Skip to content

Datatables.net package updates #12682

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Maffooch merged 7 commits into from
Jun 30, 2025

remove -dt styling

cacac95
Select commit
Loading
Failed to load commit list.
Merged

Datatables.net package updates #12682

remove -dt styling
cacac95
Select commit
Loading
Failed to load commit list.
DryRunSecurity / General Security Analyzer succeeded Jun 25, 2025 in 38s

DryRun Security

Details

General Security Analyzer Findings: 1 detected

⚠️ Dependency Security Risk components/package.json (click for details)
Type Dependency Security Risk
Description The patch introduces DataTables dependencies with known historical vulnerabilities. Specifically, CVE-2020-28458 indicates a prototype pollution vulnerability, and CVE-2021-36713 reveals a potential Cross-Site Scripting (XSS) risk. While the specific versions added might have addressed these issues, the introduction of these libraries increases the application's potential attack surface.
Filename components/package.json
CodeLink

django-DefectDojo/components/package.json

Lines 12 to 20 in cacac95

"chosen-bootstrap": "https://github.com/dbtek/chosen-bootstrap",
"chosen-js": "^1.8.7",
"clipboard": "^2.0.11",
"datatables.net": "^2.3.1",
"datatables.net-buttons-bs": "^3.2.3",
"datatables.net-colreorder": "^2.1.1",
"drmonty-datatables-plugins": "^1.0.0",
"drmonty-datatables-responsive": "^1.0.0",
"easymde": "^2.20.0",
View more details on DryRunSecurity