", "level": "error", "message": {"text": "path-to-regexp: GHSA-rhx6-c78j-4q9w"}, "properties": {"repobilityId": 108679, "scanner": "osv-scanner", "fingerprint": "bb29ea2b0c126b076f242eb56cea4b49f6b112670e22db444f3d7ab2d4ddc6a4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-52798"], "package": "path-to-regexp", "rule_id": "GHSA-rhx6-c78j-4q9w", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2024-52798|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9wv6-86v2-598j", "level": "error", "message": {"text": "path-to-regexp: GHSA-9wv6-86v2-598j"}, "properties": {"repobilityId": 108678, "scanner": "osv-scanner", "fingerprint": "0522c73bdfae6aee618b0df17a6e1cb3e439e9873d79943a7601d19eb2eaf200", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-45296"], "package": "path-to-regexp", "rule_id": "GHSA-9wv6-86v2-598j", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2024-45296|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-37ch-88jc-xwx2", "level": "error", "message": {"text": "path-to-regexp: GHSA-37ch-88jc-xwx2"}, "properties": {"repobilityId": 108677, "scanner": "osv-scanner", "fingerprint": "5f84f52bbcd46db66c79dfd59714ac90c668d089fbb31ecd1c685bce826e6c9c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4867"], "package": "path-to-regexp", "rule_id": "GHSA-37ch-88jc-xwx2", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2026-4867|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rp65-9cf3-cjxr", "level": "error", "message": {"text": "nth-check: GHSA-rp65-9cf3-cjxr"}, "properties": {"repobilityId": 108675, "scanner": "osv-scanner", "fingerprint": "b97f335435c34fdbf6c66769e28bf67a78d925b3f64338f81224d226e2bb7549", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2021-3803"], "package": "nth-check", "rule_id": "GHSA-rp65-9cf3-cjxr", "scanner": "osv-scanner", "correlation_key": "vuln|nth-check|CVE-2021-3803|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q67f-28xg-22rw", "level": "error", "message": {"text": "node-forge: GHSA-q67f-28xg-22rw"}, "properties": {"repobilityId": 108674, "scanner": "osv-scanner", "fingerprint": "a69db64dde57e37f7dce01118e6ddc618411910f6d20e61e2200dfd33f8f982e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33895"], "package": "node-forge", "rule_id": "GHSA-q67f-28xg-22rw", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33895|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ppp5-5v6c-4jwp", "level": "error", "message": {"text": "node-forge: GHSA-ppp5-5v6c-4jwp"}, "properties": {"repobilityId": 108673, "scanner": "osv-scanner", "fingerprint": "678f289e9900c57e676593d804de0a138b236439c6c97c2d2e4d4239b16dfcfa", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33894"], "package": "node-forge", "rule_id": "GHSA-ppp5-5v6c-4jwp", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33894|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5m6q-g25r-mvwx", "level": "error", "message": {"text": "node-forge: GHSA-5m6q-g25r-mvwx"}, "properties": {"repobilityId": 108671, "scanner": "osv-scanner", "fingerprint": "dc5fa214bdc6d63d473f50f22af42dea35347f5fb1cf540d539cfe46604ac6da", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33891"], "package": "node-forge", "rule_id": "GHSA-5m6q-g25r-mvwx", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33891|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5gfm-wpxj-wjgq", "level": "error", "message": {"text": "node-forge: GHSA-5gfm-wpxj-wjgq"}, "properties": {"repobilityId": 108670, "scanner": "osv-scanner", "fingerprint": "37801c7f7d41e93aee859018f0d1a1c4846220b2d52b16a3ee24c8dbb5c5ab1c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-12816"], "package": "node-forge", "rule_id": "GHSA-5gfm-wpxj-wjgq", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-12816|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-554w-wpv2-vw27", "level": "error", "message": {"text": "node-forge: GHSA-554w-wpv2-vw27"}, "properties": {"repobilityId": 108669, "scanner": "osv-scanner", "fingerprint": "8812c16a4e42dd19d361ca520f98bbaf875b31b039c35da8ded934aa4337f617", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66031"], "package": "node-forge", "rule_id": "GHSA-554w-wpv2-vw27", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-66031|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2328-f5f3-gj25", "level": "error", "message": {"text": "node-forge: GHSA-2328-f5f3-gj25"}, "properties": {"repobilityId": 108668, "scanner": "osv-scanner", "fingerprint": "541e84349945fccc3e4ec79e0a4d02d9c0e7ba223c81a229c94604f1bc507cf5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33896"], "package": "node-forge", "rule_id": "GHSA-2328-f5f3-gj25", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33896|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 108664, "scanner": "osv-scanner", "fingerprint": "c3482c8b051b710219b686b962c8edfcc83babb0e1e54a2b470ae7782dd0b574", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 108663, "scanner": "osv-scanner", "fingerprint": "2fd5e24a94dfd2116cfc5d9aeb4e4f584669c9b76d1795010331a7b69b3682a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 108662, "scanner": "osv-scanner", "fingerprint": "af7663e4c51288986bfb4927d06e33aa650fed364bb14d31804c3d4da5638193", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 108659, "scanner": "osv-scanner", "fingerprint": "853deeac541f0dc49600a5a4216f851e15bffd93ce8be267a82d13637ceb9e7d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-4800|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9c47-m6qq-7p4h", "level": "error", "message": {"text": "json5: GHSA-9c47-m6qq-7p4h"}, "properties": {"repobilityId": 108657, "scanner": "osv-scanner", "fingerprint": "f216a1e47046f5152706b2e9cb6f7b754be22e7d1d7c09a146dd2776a693ee78", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-46175"], "package": "json5", "rule_id": "GHSA-9c47-m6qq-7p4h", "scanner": "osv-scanner", "correlation_key": "vuln|json5|CVE-2022-46175|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wf6x-7x77-mvgw", "level": "error", "message": {"text": "immutable: GHSA-wf6x-7x77-mvgw"}, "properties": {"repobilityId": 108655, "scanner": "osv-scanner", "fingerprint": "07046744f89fcb1e80854e6393cfea55101d77fc566e3f891cbe127463896f58", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29063"], "package": "immutable", "rule_id": "GHSA-wf6x-7x77-mvgw", "scanner": "osv-scanner", "correlation_key": "vuln|immutable|CVE-2026-29063|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c7qv-q95q-8v27", "level": "error", "message": {"text": "http-proxy-middleware: GHSA-c7qv-q95q-8v27"}, "properties": {"repobilityId": 108654, "scanner": "osv-scanner", "fingerprint": "2cf99c117618b64d077c412d1201c10c292a3ef6bbda29e13390ea05eccc3273", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21536"], "package": "http-proxy-middleware", "rule_id": "GHSA-c7qv-q95q-8v27", "scanner": "osv-scanner", "correlation_key": "vuln|http-proxy-middleware|CVE-2024-21536|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rf6f-7fwh-wjgh", "level": "error", "message": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "properties": {"repobilityId": 108647, "scanner": "osv-scanner", "fingerprint": "bb0508d8b81791b93a087ab900f213d85cb4d8a9469875be9a0c401a10ba6490", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33228"], "package": "flatted", "rule_id": "GHSA-rf6f-7fwh-wjgh", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-33228|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-25h7-pfq9-p65f", "level": "error", "message": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "properties": {"repobilityId": 108646, "scanner": "osv-scanner", "fingerprint": "68dd2c69540d2eac4711f2087ccd7176bb1037726ae0451ddfe3dcae14fc6d75", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-32141"], "package": "flatted", "rule_id": "GHSA-25h7-pfq9-p65f", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-32141|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3xgq-45jj-v275", "level": "error", "message": {"text": "cross-spawn: GHSA-3xgq-45jj-v275"}, "properties": {"repobilityId": 108642, "scanner": "osv-scanner", "fingerprint": "1855d612cc7fdd9130ef42e526b76e7cf21a3a0a1ba38d62756b48f6e01b6cb5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21538"], "package": "cross-spawn", "rule_id": "GHSA-3xgq-45jj-v275", "scanner": "osv-scanner", "correlation_key": "vuln|cross-spawn|CVE-2024-21538|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-grv7-fg5c-xmjg", "level": "error", "message": {"text": "braces: GHSA-grv7-fg5c-xmjg"}, "properties": {"repobilityId": 108640, "scanner": "osv-scanner", "fingerprint": "abfdfa570af43e4c9f171497321ff580a36bf3a48736f26d797091e842851248", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4068"], "package": "braces", "rule_id": "GHSA-grv7-fg5c-xmjg", "scanner": "osv-scanner", "correlation_key": "vuln|braces|CVE-2024-4068|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qwcr-r2fm-qrc7", "level": "error", "message": {"text": "body-parser: GHSA-qwcr-r2fm-qrc7"}, "properties": {"repobilityId": 108637, "scanner": "osv-scanner", "fingerprint": "760223c9c4a3535437e33e2c91dec5994ad7d193b11c0e5636dbfa046a52daf8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-45590"], "package": "body-parser", "rule_id": "GHSA-qwcr-r2fm-qrc7", "scanner": "osv-scanner", "correlation_key": "vuln|body-parser|CVE-2024-45590|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fv7c-fp4j-7gwp", "level": "error", "message": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "properties": {"repobilityId": 108631, "scanner": "osv-scanner", "fingerprint": "3d3773bb1af5a0c0e60d23b512f02a6252315be1cd87814fbe02b27ce5eea5ee", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44728"], "package": "@babel/plugin-transform-modules-systemjs", "rule_id": "GHSA-fv7c-fp4j-7gwp", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-44728|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3h5v-q93c-6h6q", "level": "error", "message": {"text": "ws: GHSA-3h5v-q93c-6h6q"}, "properties": {"repobilityId": 108625, "scanner": "osv-scanner", "fingerprint": "8238b367394f3eb3a63c9fdcf3a3af1b249bb37192f2b8decf177b0ea2da6032", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-37890"], "package": "ws", "rule_id": "GHSA-3h5v-q93c-6h6q", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2024-37890|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wr3j-pwj9-hqq6", "level": "error", "message": {"text": "webpack-dev-middleware: GHSA-wr3j-pwj9-hqq6"}, "properties": {"repobilityId": 108620, "scanner": "osv-scanner", "fingerprint": "7c592a5371a723b5b300ac7dfc726dcf221a9cc989b11b85324114c32f286574", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-29180"], "package": "webpack-dev-middleware", "rule_id": "GHSA-wr3j-pwj9-hqq6", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-middleware|CVE-2024-29180|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xpqw-6gx7-v673", "level": "error", "message": {"text": "svgo: GHSA-xpqw-6gx7-v673"}, "properties": {"repobilityId": 108613, "scanner": "osv-scanner", "fingerprint": "f1be61d5329888c1c89b374e52c6ab6cc19a3581d07d968bd5af003f929817d0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29074"], "package": "svgo", "rule_id": "GHSA-xpqw-6gx7-v673", "scanner": "osv-scanner", "correlation_key": "vuln|svgo|CVE-2026-29074|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c6j-r48x-rmvq", "level": "error", "message": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "properties": {"repobilityId": 108609, "scanner": "osv-scanner", "fingerprint": "7f2d30dd9b8a0eda6d87deac04527ff692eca0ea143a54f9b4184ad2b283ffa3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "serialize-javascript", "rule_id": "GHSA-5c6j-r48x-rmvq", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|GHSA-5C6J-R48X-RMVQ|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2qf-rxjj-qqgw", "level": "error", "message": {"text": "semver: GHSA-c2qf-rxjj-qqgw"}, "properties": {"repobilityId": 108607, "scanner": "osv-scanner", "fingerprint": "99a27955ef80d362141ad0a78ae49f493e9942bb5b0563c320b2990d69becaa1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-25883"], "package": "semver", "rule_id": "GHSA-c2qf-rxjj-qqgw", "scanner": "osv-scanner", "correlation_key": "vuln|semver|CVE-2022-25883|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mw96-cpmx-2vgc", "level": "error", "message": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "properties": {"repobilityId": 108606, "scanner": "osv-scanner", "fingerprint": "45eb15dbc950ecc73cdbba5f5c1bf13da272afb36602ddfcb04a26485063e743", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27606"], "package": "rollup", "rule_id": "GHSA-mw96-cpmx-2vgc", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2026-27606|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gcx4-mw62-g8wm", "level": "error", "message": {"text": "rollup: GHSA-gcx4-mw62-g8wm"}, "properties": {"repobilityId": 108605, "scanner": "osv-scanner", "fingerprint": "37433dbccd9064e3d37c1cb46f7a72ce9ce1ed3c6d1093f1d725f83554f99332", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47068"], "package": "rollup", "rule_id": "GHSA-gcx4-mw62-g8wm", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2024-47068|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 108600, "scanner": "osv-scanner", "fingerprint": "3cd93794643bff3fd4328203c06c842a2d7c54c53b7a77b0e6bc61b44cf4e561", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rhx6-c78j-4q9w", "level": "error", "message": {"text": "path-to-regexp: GHSA-rhx6-c78j-4q9w"}, "properties": {"repobilityId": 108598, "scanner": "osv-scanner", "fingerprint": "5f70b1a6804ae10c8c4a2c5486f556c2ce83bba46c289061fdf21c4f411c1a2b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-52798"], "package": "path-to-regexp", "rule_id": "GHSA-rhx6-c78j-4q9w", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2024-52798|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9wv6-86v2-598j", "level": "error", "message": {"text": "path-to-regexp: GHSA-9wv6-86v2-598j"}, "properties": {"repobilityId": 108597, "scanner": "osv-scanner", "fingerprint": "f635acb6c06dd63fc843a1297afeda6ea144557ed6c9e162bc2f402c71790c4b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-45296"], "package": "path-to-regexp", "rule_id": "GHSA-9wv6-86v2-598j", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2024-45296|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-37ch-88jc-xwx2", "level": "error", "message": {"text": "path-to-regexp: GHSA-37ch-88jc-xwx2"}, "properties": {"repobilityId": 108596, "scanner": "osv-scanner", "fingerprint": "0553c735e6885cddd69fe125815eaa685a866283e1d2919fec632afa55cb94a7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4867"], "package": "path-to-regexp", "rule_id": "GHSA-37ch-88jc-xwx2", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2026-4867|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rp65-9cf3-cjxr", "level": "error", "message": {"text": "nth-check: GHSA-rp65-9cf3-cjxr"}, "properties": {"repobilityId": 108594, "scanner": "osv-scanner", "fingerprint": "82fcea214a2234aea6dcb4c9ab97d74c5ec67426fc987401b77e0edc8552cfc0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2021-3803"], "package": "nth-check", "rule_id": "GHSA-rp65-9cf3-cjxr", "scanner": "osv-scanner", "correlation_key": "vuln|nth-check|CVE-2021-3803|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q67f-28xg-22rw", "level": "error", "message": {"text": "node-forge: GHSA-q67f-28xg-22rw"}, "properties": {"repobilityId": 108593, "scanner": "osv-scanner", "fingerprint": "fdb04ce43ba71d52990eaf717554b031ed0dd534075f79e3fd2989e6616cc8a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33895"], "package": "node-forge", "rule_id": "GHSA-q67f-28xg-22rw", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33895|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ppp5-5v6c-4jwp", "level": "error", "message": {"text": "node-forge: GHSA-ppp5-5v6c-4jwp"}, "properties": {"repobilityId": 108592, "scanner": "osv-scanner", "fingerprint": "e2442db9c881e288c61856c4c232148baaba28d5873908677833469480ead93e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33894"], "package": "node-forge", "rule_id": "GHSA-ppp5-5v6c-4jwp", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33894|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5m6q-g25r-mvwx", "level": "error", "message": {"text": "node-forge: GHSA-5m6q-g25r-mvwx"}, "properties": {"repobilityId": 108590, "scanner": "osv-scanner", "fingerprint": "5221fba3cfbea0a987adcb0df92157aeb212d115ff461bb7b51188b3df375991", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33891"], "package": "node-forge", "rule_id": "GHSA-5m6q-g25r-mvwx", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33891|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5gfm-wpxj-wjgq", "level": "error", "message": {"text": "node-forge: GHSA-5gfm-wpxj-wjgq"}, "properties": {"repobilityId": 108589, "scanner": "osv-scanner", "fingerprint": "86d5a3e14e585b522cc03f4caacba15d57f222b3869d82c1c808cc97e2d9ed4d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-12816"], "package": "node-forge", "rule_id": "GHSA-5gfm-wpxj-wjgq", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-12816|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-554w-wpv2-vw27", "level": "error", "message": {"text": "node-forge: GHSA-554w-wpv2-vw27"}, "properties": {"repobilityId": 108588, "scanner": "osv-scanner", "fingerprint": "699e24a9a0d3f4a36a78db264371b8eab314e07d23959d64c61488d2aa0de14c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66031"], "package": "node-forge", "rule_id": "GHSA-554w-wpv2-vw27", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-66031|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2328-f5f3-gj25", "level": "error", "message": {"text": "node-forge: GHSA-2328-f5f3-gj25"}, "properties": {"repobilityId": 108587, "scanner": "osv-scanner", "fingerprint": "87e656f76b46a65b335374ceca974578eb42fa7ca15aa3ea0392c3dbbe33badb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33896"], "package": "node-forge", "rule_id": "GHSA-2328-f5f3-gj25", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33896|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f8q6-p94x-37v3", "level": "error", "message": {"text": "minimatch: GHSA-f8q6-p94x-37v3"}, "properties": {"repobilityId": 108583, "scanner": "osv-scanner", "fingerprint": "84d2cc6dc82d8f9a5e4466646c131134d00c1ec76a60c1aefa0630fb84dedde6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-3517"], "package": "minimatch", "rule_id": "GHSA-f8q6-p94x-37v3", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2022-3517|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 108582, "scanner": "osv-scanner", "fingerprint": "eefef250e5a6e239df447b5946f207cdb0dd68151255b2332fb8ba8f476755c1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 108581, "scanner": "osv-scanner", "fingerprint": "51db4fe99f02113d5057e54849a1514660f72202efa765a619a8195e282ff31f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 108580, "scanner": "osv-scanner", "fingerprint": "f4f398661d95064420cba5942b7bc163815b09d09751c05f0247afa0ed407b54", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 108577, "scanner": "osv-scanner", "fingerprint": "069f9bb4f0a38c36ca2992b2ffe11f999b2e5befc1dec86319fea7bbf65a679b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-4800|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hhq3-ff78-jv3g", "level": "error", "message": {"text": "loader-utils: GHSA-hhq3-ff78-jv3g"}, "properties": {"repobilityId": 108575, "scanner": "osv-scanner", "fingerprint": "d34ec598938b583e7bae92b2f14d424fd06be1d74dab8f38a659bf493f0b4ed5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-37599"], "package": "loader-utils", "rule_id": "GHSA-hhq3-ff78-jv3g", "scanner": "osv-scanner", "correlation_key": "vuln|loader-utils|CVE-2022-37599|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3rfm-jhwj-7488", "level": "error", "message": {"text": "loader-utils: GHSA-3rfm-jhwj-7488"}, "properties": {"repobilityId": 108573, "scanner": "osv-scanner", "fingerprint": "6cd227b99b4b4a6cc8576af557b124b47b7966777450560dea1e1895052cb4d4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-37603"], "package": "loader-utils", "rule_id": "GHSA-3rfm-jhwj-7488", "scanner": "osv-scanner", "correlation_key": "vuln|loader-utils|CVE-2022-37603|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9c47-m6qq-7p4h", "level": "error", "message": {"text": "json5: GHSA-9c47-m6qq-7p4h"}, "properties": {"repobilityId": 108572, "scanner": "osv-scanner", "fingerprint": "941230d65fee7ea99f8fd4f1f893771ec35f368684b89daed936f62a530f1e47", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-46175"], "package": "json5", "rule_id": "GHSA-9c47-m6qq-7p4h", "scanner": "osv-scanner", "correlation_key": "vuln|json5|CVE-2022-46175|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wf6x-7x77-mvgw", "level": "error", "message": {"text": "immutable: GHSA-wf6x-7x77-mvgw"}, "properties": {"repobilityId": 108570, "scanner": "osv-scanner", "fingerprint": "aa858c3bc9b19baf90e40230ee0ef6fdb91daf12b2b86d9932d1306df6132ca6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29063"], "package": "immutable", "rule_id": "GHSA-wf6x-7x77-mvgw", "scanner": "osv-scanner", "correlation_key": "vuln|immutable|CVE-2026-29063|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c7qv-q95q-8v27", "level": "error", "message": {"text": "http-proxy-middleware: GHSA-c7qv-q95q-8v27"}, "properties": {"repobilityId": 108569, "scanner": "osv-scanner", "fingerprint": "e3ef9d325588f9ae159f7bebd60228c3d28940264a1b28585a34e428385039c6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21536"], "package": "http-proxy-middleware", "rule_id": "GHSA-c7qv-q95q-8v27", "scanner": "osv-scanner", "correlation_key": "vuln|http-proxy-middleware|CVE-2024-21536|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rf6f-7fwh-wjgh", "level": "error", "message": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "properties": {"repobilityId": 108562, "scanner": "osv-scanner", "fingerprint": "12f8c13a1500c4e201cd19c15c7415ed765defb1c8c79e0887745cf5d0c7caba", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33228"], "package": "flatted", "rule_id": "GHSA-rf6f-7fwh-wjgh", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-33228|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-25h7-pfq9-p65f", "level": "error", "message": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "properties": {"repobilityId": 108561, "scanner": "osv-scanner", "fingerprint": "b797beca07deb64b07234792c672e8b741104617529fbd9314dd615ac2f0d51d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-32141"], "package": "flatted", "rule_id": "GHSA-25h7-pfq9-p65f", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-32141|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3xgq-45jj-v275", "level": "error", "message": {"text": "cross-spawn: GHSA-3xgq-45jj-v275"}, "properties": {"repobilityId": 108557, "scanner": "osv-scanner", "fingerprint": "d2e8ad2e78fcc589de2192cb324111e4957895ae7347a6d0ae3a1bff7c881c9d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21538"], "package": "cross-spawn", "rule_id": "GHSA-3xgq-45jj-v275", "scanner": "osv-scanner", "correlation_key": "vuln|cross-spawn|CVE-2024-21538|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-grv7-fg5c-xmjg", "level": "error", "message": {"text": "braces: GHSA-grv7-fg5c-xmjg"}, "properties": {"repobilityId": 108555, "scanner": "osv-scanner", "fingerprint": "467a760dbf4a428753304f077900d3bdfba0282340dd3145e3dad79851484f96", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4068"], "package": "braces", "rule_id": "GHSA-grv7-fg5c-xmjg", "scanner": "osv-scanner", "correlation_key": "vuln|braces|CVE-2024-4068|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qwcr-r2fm-qrc7", "level": "error", "message": {"text": "body-parser: GHSA-qwcr-r2fm-qrc7"}, "properties": {"repobilityId": 108552, "scanner": "osv-scanner", "fingerprint": "36671babcf687a2207bad3d9518bd57846376948a5f2d9f3cb3a6e7de6e50ede", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-45590"], "package": "body-parser", "rule_id": "GHSA-qwcr-r2fm-qrc7", "scanner": "osv-scanner", "correlation_key": "vuln|body-parser|CVE-2024-45590|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fv7c-fp4j-7gwp", "level": "error", "message": {"text": "@babel/plugin-transform-modules-systemjs: GHSA-fv7c-fp4j-7gwp"}, "properties": {"repobilityId": 108546, "scanner": "osv-scanner", "fingerprint": "ad52739427efbb114a916176e346643bbd15d1155c76f28185e965208050ec44", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44728"], "package": "@babel/plugin-transform-modules-systemjs", "rule_id": "GHSA-fv7c-fp4j-7gwp", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-44728|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hc6q-2mpp-qw7j", "level": "error", "message": {"text": "webpack: GHSA-hc6q-2mpp-qw7j"}, "properties": {"repobilityId": 108785, "scanner": "osv-scanner", "fingerprint": "e0f57a67959f488a9a9cfa7472f42d396827d7c036f7918150d16d99b7691cc0", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-28154"], "package": "webpack", "rule_id": "GHSA-hc6q-2mpp-qw7j", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2023-28154|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-76p3-8jx3-jpfq", "level": "error", "message": {"text": "loader-utils: GHSA-76p3-8jx3-jpfq"}, "properties": {"repobilityId": 108740, "scanner": "osv-scanner", "fingerprint": "1dd0089f6fa9e6b2e002eda34ee58ac9b97ddcc39ef272e92c5990d7496f4286", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-37601"], "package": "loader-utils", "rule_id": "GHSA-76p3-8jx3-jpfq", "scanner": "osv-scanner", "correlation_key": "vuln|loader-utils|CVE-2022-37601|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fjxv-7rqg-78g4", "level": "error", "message": {"text": "form-data: GHSA-fjxv-7rqg-78g4"}, "properties": {"repobilityId": 108732, "scanner": "osv-scanner", "fingerprint": "658d14af1efb85daf76e8e580a220131eae8bd5c688a3325b96ee04b676a39a7", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-7783"], "package": "form-data", "rule_id": "GHSA-fjxv-7rqg-78g4", "scanner": "osv-scanner", "correlation_key": "vuln|form-data|CVE-2025-7783|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67hx-6x53-jw92", "level": "error", "message": {"text": "@babel/traverse: GHSA-67hx-6x53-jw92"}, "properties": {"repobilityId": 108715, "scanner": "osv-scanner", "fingerprint": "a8d8661b4cc58abf605e4ec12b3972b95d9fff9a0f6e512cddbfa0212236186f", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-45133"], "package": "@babel/traverse", "rule_id": "GHSA-67hx-6x53-jw92", "scanner": "osv-scanner", "correlation_key": "vuln|babel/traverse|CVE-2023-45133|yarn.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "yarn.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hc6q-2mpp-qw7j", "level": "error", "message": {"text": "webpack: GHSA-hc6q-2mpp-qw7j"}, "properties": {"repobilityId": 108700, "scanner": "osv-scanner", "fingerprint": "c814504faa51aa0cd4b9bcda4c4e2b1a7db1fd2a33b3634fceda2575bb5bfc98", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-28154"], "package": "webpack", "rule_id": "GHSA-hc6q-2mpp-qw7j", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2023-28154|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fjxv-7rqg-78g4", "level": "error", "message": {"text": "form-data: GHSA-fjxv-7rqg-78g4"}, "properties": {"repobilityId": 108651, "scanner": "osv-scanner", "fingerprint": "ad1e1709200782fa3c6aaeacbf4c7bcdd76505e9d347c9d816391098f08d8693", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-7783"], "package": "form-data", "rule_id": "GHSA-fjxv-7rqg-78g4", "scanner": "osv-scanner", "correlation_key": "vuln|form-data|CVE-2025-7783|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67hx-6x53-jw92", "level": "error", "message": {"text": "@babel/traverse: GHSA-67hx-6x53-jw92"}, "properties": {"repobilityId": 108634, "scanner": "osv-scanner", "fingerprint": "05cd38e6c48030aa87786059257f825e5c456d41c203231f43117c1ef33defc6", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-45133"], "package": "@babel/traverse", "rule_id": "GHSA-67hx-6x53-jw92", "scanner": "osv-scanner", "correlation_key": "vuln|babel/traverse|CVE-2023-45133|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hc6q-2mpp-qw7j", "level": "error", "message": {"text": "webpack: GHSA-hc6q-2mpp-qw7j"}, "properties": {"repobilityId": 108619, "scanner": "osv-scanner", "fingerprint": "2ea0277b3b668f85c9a6afa518b6b936bef0a5f9748b22137b454cbf72873902", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-28154"], "package": "webpack", "rule_id": "GHSA-hc6q-2mpp-qw7j", "scanner": "osv-scanner", "correlation_key": "vuln|webpack|CVE-2023-28154|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-76p3-8jx3-jpfq", "level": "error", "message": {"text": "loader-utils: GHSA-76p3-8jx3-jpfq"}, "properties": {"repobilityId": 108574, "scanner": "osv-scanner", "fingerprint": "62d789d10650ebf25fe12efbb580261ec3d954e2609bad36f508aaf26d639998", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-37601"], "package": "loader-utils", "rule_id": "GHSA-76p3-8jx3-jpfq", "scanner": "osv-scanner", "correlation_key": "vuln|loader-utils|CVE-2022-37601|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fjxv-7rqg-78g4", "level": "error", "message": {"text": "form-data: GHSA-fjxv-7rqg-78g4"}, "properties": {"repobilityId": 108566, "scanner": "osv-scanner", "fingerprint": "4a6f7e2dea5113b393ee1171be93cf20d0c04c5890440121f926d31a7ca5f35a", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-7783"], "package": "form-data", "rule_id": "GHSA-fjxv-7rqg-78g4", "scanner": "osv-scanner", "correlation_key": "vuln|form-data|CVE-2025-7783|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67hx-6x53-jw92", "level": "error", "message": {"text": "@babel/traverse: GHSA-67hx-6x53-jw92"}, "properties": {"repobilityId": 108549, "scanner": "osv-scanner", "fingerprint": "f662b2de42beb485937750eacbb69fb3ef48db7cdc10f7585e8ba5b5428b98f1", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-45133"], "package": "@babel/traverse", "rule_id": "GHSA-67hx-6x53-jw92", "scanner": "osv-scanner", "correlation_key": "vuln|babel/traverse|CVE-2023-45133|package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}]}]}