Your dependencies cross-checked against the OSV vulnerability database.
-
Serious GHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2023-45133). Fix: Update that package to its patched version.
-
Serious GHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2023-45133). Fix: Update that package to its patched version.
-
Serious GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundary
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2025-7783). Fix: Update that package to its patched version.
-
Serious GHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utils
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2022-37601). Fix: Update that package to its patched version.
-
Serious GHSA-xvch-5gv4-984h Prototype Pollution in minimist
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2021-44906). Fix: Update that package to its patched version.
-
Serious GHSA-w7jw-789q-3m8p shell-quote quote() does not escape newlines in object .op values
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2026-9277). Fix: Update that package to its patched version.
-
Worth fixing GHSA-968p-4wvh-cqc8 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2025-27789). Fix: Update that package to its patched version.
-
Worth fixing GHSA-2g4f-4pwh-qvx6 ajv has ReDoS when using `$data` option
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2025-69873). Fix: Update that package to its patched version.
-
Worth fixing GHSA-93q8-gq69-wqmw Inefficient Regular Expression Complexity in chalk/ansi-regex
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2021-3807). Fix: Update that package to its patched version.
-
Worth fixing GHSA-93q8-gq69-wqmw Inefficient Regular Expression Complexity in chalk/ansi-regex
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2021-3807). Fix: Update that package to its patched version.
-
Worth fixing GHSA-f886-m6hf-6m8v brace-expansion: Zero-step sequence causes process hang and memory exhaustion
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2026-33750). Fix: Update that package to its patched version.
-
Worth fixing GHSA-grv7-fg5c-xmjg Uncontrolled resource consumption in braces
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2024-4068). Fix: Update that package to its patched version.
-
Worth fixing GHSA-grv7-fg5c-xmjg Uncontrolled resource consumption in braces
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2024-4068). Fix: Update that package to its patched version.
-
Worth fixing GHSA-grv7-fg5c-xmjg Uncontrolled resource consumption in braces
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2024-4068). Fix: Update that package to its patched version.
-
Worth fixing GHSA-257v-vj4p-3w2h Regular Expression Denial of Service (ReDOS)
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2021-29060). Fix: Update that package to its patched version.
-
Worth fixing GHSA-3xgq-45jj-v275 Regular Expression Denial of Service (ReDoS) in cross-spawn
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2024-21538). Fix: Update that package to its patched version.
-
Worth fixing GHSA-3xgq-45jj-v275 Regular Expression Denial of Service (ReDoS) in cross-spawn
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2024-21538). Fix: Update that package to its patched version.
-
Worth fixing GHSA-3xgq-45jj-v275 Regular Expression Denial of Service (ReDoS) in cross-spawn
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2024-21538). Fix: Update that package to its patched version.
-
Worth fixing GHSA-w573-4hg7-7wgq decode-uri-component vulnerable to Denial of Service (DoS)
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2022-38900). Fix: Update that package to its patched version.
-
Worth fixing GHSA-25h7-pfq9-p65f flatted vulnerable to unbounded recursion DoS in parse() revive phase
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2026-32141). Fix: Update that package to its patched version.
-
Worth fixing GHSA-rf6f-7fwh-wjgh Prototype Pollution via parse() in NodeJS flatted
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2026-33228). Fix: Update that package to its patched version.
-
Worth fixing GHSA-25h7-pfq9-p65f flatted vulnerable to unbounded recursion DoS in parse() revive phase
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2026-32141). Fix: Update that package to its patched version.
-
Worth fixing GHSA-rf6f-7fwh-wjgh Prototype Pollution via parse() in NodeJS flatted
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2026-33228). Fix: Update that package to its patched version.
-
Worth fixing GHSA-hmw2-7cc7-3qxx form-data: CRLF injection in form-data via unescaped multipart field names and filenames
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2026-12143). Fix: Update that package to its patched version.
-
Worth fixing GHSA-rc47-6667-2j5j http-cache-semantics vulnerable to Regular Expression Denial of Service
/workdirs/scan-c39ae6f5-ea37-457a-bf24-f1a280aadafc/package-lock.json
A package you depend on has a known security hole (CVE-2022-25881). Fix: Update that package to its patched version.