-
```
# npm audit report
micromatch
-
## Description
In the [Release 4.9.0 - RC 2 - Vulnerability Detection E2E tests](https://github.com/wazuh/wazuh/issues/25506), it was identified that the Grafana package used in the `upgrade_packag…
-
Hi,
we have detected that your project may be vulnerable to Out-of-bounds Write in the function of `TIFFReadCustomDirectory ` in the file of ` src/deps/LibTiff/tif_dirread.c`, in the function of `…
-
dependabot found vulnerable dependencies for some packages in package-lock.json for the react project.
Some articles online say migrating to vite.js for fronend development will help
- Tried us…
-
I noticed that you are storing automation key in plaintext in shared preferences. It's bad practice for storing passwords. Shared preferences possibly can be read by anyone who have root access. It's …
-
### What happened?
After scanning a Docker image containing kustomize version 5.4.3 using Chainguard, a report indicated that the image contains a vulnerability related to CVE-2024-34156. The vulnera…
-
Trivy informored us about these criticial issues for the current externa-auth-server docker image:
https://nvd.nist.gov/vuln/detail/CVE-2019-8457
https://nvd.nist.gov/vuln/detail/CVE-2024-27307
htt…
-
I was recently contacted by someone who found a vulnerability in the Coin library. They sent me a proof-of-concept, but the underlying issue will need a patch, as well. This raises the issue of needin…
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### Current behavior
In express, @nestjs/core, @nestjs/platform-express there is a package used "path-to-reg…
-
Hi,
It seems that `nvd-clojure` detects quite a few HIGH vulnerabilities due to the Batik dependencies version used in `on-time`:
- `batik-css-1.15.jar`: `CVE-2022-44729`, `CVE-2022-42890`, `CVE…