package-lock.json - Trivy Report - 2026-05-25 13:46:39.463771977 +0000 UTC m=+2.162952199

npm
Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
axios	CVE-2021-3749	HIGH	0.19.2	0.21.2	https://access.redhat.com/security/cve/CVE-2021-3749 https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://github.com/axios/axios https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929 https://github.com/axios/axios/pull/3980 https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31 https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/ https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289@%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a%40%3Cdev.druid.apache.org%3E https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a@%3Cdev.druid.apache.org%3E https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E https://nvd.nist.gov/vuln/detail/CVE-2021-3749 https://www.cve.org/CVERecord?id=CVE-2021-3749 https://www.npmjs.com/package/axios https://www.oracle.com/security-alerts/cpujul2022.html
axios	CVE-2025-27152	HIGH	0.19.2	1.8.2, 0.30.0	https://access.redhat.com/security/cve/CVE-2025-27152 https://github.com/axios/axios https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f https://github.com/axios/axios/issues/6463 https://github.com/axios/axios/pull/6829 https://github.com/axios/axios/releases/tag/v1.8.2 https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6 https://nvd.nist.gov/vuln/detail/CVE-2025-27152 https://www.cve.org/CVERecord?id=CVE-2025-27152
axios	CVE-2026-25639	HIGH	0.19.2	1.13.5, 0.30.3	https://access.redhat.com/security/cve/CVE-2026-25639 https://github.com/axios/axios https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57 https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e https://github.com/axios/axios/pull/7369 https://github.com/axios/axios/pull/7388 https://github.com/axios/axios/releases/tag/v0.30.3 https://github.com/axios/axios/releases/tag/v1.13.5 https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433 https://nvd.nist.gov/vuln/detail/CVE-2026-25639 https://www.cve.org/CVERecord?id=CVE-2026-25639
axios	CVE-2026-42033	HIGH	0.19.2	1.15.1, 0.31.1	https://access.redhat.com/security/cve/CVE-2026-42033 https://github.com/axios/axios https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf https://nvd.nist.gov/vuln/detail/CVE-2026-42033 https://www.cve.org/CVERecord?id=CVE-2026-42033
axios	CVE-2026-42035	HIGH	0.19.2	1.15.1, 0.31.1	https://access.redhat.com/security/cve/CVE-2026-42035 https://github.com/axios/axios https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9 https://nvd.nist.gov/vuln/detail/CVE-2026-42035 https://www.cve.org/CVERecord?id=CVE-2026-42035
axios	CVE-2026-42043	HIGH	0.19.2	1.15.1, 0.31.1	https://access.redhat.com/security/cve/CVE-2026-42043 https://github.com/axios/axios https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7 https://nvd.nist.gov/vuln/detail/CVE-2026-42043 https://www.cve.org/CVERecord?id=CVE-2026-42043
axios	CVE-2025-27152	HIGH	0.27.2	1.8.2, 0.30.0	https://access.redhat.com/security/cve/CVE-2025-27152 https://github.com/axios/axios https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f https://github.com/axios/axios/issues/6463 https://github.com/axios/axios/pull/6829 https://github.com/axios/axios/releases/tag/v1.8.2 https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6 https://nvd.nist.gov/vuln/detail/CVE-2025-27152 https://www.cve.org/CVERecord?id=CVE-2025-27152
axios	CVE-2026-25639	HIGH	0.27.2	1.13.5, 0.30.3	https://access.redhat.com/security/cve/CVE-2026-25639 https://github.com/axios/axios https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57 https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e https://github.com/axios/axios/pull/7369 https://github.com/axios/axios/pull/7388 https://github.com/axios/axios/releases/tag/v0.30.3 https://github.com/axios/axios/releases/tag/v1.13.5 https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433 https://nvd.nist.gov/vuln/detail/CVE-2026-25639 https://www.cve.org/CVERecord?id=CVE-2026-25639
axios	CVE-2026-42033	HIGH	0.27.2	1.15.1, 0.31.1	https://access.redhat.com/security/cve/CVE-2026-42033 https://github.com/axios/axios https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf https://nvd.nist.gov/vuln/detail/CVE-2026-42033 https://www.cve.org/CVERecord?id=CVE-2026-42033
axios	CVE-2026-42035	HIGH	0.27.2	1.15.1, 0.31.1	https://access.redhat.com/security/cve/CVE-2026-42035 https://github.com/axios/axios https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9 https://nvd.nist.gov/vuln/detail/CVE-2026-42035 https://www.cve.org/CVERecord?id=CVE-2026-42035
axios	CVE-2026-42043	HIGH	0.27.2	1.15.1, 0.31.1	https://access.redhat.com/security/cve/CVE-2026-42043 https://github.com/axios/axios https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7 https://nvd.nist.gov/vuln/detail/CVE-2026-42043 https://www.cve.org/CVERecord?id=CVE-2026-42043
d3-color	GHSA-36jr-mh4h-2g58	HIGH	1.4.1	3.1.0	https://github.com/d3/d3-color https://github.com/d3/d3-color/pull/100 https://github.com/d3/d3-color/releases/tag/v3.1.0 https://security.snyk.io/vuln/SNYK-JS-D3COLOR-1076592
dompurify	CVE-2024-48910	CRITICAL	2.3.5	2.4.2	https://access.redhat.com/security/cve/CVE-2024-48910 https://github.com/cure53/DOMPurify https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html https://nvd.nist.gov/vuln/detail/CVE-2024-48910 https://www.cve.org/CVERecord?id=CVE-2024-48910
dompurify	CVE-2024-45801	HIGH	2.3.5	2.5.4, 3.1.3	https://access.redhat.com/security/cve/CVE-2024-45801 https://github.com/cure53/DOMPurify https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674 https://nvd.nist.gov/vuln/detail/CVE-2024-45801 https://www.cve.org/CVERecord?id=CVE-2024-45801
dompurify	CVE-2024-47875	HIGH	2.3.5	2.5.0, 3.1.3	http://seclists.org/fulldisclosure/2025/Apr/14 https://access.redhat.com/errata/RHSA-2024:9473 https://access.redhat.com/security/cve/CVE-2024-47875 https://bugzilla.redhat.com/2310528 https://bugzilla.redhat.com/2318052 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://bugzilla.redhat.com/show_bug.cgi?id=2318052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875 https://errata.almalinux.org/9/ALSA-2024-9473.html https://errata.rockylinux.org/RLSA-2024:9473 https://github.com/cure53/DOMPurify https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098 https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf https://linux.oracle.com/cve/CVE-2024-47875.html https://linux.oracle.com/errata/ELSA-2024-9473.html https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html https://nvd.nist.gov/vuln/detail/CVE-2024-47875 https://www.cve.org/CVERecord?id=CVE-2024-47875
follow-redirects	CVE-2022-0155	HIGH	1.5.10	1.14.7	https://access.redhat.com/security/cve/CVE-2022-0155 https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://github.com/follow-redirects/follow-redirects https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 (v1.14.7) https://github.com/follow-redirects/follow-redirects/issues/183 https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406 https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406/ https://nvd.nist.gov/vuln/detail/CVE-2022-0155 https://ubuntu.com/security/notices/USN-8217-1 https://www.cve.org/CVERecord?id=CVE-2022-0155
form-data	CVE-2025-7783	CRITICAL	4.0.0	2.5.4, 3.0.4, 4.0.4	https://access.redhat.com/security/cve/CVE-2025-7783 https://github.com/benweissmann/CVE-2025-7783-poc https://github.com/form-data/form-data https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0 https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4 https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html https://nvd.nist.gov/vuln/detail/CVE-2025-7783 https://ubuntu.com/security/notices/USN-7976-1 https://www.cve.org/CVERecord?id=CVE-2025-7783
lodash	CVE-2026-4800	HIGH	4.17.21	4.18.0	https://access.redhat.com/errata/RHSA-2026:10710 https://access.redhat.com/security/cve/CVE-2026-4800 https://bugzilla.redhat.com/2453496 https://cna.openjsf.org/security-advisories.html https://errata.almalinux.org/9/ALSA-2026-10710.html https://github.com/advisories/GHSA-35jh-r3h4-6jhm https://github.com/lodash/lodash https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc https://linux.oracle.com/cve/CVE-2026-4800.html https://linux.oracle.com/errata/ELSA-2026-10713.html https://nvd.nist.gov/vuln/detail/CVE-2026-4800 https://www.cve.org/CVERecord?id=CVE-2026-4800
mermaid	GHSA-m4gq-x24j-jpmf	HIGH	8.14.0	10.9.3	https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674 https://github.com/mermaid-js/mermaid https://github.com/mermaid-js/mermaid/commit/6c785c93166c151d27d328ddf68a13d9d65adc00 https://github.com/mermaid-js/mermaid/commit/92a07ffe40aab2769dd1c3431b4eb5beac282b34 https://github.com/mermaid-js/mermaid/security/advisories/GHSA-m4gq-x24j-jpmf
moment	CVE-2022-31129	HIGH	2.29.3	2.29.4	https://access.redhat.com/security/cve/CVE-2022-31129 https://github.com/moment/moment https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 https://github.com/moment/moment/pull/6015#issuecomment-1152961973 https://github.com/moment/moment/pull/6015/commits/4bbb9f3ccbe231de40207503f344fe5ce97584f4 https://github.com/moment/moment/pull/6015/commits/bfd4f2375d5c1a2106246721d693a9611dddfbfe https://github.com/moment/moment/pull/6015/commits/dc0d180e90d8a84f7ff13572363330a22b3ea504 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633 https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/ https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO https://nvd.nist.gov/vuln/detail/CVE-2022-31129 https://security.netapp.com/advisory/ntap-20221014-0003 https://security.netapp.com/advisory/ntap-20221014-0003/ https://security.netapp.com/advisory/ntap-20241108-0002 https://security.netapp.com/advisory/ntap-20241108-0002/ https://ubuntu.com/security/notices/USN-5559-1 https://ubuntu.com/security/notices/USN-6550-1 https://www.cve.org/CVERecord?id=CVE-2022-31129
No Misconfigurations found
dockerfile
No Vulnerabilities found
Type	Misconf ID	Check	Severity	Message
Dockerfile Security Check	DS002	Image user should not be 'root'	HIGH	Specify at least 1 USER command in Dockerfile with non-root user as argument https://avd.aquasec.com/misconfig/ds002