Skip to content

Upgrade to React 19 #941

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dlymonkai wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Upgrade to React 19 #941

dlymonkai wants to merge 7 commits into from

Conversation

@dlymonkai
Copy link
Contributor

@dlymonkai dlymonkai commented Sep 25, 2025
edited
Loading

Overview

Jira Ticket Reference : MN-769

Checklist before requesting a review

  • I have updated the unit tests based on the changes I made
  • I have updated the docs (TSDoc / README / global doc) to reflect my changes
  • I have updated the local app configs if needed
  • I have performed self-QA of my feature by testing the apps and packages and made sure that :
    • No regression or new bug has occurred
    • The acceptance criteria listed in the ticket are met
    • Self-QA was made on both desktop and mobile

@dlymonkai dlymonkai force-pushed the feat/MN-769/upgrade-react-19 branch 4 times, most recently from 263f9dc to 7152114 Compare September 30, 2025 16:22
@dlymonkai dlymonkai self-assigned this Oct 23, 2025
@dlymonkai dlymonkai force-pushed the feat/MN-769/upgrade-react-19 branch 2 times, most recently from 625ddae to 1ff7c53 Compare November 18, 2025 11:29
@apiiro
Copy link

apiiro bot commented Nov 18, 2025

⚠️ Apiiro found 128 resolved risks - 128 critical ⚠️

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/monitoring/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/common-ui-web/package.json
- @monkvision/network declared in packages/common-ui-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/sights/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in documentation/package.json
- @monkvision/common-ui-web declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency ejs
  • Dependency: ejs : 3.1.9
  • Type: Sub-dependency
  • Insights: Adequately tested, Popularity, Single maintainer, Has vulnerabilities, High EPSS, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-29827 Server-Side Template Injection in ejs v3.1.9 9.8 No exploit maturity data Score: 0.74367
Percentile 98.78%		 3.1.10
CVE-2024-33883 ejs lacks certain pollution protection 4 No exploit maturity data Score: 0.01263
Percentile 78.79%		 3.1.10

Remediation suggestions
ejs is a sub-dependency referenced by the following top-level dependencies:
- source-map-explorer declared in apps/demo-app-video/package.json
- react-scripts declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses ejs with version 3.1.10

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 1.5.1
  • Type: Direct
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2024-39338 Server-Side Request Forgery in axios 7.5 No exploit maturity data Score: 0.01587
Percentile 81.03%		 1.7.4
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00106
Percentile 29.35%		 1.7.8
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00106
Percentile 29.27%		 1.6.0
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.0006
Percentile 18.7%		 1.8.2
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00025
Percentile 5.72%		 1.12.0

Remediation suggestions
Upgrade to axios 1.12.0:
1. Go to apps/demo-app/package.json
2. Replace vulnerable version 1.5.1 with fix version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/test-utils declared in packages/common/package.json
- @monkvision/sights declared in packages/common/package.json
- @monkvision/monitoring declared in packages/common/package.json
- @monkvision/analytics declared in packages/common/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 1.5.1
  • Type: Direct
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2024-39338 Server-Side Request Forgery in axios 7.5 No exploit maturity data Score: 0.01587
Percentile 81.03%		 1.7.4
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00106
Percentile 29.35%		 1.7.8
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00106
Percentile 29.27%		 1.6.0
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.0006
Percentile 18.7%		 1.8.2
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00025
Percentile 5.72%		 1.12.0

Remediation suggestions
Upgrade to axios 1.12.0:
1. Go to apps/demo-app-video/package.json
2. Replace vulnerable version 1.5.1 with fix version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/inspection-capture-web/package.json
- @monkvision/network declared in packages/inspection-capture-web/package.json
- @monkvision/common-ui-web declared in packages/inspection-capture-web/package.json
- @monkvision/camera-web declared in packages/inspection-capture-web/package.json
- @monkvision/sights declared in packages/inspection-capture-web/package.json
- @monkvision/analytics declared in packages/inspection-capture-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency ejs
  • Dependency: ejs : 3.1.9
  • Type: Sub-dependency
  • Insights: Adequately tested, Popularity, Single maintainer, Has vulnerabilities, High EPSS, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-29827 Server-Side Template Injection in ejs v3.1.9 9.8 No exploit maturity data Score: 0.74367
Percentile 98.78%		 3.1.10
CVE-2024-33883 ejs lacks certain pollution protection 4 No exploit maturity data Score: 0.01263
Percentile 78.79%		 3.1.10

Remediation suggestions
ejs is a sub-dependency referenced by the following top-level dependencies:
- source-map-explorer declared in apps/demo-app/package.json
- react-scripts declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses ejs with version 3.1.10

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/camera-web/package.json
- @monkvision/common-ui-web declared in packages/camera-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository, Test logic
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in configs/test-utils/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- axios declared in apps/demo-app/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app/package.json
- @monkvision/common declared in apps/demo-app/package.json
- @monkvision/network declared in apps/demo-app/package.json
- @monkvision/common-ui-web declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/analytics/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/monitoring declared in packages/sentry/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/network/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- jest-environment-jsdom declared in packages/common/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/analytics declared in packages/posthog/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency ejs
  • Dependency: ejs : 3.1.9
  • Type: Sub-dependency
  • Insights: Adequately tested, Popularity, Single maintainer, Has vulnerabilities, Dev dependency, High EPSS, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-29827 Server-Side Template Injection in ejs v3.1.9 9.8 No exploit maturity data Score: 0.74367
Percentile 98.78%		 3.1.10
CVE-2024-33883 ejs lacks certain pollution protection 4 No exploit maturity data Score: 0.01263
Percentile 78.79%		 3.1.10

Remediation suggestions
ejs is a sub-dependency referenced by the following top-level dependencies:
- lerna declared in package.json
Upgrade these top-level dependencies to a version that uses ejs with version 3.1.10

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @docusaurus/core declared in documentation/package.json
- @docusaurus/preset-classic declared in documentation/package.json
- @docusaurus/theme-common declared in documentation/package.json
- @docusaurus/plugin-content-pages declared in documentation/package.json
- @monkvision/common declared in documentation/package.json
- @monkvision/common-ui-web declared in documentation/package.json
- @monkvision/sights declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 1.5.1
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2024-39338 Server-Side Request Forgery in axios 7.5 No exploit maturity data Score: 0.01587
Percentile 81.03%		 1.7.4
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00106
Percentile 29.35%		 1.7.8
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00106
Percentile 29.27%		 1.6.0
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.0006
Percentile 18.7%		 1.8.2
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00025
Percentile 5.72%		 1.12.0

Remediation suggestions
axios is a sub-dependency referenced by the following top-level dependencies:
- lerna declared in package.json
Upgrade these top-level dependencies to a version that uses axios with version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 3.0.1
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 3.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 3.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/inspection-capture-web/package.json
- @monkvision/network declared in packages/inspection-capture-web/package.json
- @monkvision/common-ui-web declared in packages/inspection-capture-web/package.json
- @monkvision/camera-web declared in packages/inspection-capture-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/common-ui-web/package.json
- @monkvision/network declared in packages/common-ui-web/package.json
- @monkvision/sights declared in packages/common-ui-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- lerna declared in package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/camera-web/package.json
- @monkvision/common-ui-web declared in packages/camera-web/package.json
- @monkvision/monitoring declared in packages/camera-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app/package.json
- @monkvision/common declared in apps/demo-app/package.json
- @monkvision/network declared in apps/demo-app/package.json
- @monkvision/common-ui-web declared in apps/demo-app/package.json
- @monkvision/sights declared in apps/demo-app/package.json
- @monkvision/sentry declared in apps/demo-app/package.json
- @monkvision/posthog declared in apps/demo-app/package.json
- @monkvision/monitoring declared in apps/demo-app/package.json
- @monkvision/analytics declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app-video/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app-video/package.json
- @monkvision/common declared in apps/demo-app-video/package.json
- @monkvision/network declared in apps/demo-app-video/package.json
- @monkvision/common-ui-web declared in apps/demo-app-video/package.json
- @monkvision/sights declared in apps/demo-app-video/package.json
- @monkvision/sentry declared in apps/demo-app-video/package.json
- @monkvision/posthog declared in apps/demo-app-video/package.json
- @monkvision/monitoring declared in apps/demo-app-video/package.json
- @monkvision/analytics declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- axios declared in apps/demo-app-video/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app-video/package.json
- @monkvision/common declared in apps/demo-app-video/package.json
- @monkvision/network declared in apps/demo-app-video/package.json
- @monkvision/common-ui-web declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/network/package.json
- @monkvision/sights declared in packages/network/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 0.25.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00106
Percentile 29.27%		 0.28.0
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00106
Percentile 29.35%		 1.7.8
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.0006
Percentile 18.7%		 0.30.0
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00025
Percentile 5.72%		 0.30.2

Remediation suggestions
axios is a sub-dependency referenced by the following top-level dependencies:
- @docusaurus/core declared in documentation/package.json
- @docusaurus/preset-classic declared in documentation/package.json
- @docusaurus/theme-common declared in documentation/package.json
- @docusaurus/plugin-content-pages declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses axios with version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 3.0.1
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 3.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 3.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 0.25.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00106
Percentile 29.27%		 0.28.0
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00106
Percentile 29.35%		 1.7.8
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.0006
Percentile 18.7%		 0.30.0
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00025
Percentile 5.72%		 0.30.2

Remediation suggestions
axios is a sub-dependency referenced by the following top-level dependencies:
- @docusaurus/core declared in documentation/package.json
- @docusaurus/preset-classic declared in documentation/package.json
- @docusaurus/theme-common declared in documentation/package.json
- @docusaurus/plugin-content-pages declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses axios with version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/common-ui-web/package.json
- @monkvision/network declared in packages/common-ui-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/sights/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in documentation/package.json
- @monkvision/common-ui-web declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency ejs
  • Dependency: ejs : 3.1.9
  • Type: Sub-dependency
  • Insights: Adequately tested, Popularity, Single maintainer, Has vulnerabilities, High EPSS, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-29827 Server-Side Template Injection in ejs v3.1.9 9.8 No exploit maturity data Score: 0.74367
Percentile 98.78%		 3.1.10
CVE-2024-33883 ejs lacks certain pollution protection 4 No exploit maturity data Score: 0.01263
Percentile 78.79%		 3.1.10

Remediation suggestions
ejs is a sub-dependency referenced by the following top-level dependencies:
- source-map-explorer declared in apps/demo-app-video/package.json
- react-scripts declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses ejs with version 3.1.10

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 1.5.1
  • Type: Direct
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2024-39338 Server-Side Request Forgery in axios 7.5 No exploit maturity data Score: 0.01587
Percentile 81.03%		 1.7.4
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00106
Percentile 29.35%		 1.7.8
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00106
Percentile 29.27%		 1.6.0
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.0006
Percentile 18.7%		 1.8.2
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00025
Percentile 5.72%		 1.12.0

Remediation suggestions
Upgrade to axios 1.12.0:
1. Go to apps/demo-app/package.json
2. Replace vulnerable version 1.5.1 with fix version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/test-utils declared in packages/common/package.json
- @monkvision/sights declared in packages/common/package.json
- @monkvision/monitoring declared in packages/common/package.json
- @monkvision/analytics declared in packages/common/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 1.5.1
  • Type: Direct
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2024-39338 Server-Side Request Forgery in axios 7.5 No exploit maturity data Score: 0.01587
Percentile 81.03%		 1.7.4
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00106
Percentile 29.35%		 1.7.8
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00106
Percentile 29.27%		 1.6.0
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.0006
Percentile 18.7%		 1.8.2
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00025
Percentile 5.72%		 1.12.0

Remediation suggestions
Upgrade to axios 1.12.0:
1. Go to apps/demo-app-video/package.json
2. Replace vulnerable version 1.5.1 with fix version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/inspection-capture-web/package.json
- @monkvision/network declared in packages/inspection-capture-web/package.json
- @monkvision/common-ui-web declared in packages/inspection-capture-web/package.json
- @monkvision/camera-web declared in packages/inspection-capture-web/package.json
- @monkvision/sights declared in packages/inspection-capture-web/package.json
- @monkvision/analytics declared in packages/inspection-capture-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency ejs
  • Dependency: ejs : 3.1.9
  • Type: Sub-dependency
  • Insights: Adequately tested, Popularity, Single maintainer, Has vulnerabilities, High EPSS, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-29827 Server-Side Template Injection in ejs v3.1.9 9.8 No exploit maturity data Score: 0.74367
Percentile 98.78%		 3.1.10
CVE-2024-33883 ejs lacks certain pollution protection 4 No exploit maturity data Score: 0.01263
Percentile 78.79%		 3.1.10

Remediation suggestions
ejs is a sub-dependency referenced by the following top-level dependencies:
- source-map-explorer declared in apps/demo-app/package.json
- react-scripts declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses ejs with version 3.1.10

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/camera-web/package.json
- @monkvision/common-ui-web declared in packages/camera-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository, Test logic
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in configs/test-utils/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00062
Percentile 19.38%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- axios declared in apps/demo-app/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app/package.json
- @monkvision/common declared in apps/demo-app/package.json
- @monkvision/network declared in apps/demo-app/package.json
- @monkvision/common-ui-web declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.0008
Percentile 24.08%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/analytics/package.json
Upgr

Content truncated, for more details click on apiiro link below.

View in Apiiro

@dlymonkai dlymonkai force-pushed the feat/MN-769/upgrade-react-19 branch from 1ff7c53 to deb8dd4 Compare November 21, 2025 09:08
@apiiro
Copy link

apiiro bot commented Nov 21, 2025

Workflows: "WORKFLOW-20 · Max Digital - Slack Alert and PR Comment - Vulnerable Dependency Found - Critical", "WORKFLOW-22 · Monk - Slack Alert and PR Comment - Vulnerable Dependency Found - Critical", "WORKFLOW-24 · Drive - Slack Alert and PR Comment - Vulnerable Dependency Found - Critical", "WORKFLOW-26 · ACV - Slack Alert and PR Comment - Vulnerable Dependency Found - Critical"
Policies: "SCA OSS Vulnerabilities - Critical Severity"

⚠️ Apiiro found 128 resolved risks - 128 critical ⚠️

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/monitoring/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/monitoring declared in packages/sentry/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/common-ui-web/package.json
- @monkvision/network declared in packages/common-ui-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/sights/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in documentation/package.json
- @monkvision/common-ui-web declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 1.5.1
  • Type: Direct
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00236
Percentile 42.83%		 1.6.0
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.00186
Percentile 35.69%		 1.8.0
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00184
Percentile 35.43%		 1.7.8
CVE-2024-39338 Server-Side Request Forgery in axios 7.5 No exploit maturity data Score: 0.00183
Percentile 35.37%		 1.7.4
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00083
Percentile 20.41%		 1.12.0

Remediation suggestions
Upgrade to axios 1.12.0:
1. Go to apps/demo-app/package.json
2. Replace vulnerable version 1.5.1 with fix version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/test-utils declared in packages/common/package.json
- @monkvision/sights declared in packages/common/package.json
- @monkvision/monitoring declared in packages/common/package.json
- @monkvision/analytics declared in packages/common/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 1.5.1
  • Type: Direct
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00236
Percentile 42.83%		 1.6.0
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.00186
Percentile 35.69%		 1.8.0
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00184
Percentile 35.43%		 1.7.8
CVE-2024-39338 Server-Side Request Forgery in axios 7.5 No exploit maturity data Score: 0.00183
Percentile 35.37%		 1.7.4
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00083
Percentile 20.41%		 1.12.0

Remediation suggestions
Upgrade to axios 1.12.0:
1. Go to apps/demo-app-video/package.json
2. Replace vulnerable version 1.5.1 with fix version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/inspection-capture-web/package.json
- @monkvision/network declared in packages/inspection-capture-web/package.json
- @monkvision/common-ui-web declared in packages/inspection-capture-web/package.json
- @monkvision/camera-web declared in packages/inspection-capture-web/package.json
- @monkvision/sights declared in packages/inspection-capture-web/package.json
- @monkvision/analytics declared in packages/inspection-capture-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/camera-web/package.json
- @monkvision/common-ui-web declared in packages/camera-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository, Test logic
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in configs/test-utils/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency ejs
  • Dependency: ejs : 3.1.9
  • Type: Sub-dependency
  • Insights: Adequately tested, Popularity, Single maintainer, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-29827 Server-Side Template Injection in ejs v3.1.9 9.8 No exploit maturity data Score: 0.62755
Percentile 98.36%		 3.1.10
CVE-2024-33883 ejs lacks certain pollution protection 4 No exploit maturity data Score: 0.01682
Percentile 80.69%		 3.1.10

Remediation suggestions
ejs is a sub-dependency referenced by the following top-level dependencies:
- source-map-explorer declared in apps/demo-app/package.json
- react-scripts declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses ejs with version 3.1.10

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- axios declared in apps/demo-app/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app/package.json
- @monkvision/common declared in apps/demo-app/package.json
- @monkvision/network declared in apps/demo-app/package.json
- @monkvision/common-ui-web declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/analytics/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 3.0.1
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 3.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 3.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/network/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- jest-environment-jsdom declared in packages/common/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/analytics declared in packages/posthog/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @docusaurus/core declared in documentation/package.json
- @docusaurus/preset-classic declared in documentation/package.json
- @docusaurus/theme-common declared in documentation/package.json
- @docusaurus/plugin-content-pages declared in documentation/package.json
- @monkvision/common declared in documentation/package.json
- @monkvision/common-ui-web declared in documentation/package.json
- @monkvision/sights declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 1.5.1
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00236
Percentile 42.83%		 1.6.0
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.00186
Percentile 35.69%		 1.8.0
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00184
Percentile 35.43%		 1.7.8
CVE-2024-39338 Server-Side Request Forgery in axios 7.5 No exploit maturity data Score: 0.00183
Percentile 35.37%		 1.7.4
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00083
Percentile 20.41%		 1.12.0

Remediation suggestions
axios is a sub-dependency referenced by the following top-level dependencies:
- lerna declared in package.json
Upgrade these top-level dependencies to a version that uses axios with version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 3.0.1
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 3.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 3.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/inspection-capture-web/package.json
- @monkvision/network declared in packages/inspection-capture-web/package.json
- @monkvision/common-ui-web declared in packages/inspection-capture-web/package.json
- @monkvision/camera-web declared in packages/inspection-capture-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/common-ui-web/package.json
- @monkvision/network declared in packages/common-ui-web/package.json
- @monkvision/sights declared in packages/common-ui-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency ejs
  • Dependency: ejs : 3.1.9
  • Type: Sub-dependency
  • Insights: Adequately tested, Popularity, Single maintainer, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-29827 Server-Side Template Injection in ejs v3.1.9 9.8 No exploit maturity data Score: 0.62755
Percentile 98.36%		 3.1.10
CVE-2024-33883 ejs lacks certain pollution protection 4 No exploit maturity data Score: 0.01682
Percentile 80.69%		 3.1.10

Remediation suggestions
ejs is a sub-dependency referenced by the following top-level dependencies:
- lerna declared in package.json
Upgrade these top-level dependencies to a version that uses ejs with version 3.1.10

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- lerna declared in package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/camera-web/package.json
- @monkvision/common-ui-web declared in packages/camera-web/package.json
- @monkvision/monitoring declared in packages/camera-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app/package.json
- @monkvision/common declared in apps/demo-app/package.json
- @monkvision/network declared in apps/demo-app/package.json
- @monkvision/common-ui-web declared in apps/demo-app/package.json
- @monkvision/sights declared in apps/demo-app/package.json
- @monkvision/sentry declared in apps/demo-app/package.json
- @monkvision/posthog declared in apps/demo-app/package.json
- @monkvision/monitoring declared in apps/demo-app/package.json
- @monkvision/analytics declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app-video/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app-video/package.json
- @monkvision/common declared in apps/demo-app-video/package.json
- @monkvision/network declared in apps/demo-app-video/package.json
- @monkvision/common-ui-web declared in apps/demo-app-video/package.json
- @monkvision/sights declared in apps/demo-app-video/package.json
- @monkvision/sentry declared in apps/demo-app-video/package.json
- @monkvision/posthog declared in apps/demo-app-video/package.json
- @monkvision/monitoring declared in apps/demo-app-video/package.json
- @monkvision/analytics declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- axios declared in apps/demo-app-video/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app-video/package.json
- @monkvision/common declared in apps/demo-app-video/package.json
- @monkvision/network declared in apps/demo-app-video/package.json
- @monkvision/common-ui-web declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/network/package.json
- @monkvision/sights declared in packages/network/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 0.25.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00236
Percentile 42.83%		 0.28.0
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.00186
Percentile 35.69%		 0.30.0
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00184
Percentile 35.43%		 1.7.8
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00083
Percentile 20.41%		 0.30.2

Remediation suggestions
axios is a sub-dependency referenced by the following top-level dependencies:
- @docusaurus/core declared in documentation/package.json
- @docusaurus/preset-classic declared in documentation/package.json
- @docusaurus/theme-common declared in documentation/package.json
- @docusaurus/plugin-content-pages declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses axios with version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency ejs
  • Dependency: ejs : 3.1.9
  • Type: Sub-dependency
  • Insights: Adequately tested, Popularity, Single maintainer, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-29827 Server-Side Template Injection in ejs v3.1.9 9.8 No exploit maturity data Score: 0.62755
Percentile 98.36%		 3.1.10
CVE-2024-33883 ejs lacks certain pollution protection 4 No exploit maturity data Score: 0.01682
Percentile 80.69%		 3.1.10

Remediation suggestions
ejs is a sub-dependency referenced by the following top-level dependencies:
- source-map-explorer declared in apps/demo-app-video/package.json
- react-scripts declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses ejs with version 3.1.10

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 0.25.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00236
Percentile 42.83%		 0.28.0
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.00186
Percentile 35.69%		 0.30.0
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00184
Percentile 35.43%		 1.7.8
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00083
Percentile 20.41%		 0.30.2

Remediation suggestions
axios is a sub-dependency referenced by the following top-level dependencies:
- @docusaurus/core declared in documentation/package.json
- @docusaurus/preset-classic declared in documentation/package.json
- @docusaurus/theme-common declared in documentation/package.json
- @docusaurus/plugin-content-pages declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses axios with version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/monitoring declared in packages/sentry/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/common-ui-web/package.json
- @monkvision/network declared in packages/common-ui-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/sights/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in documentation/package.json
- @monkvision/common-ui-web declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 1.5.1
  • Type: Direct
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00236
Percentile 42.83%		 1.6.0
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.00186
Percentile 35.69%		 1.8.0
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00184
Percentile 35.43%		 1.7.8
CVE-2024-39338 Server-Side Request Forgery in axios 7.5 No exploit maturity data Score: 0.00183
Percentile 35.37%		 1.7.4
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00083
Percentile 20.41%		 1.12.0

Remediation suggestions
Upgrade to axios 1.12.0:
1. Go to apps/demo-app/package.json
2. Replace vulnerable version 1.5.1 with fix version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/test-utils declared in packages/common/package.json
- @monkvision/sights declared in packages/common/package.json
- @monkvision/monitoring declared in packages/common/package.json
- @monkvision/analytics declared in packages/common/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency axios
  • Dependency: axios : 1.5.1
  • Type: Direct
  • Insights: Adequate maintainer count, Adequately tested, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45857 Axios Cross-Site Request Forgery Vulnerability 6.5 No exploit maturity data Score: 0.00236
Percentile 42.83%		 1.6.0
CVE-2025-27152 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 7.5 No exploit maturity data Score: 0.00186
Percentile 35.69%		 1.8.0
CVE-2024-57965 Origin Check Flaw in Axios Prior to 1.7.8 9.8 No exploit maturity data Score: 0.00184
Percentile 35.43%		 1.7.8
CVE-2024-39338 Server-Side Request Forgery in axios 7.5 No exploit maturity data Score: 0.00183
Percentile 35.37%		 1.7.4
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check 7.5 No exploit maturity data Score: 0.00083
Percentile 20.41%		 1.12.0

Remediation suggestions
Upgrade to axios 1.12.0:
1. Go to apps/demo-app-video/package.json
2. Replace vulnerable version 1.5.1 with fix version 1.12.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/inspection-capture-web/package.json
- @monkvision/network declared in packages/inspection-capture-web/package.json
- @monkvision/common-ui-web declared in packages/inspection-capture-web/package.json
- @monkvision/camera-web declared in packages/inspection-capture-web/package.json
- @monkvision/sights declared in packages/inspection-capture-web/package.json
- @monkvision/analytics declared in packages/inspection-capture-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/camera-web/package.json
- @monkvision/common-ui-web declared in packages/camera-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository, Test logic
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in configs/test-utils/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency ejs
  • Dependency: ejs : 3.1.9
  • Type: Sub-dependency
  • Insights: Adequately tested, Popularity, Single maintainer, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-29827 Server-Side Template Injection in ejs v3.1.9 9.8 No exploit maturity data Score: 0.62755
Percentile 98.36%		 3.1.10
CVE-2024-33883 ejs lacks certain pollution protection 4 No exploit maturity data Score: 0.01682
Percentile 80.69%		 3.1.10

Remediation suggestions
ejs is a sub-dependency referenced by the following top-level dependencies:
- source-map-explorer declared in apps/demo-app/package.json
- react-scripts declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses ejs with version 3.1.10

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00106
Percentile 24.54%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- axios declared in apps/demo-app/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app/package.json
- @monkvision/common declared in apps/demo-app/package.json
- @monkvision/network declared in apps/demo-app/package.json
- @monkvision/common-ui-web declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00107
Percentile 24.67%		 7.23.2

Remediation suggestions
@b

Content truncated, for more details click on apiiro link below.

View in Apiiro

@dlymonkai dlymonkai force-pushed the feat/MN-769/upgrade-react-19 branch from deb8dd4 to 342883d Compare December 3, 2025 10:53
@apiiro
Copy link

apiiro bot commented Dec 3, 2025

Workflows: "WORKFLOW-22 · Monk - Slack Alert and PR Comment - Vulnerable Dependency Found - Critical"
Policies: "SCA OSS Vulnerabilities - Critical Severity"

⚠️ Apiiro found 2 new risks - 2 critical ⚠️

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @jsonjoy.com/json-pointer
  • Dependency: @jsonjoy.com/json-pointer : 1.0.2
  • Type: Sub-dependency
  • Insights: No readme, Low maintainer count, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2022-4742 Critical Prototype Pollution Vulnerability in json-pointer 9.8 No exploit maturity data Score: 0.00083
Percentile 24.6%		 2022-2-17

Remediation suggestions
@jsonjoy.com/json-pointer is a sub-dependency referenced by the following top-level dependencies:
- @docusaurus/core declared in documentation/package.json
- @docusaurus/preset-classic declared in documentation/package.json
- @docusaurus/plugin-content-pages declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses @jsonjoy.com/json-pointer with version 17.59.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @ai-sdk/gateway
  • Dependency: @ai-sdk/gateway : 2.0.8
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Backed by foundation, Has vulnerabilities, Exploit POC, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2020-12713 Privilege Escalation in CipherMail Gateways and Webmail Messenger 7.2 Exploit POC Score: 0.03281
Percentile 86.81%		 1.0.0
CVE-2020-12714 Insufficient Diffie-Hellman Parameters in CipherMail Products 5.9 Exploit POC Score: 0.00264
Percentile 49.65%		 1.0.0
CVE-2020-13417 Elevation of Privilege in Aviatrix VPN Client 9.8 No exploit maturity data Score: 0.01174
Percentile 78.19%		 5.3
CVE-2022-22517 CODESYS Communication Disruption via Channel ID Guessing 7.5 No exploit maturity data Score: 0.01034
Percentile 76.82%		 3.5.18.0
CVE-2022-22514 Memory Dereference Vulnerability Leading to Crash 7.1 No exploit maturity data Score: 0.00683
Percentile 70.99%		 3.5.18.0
CVE-2020-13414 Unused Credentials Vulnerability in Aviatrix Controller 7.5 No exploit maturity data Score: 0.00557
Percentile 67.41%		 5.4.1204
CVE-2022-22513 Null Pointer Dereference in CODESYS CmpSettings Component 6.5 No exploit maturity data Score: 0.00548
Percentile 67.15%		 3.5.18.0
CVE-2022-30792 Resource Consumption Vulnerability in CODESYS V3 CmpChannelServer 7.5 No exploit maturity data Score: 0.00536
Percentile 66.75%		 3.5.18.20
CVE-2021-22955 Unauthenticated DoS Vulnerability in Citrix ADC VPN/AAA Configurations 7.5 No exploit maturity data Score: 0.00508
Percentile 65.58%		 11.1-65.23
CVE-2021-22956 Resource Consumption Vulnerability in Citrix ADC Management Interface 7.5 No exploit maturity data Score: 0.00506
Percentile 65.54%		 11.1-65.23
CVE-2022-38368 Command Injection Vulnerability in Aviatrix Gateway API 8.8 No exploit maturity data Score: 0.00434
Percentile 62.21%		 6.6.5712
CVE-2022-30791 TCP Connection Denial of Service in CODESYS V3 7.5 No exploit maturity data Score: 0.00389
Percentile 59.37%		 3.5.18.20
CVE-2019-9009 CODESYS Control Runtime Crash via Malicious Network Packets 7.5 No exploit maturity data Score: 0.00381
Percentile 58.93%		 3.5.15.0
CVE-2022-31802 CODESYS Gateway Authentication Bypass Vulnerability 9.8 No exploit maturity data Score: 0.00334
Percentile 55.74%		 2.3.9.38
CVE-2022-31804 Memory Allocation Vulnerability in CODESYS Gateway Server V2 7.5 No exploit maturity data Score: 0.00288
Percentile 51.97%		 2.3.9.38
CVE-2022-31805 Unprotected Password Transmission in CODESYS Development System 7.5 No exploit maturity data Score: 0.00276
Percentile 50.78%		 2.3.9.38
CVE-2019-18177 Information Disclosure Vulnerability in Citrix ADC and Gateway 6.5 No exploit maturity data Score: 0.00272
Percentile 50.45%		 13.0-58.30
CVE-2022-31803 TCP Connection Exhaustion Vulnerability in CODESYS Gateway Server V2 5.3 No exploit maturity data Score: 0.00212
Percentile 43.86%		 2.3.9.38

⚠️ Apiiro found 25 resolved risks - 25 critical ⚠️

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/monitoring/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/common-ui-web/package.json
- @monkvision/network declared in packages/common-ui-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/sights/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in documentation/package.json
- @monkvision/common-ui-web declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/test-utils declared in packages/common/package.json
- @monkvision/sights declared in packages/common/package.json
- @monkvision/monitoring declared in packages/common/package.json
- @monkvision/analytics declared in packages/common/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/inspection-capture-web/package.json
- @monkvision/network declared in packages/inspection-capture-web/package.json
- @monkvision/common-ui-web declared in packages/inspection-capture-web/package.json
- @monkvision/camera-web declared in packages/inspection-capture-web/package.json
- @monkvision/sights declared in packages/inspection-capture-web/package.json
- @monkvision/analytics declared in packages/inspection-capture-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/camera-web/package.json
- @monkvision/common-ui-web declared in packages/camera-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository, Test logic
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in configs/test-utils/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- axios declared in apps/demo-app/package.json
- @monkvision/common declared in apps/demo-app/package.json
- @monkvision/network declared in apps/demo-app/package.json
- @monkvision/common-ui-web declared in apps/demo-app/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/analytics/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/network/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/monitoring declared in packages/sentry/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/network/package.json
- @monkvision/sights declared in packages/network/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/analytics declared in packages/posthog/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @docusaurus/core declared in documentation/package.json
- @docusaurus/preset-classic declared in documentation/package.json
- @docusaurus/theme-common declared in documentation/package.json
- @docusaurus/plugin-content-pages declared in documentation/package.json
- @monkvision/common declared in documentation/package.json
- @monkvision/common-ui-web declared in documentation/package.json
- @monkvision/sights declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 3.0.1
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 3.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 3.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/inspection-capture-web/package.json
- @monkvision/network declared in packages/inspection-capture-web/package.json
- @monkvision/common-ui-web declared in packages/inspection-capture-web/package.json
- @monkvision/camera-web declared in packages/inspection-capture-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/common-ui-web/package.json
- @monkvision/network declared in packages/common-ui-web/package.json
- @monkvision/sights declared in packages/common-ui-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- lerna declared in package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/camera-web/package.json
- @monkvision/common-ui-web declared in packages/camera-web/package.json
- @monkvision/monitoring declared in packages/camera-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app/package.json
- @monkvision/common declared in apps/demo-app/package.json
- @monkvision/network declared in apps/demo-app/package.json
- @monkvision/common-ui-web declared in apps/demo-app/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app/package.json
- @monkvision/sights declared in apps/demo-app/package.json
- @monkvision/monitoring declared in apps/demo-app/package.json
- @monkvision/sentry declared in apps/demo-app/package.json
- @monkvision/analytics declared in apps/demo-app/package.json
- @monkvision/posthog declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app-video/package.json
- @monkvision/common declared in apps/demo-app-video/package.json
- @monkvision/network declared in apps/demo-app-video/package.json
- @monkvision/common-ui-web declared in apps/demo-app-video/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app-video/package.json
- @monkvision/sights declared in apps/demo-app-video/package.json
- @monkvision/monitoring declared in apps/demo-app-video/package.json
- @monkvision/sentry declared in apps/demo-app-video/package.json
- @monkvision/analytics declared in apps/demo-app-video/package.json
- @monkvision/posthog declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- axios declared in apps/demo-app-video/package.json
- @monkvision/common declared in apps/demo-app-video/package.json
- @monkvision/network declared in apps/demo-app-video/package.json
- @monkvision/common-ui-web declared in apps/demo-app-video/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- jest-environment-jsdom declared in packages/common/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 3.0.1
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 3.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 3.0.4

Repository: monkjs

View in Apiiro

@dlymonkai dlymonkai force-pushed the feat/MN-769/upgrade-react-19 branch from 342883d to ff9889c Compare December 3, 2025 11:15
@apiiro
Copy link

apiiro bot commented Dec 3, 2025

Workflows: "WORKFLOW-22 · Monk - Slack Alert and PR Comment - Vulnerable Dependency Found - Critical"
Policies: "SCA OSS Vulnerabilities - Critical Severity"

⚠️ Apiiro found 2 new risks - 2 critical ⚠️

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @jsonjoy.com/json-pointer
  • Dependency: @jsonjoy.com/json-pointer : 1.0.2
  • Type: Sub-dependency
  • Insights: No readme, Low maintainer count, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2022-4742 Critical Prototype Pollution Vulnerability in json-pointer 9.8 No exploit maturity data Score: 0.00083
Percentile 24.6%		 2022-2-17

Remediation suggestions
@jsonjoy.com/json-pointer is a sub-dependency referenced by the following top-level dependencies:
- @docusaurus/core declared in documentation/package.json
- @docusaurus/preset-classic declared in documentation/package.json
- @docusaurus/plugin-content-pages declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses @jsonjoy.com/json-pointer with version 17.59.0

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @ai-sdk/gateway
  • Dependency: @ai-sdk/gateway : 2.0.8
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Backed by foundation, Has vulnerabilities, Exploit POC, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2020-12713 Privilege Escalation in CipherMail Gateways and Webmail Messenger 7.2 Exploit POC Score: 0.03281
Percentile 86.81%		 1.0.0
CVE-2020-12714 Insufficient Diffie-Hellman Parameters in CipherMail Products 5.9 Exploit POC Score: 0.00264
Percentile 49.65%		 1.0.0
CVE-2020-13417 Elevation of Privilege in Aviatrix VPN Client 9.8 No exploit maturity data Score: 0.01174
Percentile 78.19%		 5.3
CVE-2022-22517 CODESYS Communication Disruption via Channel ID Guessing 7.5 No exploit maturity data Score: 0.01034
Percentile 76.82%		 3.5.18.0
CVE-2022-22514 Memory Dereference Vulnerability Leading to Crash 7.1 No exploit maturity data Score: 0.00683
Percentile 70.99%		 3.5.18.0
CVE-2020-13414 Unused Credentials Vulnerability in Aviatrix Controller 7.5 No exploit maturity data Score: 0.00557
Percentile 67.41%		 5.4.1204
CVE-2022-22513 Null Pointer Dereference in CODESYS CmpSettings Component 6.5 No exploit maturity data Score: 0.00548
Percentile 67.15%		 3.5.18.0
CVE-2022-30792 Resource Consumption Vulnerability in CODESYS V3 CmpChannelServer 7.5 No exploit maturity data Score: 0.00536
Percentile 66.75%		 3.5.18.20
CVE-2021-22955 Unauthenticated DoS Vulnerability in Citrix ADC VPN/AAA Configurations 7.5 No exploit maturity data Score: 0.00508
Percentile 65.58%		 11.1-65.23
CVE-2021-22956 Resource Consumption Vulnerability in Citrix ADC Management Interface 7.5 No exploit maturity data Score: 0.00506
Percentile 65.54%		 11.1-65.23
CVE-2022-38368 Command Injection Vulnerability in Aviatrix Gateway API 8.8 No exploit maturity data Score: 0.00434
Percentile 62.21%		 6.6.5712
CVE-2022-30791 TCP Connection Denial of Service in CODESYS V3 7.5 No exploit maturity data Score: 0.00389
Percentile 59.37%		 3.5.18.20
CVE-2019-9009 CODESYS Control Runtime Crash via Malicious Network Packets 7.5 No exploit maturity data Score: 0.00381
Percentile 58.93%		 3.5.15.0
CVE-2022-31802 CODESYS Gateway Authentication Bypass Vulnerability 9.8 No exploit maturity data Score: 0.00334
Percentile 55.74%		 2.3.9.38
CVE-2022-31804 Memory Allocation Vulnerability in CODESYS Gateway Server V2 7.5 No exploit maturity data Score: 0.00288
Percentile 51.97%		 2.3.9.38
CVE-2022-31805 Unprotected Password Transmission in CODESYS Development System 7.5 No exploit maturity data Score: 0.00276
Percentile 50.78%		 2.3.9.38
CVE-2019-18177 Information Disclosure Vulnerability in Citrix ADC and Gateway 6.5 No exploit maturity data Score: 0.00272
Percentile 50.45%		 13.0-58.30
CVE-2022-31803 TCP Connection Exhaustion Vulnerability in CODESYS Gateway Server V2 5.3 No exploit maturity data Score: 0.00212
Percentile 43.86%		 2.3.9.38

⚠️ Apiiro found 25 resolved risks - 25 critical ⚠️

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/monitoring/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/common-ui-web/package.json
- @monkvision/network declared in packages/common-ui-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/sights/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in documentation/package.json
- @monkvision/common-ui-web declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/test-utils declared in packages/common/package.json
- @monkvision/sights declared in packages/common/package.json
- @monkvision/monitoring declared in packages/common/package.json
- @monkvision/analytics declared in packages/common/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/inspection-capture-web/package.json
- @monkvision/network declared in packages/inspection-capture-web/package.json
- @monkvision/common-ui-web declared in packages/inspection-capture-web/package.json
- @monkvision/camera-web declared in packages/inspection-capture-web/package.json
- @monkvision/sights declared in packages/inspection-capture-web/package.json
- @monkvision/analytics declared in packages/inspection-capture-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/camera-web/package.json
- @monkvision/common-ui-web declared in packages/camera-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository, Test logic
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in configs/test-utils/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- axios declared in apps/demo-app/package.json
- @monkvision/common declared in apps/demo-app/package.json
- @monkvision/network declared in apps/demo-app/package.json
- @monkvision/common-ui-web declared in apps/demo-app/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/analytics/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/network/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/monitoring declared in packages/sentry/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/network/package.json
- @monkvision/sights declared in packages/network/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/analytics declared in packages/posthog/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @docusaurus/core declared in documentation/package.json
- @docusaurus/preset-classic declared in documentation/package.json
- @docusaurus/theme-common declared in documentation/package.json
- @docusaurus/plugin-content-pages declared in documentation/package.json
- @monkvision/common declared in documentation/package.json
- @monkvision/common-ui-web declared in documentation/package.json
- @monkvision/sights declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 3.0.1
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 3.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 3.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/inspection-capture-web/package.json
- @monkvision/network declared in packages/inspection-capture-web/package.json
- @monkvision/common-ui-web declared in packages/inspection-capture-web/package.json
- @monkvision/camera-web declared in packages/inspection-capture-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/common-ui-web/package.json
- @monkvision/network declared in packages/common-ui-web/package.json
- @monkvision/sights declared in packages/common-ui-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- lerna declared in package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/camera-web/package.json
- @monkvision/common-ui-web declared in packages/camera-web/package.json
- @monkvision/monitoring declared in packages/camera-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app/package.json
- @monkvision/common declared in apps/demo-app/package.json
- @monkvision/network declared in apps/demo-app/package.json
- @monkvision/common-ui-web declared in apps/demo-app/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app/package.json
- @monkvision/sights declared in apps/demo-app/package.json
- @monkvision/monitoring declared in apps/demo-app/package.json
- @monkvision/sentry declared in apps/demo-app/package.json
- @monkvision/analytics declared in apps/demo-app/package.json
- @monkvision/posthog declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.07%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app-video/package.json
- @monkvision/common declared in apps/demo-app-video/package.json
- @monkvision/network declared in apps/demo-app-video/package.json
- @monkvision/common-ui-web declared in apps/demo-app-video/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app-video/package.json
- @monkvision/sights declared in apps/demo-app-video/package.json
- @monkvision/monitoring declared in apps/demo-app-video/package.json
- @monkvision/sentry declared in apps/demo-app-video/package.json
- @monkvision/analytics declared in apps/demo-app-video/package.json
- @monkvision/posthog declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- axios declared in apps/demo-app-video/package.json
- @monkvision/common declared in apps/demo-app-video/package.json
- @monkvision/network declared in apps/demo-app-video/package.json
- @monkvision/common-ui-web declared in apps/demo-app-video/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- jest-environment-jsdom declared in packages/common/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 3.0.1
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 0 No exploit maturity data Score: 0.00053
Percentile 16.45%		 3.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 3.0.4

Repository: monkjs

View in Apiiro

@dlymonkai dlymonkai force-pushed the feat/MN-769/upgrade-react-19 branch from ff9889c to 7133af9 Compare December 8, 2025 13:58
@apiiro
Copy link

apiiro bot commented Dec 8, 2025

Workflows: "WORKFLOW-22 · Monk - Slack Alert and PR Comment - Vulnerable Dependency Found - Critical"
Policies: "SCA OSS Vulnerabilities - Critical Severity"

⚠️ Apiiro found 28 resolved risks - 28 critical ⚠️

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/monitoring/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 9.4 No exploit maturity data Score: 0.00062
Percentile 19.36%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/common-ui-web/package.json
- @monkvision/network declared in packages/common-ui-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/sights/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 9.4 No exploit maturity data Score: 0.00062
Percentile 19.36%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in documentation/package.json
- @monkvision/common-ui-web declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency ejs
  • Dependency: ejs : 3.1.9
  • Type: Sub-dependency
  • Insights: Adequately tested, Popularity, Single maintainer, Has vulnerabilities, High EPSS, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-29827 Server-Side Template Injection in ejs v3.1.9 9.8 No exploit maturity data Score: 0.77665
Percentile 98.94%		 3.1.10
CVE-2024-33883 ejs lacks certain pollution protection 4 No exploit maturity data Score: 0.01263
Percentile 78.82%		 3.1.10

Remediation suggestions
ejs is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app-video/package.json
- source-map-explorer declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses ejs with version 3.1.10

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/test-utils declared in packages/common/package.json
- @monkvision/sights declared in packages/common/package.json
- @monkvision/monitoring declared in packages/common/package.json
- @monkvision/analytics declared in packages/common/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/inspection-capture-web/package.json
- @monkvision/network declared in packages/inspection-capture-web/package.json
- @monkvision/common-ui-web declared in packages/inspection-capture-web/package.json
- @monkvision/camera-web declared in packages/inspection-capture-web/package.json
- @monkvision/sights declared in packages/inspection-capture-web/package.json
- @monkvision/analytics declared in packages/inspection-capture-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency ejs
  • Dependency: ejs : 3.1.9
  • Type: Sub-dependency
  • Insights: Adequately tested, Popularity, Single maintainer, Has vulnerabilities, High EPSS, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-29827 Server-Side Template Injection in ejs v3.1.9 9.8 No exploit maturity data Score: 0.77665
Percentile 98.94%		 3.1.10
CVE-2024-33883 ejs lacks certain pollution protection 4 No exploit maturity data Score: 0.01263
Percentile 78.82%		 3.1.10

Remediation suggestions
ejs is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app/package.json
- source-map-explorer declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses ejs with version 3.1.10

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 9.4 No exploit maturity data Score: 0.00062
Percentile 19.36%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/camera-web/package.json
- @monkvision/common-ui-web declared in packages/camera-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository, Test logic
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in configs/test-utils/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 9.4 No exploit maturity data Score: 0.00062
Percentile 19.36%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- axios declared in apps/demo-app/package.json
- @monkvision/common declared in apps/demo-app/package.json
- @monkvision/network declared in apps/demo-app/package.json
- @monkvision/common-ui-web declared in apps/demo-app/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- jest declared in packages/analytics/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 9.4 No exploit maturity data Score: 0.00062
Percentile 19.36%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/network/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/network/package.json
- @monkvision/sights declared in packages/network/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 9.4 No exploit maturity data Score: 0.00062
Percentile 19.36%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- jest-environment-jsdom declared in packages/common/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/analytics declared in packages/posthog/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency ejs
  • Dependency: ejs : 3.1.9
  • Type: Sub-dependency
  • Insights: Adequately tested, Popularity, Single maintainer, Has vulnerabilities, Dev dependency, High EPSS, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-29827 Server-Side Template Injection in ejs v3.1.9 9.8 No exploit maturity data Score: 0.77665
Percentile 98.94%		 3.1.10
CVE-2024-33883 ejs lacks certain pollution protection 4 No exploit maturity data Score: 0.01263
Percentile 78.82%		 3.1.10

Remediation suggestions
ejs is a sub-dependency referenced by the following top-level dependencies:
- lerna declared in package.json
Upgrade these top-level dependencies to a version that uses ejs with version 3.1.10

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @docusaurus/core declared in documentation/package.json
- @docusaurus/preset-classic declared in documentation/package.json
- @docusaurus/theme-common declared in documentation/package.json
- @docusaurus/plugin-content-pages declared in documentation/package.json
- @monkvision/common declared in documentation/package.json
- @monkvision/common-ui-web declared in documentation/package.json
- @monkvision/sights declared in documentation/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 3.0.1
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 9.4 No exploit maturity data Score: 0.00062
Percentile 19.36%		 3.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 3.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 9.4 No exploit maturity data Score: 0.00062
Percentile 19.36%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/inspection-capture-web/package.json
- @monkvision/network declared in packages/inspection-capture-web/package.json
- @monkvision/common-ui-web declared in packages/inspection-capture-web/package.json
- @monkvision/camera-web declared in packages/inspection-capture-web/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/common-ui-web/package.json
- @monkvision/network declared in packages/common-ui-web/package.json
- @monkvision/sights declared in packages/common-ui-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Dev dependency, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 9.4 No exploit maturity data Score: 0.00062
Percentile 19.36%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- lerna declared in package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/common declared in packages/camera-web/package.json
- @monkvision/common-ui-web declared in packages/camera-web/package.json
- @monkvision/monitoring declared in packages/camera-web/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app/package.json
- @monkvision/common declared in apps/demo-app/package.json
- @monkvision/network declared in apps/demo-app/package.json
- @monkvision/common-ui-web declared in apps/demo-app/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app/package.json
- @monkvision/sights declared in apps/demo-app/package.json
- @monkvision/monitoring declared in apps/demo-app/package.json
- @monkvision/sentry declared in apps/demo-app/package.json
- @monkvision/analytics declared in apps/demo-app/package.json
- @monkvision/posthog declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app-video/package.json
- @monkvision/common declared in apps/demo-app-video/package.json
- @monkvision/network declared in apps/demo-app-video/package.json
- @monkvision/common-ui-web declared in apps/demo-app-video/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app-video/package.json
- @monkvision/sights declared in apps/demo-app-video/package.json
- @monkvision/monitoring declared in apps/demo-app-video/package.json
- @monkvision/sentry declared in apps/demo-app-video/package.json
- @monkvision/analytics declared in apps/demo-app-video/package.json
- @monkvision/posthog declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 4.0.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 9.4 No exploit maturity data Score: 0.00062
Percentile 19.36%		 4.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- axios declared in apps/demo-app-video/package.json
- @monkvision/common declared in apps/demo-app-video/package.json
- @monkvision/network declared in apps/demo-app-video/package.json
- @monkvision/common-ui-web declared in apps/demo-app-video/package.json
- @monkvision/inspection-capture-web declared in apps/demo-app-video/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 4.0.4

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency @babel/traverse
  • Dependency: @babel/traverse : 7.23.0
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Has vulnerabilities, Used in code, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code 9.4 No exploit maturity data Score: 0.00095
Percentile 27.04%		 7.23.2

Remediation suggestions
@babel/traverse is a sub-dependency referenced by the following top-level dependencies:
- @monkvision/monitoring declared in packages/sentry/package.json
Upgrade these top-level dependencies to a version that uses @babel/traverse with version 7.23.2

🟤 Critical: SCA OSS Vulnerabilities - Critical Severity in dependency form-data
  • Dependency: form-data : 3.0.1
  • Type: Sub-dependency
  • Insights: Adequate maintainer count, Adequately tested, Backed by foundation, Frequent commits, Popularity, Has vulnerabilities, Public repository
  • Vulnerabilities:
ID Vulnerability CVSS Exploit maturity EPSS Fix version
CVE-2025-7783 form-data uses unsafe random function in form-data for choosing boundary 9.4 No exploit maturity data Score: 0.00062
Percentile 19.36%		 3.0.4

Remediation suggestions
form-data is a sub-dependency referenced by the following top-level dependencies:
- react-scripts declared in apps/demo-app/package.json
Upgrade these top-level dependencies to a version that uses form-data with version 3.0.4

Repository: monkjs

View in Apiiro

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@dlymonkai dlymonkai

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dlymonkai