Skip to content

Update dependency express to v4.21.1 (main)#16

Open
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/main-express-4.x-lockfile
Open

Update dependency express to v4.21.1 (main)#16
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/main-express-4.x-lockfile

Update dependency express to v4.21.1

fc0b50d
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Jun 9, 2026 in 1m 4s

Security Report

You have successfully remediated 8 vulnerabilities, but introduced 5 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2026-4867

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> express-4.21.1.tgz (Root Library)

   -> ❌ path-to-regexp-0.1.10.tgz (Vulnerable Library)

High 7.5 Not Defined 0.018% Transitive path-to-regexp-0.1.10.tgz express-4.21.1.tgz Transitive path-to-regexp - 0.1.13 None

Reachable
CVE-2024-52798

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> express-4.21.1.tgz (Root Library)

   -> ❌ path-to-regexp-0.1.10.tgz (Vulnerable Library)

High 7.5 Not Defined 0.293% Transitive path-to-regexp-0.1.10.tgz express-4.21.1.tgz Transitive 0.1.12 None

Reachable
CVE-2026-8723

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> express-4.21.1.tgz (Root Library)

   -> ❌ qs-6.13.0.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.044% Transitive qs-6.13.0.tgz express-4.21.1.tgz Transitive 6.15.2 None

Reachable
CVE-2026-2391

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> express-4.21.1.tgz (Root Library)

   -> ❌ qs-6.13.0.tgz (Vulnerable Library)

Low 3.7 Not Defined 0.05% Transitive qs-6.13.0.tgz express-4.21.1.tgz Transitive 6.14.2 None

Reachable
CVE-2025-15284

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> express-4.21.1.tgz (Root Library)

   -> ❌ qs-6.13.0.tgz (Vulnerable Library)

Low 3.7 Not Defined 0.035% Transitive qs-6.13.0.tgz express-4.21.1.tgz Transitive 6.14.1 None

Reachable

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2024-43800 serve-static-1.13.2.tgz
CVE-2024-43799 send-0.16.2.tgz
CVE-2024-43796 express-4.16.4.tgz
CVE-2024-47764 cookie-0.3.1.tgz
CVE-2024-29041 express-4.16.4.tgz
CVE-2024-52798 path-to-regexp-0.1.7.tgz
CVE-2024-45296 path-to-regexp-0.1.7.tgz
CVE-2026-4867 path-to-regexp-0.1.7.tgz

Base branch total remaining vulnerabilities: 24
Base branch commit: 9ddd12f82fe16589763ffa6e6f79ebcbb635d312


Total libraries scanned: 144

Scan token: 09833b9b80b64024b9ae02db1ceb8697

View more details on Mend for GitHub.com