Update main.yml - Githubissues

Logo Checkmarx One – Scan Summary & Details – ac9ea948-57f1-4701-be5d-65bac9d12a1e

New Issues

Issue	Source File / Package	Checkmarx Insight
CVE-2013-7285	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2016-1000027	Maven-org.springframework:spring-webmvc-5.2.2.RELEASE	Vulnerable Package
CVE-2016-1000027	Maven-org.springframework:spring-web-5.2.2.RELEASE	Vulnerable Package
CVE-2016-10707	Npm-jquery-2.1.4	Vulnerable Package
CVE-2016-3674	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2017-12963	Npm-node-sass-4.11.0	Vulnerable Package
CVE-2017-12964	Npm-node-sass-4.11.0	Vulnerable Package
CVE-2017-18640	Maven-org.yaml:snakeyaml-1.25	Vulnerable Package
CVE-2017-7957	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2018-11499	Npm-node-sass-4.11.0	Vulnerable Package
CVE-2018-11693	Npm-node-sass-4.11.0	Vulnerable Package
CVE-2018-11694	Npm-node-sass-4.11.0	Vulnerable Package
CVE-2018-11696	Npm-node-sass-4.11.0	Vulnerable Package
CVE-2018-11697	Npm-node-sass-4.11.0	Vulnerable Package
CVE-2018-19827	Npm-node-sass-4.11.0	Vulnerable Package
CVE-2018-20834	Npm-tar-4.4.1	Vulnerable Package
CVE-2018-20834	Npm-tar-2.2.1	Vulnerable Package
CVE-2018-9116	Maven-com.github.tomakehurst:wiremock-2.8.0	Vulnerable Package
CVE-2019-10742	Npm-axios-0.17.1	Vulnerable Package
CVE-2019-10744	Npm-lodash-4.17.11	Vulnerable Package
CVE-2019-10744	Npm-lodash-4.17.10	Vulnerable Package
CVE-2019-10746	Npm-mixin-deep-1.3.1	Vulnerable Package
CVE-2019-10747	Npm-set-value-2.0.0	Vulnerable Package
CVE-2019-10747	Npm-set-value-0.4.3	Vulnerable Package
CVE-2019-13173	Npm-fstream-1.0.11	Vulnerable Package
CVE-2019-20149	Npm-kind-of-6.0.2	Vulnerable Package
CVE-2020-10650	Maven-com.fasterxml.jackson.core:jackson-databind-2.10.1	Vulnerable Package
CVE-2020-10683	Maven-org.dom4j:dom4j-2.1.1	Vulnerable Package
CVE-2020-10705	Maven-io.undertow:undertow-core-2.0.28.Final	Vulnerable Package
CVE-2020-13692	Maven-org.postgresql:postgresql-42.2.8	Vulnerable Package
CVE-2020-15256	Npm-object-path-0.9.2	Vulnerable Package
CVE-2020-1745	Maven-io.undertow:undertow-core-2.0.28.Final	Vulnerable Package
CVE-2020-1757	Maven-io.undertow:undertow-core-2.0.28.Final	Vulnerable Package
CVE-2020-25638	Maven-org.hibernate:hibernate-core-5.4.9.Final	Vulnerable Package
CVE-2020-25649	Maven-com.fasterxml.jackson.core:jackson-databind-2.10.1	Vulnerable Package
CVE-2020-26217	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2020-26258	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2020-27216	Maven-org.eclipse.jetty:jetty-webapp-9.4.24.v20191120	Vulnerable Package
CVE-2020-27782	Maven-io.undertow:undertow-core-2.0.28.Final	Vulnerable Package
CVE-2020-28469	Npm-glob-parent-3.1.0	Vulnerable Package
CVE-2020-28469	Npm-glob-parent-2.0.0	Vulnerable Package
CVE-2020-28502	Npm-xmlhttprequest-ssl-1.5.5	Vulnerable Package
CVE-2020-28503	Npm-copy-props-2.0.4	Vulnerable Package
CVE-2020-36048	Npm-engine.io-3.2.1	Vulnerable Package
CVE-2020-36049	Npm-socket.io-parser-3.3.0	Vulnerable Package
CVE-2020-36049	Npm-socket.io-parser-3.2.0	Vulnerable Package
CVE-2020-36518	Maven-com.fasterxml.jackson.core:jackson-databind-2.10.1	Vulnerable Package
CVE-2020-5398	Maven-org.springframework:spring-web-5.2.2.RELEASE	Vulnerable Package
CVE-2020-7733	Npm-ua-parser-js-0.7.17	Vulnerable Package
CVE-2020-7774	Npm-y18n-3.2.1	Vulnerable Package
CVE-2020-7788	Npm-ini-1.3.5	Vulnerable Package
CVE-2020-7793	Npm-ua-parser-js-0.7.17	Vulnerable Package
CVE-2020-8203	Npm-lodash-4.17.11	Vulnerable Package
CVE-2020-8203	Npm-lodash-4.17.10	Vulnerable Package
CVE-2021-20190	Maven-com.fasterxml.jackson.core:jackson-databind-2.10.1	Vulnerable Package
CVE-2021-21341	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-21342	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-21343	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-21344	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-21345	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-21346	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-21347	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-21348	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-21349	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-21350	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-21351	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-22053	Maven-org.springframework.boot:spring-boot-starter-thymeleaf-2.2.2.RELEASE	Vulnerable Package
CVE-2021-22112	Maven-org.springframework.security:spring-security-web-5.2.1.RELEASE	Vulnerable Package
CVE-2021-22118	Maven-org.springframework:spring-web-5.2.2.RELEASE	Vulnerable Package
CVE-2021-23337	Npm-lodash.template-4.4.0	Vulnerable Package
CVE-2021-23337	Npm-lodash-4.17.11	Vulnerable Package
CVE-2021-23337	Npm-lodash-4.17.10	Vulnerable Package
CVE-2021-23343	Npm-path-parse-1.0.6	Vulnerable Package
CVE-2021-23358	Npm-underscore-1.10.2	Vulnerable Package
CVE-2021-23382	Npm-postcss-7.0.2	Vulnerable Package
CVE-2021-23434	Npm-object-path-0.9.2	Vulnerable Package
CVE-2021-23440	Npm-set-value-2.0.0	Vulnerable Package
CVE-2021-23440	Npm-set-value-0.4.3	Vulnerable Package
CVE-2021-27292	Npm-ua-parser-js-0.7.17	Vulnerable Package
CVE-2021-27568	Maven-net.minidev:json-smart-2.3	Vulnerable Package
CVE-2021-28165	Maven-org.eclipse.jetty:jetty-io-9.4.24.v20191120	Vulnerable Package
CVE-2021-29505	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-31597	Npm-xmlhttprequest-ssl-1.5.5	Vulnerable Package
CVE-2021-31684	Maven-net.minidev:json-smart-2.3	Vulnerable Package
CVE-2021-32803	Npm-tar-4.4.1	Vulnerable Package
CVE-2021-32803	Npm-tar-2.2.1	Vulnerable Package
CVE-2021-32804	Npm-tar-4.4.1	Vulnerable Package
CVE-2021-32804	Npm-tar-2.2.1	Vulnerable Package
CVE-2021-33623	Npm-trim-newlines-1.0.0	Vulnerable Package
CVE-2021-3629	Maven-io.undertow:undertow-core-2.0.28.Final	Vulnerable Package
CVE-2021-3690	Maven-io.undertow:undertow-websockets-jsr-2.0.28.Final	Vulnerable Package
CVE-2021-3690	Maven-io.undertow:undertow-core-2.0.28.Final	Vulnerable Package
CVE-2021-3749	Npm-axios-0.17.1	Vulnerable Package
CVE-2021-37701	Npm-tar-4.4.1	Vulnerable Package
CVE-2021-37701	Npm-tar-2.2.1	Vulnerable Package
CVE-2021-37712	Npm-tar-4.4.1	Vulnerable Package
CVE-2021-37712	Npm-tar-2.2.1	Vulnerable Package
CVE-2021-37713	Npm-tar-4.4.1	Vulnerable Package
CVE-2021-37713	Npm-tar-2.2.1	Vulnerable Package
CVE-2021-37714	Maven-org.jsoup:jsoup-1.11.3	Vulnerable Package
CVE-2021-3805	Npm-object-path-0.9.2	Vulnerable Package
CVE-2021-3807	Npm-ansi-regex-3.0.0	Vulnerable Package
CVE-2021-3807	Npm-ansi-regex-2.1.1	Vulnerable Package
CVE-2021-3859	Maven-io.undertow:undertow-core-2.0.28.Final	Vulnerable Package
CVE-2021-39139	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-39141	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-39144	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-39145	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-39146	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-39147	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-39148	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-39149	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-39150	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-39151	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-39152	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-39153	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-39154	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-3918	Npm-json-schema-0.2.3	Vulnerable Package
CVE-2021-43138	Npm-async-1.5.2	Vulnerable Package
CVE-2021-43466	Maven-org.thymeleaf:thymeleaf-spring5-3.0.11.RELEASE	Vulnerable Package
CVE-2021-43859	Maven-com.thoughtworks.xstream:xstream-1.4.5	Vulnerable Package
CVE-2021-44906	Npm-minimist-1.2.0	Vulnerable Package
CVE-2021-44906	Npm-minimist-0.0.8	Vulnerable Package
CVE-2021-46877	Maven-com.fasterxml.jackson.core:jackson-databind-2.10.1	Vulnerable Package
CVE-2022-0084	Maven-org.jboss.xnio:xnio-api-3.3.8.Final	Vulnerable Package
CVE-2022-1319	Maven-io.undertow:undertow-core-2.0.28.Final	Vulnerable Package
CVE-2022-1471	Maven-org.yaml:snakeyaml-1.25	Vulnerable Package
CVE-2022-2053	Maven-io.undertow:undertow-core-2.0.28.Final	Vulnerable Package
CVE-2022-21724	Maven-org.postgresql:postgresql-42.2.8	Vulnerable Package
CVE-2022-22965	Maven-org.springframework:spring-webmvc-5.2.2.RELEASE	Vulnerable Package
CVE-2022-22965	Maven-org.springframework:spring-beans-5.2.2.RELEASE	Vulnerable Package
CVE-2022-22978	Maven-org.springframework.security:spring-security-web-5.2.1.RELEASE	Vulnerable Package
CVE-2022-2421	Npm-socket.io-parser-3.3.0	Vulnerable Package
CVE-2022-2421	Npm-socket.io-parser-3.2.0	Vulnerable Package
CVE-2022-24999	Npm-qs-6.5.2	Vulnerable Package
CVE-2022-24999	Npm-qs-6.2.3	Vulnerable Package
CVE-2022-25758	Npm-scss-tokenizer-0.2.3	Vulnerable Package
CVE-2022-25857	Maven-org.yaml:snakeyaml-1.25	Vulnerable Package
CVE-2022-25927	Npm-ua-parser-js-0.7.17	Vulnerable Package
CVE-2022-26520	Maven-org.postgresql:postgresql-42.2.8	Vulnerable Package
CVE-2022-27772	Maven-org.springframework.boot:spring-boot-2.2.2.RELEASE

More results are available on AST platform

SoniaDias / WebGoat

Update main.yml #25

New Issues