Security Overview

Helm-Chart

Scan Results

Chart Object: pixapop/templates/common.yaml

Type	Misconfiguration ID	Check	Severity	Explaination	Links
Kubernetes Security Check	KSV001	Process can elevate its own privileges	MEDIUM	Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. Container 'hostpatch' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.allowPrivilegeEscalation' to false	Expand... https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted https://avd.aquasec.com/appshield/ksv001
Kubernetes Security Check	KSV003	Default capabilities not dropped	LOW	Expand... The container should drop all default capabilities and add only those that are needed for its execution. Container 'RELEASE-NAME-pixapop' of Deployment 'RELEASE-NAME-pixapop' should add 'ALL' to 'securityContext.capabilities.drop'	Expand... https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/ https://avd.aquasec.com/appshield/ksv003
Kubernetes Security Check	KSV003	Default capabilities not dropped	LOW	Expand... The container should drop all default capabilities and add only those that are needed for its execution. Container 'hostpatch' of Deployment 'RELEASE-NAME-pixapop' should add 'ALL' to 'securityContext.capabilities.drop'	Expand... https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/ https://avd.aquasec.com/appshield/ksv003
Kubernetes Security Check	KSV011	CPU not limited	LOW	Expand... Enforcing CPU limits prevents DoS via resource exhaustion. Container 'hostpatch' of Deployment 'RELEASE-NAME-pixapop' should set 'resources.limits.cpu'	Expand... https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits https://avd.aquasec.com/appshield/ksv011
Kubernetes Security Check	KSV012	Runs as root user	MEDIUM	Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. Container 'RELEASE-NAME-pixapop' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsNonRoot' to true	Expand... https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted https://avd.aquasec.com/appshield/ksv012
Kubernetes Security Check	KSV012	Runs as root user	MEDIUM	Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. Container 'autopermissions' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsNonRoot' to true	Expand... https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted https://avd.aquasec.com/appshield/ksv012
Kubernetes Security Check	KSV012	Runs as root user	MEDIUM	Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. Container 'hostpatch' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsNonRoot' to true	Expand... https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted https://avd.aquasec.com/appshield/ksv012
Kubernetes Security Check	KSV014	Root file system is not read-only	LOW	Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. Container 'RELEASE-NAME-pixapop' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.readOnlyRootFilesystem' to true	Expand... https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/ https://avd.aquasec.com/appshield/ksv014
Kubernetes Security Check	KSV014	Root file system is not read-only	LOW	Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. Container 'autopermissions' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.readOnlyRootFilesystem' to true	Expand... https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/ https://avd.aquasec.com/appshield/ksv014
Kubernetes Security Check	KSV014	Root file system is not read-only	LOW	Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. Container 'hostpatch' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.readOnlyRootFilesystem' to true	Expand... https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/ https://avd.aquasec.com/appshield/ksv014
Kubernetes Security Check	KSV015	CPU requests not specified	LOW	Expand... When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. Container 'hostpatch' of Deployment 'RELEASE-NAME-pixapop' should set 'resources.requests.cpu'	Expand... https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits https://avd.aquasec.com/appshield/ksv015
Kubernetes Security Check	KSV016	Memory requests not specified	LOW	Expand... When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. Container 'hostpatch' of Deployment 'RELEASE-NAME-pixapop' should set 'resources.requests.memory'	Expand... https://kubesec.io/basics/containers-resources-limits-memory/ https://avd.aquasec.com/appshield/ksv016
Kubernetes Security Check	KSV017	Privileged container	HIGH	Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. Container 'hostpatch' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.privileged' to false	Expand... https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline https://avd.aquasec.com/appshield/ksv017
Kubernetes Security Check	KSV018	Memory not limited	LOW	Expand... Enforcing memory limits prevents DoS via resource exhaustion. Container 'hostpatch' of Deployment 'RELEASE-NAME-pixapop' should set 'resources.limits.memory'	Expand... https://kubesec.io/basics/containers-resources-limits-memory/ https://avd.aquasec.com/appshield/ksv018
Kubernetes Security Check	KSV020	Runs with low user ID	MEDIUM	Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. Container 'RELEASE-NAME-pixapop' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsUser' > 10000	Expand... https://kubesec.io/basics/containers-securitycontext-runasuser/ https://avd.aquasec.com/appshield/ksv020
Kubernetes Security Check	KSV020	Runs with low user ID	MEDIUM	Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. Container 'autopermissions' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsUser' > 10000	Expand... https://kubesec.io/basics/containers-securitycontext-runasuser/ https://avd.aquasec.com/appshield/ksv020
Kubernetes Security Check	KSV020	Runs with low user ID	MEDIUM	Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. Container 'hostpatch' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsUser' > 10000	Expand... https://kubesec.io/basics/containers-securitycontext-runasuser/ https://avd.aquasec.com/appshield/ksv020
Kubernetes Security Check	KSV021	Runs with low group ID	MEDIUM	Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. Container 'RELEASE-NAME-pixapop' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsGroup' > 10000	Expand... https://kubesec.io/basics/containers-securitycontext-runasuser/ https://avd.aquasec.com/appshield/ksv021
Kubernetes Security Check	KSV021	Runs with low group ID	MEDIUM	Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. Container 'autopermissions' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsGroup' > 10000	Expand... https://kubesec.io/basics/containers-securitycontext-runasuser/ https://avd.aquasec.com/appshield/ksv021
Kubernetes Security Check	KSV021	Runs with low group ID	MEDIUM	Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. Container 'hostpatch' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsGroup' > 10000	Expand... https://kubesec.io/basics/containers-securitycontext-runasuser/ https://avd.aquasec.com/appshield/ksv021
Kubernetes Security Check	KSV023	hostPath volumes mounted	MEDIUM	Expand... HostPath volumes must be forbidden. Deployment 'RELEASE-NAME-pixapop' should not set 'spec.template.volumes.hostPath'	Expand... https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline https://avd.aquasec.com/appshield/ksv023
Kubernetes Security Check	KSV029	A root primary or supplementary GID set	LOW	Expand... Containers should be forbidden from running with a root primary or supplementary GID. Deployment 'RELEASE-NAME-pixapop' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0	Expand... https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted https://avd.aquasec.com/appshield/ksv029

Containers

Detected Containers

      tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
      tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
      tccr.io/truecharts/pixapop:v1.2-ls15@sha256:6a05383524fcd51b0b692d508dd16ed6948337aa272677e01baa6d8ba119c070

Scan Results

Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)

alpine

Package	Vulnerability	Severity	Installed Version	Fixed Version	Links
busybox	CVE-2022-28391	CRITICAL	1.34.1-r4	1.34.1-r5	Expand... https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 https://nvd.nist.gov/vuln/detail/CVE-2022-28391
ssl_client	CVE-2022-28391	CRITICAL	1.34.1-r4	1.34.1-r5	Expand... https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 https://nvd.nist.gov/vuln/detail/CVE-2022-28391
zlib	CVE-2018-25032	HIGH	1.2.11-r3	1.2.12-r0	Expand... http://www.openwall.com/lists/oss-security/2022/03/25/2 http://www.openwall.com/lists/oss-security/2022/03/26/1 https://access.redhat.com/security/cve/CVE-2018-25032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032 https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 https://github.com/madler/zlib/issues/605 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4 https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5 https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/ https://nvd.nist.gov/vuln/detail/CVE-2018-25032 https://ubuntu.com/security/notices/USN-5355-1 https://ubuntu.com/security/notices/USN-5355-2 https://ubuntu.com/security/notices/USN-5359-1 https://www.debian.org/security/2022/dsa-5111 https://www.openwall.com/lists/oss-security/2022/03/24/1 https://www.openwall.com/lists/oss-security/2022/03/28/1 https://www.openwall.com/lists/oss-security/2022/03/28/3

Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)

alpine

Package	Vulnerability	Severity	Installed Version	Fixed Version	Links
busybox	CVE-2022-28391	CRITICAL	1.34.1-r4	1.34.1-r5	Expand... https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 https://nvd.nist.gov/vuln/detail/CVE-2022-28391
ssl_client	CVE-2022-28391	CRITICAL	1.34.1-r4	1.34.1-r5	Expand... https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 https://nvd.nist.gov/vuln/detail/CVE-2022-28391
zlib	CVE-2018-25032	HIGH	1.2.11-r3	1.2.12-r0	Expand... http://www.openwall.com/lists/oss-security/2022/03/25/2 http://www.openwall.com/lists/oss-security/2022/03/26/1 https://access.redhat.com/security/cve/CVE-2018-25032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032 https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 https://github.com/madler/zlib/issues/605 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4 https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5 https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/ https://nvd.nist.gov/vuln/detail/CVE-2018-25032 https://ubuntu.com/security/notices/USN-5355-1 https://ubuntu.com/security/notices/USN-5355-2 https://ubuntu.com/security/notices/USN-5359-1 https://www.debian.org/security/2022/dsa-5111 https://www.openwall.com/lists/oss-security/2022/03/24/1 https://www.openwall.com/lists/oss-security/2022/03/28/1 https://www.openwall.com/lists/oss-security/2022/03/28/3

Container: Node.js

node-pkg

Package	Vulnerability	Severity	Installed Version	Fixed Version	Links
acorn	GHSA-6chw-6frg-f759	HIGH	6.1.1	5.7.4, 7.1.1, 6.4.1	Expand... https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802 https://github.com/acornjs/acorn/issues/929 https://github.com/advisories/GHSA-6chw-6frg-f759 https://snyk.io/vuln/SNYK-JS-ACORN-559469 https://www.npmjs.com/advisories/1488
ajv	CVE-2020-15366	MEDIUM	6.10.0	6.12.3	Expand... https://access.redhat.com/security/cve/CVE-2020-15366 https://github.com/advisories/GHSA-v88g-cgmw-v5xw https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f https://github.com/ajv-validator/ajv/releases/tag/v6.12.3 https://github.com/ajv-validator/ajv/tags https://hackerone.com/bugs?subject=user&report_id=894259 https://linux.oracle.com/cve/CVE-2020-15366.html https://linux.oracle.com/errata/ELSA-2021-0551.html https://nvd.nist.gov/vuln/detail/CVE-2020-15366 https://snyk.io/vuln/SNYK-JS-AJV-584908
ansi-html	CVE-2021-23424	HIGH	0.0.7	0.0.8	Expand... https://access.redhat.com/security/cve/CVE-2021-23424 https://github.com/Tjatse/ansi-html/commit/8142b25bca3133ea060bcc1889277dc482327a63 https://github.com/Tjatse/ansi-html/issues/19 https://github.com/advisories/GHSA-whgm-jr23-g3j9 https://github.com/ioet/time-tracker-ui/security/advisories/GHSA-4fjc-8q3h-8r69 https://nvd.nist.gov/vuln/detail/CVE-2021-23424 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1567198 https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849
ansi-regex	CVE-2021-3807	MEDIUM	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	Expand... https://access.redhat.com/security/cve/CVE-2021-3807 https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 https://github.com/advisories/GHSA-93q8-gq69-wqmw https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311 https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774 https://github.com/chalk/ansi-regex/releases/tag/v6.0.1 https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 https://linux.oracle.com/cve/CVE-2021-3807.html https://linux.oracle.com/errata/ELSA-2022-0350.html https://nvd.nist.gov/vuln/detail/CVE-2021-3807 https://www.oracle.com/security-alerts/cpuapr2022.html
async	CVE-2021-43138	HIGH	1.5.2	2.6.4, 3.2.2	Expand... https://github.com/advisories/GHSA-fwr7-v2mv-hh25 https://github.com/caolan/async/blob/master/lib/internal/iterator.js https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264 https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2 https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d https://github.com/caolan/async/pull/1828 https://jsfiddle.net/oz5twjd9/ https://nvd.nist.gov/vuln/detail/CVE-2021-43138
browserslist	CVE-2021-23364	MEDIUM	4.4.2	4.16.5	Expand... https://access.redhat.com/security/cve/CVE-2021-23364 https://github.com/advisories/GHSA-w8qv-6jwh-64r5 https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474 https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98 https://github.com/browserslist/browserslist/pull/593 https://nvd.nist.gov/vuln/detail/CVE-2021-23364 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182 https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
color-string	CVE-2021-29060	MEDIUM	1.5.3	1.5.5	Expand... https://access.redhat.com/security/cve/CVE-2021-29060 https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3 https://github.com/Qix-/color-string/releases/tag/1.5.5 https://github.com/advisories/GHSA-257v-vj4p-3w2h https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md https://github.com/yetingli/SaveResults/blob/main/js/color-string.js https://nvd.nist.gov/vuln/detail/CVE-2021-29060 https://snyk.io/vuln/SNYK-JS-COLORSTRING-1082939 https://www.npmjs.com/package/color-string
dns-packet	CVE-2021-23386	HIGH	1.3.1	1.3.2, 5.2.2	Expand... https://access.redhat.com/security/cve/CVE-2021-23386 https://github.com/advisories/GHSA-3wcq-x3mq-6r9p https://github.com/mafintosh/dns-packet/commit/0d0d593f8df4e2712c43957a6c62e95047f12b2d https://github.com/mafintosh/dns-packet/commit/25f15dd0fedc53688b25fd053ebbdffe3d5c1c56 https://hackerone.com/bugs?subject=user&amp%3Breport_id=968858 https://nvd.nist.gov/vuln/detail/CVE-2021-23386 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1295719 https://snyk.io/vuln/SNYK-JS-DNSPACKET-1293563
dot-prop	CVE-2020-8116	HIGH	4.2.0	5.1.1, 4.2.1	Expand... https://access.redhat.com/security/cve/CVE-2020-8116 https://github.com/advisories/GHSA-ff7x-qrg7-qggm https://github.com/sindresorhus/dot-prop/issues/63 https://github.com/sindresorhus/dot-prop/tree/v4 https://hackerone.com/reports/719856 https://linux.oracle.com/cve/CVE-2020-8116.html https://linux.oracle.com/errata/ELSA-2021-0548.html https://nvd.nist.gov/vuln/detail/CVE-2020-8116
elliptic	CVE-2020-13822	HIGH	6.4.1	6.5.3	Expand... https://access.redhat.com/security/cve/CVE-2020-13822 https://github.com/advisories/GHSA-vh7m-p724-62c2 https://github.com/indutny/elliptic/issues/226 https://medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4 https://nvd.nist.gov/vuln/detail/CVE-2020-13822 https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484 https://www.npmjs.com/package/elliptic https://yondon.blog/2019/01/01/how-not-to-use-ecdsa/
elliptic	CVE-2020-28498	MEDIUM	6.4.1	6.5.4	Expand... https://github.com/advisories/GHSA-r9p9-mrjm-926w https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f https://github.com/indutny/elliptic/pull/244/commits https://nvd.nist.gov/vuln/detail/CVE-2020-28498 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836 https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899 https://www.npmjs.com/package/elliptic
follow-redirects	CVE-2022-0155	HIGH	1.7.0	1.14.7	Expand... https://access.redhat.com/security/cve/CVE-2022-0155 https://github.com/advisories/GHSA-74fj-2j2h-c42q https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406 https://nvd.nist.gov/vuln/detail/CVE-2022-0155
follow-redirects	CVE-2022-0536	MEDIUM	1.7.0	1.14.8	Expand... https://access.redhat.com/security/cve/CVE-2022-0536 https://github.com/advisories/GHSA-pw2r-vq6v-hr8c https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445 https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db https://nvd.nist.gov/vuln/detail/CVE-2022-0536
glob-parent	CVE-2020-28469	HIGH	3.1.0	5.1.2	Expand... https://access.redhat.com/security/cve/CVE-2020-28469 https://github.com/advisories/GHSA-ww39-953v-wcq6 https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9 https://github.com/gulpjs/glob-parent/pull/36 https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2 https://linux.oracle.com/cve/CVE-2020-28469.html https://linux.oracle.com/errata/ELSA-2022-0350.html https://nvd.nist.gov/vuln/detail/CVE-2020-28469 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092 https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 https://www.oracle.com/security-alerts/cpujan2022.html
hosted-git-info	CVE-2021-23362	MEDIUM	2.7.1	2.8.9, 3.0.8	Expand... https://access.redhat.com/security/cve/CVE-2021-23362 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/advisories/GHSA-43f8-2h32-f4cj https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7 https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01 https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3 https://github.com/npm/hosted-git-info/commits/v2 https://github.com/npm/hosted-git-info/pull/76 https://linux.oracle.com/cve/CVE-2021-23362.html https://linux.oracle.com/errata/ELSA-2021-3074.html https://nvd.nist.gov/vuln/detail/CVE-2021-23362 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356 https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
http-proxy	GHSA-6x33-pw7p-hmpq	HIGH	1.17.0	1.18.1	Expand... https://github.com/advisories/GHSA-6x33-pw7p-hmpq https://github.com/http-party/node-http-proxy/pull/1447/files https://www.npmjs.com/advisories/1486
ini	CVE-2020-7788	HIGH	1.3.5	1.3.6	Expand... https://access.redhat.com/security/cve/CVE-2020-7788 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788 https://github.com/advisories/GHSA-qqgx-2p2h-9c37 https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6) https://linux.oracle.com/cve/CVE-2020-7788.html https://linux.oracle.com/errata/ELSA-2022-0350.html https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html https://nvd.nist.gov/vuln/detail/CVE-2020-7788 https://snyk.io/vuln/SNYK-JS-INI-1048974 https://www.npmjs.com/advisories/1589
is-svg	CVE-2021-28092	HIGH	3.0.0	4.2.2	Expand... https://access.redhat.com/security/cve/CVE-2021-28092 https://github.com/advisories/GHSA-7r28-3m3f-r2pr https://github.com/sindresorhus/is-svg/commit/01f8a087fab8a69c3ac9085fbb16035907ab6a5b https://github.com/sindresorhus/is-svg/releases https://github.com/sindresorhus/is-svg/releases/tag/v4.2.2 https://nvd.nist.gov/vuln/detail/CVE-2021-28092 https://security.netapp.com/advisory/ntap-20210513-0008/ https://www.npmjs.com/package/is-svg
is-svg	CVE-2021-29059	HIGH	3.0.0	4.3.0	Expand... https://access.redhat.com/security/cve/CVE-2021-29059 https://github.com/advisories/GHSA-r8j5-h5cx-65gg https://github.com/sindresorhus/is-svg/commit/732fc72779840c45a30817d3fe28e12058592b02 https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0 https://github.com/yetingli/PoCs/blob/main/CVE-2021-29059/IS-SVG.md https://github.com/yetingli/SaveResults/blob/main/js/is-svg.js https://nvd.nist.gov/vuln/detail/CVE-2021-29059 https://www.npmjs.com/package/is-svg
js-yaml	GHSA-8j8c-7jfh-h6hx	HIGH	3.12.2	3.13.1	Expand... https://github.com/advisories/GHSA-8j8c-7jfh-h6hx https://github.com/nodeca/js-yaml/pull/480 https://www.npmjs.com/advisories/813
js-yaml	GHSA-2pr6-76vf-7546	MEDIUM	3.12.2	3.13.0	Expand... https://github.com/advisories/GHSA-2pr6-76vf-7546 https://github.com/nodeca/js-yaml/commit/a567ef3c6e61eb319f0bfc2671d91061afb01235 https://github.com/nodeca/js-yaml/issues/475 https://snyk.io/vuln/SNYK-JS-JSYAML-173999 https://www.npmjs.com/advisories/788 https://www.npmjs.com/advisories/788/versions
kind-of	CVE-2019-20149	HIGH	6.0.2	6.0.3	Expand... https://access.redhat.com/security/cve/CVE-2019-20149 https://github.com/advisories/GHSA-6c8f-qphg-qjgp https://github.com/jonschlinkert/kind-of/commit/1df992ce6d5a1292048e5fe9c52c5382f941ee0b https://github.com/jonschlinkert/kind-of/issues/30 https://github.com/jonschlinkert/kind-of/pull/31 https://nvd.nist.gov/vuln/detail/CVE-2019-20149 https://snyk.io/vuln/SNYK-JS-KINDOF-537849 https://www.npmjs.com/advisories/1490
lodash	CVE-2019-10744	CRITICAL	4.17.11	4.17.12	Expand... https://access.redhat.com/errata/RHSA-2019:3024 https://access.redhat.com/security/cve/CVE-2019-10744 https://github.com/advisories/GHSA-jf85-cpcp-j695 https://github.com/lodash/lodash/pull/4336 https://nvd.nist.gov/vuln/detail/CVE-2019-10744 https://security.netapp.com/advisory/ntap-20191004-0005/ https://snyk.io/vuln/SNYK-JS-LODASH-450202 https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS https://www.npmjs.com/advisories/1065 https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020.html
lodash	CVE-2020-8203	HIGH	4.17.11	4.17.20	Expand... https://access.redhat.com/security/cve/CVE-2020-8203 https://github.com/advisories/GHSA-p6mc-m468-83gw https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12 https://github.com/lodash/lodash/issues/4744 https://github.com/lodash/lodash/issues/4874 https://hackerone.com/reports/712065 https://nvd.nist.gov/vuln/detail/CVE-2020-8203 https://security.netapp.com/advisory/ntap-20200724-0006/ https://www.npmjs.com/advisories/1523 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuoct2021.html
lodash	CVE-2021-23337	HIGH	4.17.11	4.17.21	Expand... https://access.redhat.com/security/cve/CVE-2021-23337 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851 https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851 https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c https://nvd.nist.gov/vuln/detail/CVE-2021-23337 https://security.netapp.com/advisory/ntap-20210312-0006/ https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929 https://snyk.io/vuln/SNYK-JS-LODASH-1040724 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuoct2021.html
lodash	CVE-2020-28500	MEDIUM	4.17.11	4.17.21	Expand... https://access.redhat.com/security/cve/CVE-2020-28500 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500 https://github.com/advisories/GHSA-29mw-wpgm-hmr9 https://github.com/lodash/lodash/blob/npm/trimEnd.js#L8 https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8 https://github.com/lodash/lodash/pull/5065 https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7 https://nvd.nist.gov/vuln/detail/CVE-2020-28500 https://security.netapp.com/advisory/ntap-20210312-0006/ https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893 https://snyk.io/vuln/SNYK-JS-LODASH-1018905 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuoct2021.html
mem	GHSA-4xcv-9jjx-gfj3	MEDIUM	1.1.0	4.0.0	Expand... https://bugzilla.redhat.com/show_bug.cgi?id=1623744 https://github.com/advisories/GHSA-4xcv-9jjx-gfj3 https://github.com/sindresorhus/mem/commit/da4e4398cb27b602de3bd55f746efa9b4a31702b https://snyk.io/vuln/npm:mem:20180117 https://www.npmjs.com/advisories/1084
minimist	CVE-2021-44906	CRITICAL	0.0.8	1.2.6	Expand... https://access.redhat.com/security/cve/CVE-2021-44906 https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip https://github.com/advisories/GHSA-xvch-5gv4-984h https://github.com/substack/minimist/blob/master/index.js#L69 https://github.com/substack/minimist/issues/164 https://nvd.nist.gov/vuln/detail/CVE-2021-44906 https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068
minimist	CVE-2020-7598	MEDIUM	0.0.8	1.2.3, 0.2.1	Expand... http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html https://access.redhat.com/security/cve/CVE-2020-7598 https://github.com/advisories/GHSA-vh95-rmgr-6w4m https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95 https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94 https://linux.oracle.com/cve/CVE-2020-7598.html https://linux.oracle.com/errata/ELSA-2020-2852.html https://nvd.nist.gov/vuln/detail/CVE-2020-7598 https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 https://www.npmjs.com/advisories/1179
minimist	CVE-2021-44906	CRITICAL	1.2.0	1.2.6	Expand... https://access.redhat.com/security/cve/CVE-2021-44906 https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip https://github.com/advisories/GHSA-xvch-5gv4-984h https://github.com/substack/minimist/blob/master/index.js#L69 https://github.com/substack/minimist/issues/164 https://nvd.nist.gov/vuln/detail/CVE-2021-44906 https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068
minimist	CVE-2020-7598	MEDIUM	1.2.0	1.2.3, 0.2.1	Expand... http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html https://access.redhat.com/security/cve/CVE-2020-7598 https://github.com/advisories/GHSA-vh95-rmgr-6w4m https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95 https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94 https://linux.oracle.com/cve/CVE-2020-7598.html https://linux.oracle.com/errata/ELSA-2020-2852.html https://nvd.nist.gov/vuln/detail/CVE-2020-7598 https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 https://www.npmjs.com/advisories/1179
mixin-deep	CVE-2019-10746	CRITICAL	1.3.1	2.0.1, 1.3.2	Expand... https://access.redhat.com/security/cve/CVE-2019-10746 https://github.com/advisories/GHSA-fhjf-83wg-r2j9 https://linux.oracle.com/cve/CVE-2019-10746.html https://linux.oracle.com/errata/ELSA-2021-0549.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFNIVG2XYFPZJY3DYYBJASZ7ZMKBMIJT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXRA365KZCUNXMU3KDH5JN5BEPNIGUKC/ https://nvd.nist.gov/vuln/detail/CVE-2019-10746 https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212 https://www.npmjs.com/advisories/1013
moment	CVE-2022-24785	HIGH	2.24.0	2.29.2	Expand... https://access.redhat.com/security/cve/CVE-2022-24785 https://github.com/advisories/GHSA-8hfj-j24r-96c4 https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5 https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4 https://nvd.nist.gov/vuln/detail/CVE-2022-24785 https://www.tenable.com/security/tns-2022-09
node-forge	CVE-2020-7720	HIGH	0.7.5	0.10.0	Expand... https://access.redhat.com/security/cve/CVE-2020-7720 https://github.com/advisories/GHSA-92xj-mqp7-vmcj https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed https://nvd.nist.gov/vuln/detail/CVE-2020-7720 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293 https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
node-forge	CVE-2022-24771	HIGH	0.7.5	1.3.0	Expand... https://access.redhat.com/security/cve/CVE-2022-24771 https://github.com/advisories/GHSA-cfm4-qjh2-4765 https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1 https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2 https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765 https://nvd.nist.gov/vuln/detail/CVE-2022-24771
node-forge	CVE-2022-24772	HIGH	0.7.5	1.3.0	Expand... https://access.redhat.com/security/cve/CVE-2022-24772 https://github.com/advisories/GHSA-x4jg-mjrx-434g https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1 https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2 https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g https://nvd.nist.gov/vuln/detail/CVE-2022-24772
node-forge	CVE-2022-0122	MEDIUM	0.7.5	1.0.0	Expand... https://github.com/advisories/GHSA-8fr3-hfg3-gpgp https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae https://nvd.nist.gov/vuln/detail/CVE-2022-0122
node-forge	CVE-2022-24773	MEDIUM	0.7.5	1.3.0	Expand... https://access.redhat.com/security/cve/CVE-2022-24773 https://github.com/advisories/GHSA-2r2c-g63r-vccr https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1 https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2 https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr https://nvd.nist.gov/vuln/detail/CVE-2022-24773
node-forge	GHSA-5rrq-pxf6-6jx5	LOW	0.7.5	1.0.0	Expand... https://github.com/advisories/GHSA-5rrq-pxf6-6jx5 https://github.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5
node-forge	GHSA-gf8q-jrpm-jvxq	LOW	0.7.5	1.0.0	Expand... https://github.com/advisories/GHSA-gf8q-jrpm-jvxq https://github.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq
node-forge	GHSA-wxgw-qj99-44c2	LOW	0.7.5	0.10.0	Expand... https://github.com/advisories/GHSA-wxgw-qj99-44c2 https://github.com/digitalbazaar/forge/security/advisories/GHSA-wxgw-qj99-44c2
node-notifier	CVE-2020-7789	MEDIUM	5.4.0	8.0.1	Expand... https://access.redhat.com/security/cve/CVE-2020-7789 https://github.com/advisories/GHSA-5fw9-fq32-wv5p https://github.com/mikaelbr/node-notifier/blob/master/lib/utils.js%23L303 https://github.com/mikaelbr/node-notifier/commit/5d62799dab88505a709cd032653b2320c5813fce https://nvd.nist.gov/vuln/detail/CVE-2020-7789 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050371 https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794
nth-check	CVE-2021-3803	MEDIUM	1.0.2	2.0.1	Expand... https://access.redhat.com/security/cve/CVE-2021-3803 https://github.com/advisories/GHSA-rp65-9cf3-cjxr https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726 https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0 https://nvd.nist.gov/vuln/detail/CVE-2021-3803
object-path	CVE-2020-15256	HIGH	0.9.2	0.11.5	Expand... https://access.redhat.com/security/cve/CVE-2020-15256 https://github.com/advisories/GHSA-cwx2-736x-mf6w https://github.com/mariocasciaro/object-path/commit/2be3354c6c46215c7635eb1b76d80f1319403c68 https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w https://nvd.nist.gov/vuln/detail/CVE-2020-15256
object-path	CVE-2021-3805	HIGH	0.9.2	0.11.8	Expand... https://access.redhat.com/security/cve/CVE-2021-3805 https://github.com/advisories/GHSA-8v63-cqqc-6r2c https://github.com/mariocasciaro/object-path/commit/4f0903fd7c832d12ccbe0d9c3d7e25d985e9e884 https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6 https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053 https://nvd.nist.gov/vuln/detail/CVE-2021-3805
object-path	CVE-2021-23434	MEDIUM	0.9.2	0.11.6	Expand... https://access.redhat.com/security/cve/CVE-2021-23434 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23434 https://github.com/advisories/GHSA-v39p-96qg-c8rf https://github.com/mariocasciaro/object-path#0116 https://github.com/mariocasciaro/object-path%230116 https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb https://nvd.nist.gov/vuln/detail/CVE-2021-23434 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1570423 https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453
path-parse	CVE-2021-23343	MEDIUM	1.0.6	1.0.7	Expand... https://access.redhat.com/security/cve/CVE-2021-23343 https://github.com/advisories/GHSA-hj48-42vr-x3v9 https://github.com/jbgutierrez/path-parse/commit/eca63a7b9a473bf6978a2f5b7b3343662d1506f7 https://github.com/jbgutierrez/path-parse/issues/8 https://github.com/jbgutierrez/path-parse/pull/10 https://linux.oracle.com/cve/CVE-2021-23343.html https://linux.oracle.com/errata/ELSA-2021-3666.html https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85@%3Cdev.myfaces.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2021-23343 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028 https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067
postcss	CVE-2021-23382	MEDIUM	6.0.23	7.0.36, 8.2.13	Expand... https://access.redhat.com/security/cve/CVE-2021-23382 https://github.com/advisories/GHSA-566m-qj78-rww5 https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956 https://github.com/postcss/postcss/releases/tag/7.0.36 https://nvd.nist.gov/vuln/detail/CVE-2021-23382 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641 https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
postcss	CVE-2021-23368	MEDIUM	7.0.14	8.2.10, 7.0.36	Expand... https://access.redhat.com/security/cve/CVE-2021-23368 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368 https://github.com/advisories/GHSA-hwj9-h5mp-3pm3 https://github.com/postcss/postcss/commit/54cbf3c4847eb0fb1501b9d2337465439e849734 https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4 https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5 https://lists.apache.org/thread.html/r00158f5d770d75d0655c5eef1bdbc6150531606c8f8bcb778f0627be@%3Cdev.myfaces.apache.org%3E https://lists.apache.org/thread.html/r16e295b4f02d81b79981237d602cb0b9e59709bafaa73ac98be7cef1@%3Cdev.myfaces.apache.org%3E https://lists.apache.org/thread.html/r49afb49b38748897211b1f89c3a64dc27f9049474322b05715695aab@%3Cdev.myfaces.apache.org%3E https://lists.apache.org/thread.html/r5acd89f3827ad9a9cad6d24ed93e377f7114867cd98cfba616c6e013@%3Ccommits.myfaces.apache.org%3E https://lists.apache.org/thread.html/r8def971a66cf3e375178fbee752e1b04a812a047cc478ad292007e33@%3Cdev.myfaces.apache.org%3E https://lists.apache.org/thread.html/rad5af2044afb51668b1008b389ac815a28ecea9eb75ae2cab5a00ebb@%3Ccommits.myfaces.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2021-23368 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1244795 https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595
postcss	CVE-2021-23382	MEDIUM	7.0.14	7.0.36, 8.2.13	Expand... https://access.redhat.com/security/cve/CVE-2021-23382 https://github.com/advisories/GHSA-566m-qj78-rww5 https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956 https://github.com/postcss/postcss/releases/tag/7.0.36 https://nvd.nist.gov/vuln/detail/CVE-2021-23382 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641 https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
serialize-javascript	CVE-2020-7660	HIGH	1.6.1	3.1.0	Expand... https://access.redhat.com/security/cve/CVE-2020-7660 https://github.com/advisories/GHSA-hxcc-f52p-wc94 https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd https://nvd.nist.gov/vuln/detail/CVE-2020-7660
serialize-javascript	CVE-2019-16769	MEDIUM	1.6.1	2.1.1	Expand... https://access.redhat.com/security/cve/CVE-2019-16769 https://github.com/advisories/GHSA-h9rv-jmmf-4pgx https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx https://nvd.nist.gov/vuln/detail/CVE-2019-16769 https://www.npmjs.com/advisories/1426
set-value	CVE-2019-10747	CRITICAL	0.4.3	3.0.1, 2.0.1	Expand... https://access.redhat.com/security/cve/CVE-2019-10747 https://github.com/advisories/GHSA-4g88-fppr-53pp https://linux.oracle.com/cve/CVE-2019-10747.html https://linux.oracle.com/errata/ELSA-2021-0549.html https://lists.apache.org/thread.html/b46f35559c4a97cf74d2dd7fe5a48f8abf2ff37f879083920af9b292@%3Cdev.drat.apache.org%3E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3HNLQZQINMZK6GYB2UTKK4VU7WBV2OT/ https://nvd.nist.gov/vuln/detail/CVE-2019-10747 https://snyk.io/vuln/SNYK-JS-SETVALUE-450213 https://www.npmjs.com/advisories/1012
set-value	CVE-2021-23440	HIGH	0.4.3	2.0.1, 4.0.1	Expand... https://access.redhat.com/security/cve/CVE-2021-23440 https://github.com/advisories/GHSA-4jqc-8m5r-9rpr https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452 https://github.com/jonschlinkert/set-value/pull/33 https://nvd.nist.gov/vuln/detail/CVE-2021-23440 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212 https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541 https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/ https://www.oracle.com/security-alerts/cpujan2022.html
set-value	CVE-2019-10747	CRITICAL	2.0.0	3.0.1, 2.0.1	Expand... https://access.redhat.com/security/cve/CVE-2019-10747 https://github.com/advisories/GHSA-4g88-fppr-53pp https://linux.oracle.com/cve/CVE-2019-10747.html https://linux.oracle.com/errata/ELSA-2021-0549.html https://lists.apache.org/thread.html/b46f35559c4a97cf74d2dd7fe5a48f8abf2ff37f879083920af9b292@%3Cdev.drat.apache.org%3E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3HNLQZQINMZK6GYB2UTKK4VU7WBV2OT/ https://nvd.nist.gov/vuln/detail/CVE-2019-10747 https://snyk.io/vuln/SNYK-JS-SETVALUE-450213 https://www.npmjs.com/advisories/1012
set-value	CVE-2021-23440	HIGH	2.0.0	2.0.1, 4.0.1	Expand... https://access.redhat.com/security/cve/CVE-2021-23440 https://github.com/advisories/GHSA-4jqc-8m5r-9rpr https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452 https://github.com/jonschlinkert/set-value/pull/33 https://nvd.nist.gov/vuln/detail/CVE-2021-23440 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212 https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541 https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/ https://www.oracle.com/security-alerts/cpujan2022.html
sockjs	CVE-2020-7693	MEDIUM	0.3.19	0.3.20	Expand... https://access.redhat.com/security/cve/CVE-2020-7693 https://github.com/advisories/GHSA-c9g6-9335-x697 https://github.com/andsnw/sockjs-dos-py https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e051d16 https://github.com/sockjs/sockjs-node/issues/252 https://github.com/sockjs/sockjs-node/pull/265 https://nvd.nist.gov/vuln/detail/CVE-2020-7693 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448 https://snyk.io/vuln/SNYK-JS-SOCKJS-575261 https://www.npmjs.com/package/sockjs
ssri	CVE-2021-27290	HIGH	6.0.1	8.0.1, 7.1.1, 6.0.2	Expand... https://access.redhat.com/security/cve/CVE-2021-27290 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27290 https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf https://github.com/advisories/GHSA-vx3p-948g-6vhq https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2 https://github.com/npm/ssri/commit/b30dfdb00bb94ddc49a25a85a18fb27afafdfbb1 https://github.com/npm/ssri/pull/20#issuecomment-842677644 https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf https://linux.oracle.com/cve/CVE-2021-27290.html https://linux.oracle.com/errata/ELSA-2021-3074.html https://npmjs.com https://nvd.nist.gov/vuln/detail/CVE-2021-27290 https://www.npmjs.com/package/ssri https://www.oracle.com/security-alerts/cpuoct2021.html
tar	CVE-2021-32803	HIGH	4.4.8	6.1.2, 5.0.7, 4.4.15, 3.2.3	Expand... https://access.redhat.com/security/cve/CVE-2021-32803 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/advisories/GHSA-r628-mhmh-qjhw https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20 https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw https://linux.oracle.com/cve/CVE-2021-32803.html https://linux.oracle.com/errata/ELSA-2021-3666.html https://nvd.nist.gov/vuln/detail/CVE-2021-32803 https://www.npmjs.com/advisories/1771 https://www.npmjs.com/package/tar https://www.oracle.com/security-alerts/cpuoct2021.html
tar	CVE-2021-32804	HIGH	4.4.8	6.1.1, 5.0.6, 4.4.14, 3.2.2	Expand... https://access.redhat.com/security/cve/CVE-2021-32804 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/advisories/GHSA-3jfq-g458-7qm9 https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4 https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9 https://linux.oracle.com/cve/CVE-2021-32804.html https://linux.oracle.com/errata/ELSA-2021-3666.html https://nvd.nist.gov/vuln/detail/CVE-2021-32804 https://www.npmjs.com/advisories/1770 https://www.npmjs.com/package/tar https://www.oracle.com/security-alerts/cpuoct2021.html
tar	CVE-2021-37701	HIGH	4.4.8	6.1.7, 5.0.8, 4.4.16	Expand... https://access.redhat.com/security/cve/CVE-2021-37701 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/advisories/GHSA-9r2w-394v-53qc https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc https://linux.oracle.com/cve/CVE-2021-37701.html https://linux.oracle.com/errata/ELSA-2022-0350.html https://nvd.nist.gov/vuln/detail/CVE-2021-37701 https://www.debian.org/security/2021/dsa-5008 https://www.npmjs.com/advisories/1779 https://www.npmjs.com/package/tar https://www.oracle.com/security-alerts/cpuoct2021.html
tar	CVE-2021-37712	HIGH	4.4.8	6.1.9, 5.0.10, 4.4.18	Expand... https://access.redhat.com/security/cve/CVE-2021-37712 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/advisories/GHSA-qq89-hq3f-393p https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p https://linux.oracle.com/cve/CVE-2021-37712.html https://linux.oracle.com/errata/ELSA-2022-0350.html https://nvd.nist.gov/vuln/detail/CVE-2021-37712 https://www.debian.org/security/2021/dsa-5008 https://www.npmjs.com/advisories/1780 https://www.npmjs.com/package/tar https://www.oracle.com/security-alerts/cpuoct2021.html
tar	CVE-2021-37713	HIGH	4.4.8	6.1.9, 5.0.10, 4.4.18	Expand... https://access.redhat.com/security/cve/CVE-2021-37713 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/advisories/GHSA-5955-9wpr-37jh https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh https://nvd.nist.gov/vuln/detail/CVE-2021-37713 https://www.npmjs.com/package/tar https://www.oracle.com/security-alerts/cpuoct2021.html
url-parse	CVE-2022-0686	CRITICAL	1.4.4	1.5.8	Expand... https://access.redhat.com/security/cve/CVE-2022-0686 https://github.com/advisories/GHSA-hgjh-723h-mx2j https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5 https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c https://nvd.nist.gov/vuln/detail/CVE-2022-0686 https://security.netapp.com/advisory/ntap-20220325-0006/
url-parse	CVE-2021-27515	HIGH	1.4.4	1.5.0	Expand... https://access.redhat.com/security/cve/CVE-2021-27515 https://advisory.checkmarx.net/advisory/CX-2021-4306 https://github.com/advisories/GHSA-9m6j-fcg5-2442 https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0 https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.0 https://github.com/unshiftio/url-parse/pull/197 https://nvd.nist.gov/vuln/detail/CVE-2021-27515
url-parse	CVE-2020-8124	MEDIUM	1.4.4	1.4.5	Expand... https://access.redhat.com/security/cve/CVE-2020-8124 https://github.com/advisories/GHSA-46c4-8wrp-j99v https://hackerone.com/reports/496293 https://nvd.nist.gov/vuln/detail/CVE-2020-8124
url-parse	CVE-2021-3664	MEDIUM	1.4.4	1.5.2	Expand... https://access.redhat.com/security/cve/CVE-2021-3664 https://github.com/advisories/GHSA-hh27-ffr2-f2jc https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0 https://github.com/unshiftio/url-parse/issues/205 https://github.com/unshiftio/url-parse/issues/206 https://huntr.dev/bounties/1625557993985-unshiftio/url-parse https://huntr.dev/bounties/1625557993985-unshiftio/url-parse/ https://nvd.nist.gov/vuln/detail/CVE-2021-3664
url-parse	CVE-2022-0512	MEDIUM	1.4.4	1.5.6	Expand... https://access.redhat.com/security/cve/CVE-2022-0512 https://github.com/advisories/GHSA-rqff-837h-mm52 https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40 https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b https://nvd.nist.gov/vuln/detail/CVE-2022-0512
url-parse	CVE-2022-0639	MEDIUM	1.4.4	1.5.7	Expand... https://access.redhat.com/security/cve/CVE-2022-0639 https://github.com/advisories/GHSA-8v38-pw62-9cw2 https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788 https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155 https://nvd.nist.gov/vuln/detail/CVE-2022-0639
url-parse	CVE-2022-0691	MEDIUM	1.4.4	1.5.9	Expand... https://access.redhat.com/security/cve/CVE-2022-0691 https://github.com/advisories/GHSA-jf5r-8hm2-f872 https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63 https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4 https://nvd.nist.gov/vuln/detail/CVE-2022-0691 https://security.netapp.com/advisory/ntap-20220325-0006/
websocket-extensions	CVE-2020-7662	HIGH	0.1.3	0.1.4	Expand... https://access.redhat.com/security/cve/CVE-2020-7662 https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions https://github.com/advisories/GHSA-g78m-2chm-r7qv https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237 https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv https://nvd.nist.gov/vuln/detail/CVE-2020-7662 https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623
y18n	CVE-2020-7774	HIGH	3.2.1	5.0.5, 4.0.1, 3.2.2	Expand... https://access.redhat.com/security/cve/CVE-2020-7774 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/advisories/GHSA-c4w7-xm78-47vh https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25 https://github.com/yargs/y18n/issues/96 https://github.com/yargs/y18n/pull/108 https://linux.oracle.com/cve/CVE-2020-7774.html https://linux.oracle.com/errata/ELSA-2021-0551.html https://nvd.nist.gov/vuln/detail/CVE-2020-7774 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306 https://snyk.io/vuln/SNYK-JS-Y18N-1021887 https://www.oracle.com/security-alerts/cpuApr2021.html
y18n	CVE-2020-7774	HIGH	4.0.0	5.0.5, 4.0.1, 3.2.2	Expand... https://access.redhat.com/security/cve/CVE-2020-7774 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/advisories/GHSA-c4w7-xm78-47vh https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25 https://github.com/yargs/y18n/issues/96 https://github.com/yargs/y18n/pull/108 https://linux.oracle.com/cve/CVE-2020-7774.html https://linux.oracle.com/errata/ELSA-2021-0551.html https://nvd.nist.gov/vuln/detail/CVE-2020-7774 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306 https://snyk.io/vuln/SNYK-JS-Y18N-1021887 https://www.oracle.com/security-alerts/cpuApr2021.html
yargs-parser	CVE-2020-7608	MEDIUM	10.1.0	5.0.1, 13.1.2, 18.1.2, 15.0.1	Expand... https://access.redhat.com/security/cve/CVE-2020-7608 https://github.com/advisories/GHSA-p9pc-299p-vxgp https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2 https://linux.oracle.com/cve/CVE-2020-7608.html https://linux.oracle.com/errata/ELSA-2021-0548.html https://nvd.nist.gov/vuln/detail/CVE-2020-7608 https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 https://www.npmjs.com/advisories/1500
yargs-parser	CVE-2020-7608	MEDIUM	11.1.1	5.0.1, 13.1.2, 18.1.2, 15.0.1	Expand... https://access.redhat.com/security/cve/CVE-2020-7608 https://github.com/advisories/GHSA-p9pc-299p-vxgp https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2 https://linux.oracle.com/cve/CVE-2020-7608.html https://linux.oracle.com/errata/ELSA-2021-0548.html https://nvd.nist.gov/vuln/detail/CVE-2020-7608 https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 https://www.npmjs.com/advisories/1500
yargs-parser	CVE-2020-7608	MEDIUM	7.0.0	5.0.1, 13.1.2, 18.1.2, 15.0.1	Expand... https://access.redhat.com/security/cve/CVE-2020-7608 https://github.com/advisories/GHSA-p9pc-299p-vxgp https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2 https://linux.oracle.com/cve/CVE-2020-7608.html https://linux.oracle.com/errata/ELSA-2021-0548.html https://nvd.nist.gov/vuln/detail/CVE-2020-7608 https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 https://www.npmjs.com/advisories/1500

composer

Package	Vulnerability	Severity	Installed Version	Fixed Version	Links
symfony/cache	CVE-2019-18889	CRITICAL	v4.2.3	4.2.0, 4.2.12, 4.3.8, 3.2.0, 3.3.0, 3.4.0, 3.4.35, 4.1.0	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18889 https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml https://github.com/advisories/GHSA-79gr-58r3-pwm3 https://github.com/symfony/symfony/commit/8817d28fcaacb31fe01d267f6e19b44d8179395a https://github.com/symfony/symfony/releases/tag/v4.3.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/ https://nvd.nist.gov/vuln/detail/CVE-2019-18889 https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances https://symfony.com/blog/symfony-4-3-8-released https://symfony.com/cve-2019-18889
symfony/cache	CVE-2019-10912	HIGH	v4.2.3	3.4.0, 3.4.26, 4.1.0, 4.1.12, 4.2.7, 3.2.0, 3.3.0	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912 https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml https://github.com/advisories/GHSA-w2fr-65vp-mxw3 https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/ https://nvd.nist.gov/vuln/detail/CVE-2019-10912 https://seclists.org/bugtraq/2019/May/21 https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized https://symfony.com/cve-2019-10912 https://typo3.org/security/advisory/typo3-core-sa-2019-016 https://typo3.org/security/advisory/typo3-core-sa-2019-016/ https://www.debian.org/security/2019/dsa-4441
symfony/dependency-injection	CVE-2019-10910	CRITICAL	v4.2.4	3.1.0, 3.4.0, 3.4.26, 4.1.12, 4.2.7, 2.7.51, 2.8.50, 3.2.0, 3.3.0, 4.1.0	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910 https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml https://github.com/advisories/GHSA-pgwj-prpq-jpc2 https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b https://nvd.nist.gov/vuln/detail/CVE-2019-10910 https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid https://symfony.com/cve-2019-10910 https://www.drupal.org/SA-CORE-2019-005 https://www.synology.com/security/advisory/Synology_SA_19_19
symfony/framework-bundle	CVE-2019-10909	MEDIUM	v4.2.3	3.4.26, 4.1.0, 2.7.51, 2.8.50, 3.1.0, 3.2.0, 3.4.0, 3.3.0, 4.1.12, 4.2.7	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909 https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml https://github.com/advisories/GHSA-g996-q5r8-w7g2 https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2 https://nvd.nist.gov/vuln/detail/CVE-2019-10909 https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine https://symfony.com/cve-2019-10909 https://www.drupal.org/SA-CORE-2019-005 https://www.drupal.org/sa-core-2019-005 https://www.synology.com/security/advisory/Synology_SA_19_19
symfony/http-foundation	CVE-2019-10913	CRITICAL	v4.2.4	3.2.0, 4.1.0, 4.2.7, 3.4.26, 4.1.12, 2.7.51, 2.8.50, 3.1.0, 3.3.0, 3.4.0	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913 https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml https://github.com/advisories/GHSA-x92h-wmg2-6hp7 https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec https://nvd.nist.gov/vuln/detail/CVE-2019-10913 https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides https://symfony.com/cve-2019-10913
symfony/http-foundation	CVE-2019-18888	HIGH	v4.2.4	3.1.0, 3.2.0, 2.3.0, 2.4.0, 2.8.52, 2.6.0, 2.7.0, 3.3.0, 4.1.0, 4.2.0, 2.1.0, 2.2.0, 2.5.0, 3.4.35, 4.2.12, 4.3.8, 2.8.0, 3.4.0	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888 https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml https://github.com/advisories/GHSA-xhh6-956q-4q69 https://github.com/symfony/symfony/commit/691486e43ce0e4893cd703e221bafc10a871f365 https://github.com/symfony/symfony/commit/77ddabf2e785ea85860d2720cc86f7c5d8967ed5 https://github.com/symfony/symfony/releases/tag/v4.3.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/ https://nvd.nist.gov/vuln/detail/CVE-2019-18888 https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser https://symfony.com/blog/symfony-4-3-8-released https://symfony.com/cve-2019-18888
symfony/http-kernel	CVE-2019-18887	HIGH	v4.2.4	4.1.0, 2.4.0, 2.8.52, 3.2.0, 3.4.0, 3.4.35, 2.8.0, 3.1.0, 4.2.12, 2.3.0, 2.5.0, 3.3.0, 4.2.0, 4.3.8, 2.6.0, 2.7.0	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887 https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml https://github.com/advisories/GHSA-q8hg-pf8v-cxrv https://github.com/symfony/symfony/commit/cccefe6a7f12e776df0665aeb77fe9294c285fbb https://github.com/symfony/symfony/releases/tag/v4.3.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/ https://nvd.nist.gov/vuln/detail/CVE-2019-18887 https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner https://symfony.com/blog/symfony-4-3-8-released https://symfony.com/cve-2019-18887
symfony/var-exporter	CVE-2019-11325	CRITICAL	v4.2.3	4.2.12, 4.3.8	Expand... https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml https://github.com/advisories/GHSA-w4rc-rx25-8m86 https://github.com/symfony/symfony/releases/tag/v4.3.8 https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3 https://nvd.nist.gov/vuln/detail/CVE-2019-11325 https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter https://symfony.com/blog/symfony-4-3-8-released https://symfony.com/cve-2019-11325
twig/twig	CVE-2022-23614	CRITICAL	v2.6.2	2.14.11, 3.3.8	Expand... https://access.redhat.com/security/cve/CVE-2022-23614 https://github.com/advisories/GHSA-5mv2-rx3q-4w2v https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9 https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5 https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2PVV5DUTRUECTIHMTWRI5Z7DVNYQ2YO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTN4273U4RHVIXED64T7DSMJ3VYTPRE7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PECHIY2XLWUH2WLCNPDGNFMPHPRPCEDZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIGZCFSYLPP7UVJ4E4NLHSOQSKYNXSAD/ https://nvd.nist.gov/vuln/detail/CVE-2022-23614 https://symfony.com/blog/twig-security-release-disallow-non-closures-in-the-sort-filter https://www.debian.org/security/2022/dsa-5107
twig/twig	CVE-2019-9942	LOW	v2.6.2	1.38.0, 2.7.0	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9942 https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2019-9942.yaml https://github.com/advisories/GHSA-vxrc-68xx-x48g https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077 https://nvd.nist.gov/vuln/detail/CVE-2019-9942 https://seclists.org/bugtraq/2019/Mar/60 https://symfony.com/blog/twig-sandbox-information-disclosure https://www.debian.org/security/2019/dsa-4419

140 KiB Raw Blame History Unescape Escape

Security Overview

Helm-Chart

Scan Results

Chart Object: pixapop/templates/common.yaml

Containers

Detected Containers

Scan Results

Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)

Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)

Container: Node.js

140 KiB

Raw Blame History