Update dependency jsonwebtoken to v9#3
Open
mend-for-github-com[bot] wants to merge 1 commit into
Open
Renovate / Mend Security Check
failed
Apr 26, 2026 in 1h 10m 19s
Security Report
⛔ You have successfully resolved 3 findings, but introduced 7 new findings in this branch:
| Finding | Severity | Exploit Maturity | EPSS | Vulnerable Library | Direct Dependency | Suggested Fix | Reachability |
|---|---|---|---|---|---|---|---|
CVE-2025-47935Path to dependency file: /backend/package.json Dependency Hierarchy: ->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library) |
🔴 High (7.5) | Not Defined | < 1% | Direct multer-1.4.5-lts.1.tgz |
multer-1.4.5-lts.1.tgz | https://github.com/expressjs/multer.git - v2.0.0,multer - 2.0.0 | |
CVE-2025-47944Path to dependency file: /backend/package.json Dependency Hierarchy: ->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library) |
🔴 High (7.5) | Not Defined | < 1% | Direct multer-1.4.5-lts.1.tgz |
multer-1.4.5-lts.1.tgz | multer - 2.0.0,https://github.com/expressjs/multer.git - v2.0.0 | |
CVE-2025-48997Path to dependency file: /backend/package.json Dependency Hierarchy: ->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library) |
🔴 High (7.5) | Not Defined | < 1% | Direct multer-1.4.5-lts.1.tgz |
multer-1.4.5-lts.1.tgz | https://github.com/expressjs/multer.git - v2.0.1,multer - 2.0.1 | |
CVE-2025-7338Path to dependency file: /backend/package.json Dependency Hierarchy: ->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library) |
🔴 High (7.5) | Not Defined | < 1% | Direct multer-1.4.5-lts.1.tgz |
multer-1.4.5-lts.1.tgz | https://github.com/expressjs/multer.git - v2.0.2,multer - 2.0.2 | |
CVE-2026-2359Path to dependency file: /backend/package.json Dependency Hierarchy: ->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library) |
🔴 High (7.5) | Not Defined | < 1% | Direct multer-1.4.5-lts.1.tgz |
multer-1.4.5-lts.1.tgz | multer - 2.1.0,https://github.com/expressjs/multer.git - v2.1.0 | |
CVE-2026-3304Path to dependency file: /backend/package.json Dependency Hierarchy: ->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library) |
🔴 High (7.5) | Not Defined | < 1% | Direct multer-1.4.5-lts.1.tgz |
multer-1.4.5-lts.1.tgz | https://github.com/expressjs/multer.git - v2.1.0,multer - 2.1.0 | |
CVE-2026-3520Path to dependency file: /backend/package.json Dependency Hierarchy: ->❌ multer-1.4.5-lts.1.tgz (Vulnerable Library) |
🔴 High (7.5) | Not Defined | < 1% | Direct multer-1.4.5-lts.1.tgz |
multer-1.4.5-lts.1.tgz | multer - 2.1.1,https://github.com/expressjs/multer.git - v2.1.1 |
✅ Resolved findings:
| Finding | Vulnerable Library |
|---|---|
| CVE-2022-23541 | jsonwebtoken-8.5.1.tgz |
| CVE-2022-23539 | jsonwebtoken-8.5.1.tgz |
| CVE-2022-23540 | jsonwebtoken-8.5.1.tgz |
Remaining findings in base branch: 189
Base branch commit: a3ba1679b8965c9f00f5ca1f92a5800372757c57
Total libraries scanned: 2134
Scan token: 670de2d9a09c40ac8763bec06f4ad7ed
Loading