ID	Severity	Found By	Description	Purl
CVE-2020-7645	critical	Gitlab Gemnasium	All versions of chrome-launcher allow execution of arbitrary commands, by controlling the `$HOME` environment variable in Linux operating systems.	pkg:npm/chrome-launcher@0.13.4
CVE-2021-44906	critical	Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index	Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).	pkg:npm/minimist@1.2.5
CVE-2021-3918	critical	Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index	json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	pkg:npm/json-schema@0.2.3
sonatype-2019-0206	critical	Sonotype OSS-Index	1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account	pkg:npm/execa@0.7.0
GMS-2020-2	critical	Gitlab Gemnasium	Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting `preferLocal=true` which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.	pkg:npm/execa@0.7.0
sonatype-2021-4879	high	Sonotype OSS-Index	1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account	pkg:npm/minimatch@3.0.4
CVE-2022-25851	high	Anchore Grype , Sonotype OSS-Index	The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.	pkg:npm/jpeg-js@0.4.3
CVE-2021-3807	high	Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index	ansi-regex - Regular Expression Denial of Service (ReDoS) [CVE-2021-3807] ansi-regex - Regular Expression Denial of Service (ReDoS) [CVE-2021-3807]	pkg:npm/ansi-regex@4.1.0
sonatype-2012-0022	high	Sonotype OSS-Index	1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account	pkg:npm/express@4.17.1
CVE-2021-3807	high	Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index	ansi-regex - Regular Expression Denial of Service (ReDoS) [CVE-2021-3807] ansi-regex - Regular Expression Denial of Service (ReDoS) [CVE-2021-3807]	pkg:npm/ansi-regex@3.0.0
CVE-2022-24785	high	Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index	Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...	pkg:npm/moment@2.29.1
CVE-2022-31129	high	Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index	moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has...	pkg:npm/moment@2.29.1
CVE-2022-21681	high	Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index	Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not...	pkg:npm/marked@1.2.9
CVE-2021-21306	high	Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index	Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability...	pkg:npm/marked@1.2.9
CVE-2022-21680	high	Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index	Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and...	pkg:npm/marked@1.2.9
sonatype-2020-1579	high	Sonotype OSS-Index	1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account	pkg:npm/prismjs@1.24.1
CVE-2021-3801	medium	Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index	prism is vulnerable to Inefficient Regular Expression Complexity	pkg:npm/prismjs@1.24.1
CVE-2022-0155	medium	Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index	follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor	pkg:npm/follow-redirects@1.14.4
CVE-2022-25869	medium	Sonotype OSS-Index	All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements. </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/%40angular/core@9.1.13</td> </tr> <tr class="bg-white border-b"> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <a href="npm-details/sonatype-2021-0092.html" class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">sonatype-2021-0092</a></td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert"> medium </div> </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> Sonotype OSS-Index </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left"> 1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/%40angular/core@9.1.13</td> </tr> <tr class="bg-white border-b"> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <a href="npm-details/CVE-2022-0235.html" class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2022-0235</a></td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert"> medium </div> </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left"> node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/node-fetch@2.6.2</td> </tr> <tr class="bg-white border-b"> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <a href="npm-details/CVE-2022-23647.html" class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2022-23647</a></td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert"> medium </div> </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left"> Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted... </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/prismjs@1.24.1</td> </tr> <tr class="bg-white border-b"> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <a href="npm-details/sonatype-2017-0655.html" class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">sonatype-2017-0655</a></td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert"> medium </div> </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> Sonotype OSS-Index </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left"> 1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/request@2.88.2</td> </tr> <tr class="bg-white border-b"> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <a href="npm-details/CVE-2022-0536.html" class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2022-0536</a></td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert"> medium </div> </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left"> Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8. </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/follow-redirects@1.14.4</td> </tr> <tr class="bg-white border-b"> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <a href="npm-details/CVE-2021-23566.html" class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2021-23566</a></td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert"> medium </div> </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> Gitlab Gemnasium , Anchore Grype </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left"> The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated. </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/nanoid@3.1.25</td> </tr> <tr class="bg-white border-b"> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <a href="npm-details/CVE-2021-4231.html" class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2021-4231</a></td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert"> medium </div> </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> Sonotype OSS-Index </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left"> A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to... </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/%40angular/core@9.1.13</td> </tr> <tr class="bg-white border-b"> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <a href="npm-details/CVE-2022-33987.html" class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2022-33987</a></td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert"> medium </div> </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left"> The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket. </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/got@9.6.0</td> </tr> <tr class="bg-white border-b"> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <a href="npm-details/sonatype-2018-0715.html" class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">sonatype-2018-0715</a></td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert"> medium </div> </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> Sonotype OSS-Index </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left"> 1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/apollo-client@2.6.10</td> </tr> <tr class="bg-white border-b"> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <a href="npm-details/sonatype-2022-3677.html" class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">sonatype-2022-3677</a></td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert"> low </div> </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> Sonotype OSS-Index </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left"> 1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/node-fetch@2.6.2</td> </tr> <tr class="bg-white border-b"> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <a href="npm-details/CVE-2016-10538.html" class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2016-10538</a></td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert"> low </div> </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap"> Anchore Grype </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left"> The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. </td> <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/%40lhci/cli@0.7.2</td> </tr> </tbody> </table> </div> </div> </div> </div> <div class="bg-red-100 rounded-lg py-5 px-6 mb-4 text-base text-red-700 mb-3" role="alert" style="display: none"> critical </div> <div class="bg-yellow-100 rounded-lg py-5 px-6 mb-4 text-base text-yellow-700 mb-3" role="alert" style="display: none"> high </div> </body> </html>

CVE-2020-7645

critical

Gitlab Gemnasium

All versions of chrome-launcher allow execution of arbitrary commands, by controlling the `$HOME` environment variable in Linux operating systems.

pkg:npm/chrome-launcher@0.13.4

CVE-2021-44906

critical

Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

pkg:npm/minimist@1.2.5

CVE-2021-3918

critical

Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

pkg:npm/json-schema@0.2.3

sonatype-2019-0206

critical

Sonotype OSS-Index

1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account

pkg:npm/execa@0.7.0

GMS-2020-2

critical

Gitlab Gemnasium

Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting `preferLocal=true` which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.

pkg:npm/execa@0.7.0

sonatype-2021-4879

high

Sonotype OSS-Index

1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account

pkg:npm/minimatch@3.0.4

CVE-2022-25851

high

Anchore Grype , Sonotype OSS-Index

The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.

pkg:npm/jpeg-js@0.4.3

CVE-2021-3807

high

Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index

ansi-regex - Regular Expression Denial of Service (ReDoS) [CVE-2021-3807] ansi-regex - Regular Expression Denial of Service (ReDoS) [CVE-2021-3807]

pkg:npm/ansi-regex@4.1.0

sonatype-2012-0022

high

Sonotype OSS-Index

1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account

pkg:npm/express@4.17.1

CVE-2021-3807

high

Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index

ansi-regex - Regular Expression Denial of Service (ReDoS) [CVE-2021-3807] ansi-regex - Regular Expression Denial of Service (ReDoS) [CVE-2021-3807]

pkg:npm/ansi-regex@3.0.0

CVE-2022-24785

high

Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

pkg:npm/moment@2.29.1

CVE-2022-31129

high

Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has...

pkg:npm/moment@2.29.1

CVE-2022-21681

high

Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not...

pkg:npm/marked@1.2.9

CVE-2021-21306

high

Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index

Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability...

pkg:npm/marked@1.2.9

CVE-2022-21680

high

Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and...

pkg:npm/marked@1.2.9

sonatype-2020-1579

high

Sonotype OSS-Index

1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account

pkg:npm/prismjs@1.24.1

CVE-2021-3801

medium

Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index

prism is vulnerable to Inefficient Regular Expression Complexity

pkg:npm/prismjs@1.24.1

CVE-2022-0155

medium

Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

pkg:npm/follow-redirects@1.14.4

CVE-2022-25869

medium

Sonotype OSS-Index

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of

elements.
                            
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/%40angular/core@9.1.13</td>
                    </tr>

<tr class="bg-white border-b">
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <a href="npm-details/sonatype-2021-0092.html"
                               class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">sonatype-2021-0092</a></td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert">
                                medium
                            </div>
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            
                            Sonotype OSS-Index
                            
                            
                        </td>

<td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left">
                            
                            1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account
                            
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/%40angular/core@9.1.13</td>
                    </tr>

<tr class="bg-white border-b">
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <a href="npm-details/CVE-2022-0235.html"
                               class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2022-0235</a></td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert">
                                medium
                            </div>
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            
                            Gitlab Gemnasium
                            , 
                            
                            Anchore Grype
                            , 
                            
                            Sonotype OSS-Index
                            
                            
                        </td>

<td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left">
                            
                            node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
                            
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/node-fetch@2.6.2</td>
                    </tr>

<tr class="bg-white border-b">
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <a href="npm-details/CVE-2022-23647.html"
                               class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2022-23647</a></td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert">
                                medium
                            </div>
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            
                            Gitlab Gemnasium
                            , 
                            
                            Anchore Grype
                            , 
                            
                            Sonotype OSS-Index
                            
                            
                        </td>

<td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left">
                            
                            Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted...
                            
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/prismjs@1.24.1</td>
                    </tr>

<tr class="bg-white border-b">
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <a href="npm-details/sonatype-2017-0655.html"
                               class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">sonatype-2017-0655</a></td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert">
                                medium
                            </div>
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            
                            Sonotype OSS-Index
                            
                            
                        </td>

<td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left">
                            
                            1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account
                            
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/request@2.88.2</td>
                    </tr>

<tr class="bg-white border-b">
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <a href="npm-details/CVE-2022-0536.html"
                               class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2022-0536</a></td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert">
                                medium
                            </div>
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            
                            Gitlab Gemnasium
                            , 
                            
                            Anchore Grype
                            , 
                            
                            Sonotype OSS-Index
                            
                            
                        </td>

<td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left">
                            
                            Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.
                            
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/follow-redirects@1.14.4</td>
                    </tr>

<tr class="bg-white border-b">
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <a href="npm-details/CVE-2021-23566.html"
                               class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2021-23566</a></td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert">
                                medium
                            </div>
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            
                            Gitlab Gemnasium
                            , 
                            
                            Anchore Grype
                            
                            
                        </td>

<td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left">
                            
                            The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
                            
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/nanoid@3.1.25</td>
                    </tr>

<tr class="bg-white border-b">
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <a href="npm-details/CVE-2021-4231.html"
                               class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2021-4231</a></td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert">
                                medium
                            </div>
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            
                            Sonotype OSS-Index
                            
                            
                        </td>

<td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left">
                            
                            A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to...
                            
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/%40angular/core@9.1.13</td>
                    </tr>

<tr class="bg-white border-b">
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <a href="npm-details/CVE-2022-33987.html"
                               class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2022-33987</a></td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert">
                                medium
                            </div>
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            
                            Gitlab Gemnasium
                            , 
                            
                            Anchore Grype
                            , 
                            
                            Sonotype OSS-Index
                            
                            
                        </td>

<td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left">
                            
                            The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
                            
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/got@9.6.0</td>
                    </tr>

<tr class="bg-white border-b">
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <a href="npm-details/sonatype-2018-0715.html"
                               class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">sonatype-2018-0715</a></td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert">
                                medium
                            </div>
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            
                            Sonotype OSS-Index
                            
                            
                        </td>

<td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left">
                            
                            1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account
                            
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/apollo-client@2.6.10</td>
                    </tr>

<tr class="bg-white border-b">
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <a href="npm-details/sonatype-2022-3677.html"
                               class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">sonatype-2022-3677</a></td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert">
                                low
                            </div>
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            
                            Sonotype OSS-Index
                            
                            
                        </td>

<td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left">
                            
                            1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account
                            
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/node-fetch@2.6.2</td>
                    </tr>

<tr class="bg-white border-b">
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <a href="npm-details/CVE-2016-10538.html"
                               class="text-blue-600 hover:text-blue-700 transition duration-300 ease-in-out mb-4">CVE-2016-10538</a></td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            <div class="bg-gray-50 rounded-lg py-5 px-6 mb-4 text-base text-gray-500 mb-3" role="alert">
                                low
                            </div>
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">
                            
                            Anchore Grype
                            
                            
                        </td>

<td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-wrap text-left">
                            
                            The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
                            
                        </td>
                        <td class="text-sm text-gray-900 font-light px-6 py-4 whitespace-nowrap">pkg:npm/%40lhci/cli@0.7.2</td>
                    </tr>

</tbody>
                </table>
            </div>
        </div>
    </div>
</div>

<div class="bg-red-100 rounded-lg py-5 px-6 mb-4 text-base text-red-700 mb-3" role="alert" style="display: none">
    critical
</div>
<div class="bg-yellow-100 rounded-lg py-5 px-6 mb-4 text-base text-yellow-700 mb-3" role="alert" style="display: none">
   high
</div>
</body>
</html>