{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-48c2-rrv3-qjmp", "name": "yaml: GHSA-48c2-rrv3-qjmp", "shortDescription": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "fullDescription": {"text": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-58qx-3vcg-4xpx", "name": "ws: GHSA-58qx-3vcg-4xpx", "shortDescription": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "fullDescription": {"text": "ws: Uninitialized memory disclosure"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j8xg-fqg3-53r7", "name": "word-wrap: GHSA-j8xg-fqg3-53r7", "shortDescription": {"text": "word-wrap: GHSA-j8xg-fqg3-53r7"}, "fullDescription": {"text": "word-wrap vulnerable to Regular Expression Denial of Service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9jgg-88mc-972h", "name": "webpack-dev-server: GHSA-9jgg-88mc-972h", "shortDescription": {"text": "webpack-dev-server: GHSA-9jgg-88mc-972h"}, "fullDescription": {"text": "webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-79cf-xcqc-c78w", "name": "webpack-dev-server: GHSA-79cf-xcqc-c78w", "shortDescription": {"text": "webpack-dev-server: GHSA-79cf-xcqc-c78w"}, "fullDescription": {"text": "webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4v9v-hfq4-rm2v", "name": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v", "shortDescription": {"text": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v"}, "fullDescription": {"text": "webpack-dev-server users' source code may be stolen when they access a malicious web site"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-g3ch-rx76-35fx", "name": "vue-template-compiler: GHSA-g3ch-rx76-35fx", "shortDescription": {"text": "vue-template-compiler: GHSA-g3ch-rx76-35fx"}, "fullDescription": {"text": "vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w5hq-g745-h8pq", "name": "uuid: GHSA-w5hq-g745-h8pq", "shortDescription": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "fullDescription": {"text": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-72xf-g2v4-qvf3", "name": "tough-cookie: GHSA-72xf-g2v4-qvf3", "shortDescription": {"text": "tough-cookie: GHSA-72xf-g2v4-qvf3"}, "fullDescription": {"text": "tough-cookie Prototype Pollution vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qj8w-gfj5-8c6v", "name": "serialize-javascript: GHSA-qj8w-gfj5-8c6v", "shortDescription": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "fullDescription": {"text": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-76p7-773f-r4q5", "name": "serialize-javascript: GHSA-76p7-773f-r4q5", "shortDescription": {"text": "serialize-javascript: GHSA-76p7-773f-r4q5"}, "fullDescription": {"text": "Cross-site Scripting (XSS) in serialize-javascript"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-p8p7-x288-28g6", "name": "request: GHSA-p8p7-x288-28g6", "shortDescription": {"text": "request: GHSA-p8p7-x288-28g6"}, "fullDescription": {"text": "Server-Side Request Forgery in Request"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6rw7-vpxm-498p", "name": "qs: GHSA-6rw7-vpxm-498p", "shortDescription": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "fullDescription": {"text": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-x7hr-w5r2-h6wg", "name": "prismjs: GHSA-x7hr-w5r2-h6wg", "shortDescription": {"text": "prismjs: GHSA-x7hr-w5r2-h6wg"}, "fullDescription": {"text": "PrismJS DOM Clobbering vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qx2v-qp2m-jg93", "name": "postcss: GHSA-qx2v-qp2m-jg93", "shortDescription": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "fullDescription": {"text": "PostCSS has XSS via Unescaped in its CSS Stringify Output"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7fh5-64p2-3v2j", "name": "postcss: GHSA-7fh5-64p2-3v2j", "shortDescription": {"text": "postcss: GHSA-7fh5-64p2-3v2j"}, "fullDescription": {"text": "PostCSS line return parsing error"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3v7f-55p6-f55p", "name": "picomatch: GHSA-3v7f-55p6-f55p", "shortDescription": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "fullDescription": {"text": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8fr3-hfg3-gpgp", "name": "node-forge: GHSA-8fr3-hfg3-gpgp", "shortDescription": {"text": "node-forge: GHSA-8fr3-hfg3-gpgp"}, "fullDescription": {"text": "Open Redirect in node-forge"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-65ch-62r8-g69g", "name": "node-forge: GHSA-65ch-62r8-g69g", "shortDescription": {"text": "node-forge: GHSA-65ch-62r8-g69g"}, "fullDescription": {"text": "node-forge is vulnerable to ASN.1 OID Integer Truncation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2r2c-g63r-vccr", "name": "node-forge: GHSA-2r2c-g63r-vccr", "shortDescription": {"text": "node-forge: GHSA-2r2c-g63r-vccr"}, "fullDescription": {"text": "Improper Verification of Cryptographic Signature in `node-forge`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mwcw-c2x4-8c55", "name": "nanoid: GHSA-mwcw-c2x4-8c55", "shortDescription": {"text": "nanoid: GHSA-mwcw-c2x4-8c55"}, "fullDescription": {"text": "Predictable results in nanoid generation when given non-integer values"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-952p-6rrq-rcjv", "name": "micromatch: GHSA-952p-6rrq-rcjv", "shortDescription": {"text": "micromatch: GHSA-952p-6rrq-rcjv"}, "fullDescription": {"text": "Regular Expression Denial of Service (ReDoS) in micromatch"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6vfc-qv3f-vr6c", "name": "markdown-it: GHSA-6vfc-qv3f-vr6c", "shortDescription": {"text": "markdown-it: GHSA-6vfc-qv3f-vr6c"}, "fullDescription": {"text": "Uncontrolled Resource Consumption in markdown-it"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xxjr-mmjv-4gpg", "name": "lodash: GHSA-xxjr-mmjv-4gpg", "shortDescription": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "fullDescription": {"text": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f23m-r3pf-42rh", "name": "lodash: GHSA-f23m-r3pf-42rh", "shortDescription": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "fullDescription": {"text": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mh29-5h37-fv8m", "name": "js-yaml: GHSA-mh29-5h37-fv8m", "shortDescription": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "fullDescription": {"text": "js-yaml has prototype pollution in merge (<<)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9gqv-wp59-fq42", "name": "http-proxy-middleware: GHSA-9gqv-wp59-fq42", "shortDescription": {"text": "http-proxy-middleware: GHSA-9gqv-wp59-fq42"}, "fullDescription": {"text": "http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4www-5p9h-95mh", "name": "http-proxy-middleware: GHSA-4www-5p9h-95mh", "shortDescription": {"text": "http-proxy-middleware: GHSA-4www-5p9h-95mh"}, "fullDescription": {"text": "http-proxy-middleware can call writeBody twice because \"else if\" is not used"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7wwv-vh3v-89cq", "name": "highlight.js: GHSA-7wwv-vh3v-89cq", "shortDescription": {"text": "highlight.js: GHSA-7wwv-vh3v-89cq"}, "fullDescription": {"text": "ReDOS vulnerabities: multiple grammars"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7rx3-28cr-v5wh", "name": "handlebars: GHSA-7rx3-28cr-v5wh", "shortDescription": {"text": "handlebars: GHSA-7rx3-28cr-v5wh"}, "fullDescription": {"text": "Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2qvq-rjwj-gvw9", "name": "handlebars: GHSA-2qvq-rjwj-gvw9", "shortDescription": {"text": "handlebars: GHSA-2qvq-rjwj-gvw9"}, "fullDescription": {"text": "Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pfrx-2q88-qq97", "name": "got: GHSA-pfrx-2q88-qq97", "shortDescription": {"text": "got: GHSA-pfrx-2q88-qq97"}, "fullDescription": {"text": "Got allows a redirect to a UNIX socket"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r4q5-vmmm-2653", "name": "follow-redirects: GHSA-r4q5-vmmm-2653", "shortDescription": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "fullDescription": {"text": "follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rv95-896h-c2vc", "name": "express: GHSA-rv95-896h-c2vc", "shortDescription": {"text": "express: GHSA-rv95-896h-c2vc"}, "fullDescription": {"text": "Express.js Open Redirect in malformed URLs"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-67mh-4wv8-2f99", "name": "esbuild: GHSA-67mh-4wv8-2f99", "shortDescription": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "fullDescription": {"text": "esbuild enables any website to send any requests to the development server and read the response"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ghr5-ch3p-vcr6", "name": "ejs: GHSA-ghr5-ch3p-vcr6", "shortDescription": {"text": "ejs: GHSA-ghr5-ch3p-vcr6"}, "fullDescription": {"text": "ejs lacks certain pollution protection"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f886-m6hf-6m8v", "name": "brace-expansion: GHSA-f886-m6hf-6m8v", "shortDescription": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "fullDescription": {"text": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-378v-28hj-76wf", "name": "bn.js: GHSA-378v-28hj-76wf", "shortDescription": {"text": "bn.js: GHSA-378v-28hj-76wf"}, "fullDescription": {"text": "bn.js affected by an infinite loop"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2g4f-4pwh-qvx6", "name": "ajv: GHSA-2g4f-4pwh-qvx6", "shortDescription": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "fullDescription": {"text": "ajv has ReDoS when using `$data` option"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-968p-4wvh-cqc8", "name": "@babel/runtime: GHSA-968p-4wvh-cqc8", "shortDescription": {"text": "@babel/runtime: GHSA-968p-4wvh-cqc8"}, "fullDescription": {"text": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `karma-jasmine-html-reporter` is 1 major version(s) behind (^1.5.4 -> 2.2.0)", "shortDescription": {"text": "npm package `karma-jasmine-html-reporter` is 1 major version(s) behind (^1.5.4 -> 2.2.0)"}, "fullDescription": {"text": "`karma-jasmine-html-reporter` is pinned/resolved at ^1.5.4 but the latest stable release on the npm registry is 2.2.0 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "GHSA-5j4c-8p2g-v4jx", "name": "vue: GHSA-5j4c-8p2g-v4jx", "shortDescription": {"text": "vue: GHSA-5j4c-8p2g-v4jx"}, "fullDescription": {"text": "ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-52f5-9888-hmc6", "name": "tmp: GHSA-52f5-9888-hmc6", "shortDescription": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "fullDescription": {"text": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cm22-4g7w-348p", "name": "serve-static: GHSA-cm22-4g7w-348p", "shortDescription": {"text": "serve-static: GHSA-cm22-4g7w-348p"}, "fullDescription": {"text": "serve-static vulnerable to template injection that can lead to XSS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-m6fv-jmcg-4jfg", "name": "send: GHSA-m6fv-jmcg-4jfg", "shortDescription": {"text": "send: GHSA-m6fv-jmcg-4jfg"}, "fullDescription": {"text": "send vulnerable to template injection that can lead to XSS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w7fw-mjwx-w883", "name": "qs: GHSA-w7fw-mjwx-w883", "shortDescription": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "fullDescription": {"text": "qs's arrayLimit bypass in comma parsing allows denial of service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-76c9-3jph-rj3q", "name": "on-headers: GHSA-76c9-3jph-rj3q", "shortDescription": {"text": "on-headers: GHSA-76c9-3jph-rj3q"}, "fullDescription": {"text": "on-headers is vulnerable to http response header manipulation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gf8q-jrpm-jvxq", "name": "node-forge: GHSA-gf8q-jrpm-jvxq", "shortDescription": {"text": "node-forge: GHSA-gf8q-jrpm-jvxq"}, "fullDescription": {"text": "URL parsing in node-forge could lead to undesired behavior."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5rrq-pxf6-6jx5", "name": "node-forge: GHSA-5rrq-pxf6-6jx5", "shortDescription": {"text": "node-forge: GHSA-5rrq-pxf6-6jx5"}, "fullDescription": {"text": "Prototype Pollution in node-forge debug API."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rx8g-88g5-qh64", "name": "min-document: GHSA-rx8g-88g5-qh64", "shortDescription": {"text": "min-document: GHSA-rx8g-88g5-qh64"}, "fullDescription": {"text": "min-document vulnerable to prototype pollution"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-78xj-cgh5-2h22", "name": "ip: GHSA-78xj-cgh5-2h22", "shortDescription": {"text": "ip: GHSA-78xj-cgh5-2h22"}, "fullDescription": {"text": "NPM IP package incorrectly identifies some private IP addresses as public"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-442j-39wm-28r2", "name": "handlebars: GHSA-442j-39wm-28r2", "shortDescription": {"text": "handlebars: GHSA-442j-39wm-28r2"}, "fullDescription": {"text": "Handlebars.js has a Property Access Validation Bypass in container.lookup"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qw6h-vgh9-j6wx", "name": "express: GHSA-qw6h-vgh9-j6wx", "shortDescription": {"text": "express: GHSA-qw6h-vgh9-j6wx"}, "fullDescription": {"text": "express vulnerable to XSS via response.redirect()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fc9h-whq2-v747", "name": "elliptic: GHSA-fc9h-whq2-v747", "shortDescription": {"text": "elliptic: GHSA-fc9h-whq2-v747"}, "fullDescription": {"text": "Valid ECDSA signatures erroneously rejected in Elliptic"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f7q4-pwc6-w24p", "name": "elliptic: GHSA-f7q4-pwc6-w24p", "shortDescription": {"text": "elliptic: GHSA-f7q4-pwc6-w24p"}, "fullDescription": {"text": "Elliptic's EDDSA missing signature length check"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-977x-g7h5-7qgw", "name": "elliptic: GHSA-977x-g7h5-7qgw", "shortDescription": {"text": "elliptic: GHSA-977x-g7h5-7qgw"}, "fullDescription": {"text": "Elliptic's ECDSA missing check for whether leading bit of r and s is zero"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-848j-6mx2-7j84", "name": "elliptic: GHSA-848j-6mx2-7j84", "shortDescription": {"text": "elliptic: GHSA-848j-6mx2-7j84"}, "fullDescription": {"text": "Elliptic Uses a Cryptographic Primitive with a Risky Implementation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-49q7-c7j4-3p7m", "name": "elliptic: GHSA-49q7-c7j4-3p7m", "shortDescription": {"text": "elliptic: GHSA-49q7-c7j4-3p7m"}, "fullDescription": {"text": "Elliptic allows BER-encoded signatures"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-434g-2637-qmqr", "name": "elliptic: GHSA-434g-2637-qmqr", "shortDescription": {"text": "elliptic: GHSA-434g-2637-qmqr"}, "fullDescription": {"text": "Elliptic's verify function omits uniqueness validation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pxg6-pf52-xh8x", "name": "cookie: GHSA-pxg6-pf52-xh8x", "shortDescription": {"text": "cookie: GHSA-pxg6-pf52-xh8x"}, "fullDescription": {"text": "cookie accepts cookie name, path, and domain with out of bounds characters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v6h2-p8h4-qcjw", "name": "brace-expansion: GHSA-v6h2-p8h4-qcjw", "shortDescription": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "fullDescription": {"text": "brace-expansion Regular Expression Denial of Service vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vpq2-c234-7xj6", "name": "@tootallnate/once: GHSA-vpq2-c234-7xj6", "shortDescription": {"text": "@tootallnate/once: GHSA-vpq2-c234-7xj6"}, "fullDescription": {"text": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-3h5v-q93c-6h6q", "name": "ws: GHSA-3h5v-q93c-6h6q", "shortDescription": {"text": "ws: GHSA-3h5v-q93c-6h6q"}, "fullDescription": {"text": "ws affected by a DoS when handling a request with many HTTP headers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-wr3j-pwj9-hqq6", "name": "webpack-dev-middleware: GHSA-wr3j-pwj9-hqq6", "shortDescription": {"text": "webpack-dev-middleware: GHSA-wr3j-pwj9-hqq6"}, "fullDescription": {"text": "Path traversal in webpack-dev-middleware"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ph9p-34f9-6g65", "name": "tmp: GHSA-ph9p-34f9-6g65", "shortDescription": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "fullDescription": {"text": "tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xpqw-6gx7-v673", "name": "svgo: GHSA-xpqw-6gx7-v673", "shortDescription": {"text": "svgo: GHSA-xpqw-6gx7-v673"}, "fullDescription": {"text": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-677m-j7p3-52f9", "name": "socket.io-parser: GHSA-677m-j7p3-52f9", "shortDescription": {"text": "socket.io-parser: GHSA-677m-j7p3-52f9"}, "fullDescription": {"text": "socket.io allows an unbounded number of binary attachments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5c6j-r48x-rmvq", "name": "serialize-javascript: GHSA-5c6j-r48x-rmvq", "shortDescription": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "fullDescription": {"text": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2qf-rxjj-qqgw", "name": "semver: GHSA-c2qf-rxjj-qqgw", "shortDescription": {"text": "semver: GHSA-c2qf-rxjj-qqgw"}, "fullDescription": {"text": "semver vulnerable to Regular Expression Denial of Service"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mw96-cpmx-2vgc", "name": "rollup: GHSA-mw96-cpmx-2vgc", "shortDescription": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "fullDescription": {"text": "Rollup 4 has Arbitrary File Write via Path Traversal"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gcx4-mw62-g8wm", "name": "rollup: GHSA-gcx4-mw62-g8wm", "shortDescription": {"text": "rollup: GHSA-gcx4-mw62-g8wm"}, "fullDescription": {"text": "DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2c7-rcm5-vvqj", "name": "picomatch: GHSA-c2c7-rcm5-vvqj", "shortDescription": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "fullDescription": {"text": "Picomatch has a ReDoS vulnerability via extglob quantifiers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rhx6-c78j-4q9w", "name": "path-to-regexp: GHSA-rhx6-c78j-4q9w", "shortDescription": {"text": "path-to-regexp: GHSA-rhx6-c78j-4q9w"}, "fullDescription": {"text": "path-to-regexp contains a ReDoS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9wv6-86v2-598j", "name": "path-to-regexp: GHSA-9wv6-86v2-598j", "shortDescription": {"text": "path-to-regexp: GHSA-9wv6-86v2-598j"}, "fullDescription": {"text": "path-to-regexp outputs backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-37ch-88jc-xwx2", "name": "path-to-regexp: GHSA-37ch-88jc-xwx2", "shortDescription": {"text": "path-to-regexp: GHSA-37ch-88jc-xwx2"}, "fullDescription": {"text": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rp65-9cf3-cjxr", "name": "nth-check: GHSA-rp65-9cf3-cjxr", "shortDescription": {"text": "nth-check: GHSA-rp65-9cf3-cjxr"}, "fullDescription": {"text": "Inefficient Regular Expression Complexity in nth-check"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-x4jg-mjrx-434g", "name": "node-forge: GHSA-x4jg-mjrx-434g", "shortDescription": {"text": "node-forge: GHSA-x4jg-mjrx-434g"}, "fullDescription": {"text": "Improper Verification of Cryptographic Signature in node-forge"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q67f-28xg-22rw", "name": "node-forge: GHSA-q67f-28xg-22rw", "shortDescription": {"text": "node-forge: GHSA-q67f-28xg-22rw"}, "fullDescription": {"text": "Forge has signature forgery in Ed25519 due to missing S > L check"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ppp5-5v6c-4jwp", "name": "node-forge: GHSA-ppp5-5v6c-4jwp", "shortDescription": {"text": "node-forge: GHSA-ppp5-5v6c-4jwp"}, "fullDescription": {"text": "Forge has signature forgery in RSA-PKCS due to ASN.1 extra field "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cfm4-qjh2-4765", "name": "node-forge: GHSA-cfm4-qjh2-4765", "shortDescription": {"text": "node-forge: GHSA-cfm4-qjh2-4765"}, "fullDescription": {"text": "Improper Verification of Cryptographic Signature in node-forge"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5m6q-g25r-mvwx", "name": "node-forge: GHSA-5m6q-g25r-mvwx", "shortDescription": {"text": "node-forge: GHSA-5m6q-g25r-mvwx"}, "fullDescription": {"text": "Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5gfm-wpxj-wjgq", "name": "node-forge: GHSA-5gfm-wpxj-wjgq", "shortDescription": {"text": "node-forge: GHSA-5gfm-wpxj-wjgq"}, "fullDescription": {"text": "node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-554w-wpv2-vw27", "name": "node-forge: GHSA-554w-wpv2-vw27", "shortDescription": {"text": "node-forge: GHSA-554w-wpv2-vw27"}, "fullDescription": {"text": "node-forge has ASN.1 Unbounded Recursion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2328-f5f3-gj25", "name": "node-forge: GHSA-2328-f5f3-gj25", "shortDescription": {"text": "node-forge: GHSA-2328-f5f3-gj25"}, "fullDescription": {"text": "Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7r86-cg39-jmmj", "name": "minimatch: GHSA-7r86-cg39-jmmj", "shortDescription": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "fullDescription": {"text": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3ppc-4f35-3m26", "name": "minimatch: GHSA-3ppc-4f35-3m26", "shortDescription": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "fullDescription": {"text": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-23c5-xmqv-rm74", "name": "minimatch: GHSA-23c5-xmqv-rm74", "shortDescription": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "fullDescription": {"text": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r5fr-rjxr-66jc", "name": "lodash.template: GHSA-r5fr-rjxr-66jc", "shortDescription": {"text": "lodash.template: GHSA-r5fr-rjxr-66jc"}, "fullDescription": {"text": "lodash vulnerable to Code Injection via `_.template` imports key names"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-35jh-r3h4-6jhm", "name": "lodash.template: GHSA-35jh-r3h4-6jhm", "shortDescription": {"text": "lodash.template: GHSA-35jh-r3h4-6jhm"}, "fullDescription": {"text": "Command Injection in lodash"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c27g-q93r-2cwf", "name": "launch-editor: GHSA-c27g-q93r-2cwf", "shortDescription": {"text": "launch-editor: GHSA-c27g-q93r-2cwf"}, "fullDescription": {"text": "launch-editor vulnerable to command injection via the crafted request on Windows"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9c47-m6qq-7p4h", "name": "json5: GHSA-9c47-m6qq-7p4h", "shortDescription": {"text": "json5: GHSA-9c47-m6qq-7p4h"}, "fullDescription": {"text": "Prototype Pollution in JSON5 via Parse Method"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2p57-rm9w-gvfp", "name": "ip: GHSA-2p57-rm9w-gvfp", "shortDescription": {"text": "ip: GHSA-2p57-rm9w-gvfp"}, "fullDescription": {"text": "ip SSRF improper categorization in isPublic"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c7qv-q95q-8v27", "name": "http-proxy-middleware: GHSA-c7qv-q95q-8v27", "shortDescription": {"text": "http-proxy-middleware: GHSA-c7qv-q95q-8v27"}, "fullDescription": {"text": "Denial of service in http-proxy-middleware"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pfq8-rq6v-vf5m", "name": "html-minifier: GHSA-pfq8-rq6v-vf5m", "shortDescription": {"text": "html-minifier: GHSA-pfq8-rq6v-vf5m"}, "fullDescription": {"text": "kangax html-minifier REDoS vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xjpj-3mr7-gcpf", "name": "handlebars: GHSA-xjpj-3mr7-gcpf", "shortDescription": {"text": "handlebars: GHSA-xjpj-3mr7-gcpf"}, "fullDescription": {"text": "Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xhpv-hc6g-r9c6", "name": "handlebars: GHSA-xhpv-hc6g-r9c6", "shortDescription": {"text": "handlebars: GHSA-xhpv-hc6g-r9c6"}, "fullDescription": {"text": "Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9cx6-37pm-9jff", "name": "handlebars: GHSA-9cx6-37pm-9jff", "shortDescription": {"text": "handlebars: GHSA-9cx6-37pm-9jff"}, "fullDescription": {"text": "Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3mfm-83xf-c92r", "name": "handlebars: GHSA-3mfm-83xf-c92r", "shortDescription": {"text": "handlebars: GHSA-3mfm-83xf-c92r"}, "fullDescription": {"text": "Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rf6f-7fwh-wjgh", "name": "flatted: GHSA-rf6f-7fwh-wjgh", "shortDescription": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "fullDescription": {"text": "Prototype Pollution via parse() in NodeJS flatted"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-25h7-pfq9-p65f", "name": "flatted: GHSA-25h7-pfq9-p65f", "shortDescription": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "fullDescription": {"text": "flatted vulnerable to unbounded recursion DoS in parse() revive phase"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3xgq-45jj-v275", "name": "cross-spawn: GHSA-3xgq-45jj-v275", "shortDescription": {"text": "cross-spawn: GHSA-3xgq-45jj-v275"}, "fullDescription": {"text": "Regular Expression Denial of Service (ReDoS) in cross-spawn"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-x9w5-v3q2-3rhw", "name": "browserify-sign: GHSA-x9w5-v3q2-3rhw", "shortDescription": {"text": "browserify-sign: GHSA-x9w5-v3q2-3rhw"}, "fullDescription": {"text": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-grv7-fg5c-xmjg", "name": "braces: GHSA-grv7-fg5c-xmjg", "shortDescription": {"text": "braces: GHSA-grv7-fg5c-xmjg"}, "fullDescription": {"text": "Uncontrolled resource consumption in braces"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qwcr-r2fm-qrc7", "name": "body-parser: GHSA-qwcr-r2fm-qrc7", "shortDescription": {"text": "body-parser: GHSA-qwcr-r2fm-qrc7"}, "fullDescription": {"text": "body-parser vulnerable to denial of service when url encoding is enabled"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `preactjs/compressed-size-action` pinned to mutable ref `@v2`", "shortDescription": {"text": "Action `preactjs/compressed-size-action` pinned to mutable ref `@v2`"}, "fullDescription": {"text": "`uses: preactjs/compressed-size-action@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "GHSA-95m3-7q98-8xr5", "name": "sha.js: GHSA-95m3-7q98-8xr5", "shortDescription": {"text": "sha.js: GHSA-95m3-7q98-8xr5"}, "fullDescription": {"text": "sha.js is missing type checks leading to hash rewind and passing on crafted data"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v62p-rq8g-8h59", "name": "pbkdf2: GHSA-v62p-rq8g-8h59", "shortDescription": {"text": "pbkdf2: GHSA-v62p-rq8g-8h59"}, "fullDescription": {"text": "pbkdf2 silently disregards Uint8Array input, returning static keys"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h7cp-r72f-jxh6", "name": "pbkdf2: GHSA-h7cp-r72f-jxh6", "shortDescription": {"text": "pbkdf2: GHSA-h7cp-r72f-jxh6"}, "fullDescription": {"text": "pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-76p3-8jx3-jpfq", "name": "loader-utils: GHSA-76p3-8jx3-jpfq", "shortDescription": {"text": "loader-utils: GHSA-76p3-8jx3-jpfq"}, "fullDescription": {"text": "Prototype pollution in webpack loader-utils"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2w6w-674q-4c4q", "name": "handlebars: GHSA-2w6w-674q-4c4q", "shortDescription": {"text": "handlebars: GHSA-2w6w-674q-4c4q"}, "fullDescription": {"text": "Handlebars.js has JavaScript Injection via AST Type Confusion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fjxv-7rqg-78g4", "name": "form-data: GHSA-fjxv-7rqg-78g4", "shortDescription": {"text": "form-data: GHSA-fjxv-7rqg-78g4"}, "fullDescription": {"text": "form-data uses unsafe random function in form-data for choosing boundary"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vjh7-7g9h-fjfh", "name": "elliptic: GHSA-vjh7-7g9h-fjfh", "shortDescription": {"text": "elliptic: GHSA-vjh7-7g9h-fjfh"}, "fullDescription": {"text": "Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cpq7-6gpm-g9rc", "name": "cipher-base: GHSA-cpq7-6gpm-g9rc", "shortDescription": {"text": "cipher-base: GHSA-cpq7-6gpm-g9rc"}, "fullDescription": {"text": "cipher-base is missing type checks, leading to hash rewind and passing on crafted data"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-67hx-6x53-jw92", "name": "@babel/traverse: GHSA-67hx-6x53-jw92", "shortDescription": {"text": "@babel/traverse: GHSA-67hx-6x53-jw92"}, "fullDescription": {"text": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "jwt", "name": "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.", "shortDescription": {"text": "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require() loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require() loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/846"}, "properties": {"repository": "chartjs/Chart.js", "repoUrl": "https://github.com/chartjs/Chart.js", "branch": "master"}, "results": [{"ruleId": "GHSA-48c2-rrv3-qjmp", "level": "warning", "message": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "properties": {"repobilityId": 76449, "scanner": "osv-scanner", "fingerprint": "50bb42596af5c9f077010621340b47a31a4c2078f9d0e01ee2b787647b74301a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33532"], "package": "yaml", "rule_id": "GHSA-48c2-rrv3-qjmp", "scanner": "osv-scanner", "correlation_key": "vuln|yaml|CVE-2026-33532|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 76448, "scanner": "osv-scanner", "fingerprint": "d698c0969dae25e950d4f8b65b021df28bdeb91476dcc255cdcc9ca9ba3ee73e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j8xg-fqg3-53r7", "level": "warning", "message": {"text": "word-wrap: GHSA-j8xg-fqg3-53r7"}, "properties": {"repobilityId": 76446, "scanner": "osv-scanner", "fingerprint": "4cf5dc1a701ada3b753d7bd2d5922996312f060a13eaafd5b9603bc17ffba1f2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26115"], "package": "word-wrap", "rule_id": "GHSA-j8xg-fqg3-53r7", "scanner": "osv-scanner", "correlation_key": "vuln|word-wrap|CVE-2023-26115|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9jgg-88mc-972h", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-9jgg-88mc-972h"}, "properties": {"repobilityId": 76445, "scanner": "osv-scanner", "fingerprint": "2058e0841f8e55a21d21b12194f8d27e99c57090ef4921cf0366699e34ed92e8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-30360"], "package": "webpack-dev-server", "rule_id": "GHSA-9jgg-88mc-972h", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2025-30360|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-79cf-xcqc-c78w", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-79cf-xcqc-c78w"}, "properties": {"repobilityId": 76444, "scanner": "osv-scanner", "fingerprint": "bf17a1b8032e08e83dd69d78b623ced845743d9cdd4b2f534bd150c450160d90", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-6402"], "package": "webpack-dev-server", "rule_id": "GHSA-79cf-xcqc-c78w", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2026-6402|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4v9v-hfq4-rm2v", "level": "warning", "message": {"text": "webpack-dev-server: GHSA-4v9v-hfq4-rm2v"}, "properties": {"repobilityId": 76443, "scanner": "osv-scanner", "fingerprint": "bad564efe556f5e9874abc9f9973628c4b13601dd518627d1dbca7909481552d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-30359"], "package": "webpack-dev-server", "rule_id": "GHSA-4v9v-hfq4-rm2v", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-server|CVE-2025-30359|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-g3ch-rx76-35fx", "level": "warning", "message": {"text": "vue-template-compiler: GHSA-g3ch-rx76-35fx"}, "properties": {"repobilityId": 76441, "scanner": "osv-scanner", "fingerprint": "b292f8c4f89dbe0ccddac652536c04a577ea7ceac6bc1ce562bc627e0993148e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-6783"], "package": "vue-template-compiler", "rule_id": "GHSA-g3ch-rx76-35fx", "scanner": "osv-scanner", "correlation_key": "vuln|vue-template-compiler|CVE-2024-6783|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 76439, "scanner": "osv-scanner", "fingerprint": "fdef028f4a816ff49a3feddc8fea57767b8bd7a5285d824fe826196183701971", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-72xf-g2v4-qvf3", "level": "warning", "message": {"text": "tough-cookie: GHSA-72xf-g2v4-qvf3"}, "properties": {"repobilityId": 76438, "scanner": "osv-scanner", "fingerprint": "fd2ca9c694dd2862ef55697b23559a0590c3f65183e3c0b7eeaf8f7832685514", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-26136"], "package": "tough-cookie", "rule_id": "GHSA-72xf-g2v4-qvf3", "scanner": "osv-scanner", "correlation_key": "vuln|tough-cookie|CVE-2023-26136|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qj8w-gfj5-8c6v", "level": "warning", "message": {"text": "serialize-javascript: GHSA-qj8w-gfj5-8c6v"}, "properties": {"repobilityId": 76431, "scanner": "osv-scanner", "fingerprint": "e5adc7b8147d0f39d78debfb9b91e31cc337ef1e8ecd400a17dea5cbe1b23197", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-34043"], "package": "serialize-javascript", "rule_id": "GHSA-qj8w-gfj5-8c6v", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2026-34043|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-76p7-773f-r4q5", "level": "warning", "message": {"text": "serialize-javascript: GHSA-76p7-773f-r4q5"}, "properties": {"repobilityId": 76430, "scanner": "osv-scanner", "fingerprint": "91beecbe6a55c822108f2eeae6c3c6bc8cbecfefb76c65b350543535243e62bb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-11831"], "package": "serialize-javascript", "rule_id": "GHSA-76p7-773f-r4q5", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|CVE-2024-11831|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-p8p7-x288-28g6", "level": "warning", "message": {"text": "request: GHSA-p8p7-x288-28g6"}, "properties": {"repobilityId": 76424, "scanner": "osv-scanner", "fingerprint": "2d94816f53707d0cf2a2591bc387f6c00bb94286626e6ce0709e8e181d8e85b7", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-28155"], "package": "request", "rule_id": "GHSA-p8p7-x288-28g6", "scanner": "osv-scanner", "correlation_key": "vuln|request|CVE-2023-28155|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6rw7-vpxm-498p", "level": "warning", "message": {"text": "qs: GHSA-6rw7-vpxm-498p"}, "properties": {"repobilityId": 76422, "scanner": "osv-scanner", "fingerprint": "6d22fb6d155cd92273923764c4a42ac64c943a3e96e9afc41e845a7b5d2f24b9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-15284"], "package": "qs", "rule_id": "GHSA-6rw7-vpxm-498p", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2025-15284|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-x7hr-w5r2-h6wg", "level": "warning", "message": {"text": "prismjs: GHSA-x7hr-w5r2-h6wg"}, "properties": {"repobilityId": 76421, "scanner": "osv-scanner", "fingerprint": "36878fdd49af10dbda3bff38a8fcc69d5b6202cfb42001d7d5fa9b82d0796018", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-53382"], "package": "prismjs", "rule_id": "GHSA-x7hr-w5r2-h6wg", "scanner": "osv-scanner", "correlation_key": "vuln|prismjs|CVE-2024-53382|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 76420, "scanner": "osv-scanner", "fingerprint": "0b1dff5c952a767b7990e67b0d60cc580116a9b63b14cf0d44b920a59028efbf", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7fh5-64p2-3v2j", "level": "warning", "message": {"text": "postcss: GHSA-7fh5-64p2-3v2j"}, "properties": {"repobilityId": 76419, "scanner": "osv-scanner", "fingerprint": "13f4a1be9b2032a3827d595ce27cf15ddcdff688424cf4aeb754429be33561c0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-44270"], "package": "postcss", "rule_id": "GHSA-7fh5-64p2-3v2j", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2023-44270|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 76417, "scanner": "osv-scanner", "fingerprint": "d9d26d972991fffb51a1613b08ac1e8e722be1c10191fb43cced54b770250e8d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8fr3-hfg3-gpgp", "level": "warning", "message": {"text": "node-forge: GHSA-8fr3-hfg3-gpgp"}, "properties": {"repobilityId": 76404, "scanner": "osv-scanner", "fingerprint": "e005095188307f9e02716f5bf1b785daca482b625fa7336a67864d49fb85eab1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-0122"], "package": "node-forge", "rule_id": "GHSA-8fr3-hfg3-gpgp", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2022-0122|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-65ch-62r8-g69g", "level": "warning", "message": {"text": "node-forge: GHSA-65ch-62r8-g69g"}, "properties": {"repobilityId": 76403, "scanner": "osv-scanner", "fingerprint": "7ae3cf73266e9f04815d7265db86772c37f224fb8fd8cfab836e3620a2ca8501", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66030"], "package": "node-forge", "rule_id": "GHSA-65ch-62r8-g69g", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-66030|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2r2c-g63r-vccr", "level": "warning", "message": {"text": "node-forge: GHSA-2r2c-g63r-vccr"}, "properties": {"repobilityId": 76398, "scanner": "osv-scanner", "fingerprint": "5d1b2c690c460e1ee50c577ffcb68989d523311da246567f9b4725b4ce574414", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-24773"], "package": "node-forge", "rule_id": "GHSA-2r2c-g63r-vccr", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2022-24773|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mwcw-c2x4-8c55", "level": "warning", "message": {"text": "nanoid: GHSA-mwcw-c2x4-8c55"}, "properties": {"repobilityId": 76396, "scanner": "osv-scanner", "fingerprint": "5ab29893c2d14e0bfbe5c589bd65659abd6616e61aac03ab1c5fa9b6c850b05a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-55565"], "package": "nanoid", "rule_id": "GHSA-mwcw-c2x4-8c55", "scanner": "osv-scanner", "correlation_key": "vuln|nanoid|CVE-2024-55565|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-952p-6rrq-rcjv", "level": "warning", "message": {"text": "micromatch: GHSA-952p-6rrq-rcjv"}, "properties": {"repobilityId": 76391, "scanner": "osv-scanner", "fingerprint": "7f5b885c50f81ed0daa6171ed0eeb8291fc1168ed770191f145325d8b2c16280", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4067"], "package": "micromatch", "rule_id": "GHSA-952p-6rrq-rcjv", "scanner": "osv-scanner", "correlation_key": "vuln|micromatch|CVE-2024-4067|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6vfc-qv3f-vr6c", "level": "warning", "message": {"text": "markdown-it: GHSA-6vfc-qv3f-vr6c"}, "properties": {"repobilityId": 76390, "scanner": "osv-scanner", "fingerprint": "2f9cca2163d6371fa9083ba96232a4640a76799c11725b4b0318091b01a94e06", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-21670"], "package": "markdown-it", "rule_id": "GHSA-6vfc-qv3f-vr6c", "scanner": "osv-scanner", "correlation_key": "vuln|markdown-it|CVE-2022-21670|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xxjr-mmjv-4gpg", "level": "warning", "message": {"text": "lodash: GHSA-xxjr-mmjv-4gpg"}, "properties": {"repobilityId": 76387, "scanner": "osv-scanner", "fingerprint": "75f1cf8ff29d8d132d579513aad4027dbb5a93646863d8e7bc0c89343d3402ef", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-13465"], "package": "lodash", "rule_id": "GHSA-xxjr-mmjv-4gpg", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2025-13465|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f23m-r3pf-42rh", "level": "warning", "message": {"text": "lodash: GHSA-f23m-r3pf-42rh"}, "properties": {"repobilityId": 76385, "scanner": "osv-scanner", "fingerprint": "529a8e201067f66e4bcd0d6408bc6eece689220a5a65ec65438a230ab5b7cf66", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2950"], "package": "lodash", "rule_id": "GHSA-f23m-r3pf-42rh", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-2950|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mh29-5h37-fv8m", "level": "warning", "message": {"text": "js-yaml: GHSA-mh29-5h37-fv8m"}, "properties": {"repobilityId": 76381, "scanner": "osv-scanner", "fingerprint": "e1f1eee28e3c43746c892494085b271496e4ce012a6f7a57876b5d7ed32ae261", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-64718"], "package": "js-yaml", "rule_id": "GHSA-mh29-5h37-fv8m", "scanner": "osv-scanner", "correlation_key": "vuln|js-yaml|CVE-2025-64718|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9gqv-wp59-fq42", "level": "warning", "message": {"text": "http-proxy-middleware: GHSA-9gqv-wp59-fq42"}, "properties": {"repobilityId": 76378, "scanner": "osv-scanner", "fingerprint": "ca333b7def2de43fb65853c34054d47dfabe0257fd1539cd0ad0efaa2675769c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-32997"], "package": "http-proxy-middleware", "rule_id": "GHSA-9gqv-wp59-fq42", "scanner": "osv-scanner", "correlation_key": "vuln|http-proxy-middleware|CVE-2025-32997|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4www-5p9h-95mh", "level": "warning", "message": {"text": "http-proxy-middleware: GHSA-4www-5p9h-95mh"}, "properties": {"repobilityId": 76377, "scanner": "osv-scanner", "fingerprint": "7cfc5c114ac0625d7609b3088539dc7bbc03f40458dc4c5cc8e75e76b7ad4d0b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-32996"], "package": "http-proxy-middleware", "rule_id": "GHSA-4www-5p9h-95mh", "scanner": "osv-scanner", "correlation_key": "vuln|http-proxy-middleware|CVE-2025-32996|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7wwv-vh3v-89cq", "level": "warning", "message": {"text": "highlight.js: GHSA-7wwv-vh3v-89cq"}, "properties": {"repobilityId": 76374, "scanner": "osv-scanner", "fingerprint": "99e0173322131ea4a479e8eb1c6ab91cd685f14fcc48e1eaab48b307b78626ca", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "highlight.js", "rule_id": "GHSA-7wwv-vh3v-89cq", "scanner": "osv-scanner", "correlation_key": "vuln|highlight.js|GHSA-7WWV-VH3V-89CQ|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7rx3-28cr-v5wh", "level": "warning", "message": {"text": "handlebars: GHSA-7rx3-28cr-v5wh"}, "properties": {"repobilityId": 76370, "scanner": "osv-scanner", "fingerprint": "85ba8a8c3bb4acc6a3459d169d64d4879013e992d499c9208de8ad7a36084a86", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "handlebars", "rule_id": "GHSA-7rx3-28cr-v5wh", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|GHSA-7RX3-28CR-V5WH|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2qvq-rjwj-gvw9", "level": "warning", "message": {"text": "handlebars: GHSA-2qvq-rjwj-gvw9"}, "properties": {"repobilityId": 76366, "scanner": "osv-scanner", "fingerprint": "17e1798d1dbb31c5c850819b4d7b3cd310a7dda9641e1eea682fb1e6564e4af8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33916"], "package": "handlebars", "rule_id": "GHSA-2qvq-rjwj-gvw9", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33916|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pfrx-2q88-qq97", "level": "warning", "message": {"text": "got: GHSA-pfrx-2q88-qq97"}, "properties": {"repobilityId": 76365, "scanner": "osv-scanner", "fingerprint": "139fa45314b3ae96b82a5d2e9d5120599d4ea4c3cb4cc8631a10ae1dd88f708e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-33987"], "package": "got", "rule_id": "GHSA-pfrx-2q88-qq97", "scanner": "osv-scanner", "correlation_key": "vuln|got|CVE-2022-33987|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r4q5-vmmm-2653", "level": "warning", "message": {"text": "follow-redirects: GHSA-r4q5-vmmm-2653"}, "properties": {"repobilityId": 76363, "scanner": "osv-scanner", "fingerprint": "6f390e2ea2dc5e15147a7d495e55d42a4ae00467d7b3f2ca1cebb7aa445a73b9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "follow-redirects", "rule_id": "GHSA-r4q5-vmmm-2653", "scanner": "osv-scanner", "correlation_key": "vuln|follow-redirects|GHSA-R4Q5-VMMM-2653|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rv95-896h-c2vc", "level": "warning", "message": {"text": "express: GHSA-rv95-896h-c2vc"}, "properties": {"repobilityId": 76360, "scanner": "osv-scanner", "fingerprint": "0806f4ec14c30bd1d1e2349020cad8d98c0c0404e6e25fb160be197890efa61a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-29041"], "package": "express", "rule_id": "GHSA-rv95-896h-c2vc", "scanner": "osv-scanner", "correlation_key": "vuln|express|CVE-2024-29041|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67mh-4wv8-2f99", "level": "warning", "message": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "properties": {"repobilityId": 76358, "scanner": "osv-scanner", "fingerprint": "41f281ca33e7758f3ed49d251cab103d4cb0c6de82ba0c8149194ad02717accb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "esbuild", "rule_id": "GHSA-67mh-4wv8-2f99", "scanner": "osv-scanner", "correlation_key": "vuln|esbuild|GHSA-67MH-4WV8-2F99|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ghr5-ch3p-vcr6", "level": "warning", "message": {"text": "ejs: GHSA-ghr5-ch3p-vcr6"}, "properties": {"repobilityId": 76350, "scanner": "osv-scanner", "fingerprint": "3c7905ec774c10a6334c69ef51be4a1cf5c405b1eb9a3ecefdca017c57d6eefb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-33883"], "package": "ejs", "rule_id": "GHSA-ghr5-ch3p-vcr6", "scanner": "osv-scanner", "correlation_key": "vuln|ejs|CVE-2024-33883|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 76343, "scanner": "osv-scanner", "fingerprint": "6ed3e11856b985dfd38b234bdeafe6eb9fdd6ace1789aa46a716324dba77d441", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-378v-28hj-76wf", "level": "warning", "message": {"text": "bn.js: GHSA-378v-28hj-76wf"}, "properties": {"repobilityId": 76341, "scanner": "osv-scanner", "fingerprint": "d784964343c8b79cb66f33482410c1d19bd71a0dd62c22bb0fdc0dcc01c80474", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2739"], "package": "bn.js", "rule_id": "GHSA-378v-28hj-76wf", "scanner": "osv-scanner", "correlation_key": "vuln|bn.js|CVE-2026-2739|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 76340, "scanner": "osv-scanner", "fingerprint": "0b4075edd70eccc9e81ce84656b8a0c1040ecc83769ba1ed4fe7ce3796321c93", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/runtime: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 76337, "scanner": "osv-scanner", "fingerprint": "8226570f1a95192aa4fd0dc6689ea75a67b6fd3ba8d5359cbc505423970e95e0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/runtime", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/runtime|CVE-2025-27789|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-968p-4wvh-cqc8", "level": "warning", "message": {"text": "@babel/helpers: GHSA-968p-4wvh-cqc8"}, "properties": {"repobilityId": 76336, "scanner": "osv-scanner", "fingerprint": "3a0104bfb3ec3bf02245db9a88e298a0a988506e4b5222804d06ffce39376224", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27789"], "package": "@babel/helpers", "rule_id": "GHSA-968p-4wvh-cqc8", "scanner": "osv-scanner", "correlation_key": "vuln|babel/helpers|CVE-2025-27789|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `karma-jasmine-html-reporter` is 1 major version(s) behind (^1.5.4 -> 2.2.0)"}, "properties": {"repobilityId": 76318, "scanner": "repobility-dependency-currency", "fingerprint": "9ff1a74518dff75545e049916aa5087063a1bd57271a5104b8262693a0b01d55", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "karma-jasmine-html-reporter", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.2.0", "correlation_key": "fp|9ff1a74518dff75545e049916aa5087063a1bd57271a5104b8262693a0b01d55", "current_version": "^1.5.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `karma-jasmine` is 1 major version(s) behind (^4.0.1 -> 5.1.0)"}, "properties": {"repobilityId": 76317, "scanner": "repobility-dependency-currency", "fingerprint": "66fc28ed9f3aa4492167cbbee53f69b78a6c3eb746ab2c86c9f85ca43f363aa3", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "karma-jasmine", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "5.1.0", "correlation_key": "fp|66fc28ed9f3aa4492167cbbee53f69b78a6c3eb746ab2c86c9f85ca43f363aa3", "current_version": "^4.0.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `jasmine-core` is 3 major version(s) behind (^3.7.1 -> 6.2.0)"}, "properties": {"repobilityId": 76313, "scanner": "repobility-dependency-currency", "fingerprint": "cb24c52d471bf3ef909ee1691ef8680cff1f15cc002068fedc20c3db60714397", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "jasmine-core", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.2.0", "correlation_key": "fp|cb24c52d471bf3ef909ee1691ef8680cff1f15cc002068fedc20c3db60714397", "current_version": "^3.7.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `jasmine` is 3 major version(s) behind (^3.7.0 -> 6.2.0)"}, "properties": {"repobilityId": 76312, "scanner": "repobility-dependency-currency", "fingerprint": "6831c214f9767c2da15ecc0c11b5aacd94eec363b7f32327d563baa97ab55947", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "jasmine", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.2.0", "correlation_key": "fp|6831c214f9767c2da15ecc0c11b5aacd94eec363b7f32327d563baa97ab55947", "current_version": "^3.7.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `glob` is 5 major version(s) behind (^8.0.3 -> 13.0.6)"}, "properties": {"repobilityId": 76311, "scanner": "repobility-dependency-currency", "fingerprint": "1a8fd7380ff8d5721463d22faa73c78878a4e87cd927f19d5d65d5c11ed5769b", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "5 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "glob", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "13.0.6", "correlation_key": "fp|1a8fd7380ff8d5721463d22faa73c78878a4e87cd927f19d5d65d5c11ed5769b", "current_version": "^8.0.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `eslint-plugin-markdown` is 2 major version(s) behind (^3.0.0 -> 5.1.0)"}, "properties": {"repobilityId": 76310, "scanner": "repobility-dependency-currency", "fingerprint": "dd274d9085aa95be15fe9d8a66f6235f6e08668f90b2fd75d5e60254437eebb6", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "eslint-plugin-markdown", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "5.1.0", "correlation_key": "fp|dd274d9085aa95be15fe9d8a66f6235f6e08668f90b2fd75d5e60254437eebb6", "current_version": "^3.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `eslint-plugin-html` is 1 major version(s) behind (^7.1.0 -> 8.1.4)"}, "properties": {"repobilityId": 76309, "scanner": "repobility-dependency-currency", "fingerprint": "52d067a1ebd959af364fded3670d6915a718fbb980eec9a3643b4fba8a5c4715", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "eslint-plugin-html", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.1.4", "correlation_key": "fp|52d067a1ebd959af364fded3670d6915a718fbb980eec9a3643b4fba8a5c4715", "current_version": "^7.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `cross-env` is 3 major version(s) behind (^7.0.3 -> 10.1.0)"}, "properties": {"repobilityId": 76308, "scanner": "repobility-dependency-currency", "fingerprint": "b161de4b5a8afb4544d22400c564d7da63d16e1860d2f2006dfb81c7fb54e541", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "cross-env", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "10.1.0", "correlation_key": "fp|b161de4b5a8afb4544d22400c564d7da63d16e1860d2f2006dfb81c7fb54e541", "current_version": "^7.0.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `concurrently` is 3 major version(s) behind (^7.3.0 -> 10.0.3)"}, "properties": {"repobilityId": 76307, "scanner": "repobility-dependency-currency", "fingerprint": "f3eec07bc1de88ab6f56038c4506e8db3cbea9f21d361626dea78910f41f157e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "concurrently", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "10.0.3", "correlation_key": "fp|f3eec07bc1de88ab6f56038c4506e8db3cbea9f21d361626dea78910f41f157e", "current_version": "^7.3.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@rollup/plugin-node-resolve` is 1 major version(s) behind (^15.0.1 -> 16.0.3)"}, "properties": {"repobilityId": 76301, "scanner": "repobility-dependency-currency", "fingerprint": "4166272d46035f42a659085a48b564b1759fe34559620b6ddcf7784345e63582", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@rollup/plugin-node-resolve", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "16.0.3", "correlation_key": "fp|4166272d46035f42a659085a48b564b1759fe34559620b6ddcf7784345e63582", "current_version": "^15.0.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@rollup/plugin-json` is 1 major version(s) behind (^5.0.1 -> 6.1.0)"}, "properties": {"repobilityId": 76300, "scanner": "repobility-dependency-currency", "fingerprint": "91d2d2050dec954db4d50e72f8fb549d311697f0e0084ab880c740063efebbc4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@rollup/plugin-json", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.1.0", "correlation_key": "fp|91d2d2050dec954db4d50e72f8fb549d311697f0e0084ab880c740063efebbc4", "current_version": "^5.0.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@rollup/plugin-commonjs` is 6 major version(s) behind (^23.0.2 -> 29.0.3)"}, "properties": {"repobilityId": 76298, "scanner": "repobility-dependency-currency", "fingerprint": "1bc6a2872309efd8bdd8ef12020f62ab98c4a4bd71dac9f9771866091d54a8b5", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "6 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@rollup/plugin-commonjs", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "29.0.3", "correlation_key": "fp|1bc6a2872309efd8bdd8ef12020f62ab98c4a4bd71dac9f9771866091d54a8b5", "current_version": "^23.0.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5j4c-8p2g-v4jx", "level": "note", "message": {"text": "vue: GHSA-5j4c-8p2g-v4jx"}, "properties": {"repobilityId": 76440, "scanner": "osv-scanner", "fingerprint": "c1cdbaac031acb1bd6d95a67bdd9e8ba7eccd75523bc0daef2285d8d64cb2a98", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-9506"], "package": "vue", "rule_id": "GHSA-5j4c-8p2g-v4jx", "scanner": "osv-scanner", "correlation_key": "vuln|vue|CVE-2024-9506|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-52f5-9888-hmc6", "level": "note", "message": {"text": "tmp: GHSA-52f5-9888-hmc6"}, "properties": {"repobilityId": 76436, "scanner": "osv-scanner", "fingerprint": "ceb0fe0330a6e8c65b0a6d6b0c1b4e5717c16a2c1143f50b7130f9599cd67450", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-54798"], "package": "tmp", "rule_id": "GHSA-52f5-9888-hmc6", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2025-54798|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cm22-4g7w-348p", "level": "note", "message": {"text": "serve-static: GHSA-cm22-4g7w-348p"}, "properties": {"repobilityId": 76432, "scanner": "osv-scanner", "fingerprint": "2b16cfe0f73c52465b79a7d69fdef3783acde2f48e25327223ff1eb9aab05855", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43800"], "package": "serve-static", "rule_id": "GHSA-cm22-4g7w-348p", "scanner": "osv-scanner", "correlation_key": "vuln|serve-static|CVE-2024-43800|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m6fv-jmcg-4jfg", "level": "note", "message": {"text": "send: GHSA-m6fv-jmcg-4jfg"}, "properties": {"repobilityId": 76428, "scanner": "osv-scanner", "fingerprint": "1143f7d2db88d250f93c4e49897b0d83c03c973b7ff75dd7e0fe661b03acb8da", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43799"], "package": "send", "rule_id": "GHSA-m6fv-jmcg-4jfg", "scanner": "osv-scanner", "correlation_key": "vuln|send|CVE-2024-43799|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w7fw-mjwx-w883", "level": "note", "message": {"text": "qs: GHSA-w7fw-mjwx-w883"}, "properties": {"repobilityId": 76423, "scanner": "osv-scanner", "fingerprint": "a8ebfae1708877f4dd9d37cacb9e0f82aeb99b56d968b81a86d1302c6d3af0c2", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-2391"], "package": "qs", "rule_id": "GHSA-w7fw-mjwx-w883", "scanner": "osv-scanner", "correlation_key": "vuln|qs|CVE-2026-2391|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-76c9-3jph-rj3q", "level": "note", "message": {"text": "on-headers: GHSA-76c9-3jph-rj3q"}, "properties": {"repobilityId": 76411, "scanner": "osv-scanner", "fingerprint": "97283a2a7d20560a818693b916d6753fd7fbd4236d8d8c1aaa6f41727217c1ce", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-7339"], "package": "on-headers", "rule_id": "GHSA-76c9-3jph-rj3q", "scanner": "osv-scanner", "correlation_key": "vuln|on-headers|CVE-2025-7339|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gf8q-jrpm-jvxq", "level": "note", "message": {"text": "node-forge: GHSA-gf8q-jrpm-jvxq"}, "properties": {"repobilityId": 76406, "scanner": "osv-scanner", "fingerprint": "76057d2f385c23f2f6b628b388c2e21a3c12d8f49978295a38fbde6b32dc7daf", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "node-forge", "rule_id": "GHSA-gf8q-jrpm-jvxq", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|GHSA-GF8Q-JRPM-JVXQ|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5rrq-pxf6-6jx5", "level": "note", "message": {"text": "node-forge: GHSA-5rrq-pxf6-6jx5"}, "properties": {"repobilityId": 76402, "scanner": "osv-scanner", "fingerprint": "e66cc352ccef09e23ff745465127e9f4f6d94ca5a56beab660c07b6ad290df89", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "node-forge", "rule_id": "GHSA-5rrq-pxf6-6jx5", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|GHSA-5RRQ-PXF6-6JX5|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rx8g-88g5-qh64", "level": "note", "message": {"text": "min-document: GHSA-rx8g-88g5-qh64"}, "properties": {"repobilityId": 76392, "scanner": "osv-scanner", "fingerprint": "37bfd5864d16b6b00fcc7d5db343dcdf083be7128ef0c7e1f1b145ae4f599346", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-57352"], "package": "min-document", "rule_id": "GHSA-rx8g-88g5-qh64", "scanner": "osv-scanner", "correlation_key": "vuln|min-document|CVE-2025-57352|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-78xj-cgh5-2h22", "level": "note", "message": {"text": "ip: GHSA-78xj-cgh5-2h22"}, "properties": {"repobilityId": 76380, "scanner": "osv-scanner", "fingerprint": "ed3963f235802beb70399977cf9848dfe7a8bcf454e1c780e2e495c7e6a1035c", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-42282"], "package": "ip", "rule_id": "GHSA-78xj-cgh5-2h22", "scanner": "osv-scanner", "correlation_key": "vuln|ip|CVE-2023-42282|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-442j-39wm-28r2", "level": "note", "message": {"text": "handlebars: GHSA-442j-39wm-28r2"}, "properties": {"repobilityId": 76369, "scanner": "osv-scanner", "fingerprint": "e21584bfcab1f4840fba0e3149d8014642fb9c5af8cc5ecf77af95826059b67b", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "handlebars", "rule_id": "GHSA-442j-39wm-28r2", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|GHSA-442J-39WM-28R2|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qw6h-vgh9-j6wx", "level": "note", "message": {"text": "express: GHSA-qw6h-vgh9-j6wx"}, "properties": {"repobilityId": 76359, "scanner": "osv-scanner", "fingerprint": "43700f9cc061210478d598e796a23269a2965f70acf23e6bffffc1367f09269d", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-43796"], "package": "express", "rule_id": "GHSA-qw6h-vgh9-j6wx", "scanner": "osv-scanner", "correlation_key": "vuln|express|CVE-2024-43796|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fc9h-whq2-v747", "level": "note", "message": {"text": "elliptic: GHSA-fc9h-whq2-v747"}, "properties": {"repobilityId": 76356, "scanner": "osv-scanner", "fingerprint": "cbe8b7bf0b3d16b923f60f6ab73d471c15c20d36f39782227c53eb8edc4e9363", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-48948"], "package": "elliptic", "rule_id": "GHSA-fc9h-whq2-v747", "scanner": "osv-scanner", "correlation_key": "vuln|elliptic|CVE-2024-48948|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f7q4-pwc6-w24p", "level": "note", "message": {"text": "elliptic: GHSA-f7q4-pwc6-w24p"}, "properties": {"repobilityId": 76355, "scanner": "osv-scanner", "fingerprint": "5c49b34db40b45aaabeaf2fce5b7693924b452c0f6897ee34e0b318cf9c76b17", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-42459"], "package": "elliptic", "rule_id": "GHSA-f7q4-pwc6-w24p", "scanner": "osv-scanner", "correlation_key": "vuln|elliptic|CVE-2024-42459|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-977x-g7h5-7qgw", "level": "note", "message": {"text": "elliptic: GHSA-977x-g7h5-7qgw"}, "properties": {"repobilityId": 76354, "scanner": "osv-scanner", "fingerprint": "04eb7cd0b55369c7bb3b0892424a35c18a7f3a5a8c66cdaea7b9cbc35b93ab59", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-42460"], "package": "elliptic", "rule_id": "GHSA-977x-g7h5-7qgw", "scanner": "osv-scanner", "correlation_key": "vuln|elliptic|CVE-2024-42460|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-848j-6mx2-7j84", "level": "note", "message": {"text": "elliptic: GHSA-848j-6mx2-7j84"}, "properties": {"repobilityId": 76353, "scanner": "osv-scanner", "fingerprint": "d70020eb29381e3175867d7879346d09b0cd1dee65337ec9b8b2ec3b3d115f65", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-14505"], "package": "elliptic", "rule_id": "GHSA-848j-6mx2-7j84", "scanner": "osv-scanner", "correlation_key": "vuln|elliptic|CVE-2025-14505|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-49q7-c7j4-3p7m", "level": "note", "message": {"text": "elliptic: GHSA-49q7-c7j4-3p7m"}, "properties": {"repobilityId": 76352, "scanner": "osv-scanner", "fingerprint": "5dec63eb28691adb67001e12a4d6165a4abdfb975aad42de9b3668c18e6cc8ef", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-42461"], "package": "elliptic", "rule_id": "GHSA-49q7-c7j4-3p7m", "scanner": "osv-scanner", "correlation_key": "vuln|elliptic|CVE-2024-42461|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-434g-2637-qmqr", "level": "note", "message": {"text": "elliptic: GHSA-434g-2637-qmqr"}, "properties": {"repobilityId": 76351, "scanner": "osv-scanner", "fingerprint": "116f87768311bd291beee4dd41a2fa3754cbcc5a93594b08be6411bf20f84d02", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-48949"], "package": "elliptic", "rule_id": "GHSA-434g-2637-qmqr", "scanner": "osv-scanner", "correlation_key": "vuln|elliptic|CVE-2024-48949|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pxg6-pf52-xh8x", "level": "note", "message": {"text": "cookie: GHSA-pxg6-pf52-xh8x"}, "properties": {"repobilityId": 76348, "scanner": "osv-scanner", "fingerprint": "353decb9f04d1c421e622b52000e1e4d5e7fb4b271c2145ccbdb51a43491ec5e", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47764"], "package": "cookie", "rule_id": "GHSA-pxg6-pf52-xh8x", "scanner": "osv-scanner", "correlation_key": "vuln|cookie|CVE-2024-47764|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v6h2-p8h4-qcjw", "level": "note", "message": {"text": "brace-expansion: GHSA-v6h2-p8h4-qcjw"}, "properties": {"repobilityId": 76344, "scanner": "osv-scanner", "fingerprint": "3e70f19011b58b157f75487899fec2e42cb88c0a653227b585f67c95414d291b", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-5889"], "package": "brace-expansion", "rule_id": "GHSA-v6h2-p8h4-qcjw", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2025-5889|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vpq2-c234-7xj6", "level": "note", "message": {"text": "@tootallnate/once: GHSA-vpq2-c234-7xj6"}, "properties": {"repobilityId": 76339, "scanner": "osv-scanner", "fingerprint": "573ec4a58862875e8ce61f54e2504d06b2ca4d339b9ec7540be71ab58ff09e02", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-3449"], "package": "@tootallnate/once", "rule_id": "GHSA-vpq2-c234-7xj6", "scanner": "osv-scanner", "correlation_key": "vuln|tootallnate/once|CVE-2026-3449|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `luxon` is minor version(s) behind (^3.0.1 -> 3.7.2)"}, "properties": {"repobilityId": 76321, "scanner": "repobility-dependency-currency", "fingerprint": "b4c9a96d648cf0d576c4dc6bec9e433e07296ea59a173773ab83dc2e60642708", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "luxon", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.7.2", "correlation_key": "fp|b4c9a96d648cf0d576c4dc6bec9e433e07296ea59a173773ab83dc2e60642708", "current_version": "^3.0.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `karma-coverage` is minor version(s) behind (^2.0.3 -> 2.2.1)"}, "properties": {"repobilityId": 76315, "scanner": "repobility-dependency-currency", "fingerprint": "6a26c69829c22fb10dcc0df47126f2483a22780e2ce49a6aeb10b0880c975efe", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "karma-coverage", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.2.1", "correlation_key": "fp|6a26c69829c22fb10dcc0df47126f2483a22780e2ce49a6aeb10b0880c975efe", "current_version": "^2.0.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `karma-chrome-launcher` is minor version(s) behind (^3.1.0 -> 3.2.0)"}, "properties": {"repobilityId": 76314, "scanner": "repobility-dependency-currency", "fingerprint": "7346fc68eac0f532baedc8698d9eef6864e82033733c5b2abd2f4ef9be100862", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "karma-chrome-launcher", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.2.0", "correlation_key": "fp|7346fc68eac0f532baedc8698d9eef6864e82033733c5b2abd2f4ef9be100862", "current_version": "^3.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `chartjs-test-utils` is minor version(s) behind (^0.4.0 -> 0.5.0)"}, "properties": {"repobilityId": 76306, "scanner": "repobility-dependency-currency", "fingerprint": "064c424286e622a9ff0808f159989aa77b08b1265dd3632298f09ef88206d3bb", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "chartjs-test-utils", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.5.0", "correlation_key": "fp|064c424286e622a9ff0808f159989aa77b08b1265dd3632298f09ef88206d3bb", "current_version": "^0.4.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `chartjs-adapter-luxon` is minor version(s) behind (^1.2.0 -> 1.3.1)"}, "properties": {"repobilityId": 76304, "scanner": "repobility-dependency-currency", "fingerprint": "111f44752d39a09a078ef51fec30ceacbb94d7b067fa27098ace965abcc2fed5", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "chartjs-adapter-luxon", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.3.1", "correlation_key": "fp|111f44752d39a09a078ef51fec30ceacbb94d7b067fa27098ace965abcc2fed5", "current_version": "^1.2.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@kurkle/color` is minor version(s) behind (^0.3.0 -> 0.4.0)"}, "properties": {"repobilityId": 76297, "scanner": "repobility-dependency-currency", "fingerprint": "a665e1e873f9f839a624a78b02ae9a646e02989b6cc0fd7c942596aded9bfec8", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@kurkle/color", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.4.0", "correlation_key": "fp|a665e1e873f9f839a624a78b02ae9a646e02989b6cc0fd7c942596aded9bfec8", "current_version": "^0.3.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76275, "scanner": "repobility-ai-code-hygiene", "fingerprint": "61f3b3b989cc578e1161c4eeab41d9157a20d8c39cd68044dff141e087875267", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/types/options.ts", "duplicate_line": 2, "correlation_key": "fp|61f3b3b989cc578e1161c4eeab41d9157a20d8c39cd68044dff141e087875267"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/types/scales/options.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76274, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8e6f4cee6d7f25cf08217f2643a6a0bd48044ff3046ace47997474ae3a8c0234", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/types/plugins/plugin.tooltip/tooltip_parsed_data.ts", "duplicate_line": 1, "correlation_key": "fp|8e6f4cee6d7f25cf08217f2643a6a0bd48044ff3046ace47997474ae3a8c0234"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/types/plugins/plugin.tooltip/tooltip_scriptable_background_color.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76273, "scanner": "repobility-ai-code-hygiene", "fingerprint": "04b7b33d2e9ec0ea53533034dad40c08b0b92197c394501833d364570b034945", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/specs/controller.bubble.tests.js", "duplicate_line": 342, "correlation_key": "fp|04b7b33d2e9ec0ea53533034dad40c08b0b92197c394501833d364570b034945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/specs/controller.scatter.tests.js"}, "region": {"startLine": 159}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76272, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9aa0eb9579837d8f3d216cb4002a43008194c33ea26dd76b18ce11d9deb9e8c6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/specs/controller.doughnut.tests.js", "duplicate_line": 364, "correlation_key": "fp|9aa0eb9579837d8f3d216cb4002a43008194c33ea26dd76b18ce11d9deb9e8c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/specs/controller.radar.tests.js"}, "region": {"startLine": 360}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76271, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0bc47382e8b1ef330d029a7cfc0d3378fe2256499e3cea2c6b809959f55674fa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/specs/controller.bubble.tests.js", "duplicate_line": 244, "correlation_key": "fp|0bc47382e8b1ef330d029a7cfc0d3378fe2256499e3cea2c6b809959f55674fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/specs/controller.radar.tests.js"}, "region": {"startLine": 230}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76270, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d6edc21ef816de6183b507cdcfddb398595c62f3924de06ee6429dd7dda0939f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/specs/controller.doughnut.tests.js", "duplicate_line": 325, "correlation_key": "fp|d6edc21ef816de6183b507cdcfddb398595c62f3924de06ee6429dd7dda0939f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/specs/controller.polarArea.tests.js"}, "region": {"startLine": 300}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76269, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3cd7f8a5ae90a32679e9df4b31621404d201d680eb329fb1e460b5dc4c7e18d3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/specs/controller.bubble.tests.js", "duplicate_line": 63, "correlation_key": "fp|3cd7f8a5ae90a32679e9df4b31621404d201d680eb329fb1e460b5dc4c7e18d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/specs/controller.polarArea.tests.js"}, "region": {"startLine": 102}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76268, "scanner": "repobility-ai-code-hygiene", "fingerprint": "83aeeb6828f476b908304bf60cf70f1deca207312f27f7c323a2c356ad394925", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/specs/controller.bubble.tests.js", "duplicate_line": 63, "correlation_key": "fp|83aeeb6828f476b908304bf60cf70f1deca207312f27f7c323a2c356ad394925"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/specs/controller.doughnut.tests.js"}, "region": {"startLine": 238}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76267, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cb5bed7eb404d06b6b0b55db21e86861745e795d5202e6d2e90f9e3ab61ab78d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/integration/react-browser/src/App.tsx", "duplicate_line": 6, "correlation_key": "fp|cb5bed7eb404d06b6b0b55db21e86861745e795d5202e6d2e90f9e3ab61ab78d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/integration/react-browser/src/AppAuto.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76266, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ebff76ee063944eb5f3f2b28e426a2618cf6579c0edc520c98b5de83fab37db1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/scales/scale.linearbase.js", "duplicate_line": 184, "correlation_key": "fp|ebff76ee063944eb5f3f2b28e426a2618cf6579c0edc520c98b5de83fab37db1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/scales/scale.logarithmic.js"}, "region": {"startLine": 128}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76265, "scanner": "repobility-ai-code-hygiene", "fingerprint": "45d3c3698ebd1949a8ba1aa2e69fb00af40f8d2dd3880463d188e34d6ff8bb07", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/controllers/controller.line.js", "duplicate_line": 74, "correlation_key": "fp|45d3c3698ebd1949a8ba1aa2e69fb00af40f8d2dd3880463d188e34d6ff8bb07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/controllers/controller.scatter.js"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 76334, "scanner": "repobility-threat-engine", "fingerprint": "49957cf22c35a07d03ce28f0b002f89c9e2865ab42a6d9f953a3d10e66a65bdc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|49957cf22c35a07d03ce28f0b002f89c9e2865ab42a6d9f953a3d10e66a65bdc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/helpers/helpers.extras.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 76333, "scanner": "repobility-threat-engine", "fingerprint": "e6c06eeca01b85372d3921e93657d14421dcf0693094200231c3cdfa1664ca8b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e6c06eeca01b85372d3921e93657d14421dcf0693094200231c3cdfa1664ca8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/helpers/helpers.options.ts"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 76332, "scanner": "repobility-threat-engine", "fingerprint": "8780560c5d62f96cadb306582f6cc9ebeed98552f2e1e01e2180f1b705ffebb0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8780560c5d62f96cadb306582f6cc9ebeed98552f2e1e01e2180f1b705ffebb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/helpers/helpers.math.ts"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 76331, "scanner": "repobility-threat-engine", "fingerprint": "5b71c5e7e25d088e2de65e95d0d750cd09965cb96b618d4c3b0468aa1f7b15cf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5b71c5e7e25d088e2de65e95d0d750cd09965cb96b618d4c3b0468aa1f7b15cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/helpers/helpers.dom.ts"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 76330, "scanner": "repobility-threat-engine", "fingerprint": "50b53e54f3d0c552b9a5fa699ed6e509c2eb6de424908ce265c1f52c69bf747c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|50b53e54f3d0c552b9a5fa699ed6e509c2eb6de424908ce265c1f52c69bf747c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/scales/scale.linearbase.js"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 76329, "scanner": "repobility-threat-engine", "fingerprint": "f7bf1d8ec40f6beb79c533c090508fe977dadac2a69e77861059c0f0e207df06", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f7bf1d8ec40f6beb79c533c090508fe977dadac2a69e77861059c0f0e207df06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/helpers/helpers.options.ts"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 76328, "scanner": "repobility-threat-engine", "fingerprint": "49afabd2f5a1d7253447a4ad9be0fa2fc5f6fbfbd844ef4efa5648fdbee451ab", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|49afabd2f5a1d7253447a4ad9be0fa2fc5f6fbfbd844ef4efa5648fdbee451ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/core.config.js"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 76326, "scanner": "repobility-threat-engine", "fingerprint": "dfda4170aff520d17dd79e2ba83251ca47508d2ca8ba93d0fcc46ccc46e07c8c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|dfda4170aff520d17dd79e2ba83251ca47508d2ca8ba93d0fcc46ccc46e07c8c"}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 76322, "scanner": "repobility-threat-engine", "fingerprint": "fb9e9909f77ebb919a9658cc93b64b46be3a5150fb63c2c5db6aea0c76c5b028", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fb9e9909f77ebb919a9658cc93b64b46be3a5150fb63c2c5db6aea0c76c5b028"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/.vuepress/config.ts"}, "region": {"startLine": 393}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `karma-spec-reporter` is patch version(s) behind (0.0.32 -> 0.0.36)"}, "properties": {"repobilityId": 76320, "scanner": "repobility-dependency-currency", "fingerprint": "b68d0712e2d206a9a4672dab7986115f1610ece7eab79a8f816f4dc9c6139df6", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "karma-spec-reporter", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.0.36", "correlation_key": "fp|b68d0712e2d206a9a4672dab7986115f1610ece7eab79a8f816f4dc9c6139df6", "current_version": "0.0.32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `karma-rollup-preprocessor` is patch version(s) behind (7.0.7 -> 7.0.8)"}, "properties": {"repobilityId": 76319, "scanner": "repobility-dependency-currency", "fingerprint": "a804e892407fa1ed63968227af7eee53b3ba921e5b78b200ba3bf71fa075a469", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "karma-rollup-preprocessor", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.0.8", "correlation_key": "fp|a804e892407fa1ed63968227af7eee53b3ba921e5b78b200ba3bf71fa075a469", "current_version": "7.0.7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `karma-firefox-launcher` is patch version(s) behind (^2.1.0 -> 2.1.3)"}, "properties": {"repobilityId": 76316, "scanner": "repobility-dependency-currency", "fingerprint": "434da32583d9628da33d90d3f13e738b243dd4ed48e3be7c12a163d6eb125bef", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "karma-firefox-launcher", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.1.3", "correlation_key": "fp|434da32583d9628da33d90d3f13e738b243dd4ed48e3be7c12a163d6eb125bef", "current_version": "^2.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `chartjs-adapter-moment` is patch version(s) behind (^1.0.0 -> 1.0.1)"}, "properties": {"repobilityId": 76305, "scanner": "repobility-dependency-currency", "fingerprint": "209b534dc935239dff517eb03084b46ba22537e2701ea09a5e16c1b15b6cbac8", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "chartjs-adapter-moment", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.0.1", "correlation_key": "fp|209b534dc935239dff517eb03084b46ba22537e2701ea09a5e16c1b15b6cbac8", "current_version": "^1.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@types/offscreencanvas` is patch version(s) behind (^2019.7.0 -> 2019.7.3)"}, "properties": {"repobilityId": 76303, "scanner": "repobility-dependency-currency", "fingerprint": "25e362418eb087dda4c50f5d4e66def3c74941a2f71cb2b2400561c073ba28b4", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/offscreencanvas", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2019.7.3", "correlation_key": "fp|25e362418eb087dda4c50f5d4e66def3c74941a2f71cb2b2400561c073ba28b4", "current_version": "^2019.7.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@types/estree` is patch version(s) behind (^1.0.0 -> 1.0.9)"}, "properties": {"repobilityId": 76302, "scanner": "repobility-dependency-currency", "fingerprint": "2f5050e6a7b9bde574ae49542a6773eda7df3256ae31af0eb9da28faeba192aa", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/estree", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.0.9", "correlation_key": "fp|2f5050e6a7b9bde574ae49542a6773eda7df3256ae31af0eb9da28faeba192aa", "current_version": "^1.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@rollup/plugin-inject` is patch version(s) behind (^5.0.2 -> 5.0.5)"}, "properties": {"repobilityId": 76299, "scanner": "repobility-dependency-currency", "fingerprint": "eac0c49e2c49360e1038df447073e1fec65aadbd211cbac17a1cd221ad02d40c", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@rollup/plugin-inject", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "5.0.5", "correlation_key": "fp|eac0c49e2c49360e1038df447073e1fec65aadbd211cbac17a1cd221ad02d40c", "current_version": "^5.0.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3h5v-q93c-6h6q", "level": "error", "message": {"text": "ws: GHSA-3h5v-q93c-6h6q"}, "properties": {"repobilityId": 76447, "scanner": "osv-scanner", "fingerprint": "67365cbbddd2d99a07d4e13e9b7430eaba7cc9787e11ce99eb5228395cb10643", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-37890"], "package": "ws", "rule_id": "GHSA-3h5v-q93c-6h6q", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2024-37890|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wr3j-pwj9-hqq6", "level": "error", "message": {"text": "webpack-dev-middleware: GHSA-wr3j-pwj9-hqq6"}, "properties": {"repobilityId": 76442, "scanner": "osv-scanner", "fingerprint": "6c803174cbabb6656ceb9a9e567c33a8d117cf8e618f2ab2cb983c2c1f54d4c0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-29180"], "package": "webpack-dev-middleware", "rule_id": "GHSA-wr3j-pwj9-hqq6", "scanner": "osv-scanner", "correlation_key": "vuln|webpack-dev-middleware|CVE-2024-29180|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ph9p-34f9-6g65", "level": "error", "message": {"text": "tmp: GHSA-ph9p-34f9-6g65"}, "properties": {"repobilityId": 76437, "scanner": "osv-scanner", "fingerprint": "85237a582679ce02ed5374b4c960bb9330e68d29c31080114a7ec45740887db3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44705"], "package": "tmp", "rule_id": "GHSA-ph9p-34f9-6g65", "scanner": "osv-scanner", "correlation_key": "vuln|tmp|CVE-2026-44705|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xpqw-6gx7-v673", "level": "error", "message": {"text": "svgo: GHSA-xpqw-6gx7-v673"}, "properties": {"repobilityId": 76435, "scanner": "osv-scanner", "fingerprint": "70866ed2196d4e87ffd96cdb1e096bba65e3231e36ef306168b523e7203f83fa", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29074"], "package": "svgo", "rule_id": "GHSA-xpqw-6gx7-v673", "scanner": "osv-scanner", "correlation_key": "vuln|svgo|CVE-2026-29074|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-677m-j7p3-52f9", "level": "error", "message": {"text": "socket.io-parser: GHSA-677m-j7p3-52f9"}, "properties": {"repobilityId": 76434, "scanner": "osv-scanner", "fingerprint": "a88232dbb8cfda69bb9b1ee196177430e8462baab711a42a1ac3bfad195c03a3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33151"], "package": "socket.io-parser", "rule_id": "GHSA-677m-j7p3-52f9", "scanner": "osv-scanner", "correlation_key": "vuln|socket.io-parser|CVE-2026-33151|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5c6j-r48x-rmvq", "level": "error", "message": {"text": "serialize-javascript: GHSA-5c6j-r48x-rmvq"}, "properties": {"repobilityId": 76429, "scanner": "osv-scanner", "fingerprint": "de4935b665c57173b6330e6fb3d06a59e8b21f8a73cc30ee4bd8c133ec29eb0f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "serialize-javascript", "rule_id": "GHSA-5c6j-r48x-rmvq", "scanner": "osv-scanner", "correlation_key": "vuln|serialize-javascript|GHSA-5C6J-R48X-RMVQ|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2qf-rxjj-qqgw", "level": "error", "message": {"text": "semver: GHSA-c2qf-rxjj-qqgw"}, "properties": {"repobilityId": 76427, "scanner": "osv-scanner", "fingerprint": "6c4cd43c0156f568d5d30f476fa572f759018b0e94f9244bea61e9af87c6b7c6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-25883"], "package": "semver", "rule_id": "GHSA-c2qf-rxjj-qqgw", "scanner": "osv-scanner", "correlation_key": "vuln|semver|CVE-2022-25883|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mw96-cpmx-2vgc", "level": "error", "message": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "properties": {"repobilityId": 76426, "scanner": "osv-scanner", "fingerprint": "0425e8b734fe5759a8789ed8ef46f76963f44ca5145876702e82443bdd19a5ab", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27606"], "package": "rollup", "rule_id": "GHSA-mw96-cpmx-2vgc", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2026-27606|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gcx4-mw62-g8wm", "level": "error", "message": {"text": "rollup: GHSA-gcx4-mw62-g8wm"}, "properties": {"repobilityId": 76425, "scanner": "osv-scanner", "fingerprint": "195a05c1ccd7789a2defbb9605939c0a934efc309890ddfdd282c3082c1f4bf0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47068"], "package": "rollup", "rule_id": "GHSA-gcx4-mw62-g8wm", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2024-47068|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 76418, "scanner": "osv-scanner", "fingerprint": "a3dd2390244022d96de63689cdd673fb906d1165f495d6a42a0980e956db632d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rhx6-c78j-4q9w", "level": "error", "message": {"text": "path-to-regexp: GHSA-rhx6-c78j-4q9w"}, "properties": {"repobilityId": 76414, "scanner": "osv-scanner", "fingerprint": "bb29ea2b0c126b076f242eb56cea4b49f6b112670e22db444f3d7ab2d4ddc6a4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-52798"], "package": "path-to-regexp", "rule_id": "GHSA-rhx6-c78j-4q9w", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2024-52798|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9wv6-86v2-598j", "level": "error", "message": {"text": "path-to-regexp: GHSA-9wv6-86v2-598j"}, "properties": {"repobilityId": 76413, "scanner": "osv-scanner", "fingerprint": "0522c73bdfae6aee618b0df17a6e1cb3e439e9873d79943a7601d19eb2eaf200", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-45296"], "package": "path-to-regexp", "rule_id": "GHSA-9wv6-86v2-598j", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2024-45296|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-37ch-88jc-xwx2", "level": "error", "message": {"text": "path-to-regexp: GHSA-37ch-88jc-xwx2"}, "properties": {"repobilityId": 76412, "scanner": "osv-scanner", "fingerprint": "5f84f52bbcd46db66c79dfd59714ac90c668d089fbb31ecd1c685bce826e6c9c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4867"], "package": "path-to-regexp", "rule_id": "GHSA-37ch-88jc-xwx2", "scanner": "osv-scanner", "correlation_key": "vuln|path-to-regexp|CVE-2026-4867|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rp65-9cf3-cjxr", "level": "error", "message": {"text": "nth-check: GHSA-rp65-9cf3-cjxr"}, "properties": {"repobilityId": 76410, "scanner": "osv-scanner", "fingerprint": "b97f335435c34fdbf6c66769e28bf67a78d925b3f64338f81224d226e2bb7549", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2021-3803"], "package": "nth-check", "rule_id": "GHSA-rp65-9cf3-cjxr", "scanner": "osv-scanner", "correlation_key": "vuln|nth-check|CVE-2021-3803|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-x4jg-mjrx-434g", "level": "error", "message": {"text": "node-forge: GHSA-x4jg-mjrx-434g"}, "properties": {"repobilityId": 76409, "scanner": "osv-scanner", "fingerprint": "60b86907d90ef8a2a1d5a0ad17c7af0c5764b3031d4b69503e46917b32aee295", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-24772"], "package": "node-forge", "rule_id": "GHSA-x4jg-mjrx-434g", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2022-24772|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q67f-28xg-22rw", "level": "error", "message": {"text": "node-forge: GHSA-q67f-28xg-22rw"}, "properties": {"repobilityId": 76408, "scanner": "osv-scanner", "fingerprint": "a69db64dde57e37f7dce01118e6ddc618411910f6d20e61e2200dfd33f8f982e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33895"], "package": "node-forge", "rule_id": "GHSA-q67f-28xg-22rw", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33895|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ppp5-5v6c-4jwp", "level": "error", "message": {"text": "node-forge: GHSA-ppp5-5v6c-4jwp"}, "properties": {"repobilityId": 76407, "scanner": "osv-scanner", "fingerprint": "678f289e9900c57e676593d804de0a138b236439c6c97c2d2e4d4239b16dfcfa", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33894"], "package": "node-forge", "rule_id": "GHSA-ppp5-5v6c-4jwp", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33894|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cfm4-qjh2-4765", "level": "error", "message": {"text": "node-forge: GHSA-cfm4-qjh2-4765"}, "properties": {"repobilityId": 76405, "scanner": "osv-scanner", "fingerprint": "18593e19e29ae091cb174158d81d3638a9f613aab971ae349c444f44cd639254", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-24771"], "package": "node-forge", "rule_id": "GHSA-cfm4-qjh2-4765", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2022-24771|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5m6q-g25r-mvwx", "level": "error", "message": {"text": "node-forge: GHSA-5m6q-g25r-mvwx"}, "properties": {"repobilityId": 76401, "scanner": "osv-scanner", "fingerprint": "dc5fa214bdc6d63d473f50f22af42dea35347f5fb1cf540d539cfe46604ac6da", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33891"], "package": "node-forge", "rule_id": "GHSA-5m6q-g25r-mvwx", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33891|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5gfm-wpxj-wjgq", "level": "error", "message": {"text": "node-forge: GHSA-5gfm-wpxj-wjgq"}, "properties": {"repobilityId": 76400, "scanner": "osv-scanner", "fingerprint": "37801c7f7d41e93aee859018f0d1a1c4846220b2d52b16a3ee24c8dbb5c5ab1c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-12816"], "package": "node-forge", "rule_id": "GHSA-5gfm-wpxj-wjgq", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-12816|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-554w-wpv2-vw27", "level": "error", "message": {"text": "node-forge: GHSA-554w-wpv2-vw27"}, "properties": {"repobilityId": 76399, "scanner": "osv-scanner", "fingerprint": "8812c16a4e42dd19d361ca520f98bbaf875b31b039c35da8ded934aa4337f617", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66031"], "package": "node-forge", "rule_id": "GHSA-554w-wpv2-vw27", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2025-66031|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2328-f5f3-gj25", "level": "error", "message": {"text": "node-forge: GHSA-2328-f5f3-gj25"}, "properties": {"repobilityId": 76397, "scanner": "osv-scanner", "fingerprint": "541e84349945fccc3e4ec79e0a4d02d9c0e7ba223c81a229c94604f1bc507cf5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33896"], "package": "node-forge", "rule_id": "GHSA-2328-f5f3-gj25", "scanner": "osv-scanner", "correlation_key": "vuln|node-forge|CVE-2026-33896|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 76395, "scanner": "osv-scanner", "fingerprint": "c3482c8b051b710219b686b962c8edfcc83babb0e1e54a2b470ae7782dd0b574", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 76394, "scanner": "osv-scanner", "fingerprint": "2fd5e24a94dfd2116cfc5d9aeb4e4f584669c9b76d1795010331a7b69b3682a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 76393, "scanner": "osv-scanner", "fingerprint": "af7663e4c51288986bfb4927d06e33aa650fed364bb14d31804c3d4da5638193", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash.template: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 76389, "scanner": "osv-scanner", "fingerprint": "4f9c0f00d9a60141fdb3c96ddc6bef5b6765dec716585a8dd1aa3779ac336765", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash.template", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash.template|CVE-2026-4800|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-35jh-r3h4-6jhm", "level": "error", "message": {"text": "lodash.template: GHSA-35jh-r3h4-6jhm"}, "properties": {"repobilityId": 76388, "scanner": "osv-scanner", "fingerprint": "11e682f1071d90461707d34c74aae0b1cb4be8a39a5d7e2dfa6ea449d5d367c5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2021-23337"], "package": "lodash.template", "rule_id": "GHSA-35jh-r3h4-6jhm", "scanner": "osv-scanner", "correlation_key": "vuln|lodash.template|CVE-2021-23337|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r5fr-rjxr-66jc", "level": "error", "message": {"text": "lodash: GHSA-r5fr-rjxr-66jc"}, "properties": {"repobilityId": 76386, "scanner": "osv-scanner", "fingerprint": "853deeac541f0dc49600a5a4216f851e15bffd93ce8be267a82d13637ceb9e7d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4800"], "package": "lodash", "rule_id": "GHSA-r5fr-rjxr-66jc", "scanner": "osv-scanner", "correlation_key": "vuln|lodash|CVE-2026-4800|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c27g-q93r-2cwf", "level": "error", "message": {"text": "launch-editor: GHSA-c27g-q93r-2cwf"}, "properties": {"repobilityId": 76383, "scanner": "osv-scanner", "fingerprint": "601353996542bd72c274ae23134b522705254c001a0ead53f74309692541eb8a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-52011"], "package": "launch-editor", "rule_id": "GHSA-c27g-q93r-2cwf", "scanner": "osv-scanner", "correlation_key": "vuln|launch-editor|CVE-2024-52011|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9c47-m6qq-7p4h", "level": "error", "message": {"text": "json5: GHSA-9c47-m6qq-7p4h"}, "properties": {"repobilityId": 76382, "scanner": "osv-scanner", "fingerprint": "f216a1e47046f5152706b2e9cb6f7b754be22e7d1d7c09a146dd2776a693ee78", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-46175"], "package": "json5", "rule_id": "GHSA-9c47-m6qq-7p4h", "scanner": "osv-scanner", "correlation_key": "vuln|json5|CVE-2022-46175|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2p57-rm9w-gvfp", "level": "error", "message": {"text": "ip: GHSA-2p57-rm9w-gvfp"}, "properties": {"repobilityId": 76379, "scanner": "osv-scanner", "fingerprint": "6ccc4ab31dded23b2ec4e9e3c698dbad47e8e857eaefabb9aac40cc2de76bf5b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-29415"], "package": "ip", "rule_id": "GHSA-2p57-rm9w-gvfp", "scanner": "osv-scanner", "correlation_key": "vuln|ip|CVE-2024-29415|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c7qv-q95q-8v27", "level": "error", "message": {"text": "http-proxy-middleware: GHSA-c7qv-q95q-8v27"}, "properties": {"repobilityId": 76376, "scanner": "osv-scanner", "fingerprint": "2cf99c117618b64d077c412d1201c10c292a3ef6bbda29e13390ea05eccc3273", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21536"], "package": "http-proxy-middleware", "rule_id": "GHSA-c7qv-q95q-8v27", "scanner": "osv-scanner", "correlation_key": "vuln|http-proxy-middleware|CVE-2024-21536|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pfq8-rq6v-vf5m", "level": "error", "message": {"text": "html-minifier: GHSA-pfq8-rq6v-vf5m"}, "properties": {"repobilityId": 76375, "scanner": "osv-scanner", "fingerprint": "19e163ad214b2c97a1e9455eb4753bc7f15d6798bbdf2e51a466f37426bc04c3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-37620"], "package": "html-minifier", "rule_id": "GHSA-pfq8-rq6v-vf5m", "scanner": "osv-scanner", "correlation_key": "vuln|html-minifier|CVE-2022-37620|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xjpj-3mr7-gcpf", "level": "error", "message": {"text": "handlebars: GHSA-xjpj-3mr7-gcpf"}, "properties": {"repobilityId": 76373, "scanner": "osv-scanner", "fingerprint": "24ba3e0cc9cef82237817206aeed468834465fd459b16420bb67cc61a681a8ac", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33941"], "package": "handlebars", "rule_id": "GHSA-xjpj-3mr7-gcpf", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33941|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xhpv-hc6g-r9c6", "level": "error", "message": {"text": "handlebars: GHSA-xhpv-hc6g-r9c6"}, "properties": {"repobilityId": 76372, "scanner": "osv-scanner", "fingerprint": "10d6b52a4d44532c79b9bafe359015930587a7e16fbbab09b528c0b860d1ad02", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33940"], "package": "handlebars", "rule_id": "GHSA-xhpv-hc6g-r9c6", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33940|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9cx6-37pm-9jff", "level": "error", "message": {"text": "handlebars: GHSA-9cx6-37pm-9jff"}, "properties": {"repobilityId": 76371, "scanner": "osv-scanner", "fingerprint": "ce9a0820457f11d7c2e22ef7f075232723135b46e0fa5f339e31671e43b99355", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33939"], "package": "handlebars", "rule_id": "GHSA-9cx6-37pm-9jff", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33939|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3mfm-83xf-c92r", "level": "error", "message": {"text": "handlebars: GHSA-3mfm-83xf-c92r"}, "properties": {"repobilityId": 76368, "scanner": "osv-scanner", "fingerprint": "bd8e1ad0e6b1841135a2cb8997374a71a1df7a2ac3600a33b76c596543096f07", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33938"], "package": "handlebars", "rule_id": "GHSA-3mfm-83xf-c92r", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33938|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rf6f-7fwh-wjgh", "level": "error", "message": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "properties": {"repobilityId": 76362, "scanner": "osv-scanner", "fingerprint": "bb0508d8b81791b93a087ab900f213d85cb4d8a9469875be9a0c401a10ba6490", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33228"], "package": "flatted", "rule_id": "GHSA-rf6f-7fwh-wjgh", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-33228|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-25h7-pfq9-p65f", "level": "error", "message": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "properties": {"repobilityId": 76361, "scanner": "osv-scanner", "fingerprint": "68dd2c69540d2eac4711f2087ccd7176bb1037726ae0451ddfe3dcae14fc6d75", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-32141"], "package": "flatted", "rule_id": "GHSA-25h7-pfq9-p65f", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-32141|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3xgq-45jj-v275", "level": "error", "message": {"text": "cross-spawn: GHSA-3xgq-45jj-v275"}, "properties": {"repobilityId": 76349, "scanner": "osv-scanner", "fingerprint": "1855d612cc7fdd9130ef42e526b76e7cf21a3a0a1ba38d62756b48f6e01b6cb5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-21538"], "package": "cross-spawn", "rule_id": "GHSA-3xgq-45jj-v275", "scanner": "osv-scanner", "correlation_key": "vuln|cross-spawn|CVE-2024-21538|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-x9w5-v3q2-3rhw", "level": "error", "message": {"text": "browserify-sign: GHSA-x9w5-v3q2-3rhw"}, "properties": {"repobilityId": 76346, "scanner": "osv-scanner", "fingerprint": "2c453c92137eac1c69df066fdb01c4d7ea3c03cc0c1e5291941f19a95f25192a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-46234"], "package": "browserify-sign", "rule_id": "GHSA-x9w5-v3q2-3rhw", "scanner": "osv-scanner", "correlation_key": "vuln|browserify-sign|CVE-2023-46234|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-grv7-fg5c-xmjg", "level": "error", "message": {"text": "braces: GHSA-grv7-fg5c-xmjg"}, "properties": {"repobilityId": 76345, "scanner": "osv-scanner", "fingerprint": "abfdfa570af43e4c9f171497321ff580a36bf3a48736f26d797091e842851248", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-4068"], "package": "braces", "rule_id": "GHSA-grv7-fg5c-xmjg", "scanner": "osv-scanner", "correlation_key": "vuln|braces|CVE-2024-4068|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qwcr-r2fm-qrc7", "level": "error", "message": {"text": "body-parser: GHSA-qwcr-r2fm-qrc7"}, "properties": {"repobilityId": 76342, "scanner": "osv-scanner", "fingerprint": "760223c9c4a3535437e33e2c91dec5994ad7d193b11c0e5636dbfa046a52daf8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-45590"], "package": "body-parser", "rule_id": "GHSA-qwcr-r2fm-qrc7", "scanner": "osv-scanner", "correlation_key": "vuln|body-parser|CVE-2024-45590|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 76325, "scanner": "repobility-threat-engine", "fingerprint": "a5ddea66815fbae009084479ad7c0cc7198781c06d12d0f945703f845da28826", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "legend.chart.update();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a5ddea66815fbae009084479ad7c0cc7198781c06d12d0f945703f845da28826"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/controllers/controller.polarArea.js"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 76324, "scanner": "repobility-threat-engine", "fingerprint": "96e8a6c94a9984650feb5905ccbc84a27cc400eef9f8679e67d645c80041436d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "legend.chart.update();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|96e8a6c94a9984650feb5905ccbc84a27cc400eef9f8679e67d645c80041436d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/controllers/controller.doughnut.js"}, "region": {"startLine": 127}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 76323, "scanner": "repobility-threat-engine", "fingerprint": "48d3c080a655dcee3d636b2422aa077e12a152f3fe5c6031e80167883c9a87ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "ctx.save();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|48d3c080a655dcee3d636b2422aa077e12a152f3fe5c6031e80167883c9a87ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/scripts/derived-bubble.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `preactjs/compressed-size-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 76296, "scanner": "repobility-supply-chain", "fingerprint": "ff94b40424d6856e9eb0b365bbdc8dfbbf2214a58cef26548bb1553f7592293a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ff94b40424d6856e9eb0b365bbdc8dfbbf2214a58cef26548bb1553f7592293a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/compressed-size.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pnpm/action-setup` pinned to mutable ref `@v4.2.0`"}, "properties": {"repobilityId": 76295, "scanner": "repobility-supply-chain", "fingerprint": "7cb46b811666340f8cc7170a811a3371cc799fb551077557b15388a904f428d7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7cb46b811666340f8cc7170a811a3371cc799fb551077557b15388a904f428d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/compressed-size.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76294, "scanner": "repobility-supply-chain", "fingerprint": "354bbe65c178cf5274b06f74a7ffb62caae3dc0df944e31ba0766185c7a97418", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|354bbe65c178cf5274b06f74a7ffb62caae3dc0df944e31ba0766185c7a97418"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/compressed-size.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76293, "scanner": "repobility-supply-chain", "fingerprint": "c09b0839b85a5ce10e71e96a17eb7b253ddbbfa924fb657a11d975d3585235e3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c09b0839b85a5ce10e71e96a17eb7b253ddbbfa924fb657a11d975d3585235e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-docs.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pnpm/action-setup` pinned to mutable ref `@v4.2.0`"}, "properties": {"repobilityId": 76292, "scanner": "repobility-supply-chain", "fingerprint": "86ac833487fd2dabd8c38e8f19b9444618cbe4d5e788c1c6f457ea7090b07e11", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|86ac833487fd2dabd8c38e8f19b9444618cbe4d5e788c1c6f457ea7090b07e11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-docs.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76291, "scanner": "repobility-supply-chain", "fingerprint": "ff47d25142452bbfbef02da1da7eab66168dafcf8f167b1f06d3ebca76b149b4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ff47d25142452bbfbef02da1da7eab66168dafcf8f167b1f06d3ebca76b149b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-docs.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76290, "scanner": "repobility-supply-chain", "fingerprint": "6d5aea81b43b120a745d83b1a6beea34fdd657b1a2d2ee7ab1948a6a2e1d9322", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6d5aea81b43b120a745d83b1a6beea34fdd657b1a2d2ee7ab1948a6a2e1d9322"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pnpm/action-setup` pinned to mutable ref `@v4.2.0`"}, "properties": {"repobilityId": 76289, "scanner": "repobility-supply-chain", "fingerprint": "8c72b287c24349985fedd0b8e0d25c0f6fd2e1110c31300695b49cc9c98da259", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8c72b287c24349985fedd0b8e0d25c0f6fd2e1110c31300695b49cc9c98da259"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76288, "scanner": "repobility-supply-chain", "fingerprint": "f1e3bee27830b44d44d65f68f1e9c991162e8719a8628989686b91327ad48325", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f1e3bee27830b44d44d65f68f1e9c991162e8719a8628989686b91327ad48325"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-release-asset` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 76287, "scanner": "repobility-supply-chain", "fingerprint": "86418b9439afed921a437fe237f30407d87f87a244465e2b35e072ffb176f13d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|86418b9439afed921a437fe237f30407d87f87a244465e2b35e072ffb176f13d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76286, "scanner": "repobility-supply-chain", "fingerprint": "d2132d5247f63ea14b4f3db095a61624f8dd52e2cd3736182e2c6b863d84600d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d2132d5247f63ea14b4f3db095a61624f8dd52e2cd3736182e2c6b863d84600d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pnpm/action-setup` pinned to mutable ref `@v4.2.0`"}, "properties": {"repobilityId": 76285, "scanner": "repobility-supply-chain", "fingerprint": "ac3802d2dda857e67cab173808f83c7e2e508e457d4abe35f238d831ca2ba553", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ac3802d2dda857e67cab173808f83c7e2e508e457d4abe35f238d831ca2ba553"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76284, "scanner": "repobility-supply-chain", "fingerprint": "07bd0093cd57e876fc65bdba17da0a26a1b4c895f6a93c082a47128a1fc62a2f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|07bd0093cd57e876fc65bdba17da0a26a1b4c895f6a93c082a47128a1fc62a2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `release-drafter/release-drafter` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76283, "scanner": "repobility-supply-chain", "fingerprint": "e22f758530eda3288060f2289771a7da4528de43562dc72ef2b447200a6d8a38", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e22f758530eda3288060f2289771a7da4528de43562dc72ef2b447200a6d8a38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-drafter.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `coverallsapp/github-action` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 76282, "scanner": "repobility-supply-chain", "fingerprint": "84f365421ec762383102738835dc14b09c0bf43a8853aa3a685d8d549e572676", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|84f365421ec762383102738835dc14b09c0bf43a8853aa3a685d8d549e572676"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `coverallsapp/github-action` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 76281, "scanner": "repobility-supply-chain", "fingerprint": "2317577946ab9b99931ed9a9ae20cb55615d427b1700c4391821e6166de91776", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2317577946ab9b99931ed9a9ae20cb55615d427b1700c4391821e6166de91776"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `coverallsapp/github-action` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 76280, "scanner": "repobility-supply-chain", "fingerprint": "020406454a97346ecccafa9010808cf94e4a27de90a6300d0b92d9bee557e896", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|020406454a97346ecccafa9010808cf94e4a27de90a6300d0b92d9bee557e896"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dorny/paths-filter` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 76279, "scanner": "repobility-supply-chain", "fingerprint": "057c7277f8a4e42192a0dd1ed4aa3594f762c0bc8c6935fd34d322a1e7f5e522", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|057c7277f8a4e42192a0dd1ed4aa3594f762c0bc8c6935fd34d322a1e7f5e522"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76278, "scanner": "repobility-supply-chain", "fingerprint": "f438f2e05965d23c70631ba0d4c45b7e66bbe29c329aa9a99f93826004f79eab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f438f2e05965d23c70631ba0d4c45b7e66bbe29c329aa9a99f93826004f79eab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pnpm/action-setup` pinned to mutable ref `@v4.2.0`"}, "properties": {"repobilityId": 76277, "scanner": "repobility-supply-chain", "fingerprint": "8bd49802d6cfc82552de4b8bd767385668a1c621e72d10b7a06683426bbdffce", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8bd49802d6cfc82552de4b8bd767385668a1c621e72d10b7a06683426bbdffce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76276, "scanner": "repobility-supply-chain", "fingerprint": "8ff871aa34ad4544ef693e80e98d99629f28fab90630e6f9790de3304f24f0ca", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8ff871aa34ad4544ef693e80e98d99629f28fab90630e6f9790de3304f24f0ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "GHSA-95m3-7q98-8xr5", "level": "error", "message": {"text": "sha.js: GHSA-95m3-7q98-8xr5"}, "properties": {"repobilityId": 76433, "scanner": "osv-scanner", "fingerprint": "8dc609ec36886f3a652e378f48f3cead38f9920d16320b639794766969e09870", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-9288"], "package": "sha.js", "rule_id": "GHSA-95m3-7q98-8xr5", "scanner": "osv-scanner", "correlation_key": "vuln|sha.js|CVE-2025-9288|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v62p-rq8g-8h59", "level": "error", "message": {"text": "pbkdf2: GHSA-v62p-rq8g-8h59"}, "properties": {"repobilityId": 76416, "scanner": "osv-scanner", "fingerprint": "8035713fe07f0000b12ccaa645bf88125169fe79aa47d6a90775c710be2c22dc", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-6547"], "package": "pbkdf2", "rule_id": "GHSA-v62p-rq8g-8h59", "scanner": "osv-scanner", "correlation_key": "vuln|pbkdf2|CVE-2025-6547|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h7cp-r72f-jxh6", "level": "error", "message": {"text": "pbkdf2: GHSA-h7cp-r72f-jxh6"}, "properties": {"repobilityId": 76415, "scanner": "osv-scanner", "fingerprint": "169de7a376db0c9bb8afc1ba199b46ffe3ce494ce21d27fc9e4127afcf3ae5c3", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-6545"], "package": "pbkdf2", "rule_id": "GHSA-h7cp-r72f-jxh6", "scanner": "osv-scanner", "correlation_key": "vuln|pbkdf2|CVE-2025-6545|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-76p3-8jx3-jpfq", "level": "error", "message": {"text": "loader-utils: GHSA-76p3-8jx3-jpfq"}, "properties": {"repobilityId": 76384, "scanner": "osv-scanner", "fingerprint": "1bcebac0e0c2089eb3f69ded33dcbedb569900391ac49ad13ef5f2c3863d3227", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2022-37601"], "package": "loader-utils", "rule_id": "GHSA-76p3-8jx3-jpfq", "scanner": "osv-scanner", "correlation_key": "vuln|loader-utils|CVE-2022-37601|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2w6w-674q-4c4q", "level": "error", "message": {"text": "handlebars: GHSA-2w6w-674q-4c4q"}, "properties": {"repobilityId": 76367, "scanner": "osv-scanner", "fingerprint": "ca56ed8ccfbc68b8f5bfaf84fad5737f0ade9208f726065cf9ecd4162ef86369", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33937"], "package": "handlebars", "rule_id": "GHSA-2w6w-674q-4c4q", "scanner": "osv-scanner", "correlation_key": "vuln|handlebars|CVE-2026-33937|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fjxv-7rqg-78g4", "level": "error", "message": {"text": "form-data: GHSA-fjxv-7rqg-78g4"}, "properties": {"repobilityId": 76364, "scanner": "osv-scanner", "fingerprint": "ad1e1709200782fa3c6aaeacbf4c7bcdd76505e9d347c9d816391098f08d8693", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-7783"], "package": "form-data", "rule_id": "GHSA-fjxv-7rqg-78g4", "scanner": "osv-scanner", "correlation_key": "vuln|form-data|CVE-2025-7783|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vjh7-7g9h-fjfh", "level": "error", "message": {"text": "elliptic: GHSA-vjh7-7g9h-fjfh"}, "properties": {"repobilityId": 76357, "scanner": "osv-scanner", "fingerprint": "d624cc228b2c1a8079e6944e96e66928fa6a1ac0d6f69cc84ff25799b5f57dce", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "elliptic", "rule_id": "GHSA-vjh7-7g9h-fjfh", "scanner": "osv-scanner", "correlation_key": "vuln|elliptic|GHSA-VJH7-7G9H-FJFH|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cpq7-6gpm-g9rc", "level": "error", "message": {"text": "cipher-base: GHSA-cpq7-6gpm-g9rc"}, "properties": {"repobilityId": 76347, "scanner": "osv-scanner", "fingerprint": "b2abcb92524828b19d56e8e94b10c6028f6a47afd38d7f34f745a02428d271fe", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-9287"], "package": "cipher-base", "rule_id": "GHSA-cpq7-6gpm-g9rc", "scanner": "osv-scanner", "correlation_key": "vuln|cipher-base|CVE-2025-9287|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67hx-6x53-jw92", "level": "error", "message": {"text": "@babel/traverse: GHSA-67hx-6x53-jw92"}, "properties": {"repobilityId": 76338, "scanner": "osv-scanner", "fingerprint": "05cd38e6c48030aa87786059257f825e5c456d41c203231f43117c1ef33defc6", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-45133"], "package": "@babel/traverse", "rule_id": "GHSA-67hx-6x53-jw92", "scanner": "osv-scanner", "correlation_key": "vuln|babel/traverse|CVE-2023-45133|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "jwt", "level": "error", "message": {"text": "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data."}, "properties": {"repobilityId": 76335, "scanner": "gitleaks", "fingerprint": "76cda59931a41891bf02420bf5d83bb5a2c229dce8fc21f168cc0fa1f0a5a2e1", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED'", "rule_id": "jwt", "scanner": "gitleaks", "detector": "jwt", "correlation_key": "secret|token|15|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/getting-started/usage.md"}, "region": {"startLine": 152}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require() loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 76327, "scanner": "repobility-threat-engine", "fingerprint": "3b769293783137d7d2f3293e0285dd6fc174ef7054496c41be70bf0d13a6365b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(packageName", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3b769293783137d7d2f3293e0285dd6fc174ef7054496c41be70bf0d13a6365b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "karma.conf.cjs"}, "region": {"startLine": 44}}}]}]}]}