Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
CVE-2023-45133 babel: arbitrary code executionCVE-2025-29927 nextjs: Authorization Bypass in Next.js MiddlewareCVE-2025-27789 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groupsCVE-2026-44728 Babel is a compiler for writing next generation JavaScript. From 7.12. ...CVE-2025-27789 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groupsCVE-2025-27789 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groupsCVE-2026-33750 brace-expansion: brace-expansion: Denial of Service via zero step value in brace patternCVE-2017-20165 A vulnerability classified as problematic has been found in debug-js d ...CVE-2024-21541 dom-iterator code execution vulnerabilityCVE-2026-46625 JavaScript Cookie is a JavaScript API for handling cookies, client-sid ...CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse MethodCVE-2026-4800 lodash: lodash: Arbitrary code execution via untrusted input in template importsCVE-2025-13465 lodash: prototype pollution in _.unset and _.omit functionsCVE-2026-2950 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypassCVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand functionCVE-2026-26996 minimatch: minimatch: Denial of Service via specially crafted glob patternsCVE-2026-27903 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patternsCVE-2026-27904 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressionsCVE-2017-20162 Vercel ms Inefficient Regular Expression Complexity vulnerabilityCVE-2024-55565 nanoid: nanoid mishandles non-integer valuesCVE-2024-55565 nanoid: nanoid mishandles non-integer valuesCVE-2024-51479 next.js: next: authorization bypass in Next.jsCVE-2024-47831 next.js: Next.js image optimization has Denial of Service conditionCVE-2025-55173 nextjs: Next.js Content Injection Vulnerability for Image OptimizationCVE-2025-57752 nextjs: Next.js Affected by Cache Key Confusion for Image Optimization API RoutesYour dependencies cross-checked against the OSV vulnerability database.
GHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious codeGHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious codeGHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious codeGHSA-8mmm-9v2q-x3f9 tschaub gh-pages vulnerable to prototype pollutionGHSA-f82v-jwr5-mffw Authorization Bypass in Next.js MiddlewareGHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious codeGHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious codeGHSA-cpq7-6gpm-g9rc cipher-base is missing type checks, leading to hash rewind and passing on crafted dataGHSA-vjh7-7g9h-fjfh Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundaryGHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundaryGHSA-33f9-j839-rf8h Prototype Pollution in immerGHSA-896r-f27r-55mw json-schema is vulnerable to Prototype PollutionGHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utilsGHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utilsGHSA-h7cp-r72f-jxh6 pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algosGHSA-v62p-rq8g-8h59 pbkdf2 silently disregards Uint8Array input, returning static keysGHSA-95m3-7q98-8xr5 sha.js is missing type checks leading to hash rewind and passing on crafted dataGHSA-g4rg-993r-mgx7 Improper Neutralization of Special Elements used in a Command in Shell-quoteGHSA-w7jw-789q-3m8p shell-quote quote() does not escape newlines in object .op valuesGHSA-968p-4wvh-cqc8 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groupsGHSA-f886-m6hf-6m8v brace-expansion: Zero-step sequence causes process hang and memory exhaustionGHSA-grv7-fg5c-xmjg Uncontrolled resource consumption in bracesGHSA-3xgq-45jj-v275 Regular Expression Denial of Service (ReDoS) in cross-spawnGHSA-h67p-54hq-rp68 JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliasesCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.