Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build based on ubi image #4

Open
wants to merge 29 commits into
base: master
Choose a base branch
from

razeedash-api 2.0.15

b0e92b6
Select commit
Loading
Failed to load commit list.
Open

build based on ubi image #4

razeedash-api 2.0.15
b0e92b6
Select commit
Loading
Failed to load commit list.
IBM Mend app / Mend Security Check failed Dec 5, 2024 in 1m 5s

Security Report

You have successfully remediated 13 vulnerabilities, but introduced 1 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-53900

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ mongoose-6.13.3.tgz (Vulnerable Library)

Critical 9.1 mongoose-6.13.3.tgz Upgrade to version: mongoose - 8.8.3 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2024-28849 follow-redirects-1.15.5.tgz
CVE-2024-41818 fast-xml-parser-4.2.5.tgz
CVE-2024-45590 body-parser-1.20.2.tgz
CVE-2024-39338 axios-1.6.7.tgz
CVE-2024-28863 tar-6.2.0.tgz
CVE-2024-37890 ws-7.5.9.tgz
CVE-2024-53900 mongoose-6.12.7.tgz
CVE-2024-29041 express-4.18.3.tgz
CVE-2024-47764 cookie-0.5.0.tgz
CVE-2024-43796 express-4.18.3.tgz
CVE-2024-45296 path-to-regexp-0.1.7.tgz
CVE-2024-43800 serve-static-1.15.0.tgz
CVE-2024-43799 send-0.18.0.tgz

Base branch total remaining vulnerabilities: 13
Base branch commit: 08bbc98242be60c7455eb63c737d90a58673a647


Total libraries scanned: 533

Scan token: db5d2ddb92e84c7491b645df8124e21b