Updated broken links.

[Angello-droid]

No description provided.

[github-actions]

Checkmarx One – Scan Summary & Details – ffc9b3ad-827c-436c-8c5c-60d250e4fbb5

New Issues (68)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2023-26136	Npm-tough-cookie-4.1.2	details Recommended version: 4.1.3 Description: The package tough-cookie in versions prior to 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar ... Attack Vector: NETWORK Attack Complexity: LOW ID: cwAwpBSVrJCgqkR7cUwQ9vOa7V5zUByv50TM7MfaS9Q%3D Vulnerable Package
	CVE-2025-7783	Npm-form-data-4.0.0	details Recommended version: 4.0.4 Description: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with the pro... Attack Vector: NETWORK Attack Complexity: HIGH ID: gXOQtS6KV5HpFZj9BFRk36URxvwzvlc71q%2FqMYa1xAE%3D Vulnerable Package
	CVE-2022-25883	Npm-semver-7.5.0	details Recommended version: 7.5.2 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW ID: BcWrCgVb9Fq1EBThz7ptieoVbXjhSj3dCRgwDl0N74Y%3D Vulnerable Package
	CVE-2022-25883	Npm-semver-5.7.1	details Recommended version: 5.7.2 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW ID: ERk1z93XU5KxFR63ydhKbw7q%2BX0KSV7hDSw2ExrR4Q8%3D Vulnerable Package
	CVE-2022-25883	Npm-semver-6.3.0	details Recommended version: 6.3.1 Description: The package semver versions prior to 5.7.2, 6.x through 6.3.0 and 7.x through 7.5.1 are vulnerable to Regular Expression Denial of Service (ReDoS) ... Attack Vector: NETWORK Attack Complexity: LOW ID: xt5DVZNBFiJLo6HH5%2BvUFsndIK%2F6P6LgNihEei6q9pg%3D Vulnerable Package
	CVE-2023-26115	Npm-word-wrap-1.2.3	details Recommended version: 1.2.4 Description: Versions prior to 1.24 of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regu... Attack Vector: NETWORK Attack Complexity: LOW ID: oepQT9s3iHKEDZ5xsPOLzUThpMH2Kwj1BareioEqjD8%3D Vulnerable Package
	CVE-2023-34092	Npm-vite-4.3.4	details Recommended version: 5.4.20 Description: Vite provides front-end tooling. In versions through 2.9.15, 3.0.2 through 3.2.6, 4.0.0-alpha.0 through 4.0.4, 4.1.0-beta.0 through 4.1.4, 4.2.0-b... Attack Vector: NETWORK Attack Complexity: LOW ID: JgYMS10axWX%2BOEt%2BE26W%2Bf5djDrsxoCiNfJYiJO1DE0%3D Vulnerable Package
	CVE-2023-45133	Npm-@babel/traverse-7.21.5	details Recommended version: 7.23.2 Description: Babel is a compiler for writing JavaScript. In `@babel/traverse` versions prior to 7.23.2 and 8.0.x prior to 8.0.0-alpha.4, using Babel to compile ... Attack Vector: LOCAL Attack Complexity: LOW ID: vWmNc5%2FN3n7MilCikC%2FUbtV75Kic9w71%2F2dObzSIpzE%3D Vulnerable Package
	CVE-2024-12905	Npm-tar-fs-2.1.1	details Recommended version: 2.1.4 Description: An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"... Attack Vector: NETWORK Attack Complexity: LOW ID: wUdBdO2DoU72y1thwlTuYsMRdgUSyMI78FooMxev4IM%3D Vulnerable Package
	CVE-2024-21536	Npm-http-proxy-middleware-2.0.6	details Recommended version: 2.0.9 Description: The http-proxy-middleware versions through 2.0.7-beta.0 and 3.0.0-beta.0 through 3.0.2 are vulnerable to Denial of Service (DoS) due to an "Unhandl... Attack Vector: NETWORK Attack Complexity: LOW ID: %2FWuq4FnPSKB%2FBUXKpR5WYAEHm93E74U3IQ0yoEM0U1I%3D Vulnerable Package
	CVE-2024-21538	Npm-cross-spawn-5.1.0	details Recommended version: 6.0.6 Description: Versions of the package cross-spawn prior to 6.0.6 and 7.x prior to 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS), due to im... Attack Vector: NETWORK Attack Complexity: LOW ID: OA60%2FEf6NPeq1oAlYZAuIKfBQkXCxbW%2F1FTcwv41avI%3D Vulnerable Package
	CVE-2024-21538	Npm-cross-spawn-7.0.3	details Recommended version: 7.0.5 Description: Versions of the package cross-spawn prior to 6.0.6 and 7.x prior to 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS), due to im... Attack Vector: NETWORK Attack Complexity: LOW ID: uMRy2ShIaYMwgp222drDwr6YxJFz%2F03s%2BqYgrJHOzpQ%3D Vulnerable Package
	CVE-2024-23331	Npm-vite-4.3.4	details Recommended version: 5.4.20 Description: Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems u... Attack Vector: NETWORK Attack Complexity: LOW ID: WXVejFGowYAak0ByDeW1gKN3BN2QupJ2%2BrhFdboDZLE%3D Vulnerable Package
	CVE-2024-29180	Npm-webpack-dev-middleware-5.3.3	details Recommended version: 5.3.4 Description: In webpack-dev-middleware versions prior to 5.3.4, 6.x.x prior to 6.1.2, and 7.0.0 the development middleware for devpack does not validate the sup... Attack Vector: NETWORK Attack Complexity: LOW ID: z1CGBV5lXBrjsv1q94LAUIe5V3M7oxzK%2FBOIXWC1z6c%3D Vulnerable Package
	CVE-2024-37890	Npm-ws-8.13.0	details Recommended version: 8.17.1 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW ID: NRH27Kb3lxz2G67JXM4goza7hqDDhin6FsVRAZrt8rU%3D Vulnerable Package
	CVE-2024-37890	Npm-ws-8.5.0	details Recommended version: 8.17.1 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW ID: qVfEscwCQjrATzOLC18Rztm8rerSi8R%2Bx3jFbvaU12Y%3D Vulnerable Package
	CVE-2024-37890	Npm-ws-7.5.9	details Recommended version: 7.5.10 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW ID: u8vkr0kvAT2uE5BiYJsn0evYjcY0Z4bU3f0ayHinvGw%3D Vulnerable Package
	CVE-2024-4068	Npm-braces-3.0.2	details Recommended version: 3.0.3 Description: The NPM package "braces", versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In... Attack Vector: NETWORK Attack Complexity: LOW ID: LW5DIr2wgVAU1Yhd7p7GXwDMDQ1cnybK3FhFiJDrsmQ%3D Vulnerable Package
	CVE-2024-45296	Npm-path-to-regexp-0.1.7	details Recommended version: 0.1.12 Description: The path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be explo... Attack Vector: NETWORK Attack Complexity: LOW ID: BLtV2wI%2B6qYekfaUtGmGi6aqscc3VAMum%2B7H0OPxC7g%3D Vulnerable Package
	CVE-2024-45590	Npm-body-parser-1.20.1	details Recommended version: 1.20.3 Description: The body-parser is Node.js body parsing middleware. The body-parser package versions prior to 1.20.3 and 2.0.x prior to 2.0.0 are vulnerable to Den... Attack Vector: NETWORK Attack Complexity: LOW ID: sTjeMaLvsEd9P3nL42EBd4W33sTNy5i0mrqxb3nXokI%3D Vulnerable Package
	CVE-2024-52798	Npm-path-to-regexp-0.1.7	details Recommended version: 0.1.12 Description: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploit... Attack Vector: NETWORK Attack Complexity: LOW ID: vaNBZwb6b%2BxsRKGwLLZeGloj8O%2BSyvIZGIoJkLJifmo%3D Vulnerable Package
	CVE-2025-27152	Npm-axios-0.21.4	details Recommended version: 0.30.2 Description: Axios is a promise-based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to... Attack Vector: NETWORK Attack Complexity: LOW ID: ItNavWJsJdXAaLxzNLslEgnXT3gzQzF25%2B5lqx7DdPQ%3D Vulnerable Package
	CVE-2025-27152	Npm-axios-0.25.0	details Recommended version: 0.30.2 Description: Axios is a promise-based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to... Attack Vector: NETWORK Attack Complexity: LOW ID: tVFpLIw46okhs6gW%2Br1eSfeaMpknIe90Arbm3KgOglo%3D Vulnerable Package
	CVE-2025-30360	Npm-webpack-dev-server-4.13.3	details Recommended version: 5.2.1 Description: Webpack-dev-server allows users to use webpack with a development server that provides live reloading. Webpack-dev-server users' source code may b... Attack Vector: NETWORK Attack Complexity: LOW ID: I1h7wP%2BgbtkE7oHTTxVwfjo6zcYXMWBMZUAAgUAQd7w%3D Vulnerable Package
	CVE-2025-31125	Npm-vite-4.3.4	details Recommended version: 5.4.20 Description: Vite is a frontend tooling framework for javascript. Vite exposes the content of non-allowed files using `?inline&import` or `?raw?import`. Only ap... Attack Vector: NETWORK Attack Complexity: LOW ID: JzNrkd20%2FqhCkAj%2FOtnJu5lO%2FBRC%2Ff22n6Qnp0M7G%2Bo%3D Vulnerable Package
	CVE-2025-48387	Npm-tar-fs-2.1.1	details Recommended version: 2.1.4 Description: The package tar-fs provides filesystem bindings for tar-stream. In versions prior to 1.16.5, 2.0.x prior to 2.1.3, and 3.0.x prior to 3.0.9, there ... Attack Vector: NETWORK Attack Complexity: LOW ID: sG9eWC33FnJ13F0zpZeX2GXkLQgu6asx0t2l3qCQ0NE%3D Vulnerable Package
	CVE-2025-58754	Npm-axios-0.21.4	details Recommended version: 0.30.2 Description: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.12.0 runs on Node.js and is given a URL with the "d... Attack Vector: NETWORK Attack Complexity: LOW ID: mlHDLX%2BpPpDzkVxY0%2FBpC%2BN3XniX%2B9rPAg3lki5nVcc%3D Vulnerable Package
	CVE-2025-58754	Npm-axios-0.25.0	details Recommended version: 0.30.2 Description: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.12.0 runs on Node.js and is given a URL with the "d... Attack Vector: NETWORK Attack Complexity: LOW ID: qCqwp5ZQPvuew97jeK8vnkW5VtFmF4Z9uqq8rcfYesk%3D Vulnerable Package
	CVE-2025-59343	Npm-tar-fs-2.1.1	details Recommended version: 2.1.4 Description: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.4, and 1.16.6 are vulnerable to symlink validation bypass if the d... Attack Vector: NETWORK Attack Complexity: LOW ID: f8dcCeOd9ylbziGT0X8ikSIm5IVK8tWRmVYdqoSr0Ik%3D Vulnerable Package
	Cxdca8e59f-8bfe	Npm-inflight-1.0.6	details Description: In NPM `inflight` there is a Memory Leak because some resources are not freed correctly after being used. It appears to affect all versions, as the... Attack Vector: NETWORK Attack Complexity: LOW ID: N1%2Fk2tjrZ7T6NtwH1%2BwrIbespiWExjITDy1QV1pNtj8%3D Vulnerable Package
	CVE-2023-26159	Npm-follow-redirects-1.15.2	details Recommended version: 1.15.6 Description: The package follow-redirects versions prior to 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the "url.... Attack Vector: NETWORK Attack Complexity: LOW ID: KanymFwhgXYDwXjXFGgfa10rOOgr8qw0Pvf4Hn4yWoA%3D Vulnerable Package
	CVE-2023-44270	Npm-postcss-8.4.23	details Recommended version: 8.4.31 Description: An issue was discovered in postcss versions prior to 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An at... Attack Vector: NETWORK Attack Complexity: LOW ID: dGpsk%2FWbwMJbMfk0bGoyp8m2VpxTyvJC1edInmHXgxI%3D Vulnerable Package
	CVE-2023-45857	Npm-axios-0.21.4	details Recommended version: 0.30.2 Description: An issue discovered in Axios, inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN f... Attack Vector: NETWORK Attack Complexity: LOW ID: 3rdZmtKrNgy8q8%2BrvCqeODJ5sW47YC4L2ICmLasMkQg%3D Vulnerable Package
	CVE-2023-45857	Npm-axios-0.25.0	details Recommended version: 0.30.2 Description: An issue discovered in Axios, inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN f... Attack Vector: NETWORK Attack Complexity: LOW ID: %2FToaMOxDeLP4hnkH17nSeqgLKTPJ5Y%2Bze%2FXOtBlNMKo%3D Vulnerable Package
	CVE-2024-11831	Npm-serialize-javascript-6.0.1	details Recommended version: 6.0.2 Description: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain i... Attack Vector: NETWORK Attack Complexity: LOW ID: qyPo%2BikG3SBcFns1Y3tHy1LeJJ0hX3VxZGqIH9jH2a4%3D Vulnerable Package
	CVE-2024-28849	Npm-follow-redirects-1.15.2	details Recommended version: 1.15.6 Description: follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected ver... Attack Vector: NETWORK Attack Complexity: LOW ID: muCwnROiMv%2F2MsVpuf5J53Li0uRabqbYG3rlVpjgJso%3D Vulnerable Package
	CVE-2024-29041	Npm-express-4.18.2	details Recommended version: 4.20.0 Description: Express.js minimalist web framework for node. Express.js versions prior to 4.19.2, and 5.0.x prior to 5.0.0-beta.3 are affected by an open redirect... Attack Vector: NETWORK Attack Complexity: LOW ID: ugnpLc3AfZgk2BOCtctVS%2BnMDYnicpF3nPrO%2B%2BYTVlU%3D Vulnerable Package
	CVE-2024-31207	Npm-vite-4.3.4	details Recommended version: 5.4.20 Description: Vite (French word for "quick", pronounced "/vit/", like "veet") is a frontend build tooling to improve the frontend development experience. "server... Attack Vector: NETWORK Attack Complexity: HIGH ID: xzT6m6tA5l3jjoHjo5ZA0RwH0W6V6FPh62UOHF2uMA0%3D Vulnerable Package
	CVE-2024-4067	Npm-micromatch-4.0.5	details Recommended version: 4.0.8 Description: The NPM package "micromatch" prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in "micromatch.... Attack Vector: NETWORK Attack Complexity: LOW ID: 92BMaTq848ce33hKqYmtGxmolQ9jryor6oHkfVI%2Fuxo%3D Vulnerable Package
	CVE-2024-43788	Npm-webpack-5.81.0	details Recommended version: 5.94.0 Description: Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundlin... Attack Vector: NETWORK Attack Complexity: LOW ID: %2B8khnA1Pll2zMcD2KbU2KMQhS%2Blh7Ljn5Z5ZiCzGTEQ%3D Vulnerable Package
	CVE-2024-43796	Npm-express-4.18.2	details Recommended version: 4.20.0 Description: Express.js minimalist web framework for node. In express versions prior to 4.20.0 and 5.0.x prior to 5.0.0, passing untrusted user input even after... Attack Vector: NETWORK Attack Complexity: HIGH ID: Pa4TPSZF9jzLPeqvG1wGBzrGT195DwjCorwGkRLEW88%3D Vulnerable Package
	CVE-2024-43799	Npm-send-0.18.0	details Recommended version: 0.19.0 Description: Send is a library for streaming files from the file system as an HTTP response. Send passes untrusted user input to "SendStream.redirect()" which e... Attack Vector: NETWORK Attack Complexity: HIGH ID: 3Q64yJLcKmN5f%2BNGTdiEg%2F%2FoRtAHxoAQXZCrNhpOCZ4%3D Vulnerable Package
	CVE-2024-43800	Npm-serve-static-1.15.0	details Recommended version: 1.16.0 Description: serve-static serves static files. serve-static passes untrusted user input even after sanitizing it to "redirect()" and may execute untrusted code.... Attack Vector: NETWORK Attack Complexity: HIGH ID: 2y0IIVvOhsP%2B0J7X6t7ntDQNTDRzgdlPnXKQZExNeNM%3D Vulnerable Package
	CVE-2024-45811	Npm-vite-4.3.4	details Recommended version: 5.4.20 Description: Vite a frontend build tooling framework for JavaScript. In versions through 3.2.10, 4.0.0-alpha.0 through 4.5.3, 5.0.0-beta.0 through 5.1.7, 5.2.0-... Attack Vector: ADJACENT NETWORK Attack Complexity: HIGH ID: Uy3Am7npAfzHxWziL4D1igoGC7CFoVrv%2B21A0oX38Rw%3D Vulnerable Package
	CVE-2024-45812	Npm-vite-4.3.4	details Recommended version: 5.4.20 Description: Vite a frontend build tooling framework for javascript. In vite versions through 3.2.10, 4.0.0-alpha.0 through 4.5.3, 5.0.0-beta.0 through 5.1.7, 5... Attack Vector: NETWORK Attack Complexity: HIGH ID: BLnFz3PdY28K9D0EeGiPdLeMVgpkTvJHfj8o%2Bxmoufc%3D Vulnerable Package
	CVE-2024-47068	Npm-rollup-3.21.3	details Recommended version: 3.29.5 Description: Rollup is a module bundler for JavaScript. In rollup versions prior to 2.79.2, 3.x prior to 3.29.5, and 4.x prior to 4.22.4 are susceptible to a DO... Attack Vector: NETWORK Attack Complexity: LOW ID: oDO%2FrwNHIATQCQE%2BnkpnRwn4FWtEB40vYE7PoWQPC6U%3D Vulnerable Package
	CVE-2024-47764	Npm-cookie-0.5.0	details Recommended version: 0.7.0 Description: The NPM package cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cook... Attack Vector: NETWORK Attack Complexity: LOW ID: Vea9E9fI0jcLLmbtnrwRRpnwxMrg1%2FTPboUtGas86Iw%3D Vulnerable Package
	CVE-2024-55565	Npm-nanoid-3.3.6	details Recommended version: 3.3.8 Description: The package nanoid versions through 3.3.7 and 4.0.0 through 5.0.8 mishandle non-integer values. Attack Vector: NETWORK Attack Complexity: LOW ID: Xs9rtik8731ClUutVE2iVt4ZWAPuHIa6%2BW%2F3rhQWYNg%3D Vulnerable Package
	CVE-2025-24010	Npm-vite-4.3.4	details Recommended version: 5.4.20 Description: Vite is a frontend tooling framework for JavaScript. Vite allowed any websites to send any requests to the development server and read the response... Attack Vector: NETWORK Attack Complexity: LOW ID: mo29TP5Sf%2FH%2FJ35SI3%2FM6C8%2Fp3et9M772iQHELLth%2BA%3D Vulnerable Package
	CVE-2025-27789	Npm-@babel/helpers-7.21.5	details Recommended version: 7.26.10 Description: Babel is a compiler for writing next-generation JavaScript. In affected versions of Babel, to compile regular expressions named capturing groups, B... Attack Vector: LOCAL Attack Complexity: LOW ID: y44tHYC4zI7BYEP4B%2B5t3H0KMpDHn4zz1eFGDftGKZE%3D Vulnerable Package
	CVE-2025-30208	Npm-vite-4.3.4	details Recommended version: 5.4.20 Description: Vite, a provider of frontend development tooling, has a vulnerability in versions through 4.5.9, 5.0.0 through 5.4.14, 6.0.0 through 6.0.11, 6.1.0 ... Attack Vector: NETWORK Attack Complexity: HIGH ID: xAmWHRcZow99qFGwNYK5zenlkJVmsfQI051ovIvEe34%3D Vulnerable Package
	CVE-2025-30359	Npm-webpack-dev-server-4.13.3	details Recommended version: 5.2.1 Description: The webpack-dev-server allows users to use webpack with a development server that provides live reloading. The webpack-dev-server users' source cod... Attack Vector: NETWORK Attack Complexity: HIGH ID: Fi81eX9clGNwq8PVYnH7kY7d6DMe%2F%2FCmUmQU8fSEPg4%3D Vulnerable Package
	CVE-2025-31486	Npm-vite-4.3.4	details Recommended version: 5.4.20 Description: A vulnerability in Vite allows the contents of arbitrary files to be returned to the browser. By appending "?.svg" along with "?.wasm?init" or sett... Attack Vector: NETWORK Attack Complexity: HIGH ID: SacU8HBk41hM6kU%2FjQgGvW7ElY5yxr%2F78hMjXDnsc0s%3D Vulnerable Package
	CVE-2025-32395	Npm-vite-4.3.4	details Recommended version: 5.4.20 Description: Vite is a frontend tooling framework for JavaScript. The contents of arbitrary files can be returned to the browser if the dev server is running on... Attack Vector: NETWORK Attack Complexity: LOW ID: cwCgMVyCKF5FokTAtMeLVU9fOvp0VNeVTpnKIfxg8iQ%3D Vulnerable Package
	CVE-2025-32996	Npm-http-proxy-middleware-2.0.6	details Recommended version: 2.0.9 Description: In http-proxy-middleware v1.3.0 through v2.0.7 and v3.x through v3.0.3, "writeBody" function can be called twice because "else if" is not used. Attack Vector: NETWORK Attack Complexity: LOW ID: VL7aJ67uALqel10Wda7mGDP6%2FQyTLaeMiqcVwkQjQdg%3D Vulnerable Package
	CVE-2025-32997	Npm-http-proxy-middleware-2.0.6	details Recommended version: 2.0.9 Description: In http-proxy-middleware versions 1.3.0 through 2.0.8 and 3.x through 3.0.4, the "fixRequestBody" function proceeds even if "bodyParser" has failed. Attack Vector: NETWORK Attack Complexity: LOW ID: d45DpezuZo7fRbB7p0R7iaqfJAnerixqkNffXxmIzqo%3D Vulnerable Package
	CVE-2025-46565	Npm-vite-4.3.4	details Recommended version: 5.4.20 Description: Vite is a frontend tooling framework for javascript. In vite package versions through 4.5.13, 5.0.0-beta.0 through 5.4.18, 6.0.0-alpha.0 through 6.... Attack Vector: NETWORK Attack Complexity: LOW ID: CLE%2BwXYxmoD1yOPy5%2FGWdYHu6GgW%2FOb5qlm508Vvc0c%3D Vulnerable Package
	CVE-2025-54798	Npm-tmp-0.0.33	details Recommended version: 0.2.4 Description: tmp is a temporary file and directory creator for node.js. In versions prior to 0.2.4, tmp is vulnerable to an arbitrary temporary file "/" directo... Attack Vector: NETWORK Attack Complexity: LOW ID: Z0boC%2FVf%2FahWVshcJhBg9K7L2HveFTKPkW7zc9Jcb9I%3D Vulnerable Package
	Cxbb85e86c-2fac	Npm-esbuild-0.17.18	details Recommended version: 0.25.0 Description: esbuild is an extremely fast bundler for the web, allowing any website to send any request to the development server and read the response due to d... Attack Vector: NETWORK Attack Complexity: HIGH ID: rtx%2Bz7GBLrLSx45q62NqzF8g4BRv%2BMJOW9Y8TJ0huWU%3D Vulnerable Package
	CVE-2025-58751	Npm-vite-4.3.4	details Recommended version: 5.4.20 Description: Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the ... Attack Vector: NETWORK Attack Complexity: LOW ID: EKkeM4Eu9KE8fgR%2BGgY573ZVtLksVZqJ8Qpt4vhzYTM%3D Vulnerable Package
	CVE-2025-58751	Npm-sirv-1.0.19	details Recommended version: 3.0.2 Description: Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the ... Attack Vector: NETWORK Attack Complexity: LOW ID: y8F0idWlGw9lrZp%2BwWRjW%2FQtHQrx0oiXn96A1wmQvD0%3D Vulnerable Package
	CVE-2025-58752	Npm-vite-4.3.4	details Recommended version: 5.4.20 Description: Vite is a frontend tooling framework for JavaScript. In Vite versions through 5.4.19, 6.x through 6.3.5, 7.0.x through 7.0.6 and 7.1.x through 7.1.... Attack Vector: NETWORK Attack Complexity: LOW ID: loNJbpQvlI0JH2usMW87Bek1vLW4AmUBJ%2FVV60l1Ft0%3D Vulnerable Package
	CVE-2025-5889	Npm-brace-expansion-2.0.1	details Recommended version: 2.0.2 Description: A vulnerability was found in juliangruber brace-expansion. It has been rated as problematic. Affected by this issue is the function "expand" of the... Attack Vector: NETWORK Attack Complexity: HIGH ID: UuMfIq0ANy1kfM%2FouwrugWVdCZPoPBPg8rEXkLo78t4%3D Vulnerable Package
	CVE-2025-5889	Npm-brace-expansion-1.1.11	details Recommended version: 1.1.12 Description: A vulnerability was found in juliangruber brace-expansion. It has been rated as problematic. Affected by this issue is the function "expand" of the... Attack Vector: NETWORK Attack Complexity: HIGH ID: %2FZdMlqEDaBDDgHot%2B8b0uKDmrBvkvwfevymxR0N%2FECk%3D Vulnerable Package
	CVE-2025-7339	Npm-on-headers-1.0.2	details Recommended version: 1.1.0 Description: The on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions prior to 1.1.0 may result in r... Attack Vector: LOCAL Attack Complexity: LOW ID: JuwmwE1YWAiSRo1a3lKFiBvWh1f6SXZWMPwm4nYltIU%3D Vulnerable Package
	Cx8bc4df28-fcf5	Npm-debug-2.6.9	details Recommended version: 4.4.0 Description: In NPM "debug" versions prior to 4.4.0, the "enable" function accepts a regular expression from user input without escaping it. Arbitrary regular e... Attack Vector: NETWORK Attack Complexity: HIGH ID: 8pcM6eNIKI8rlld6icwxGGUdtxSHvA1p4uz0Wps7Z30%3D Vulnerable Package
	Cx8bc4df28-fcf5	Npm-debug-3.2.7	details Recommended version: 4.4.0 Description: In NPM "debug" versions prior to 4.4.0, the "enable" function accepts a regular expression from user input without escaping it. Arbitrary regular e... Attack Vector: NETWORK Attack Complexity: HIGH ID: AW6GxJUYMdRXUvfVk37y%2FiJpixylPwTmMxsOChRpHYU%3D Vulnerable Package
	Cx8bc4df28-fcf5	Npm-debug-4.3.4	details Recommended version: 4.4.0 Description: In NPM "debug" versions prior to 4.4.0, the "enable" function accepts a regular expression from user input without escaping it. Arbitrary regular e... Attack Vector: NETWORK Attack Complexity: HIGH ID: sc0zNbH%2Fhin8jP9jf%2Fs7DsEP8q6YbrqrxSUeunDnobs%3D Vulnerable Package

Policy Management Violations (1)

Policy Name	Rule(s)	Break Build
Quality Gate - v3	Open Source Vulnerable Package	true