Skip to content

Update dependency react-scripts to v5#4

Open
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/react-scripts-5.x
Open

Update dependency react-scripts to v5#4
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/react-scripts-5.x

Update dependency react-scripts to v5

77320de
Select commit
Loading
Failed to load commit list.
Renovate / Mend Security Check failed Jul 7, 2026 in 11m 51s

Security Report

⛔ You have successfully resolved 89 findings, but introduced 49 new findings in this branch:

Finding Severity Exploit Maturity EPSS Vulnerable Library Direct Dependency Suggested Fix Reachability
CVE-2025-61140
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->bfj-7.1.0.tgz
->❌ jsonpath-1.1.1.tgz
🟣 Critical (9.8) Not Defined < 1% Transitive jsonpath-1.1.1.tgz react-scripts-5.0.1.tgz Unreachable
CVE-2026-1615
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->bfj-7.1.0.tgz
->❌ jsonpath-1.1.1.tgz
🟣 Critical (9.8) Not Defined 1.049% Transitive jsonpath-1.1.1.tgz react-scripts-5.0.1.tgz Transitive jsonpath - 1.3.0 Unreachable
CVE-2026-33228
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->eslint-8.57.0.tgz
->file-entry-cache-6.0.1.tgz
->flat-cache-3.2.0.tgz
->❌ flatted-3.3.1.tgz
🟣 Critical (9.8) Not Defined < 1% Transitive flatted-3.3.1.tgz react-scripts-5.0.1.tgz Transitive https://github.com/WebReflection/flatted.git - v3.4.2 Unreachable
CVE-2026-27606
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->workbox-webpack-plugin-6.6.1.tgz
->workbox-build-6.6.1.tgz
->❌ rollup-2.79.1.tgz
🟣 Critical (9.1) Not Defined 1.402% Transitive rollup-2.79.1.tgz react-scripts-5.0.1.tgz Transitive https://github.com/rollup/rollup.git - v2.80.0,https://github.com/rollup/rollup.git - v3.30.0,https://github.com/rollup/rollup.git - v4.59.0 Unreachable
CVE-2024-52011
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->webpack-dev-server-4.15.2.tgz
->❌ launch-editor-2.8.1.tgz
🔴 High (8.8) Not Defined < 1% Transitive launch-editor-2.8.1.tgz react-scripts-5.0.1.tgz Transitive vite - 5.4.9,https://github.com/vitejs/launch-editor.git - v2.9.0,launch-editor - 2.9.0 Unreachable
CVE-2026-53632
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->webpack-dev-server-4.15.2.tgz
->❌ launch-editor-2.8.1.tgz
🔴 High (8.3) Not Defined < 1% Transitive launch-editor-2.8.1.tgz react-scripts-5.0.1.tgz Transitive https://github.com/vitejs/vite.git - v8.0.16,https://github.com/vitejs/vite.git - v6.4.3,https://github.com/vitejs/launch-editor.git - v2.14.1,https://github.com/vitejs/vite.git - v7.3.5 Unreachable
CVE-2026-44728
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->workbox-webpack-plugin-6.6.1.tgz
->workbox-build-6.6.1.tgz
->preset-env-7.25.3.tgz
->❌ plugin-transform-modules-systemjs-7.25.0.tgz
🔴 High (8.2) Not Defined < 1% Transitive plugin-transform-modules-systemjs-7.25.0.tgz react-scripts-5.0.1.tgz Transitive @⁠babel/plugin-transform-modules-systemjs - 8.0.0-alpha.13,@⁠babel/plugin-transform-modules-systemjs - 7.29.4 Unreachable
CVE-2026-9277
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->react-dev-utils-12.0.1.tgz
->❌ shell-quote-1.8.1.tgz
🔴 High (8.1) Not Defined < 1% Transitive shell-quote-1.8.1.tgz react-scripts-5.0.1.tgz Transitive https://github.com/ljharb/shell-quote.git - v1.8.4,shell-quote - 1.8.4 Unreachable
CVE-2024-45590
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->webpack-dev-server-4.15.2.tgz
->express-4.19.2.tgz
->❌ body-parser-1.20.2.tgz
🔴 High (7.5) Not Defined < 1% Transitive body-parser-1.20.2.tgz react-scripts-5.0.1.tgz Transitive body-parser - 1.20.3,https://github.com/expressjs/body-parser.git - 1.20.3 Reachable
CVE-2025-64756
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->tailwindcss-3.4.9.tgz
->sucrase-3.35.0.tgz
->❌ glob-10.4.5.tgz
🔴 High (7.5) Not Defined 3.092% Transitive glob-10.4.5.tgz react-scripts-5.0.1.tgz Transitive https://github.com/isaacs/node-glob.git - v10.5.0,glob - 11.1.0,https://github.com/isaacs/node-glob.git - v11.1.0,glob - 10.5.0 Unreachable
CVE-2026-13311
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->react-dev-utils-12.0.1.tgz
->❌ shell-quote-1.8.1.tgz
🔴 High (7.5) Not Defined < 1% Transitive shell-quote-1.8.1.tgz react-scripts-5.0.1.tgz Transitive shell-quote - 1.9.0 Unreachable
CVE-2026-13676
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->workbox-webpack-plugin-6.6.1.tgz
->workbox-build-6.6.1.tgz
->ajv-8.17.1.tgz
->❌ fast-uri-3.0.1.tgz
🔴 High (7.5) Not Defined < 1% Transitive fast-uri-3.0.1.tgz react-scripts-5.0.1.tgz Transitive fast-uri - 3.1.3,fast-uri - 4.0.1 Unreachable
CVE-2026-26996
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->workbox-webpack-plugin-6.6.1.tgz
->workbox-build-6.6.1.tgz
->rollup-plugin-off-main-thread-2.2.3.tgz
->ejs-3.1.10.tgz
->jake-10.9.2.tgz
->filelist-1.0.4.tgz
->❌ minimatch-5.1.6.tgz
🔴 High (7.5) Not Defined < 1% Transitive minimatch-5.1.6.tgz react-scripts-5.0.1.tgz Transitive https://github.com/isaacs/minimatch.git - v10.2.1,https://github.com/isaacs/minimatch.git - v5.1.7,https://github.com/isaacs/minimatch.git - v4.2.4,https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v8.0.5,https://github.com/isaacs/minimatch.git - v9.0.6,https://github.com/isaacs/minimatch.git - v6.2.1,https://github.com/isaacs/minimatch.git - v7.4.7 Unreachable
CVE-2026-26996
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->tailwindcss-3.4.9.tgz
->sucrase-3.35.0.tgz
->glob-10.4.5.tgz
->❌ minimatch-9.0.5.tgz
🔴 High (7.5) Not Defined < 1% Transitive minimatch-9.0.5.tgz react-scripts-5.0.1.tgz Transitive https://github.com/isaacs/minimatch.git - v10.2.1,https://github.com/isaacs/minimatch.git - v5.1.7,https://github.com/isaacs/minimatch.git - v4.2.4,https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v8.0.5,https://github.com/isaacs/minimatch.git - v9.0.6,https://github.com/isaacs/minimatch.git - v6.2.1,https://github.com/isaacs/minimatch.git - v7.4.7 Unreachable
CVE-2026-27601
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->bfj-7.1.0.tgz
->jsonpath-1.1.1.tgz
->❌ underscore-1.12.1.tgz
🔴 High (7.5) Not Defined < 1% Transitive underscore-1.12.1.tgz react-scripts-5.0.1.tgz Transitive underscore - 1.13.8,https://github.com/jashkenas/underscore.git - 1.13.8 Unreachable
CVE-2026-27903
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->tailwindcss-3.4.9.tgz
->sucrase-3.35.0.tgz
->glob-10.4.5.tgz
->❌ minimatch-9.0.5.tgz
🔴 High (7.5) Not Defined < 1% Transitive minimatch-9.0.5.tgz react-scripts-5.0.1.tgz Transitive https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v4.2.5,https://github.com/isaacs/minimatch.git - v6.2.2,https://github.com/isaacs/minimatch.git - v10.2.3,https://github.com/isaacs/minimatch.git - v5.1.8,https://github.com/isaacs/minimatch.git - v9.0.7,https://github.com/isaacs/minimatch.git - v7.4.8,https://github.com/isaacs/minimatch.git - v8.0.6 Unreachable
CVE-2026-27903
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->workbox-webpack-plugin-6.6.1.tgz
->workbox-build-6.6.1.tgz
->rollup-plugin-off-main-thread-2.2.3.tgz
->ejs-3.1.10.tgz
->jake-10.9.2.tgz
->filelist-1.0.4.tgz
->❌ minimatch-5.1.6.tgz
🔴 High (7.5) Not Defined < 1% Transitive minimatch-5.1.6.tgz react-scripts-5.0.1.tgz Transitive https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v4.2.5,https://github.com/isaacs/minimatch.git - v6.2.2,https://github.com/isaacs/minimatch.git - v10.2.3,https://github.com/isaacs/minimatch.git - v5.1.8,https://github.com/isaacs/minimatch.git - v9.0.7,https://github.com/isaacs/minimatch.git - v7.4.8,https://github.com/isaacs/minimatch.git - v8.0.6 Unreachable
CVE-2026-27904
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->tailwindcss-3.4.9.tgz
->sucrase-3.35.0.tgz
->glob-10.4.5.tgz
->❌ minimatch-9.0.5.tgz
🔴 High (7.5) Not Defined < 1% Transitive minimatch-9.0.5.tgz react-scripts-5.0.1.tgz Transitive minimatch - 7.4.8,minimatch - 10.2.3,minimatch - 8.0.6,minimatch - 6.2.2,minimatch - 9.0.7,minimatch - 5.1.8,minimatch - 4.2.5,minimatch - 3.1.4 Unreachable
CVE-2026-27904
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->workbox-webpack-plugin-6.6.1.tgz
->workbox-build-6.6.1.tgz
->rollup-plugin-off-main-thread-2.2.3.tgz
->ejs-3.1.10.tgz
->jake-10.9.2.tgz
->filelist-1.0.4.tgz
->❌ minimatch-5.1.6.tgz
🔴 High (7.5) Not Defined < 1% Transitive minimatch-5.1.6.tgz react-scripts-5.0.1.tgz Transitive minimatch - 7.4.8,minimatch - 10.2.3,minimatch - 8.0.6,minimatch - 6.2.2,minimatch - 9.0.7,minimatch - 5.1.8,minimatch - 4.2.5,minimatch - 3.1.4 Unreachable
CVE-2026-32141
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->eslint-8.57.0.tgz
->file-entry-cache-6.0.1.tgz
->flat-cache-3.2.0.tgz
->❌ flatted-3.3.1.tgz
🔴 High (7.5) Not Defined < 1% Transitive flatted-3.3.1.tgz react-scripts-5.0.1.tgz Transitive https://github.com/WebReflection/flatted.git - v3.4.0 Unreachable
CVE-2026-48779
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->webpack-dev-server-4.15.2.tgz
->❌ ws-8.18.0.tgz
🔴 High (7.5) Not Defined < 1% Transitive ws-8.18.0.tgz react-scripts-5.0.1.tgz Transitive https://github.com/websockets/ws.git - 7.5.11,https://github.com/websockets/ws.git - 8.21.0,https://github.com/websockets/ws.git - 6.2.4,https://github.com/websockets/ws.git - 5.2.5 Unreachable
CVE-2026-48779
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->jest-27.5.1.tgz
->core-27.5.1.tgz
->jest-config-27.5.1.tgz
->jest-environment-jsdom-27.5.1.tgz
->jsdom-16.7.0.tgz
->❌ ws-7.5.10.tgz
🔴 High (7.5) Not Defined < 1% Transitive ws-7.5.10.tgz react-scripts-5.0.1.tgz Transitive https://github.com/websockets/ws.git - 7.5.11,https://github.com/websockets/ws.git - 8.21.0,https://github.com/websockets/ws.git - 6.2.4,https://github.com/websockets/ws.git - 5.2.5 Unreachable
CVE-2026-6321
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->workbox-webpack-plugin-6.6.1.tgz
->workbox-build-6.6.1.tgz
->ajv-8.17.1.tgz
->❌ fast-uri-3.0.1.tgz
🔴 High (7.5) Not Defined < 1% Transitive fast-uri-3.0.1.tgz react-scripts-5.0.1.tgz Transitive fast-uri - 3.1.1 Unreachable
CVE-2026-6322
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->workbox-webpack-plugin-6.6.1.tgz
->workbox-build-6.6.1.tgz
->ajv-8.17.1.tgz
->❌ fast-uri-3.0.1.tgz
🔴 High (7.5) Not Defined < 1% Transitive fast-uri-3.0.1.tgz react-scripts-5.0.1.tgz Transitive fast-uri - 3.1.2,https://github.com/fastify/fast-uri.git - v3.1.2 Unreachable
CVE-2025-30360
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->❌ webpack-dev-server-4.15.2.tgz
🟠 Medium (6.5) Not Defined < 1% Transitive webpack-dev-server-4.15.2.tgz react-scripts-5.0.1.tgz Transitive webpack-dev-server - 5.2.1,https://github.com/webpack/webpack-dev-server.git - v5.2.1 Unreachable
CVE-2024-43788
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->❌ webpack-5.93.0.tgz
🟠 Medium (6.4) Not Defined < 1% Transitive webpack-5.93.0.tgz react-scripts-5.0.1.tgz Transitive webpack - 5.94.0 Unreachable
CVE-2025-27789
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->workbox-webpack-plugin-6.6.1.tgz
->workbox-build-6.6.1.tgz
->core-7.25.2.tgz
->❌ helpers-7.25.0.tgz
🟠 Medium (6.2) Not Defined < 1% Transitive helpers-7.25.0.tgz react-scripts-5.0.1.tgz Transitive @⁠babel/runtime - 8.0.0-alpha.17,@⁠babel/helpers - 8.0.0-alpha.17,@⁠babel/runtime-corejs3 - 8.0.0-alpha.17,https://github.com/babel/babel.git - v7.26.10,@⁠babel/runtime-corejs2 - 8.0.0-alpha.17,@⁠babel/runtime - 7.26.10,@⁠babel/helpers - 7.26.10 Unreachable
CVE-2025-27789
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->workbox-webpack-plugin-6.6.1.tgz
->workbox-build-6.6.1.tgz
->❌ runtime-7.25.0.tgz
🟠 Medium (6.2) Not Defined < 1% Transitive runtime-7.25.0.tgz react-scripts-5.0.1.tgz Transitive @⁠babel/runtime - 8.0.0-alpha.17,@⁠babel/helpers - 8.0.0-alpha.17,@⁠babel/runtime-corejs3 - 8.0.0-alpha.17,https://github.com/babel/babel.git - v7.26.10,@⁠babel/runtime-corejs2 - 8.0.0-alpha.17,@⁠babel/runtime - 7.26.10,@⁠babel/helpers - 7.26.10 Unreachable
CVE-2024-47068
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->workbox-webpack-plugin-6.6.1.tgz
->workbox-build-6.6.1.tgz
->❌ rollup-2.79.1.tgz
🟠 Medium (6.1) Not Defined < 1% Transitive rollup-2.79.1.tgz react-scripts-5.0.1.tgz Transitive rollup - 3.29.5,4.22.4,rollup - 2.79.2,rollup - 4.22.4,rollup - 3.29.5 Unreachable
CVE-2026-41305
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->❌ postcss-8.4.41.tgz
🟠 Medium (6.1) Not Defined < 1% Transitive postcss-8.4.41.tgz react-scripts-5.0.1.tgz Transitive postcss - 8.5.10,https://github.com/postcss/postcss.git - 8.5.10 Unreachable
CVE-2026-34043
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->terser-webpack-plugin-5.3.10.tgz
->❌ serialize-javascript-6.0.2.tgz
🟠 Medium (5.9) Not Defined < 1% Transitive serialize-javascript-6.0.2.tgz react-scripts-5.0.1.tgz Transitive https://github.com/yahoo/serialize-javascript.git - v7.0.5 Unreachable
CVE-2024-4067
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->react-dev-utils-12.0.1.tgz
->globby-11.1.0.tgz
->fast-glob-3.3.2.tgz
->❌ micromatch-4.0.7.tgz
🟠 Medium (5.3) Not Defined 1.429% Transitive micromatch-4.0.7.tgz react-scripts-5.0.1.tgz Transitive micromatch - 4.0.8 Unreachable
CVE-2024-47764
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->webpack-dev-server-4.15.2.tgz
->express-4.19.2.tgz
->❌ cookie-0.6.0.tgz
🟠 Medium (5.3) Not Defined < 1% Transitive cookie-0.6.0.tgz react-scripts-5.0.1.tgz Transitive cookie - 0.7.0 Reachable
CVE-2025-30359
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->❌ webpack-dev-server-4.15.2.tgz
🟠 Medium (5.3) Not Defined < 1% Transitive webpack-dev-server-4.15.2.tgz react-scripts-5.0.1.tgz Transitive https://github.com/webpack/webpack-dev-server.git - v5.2.1,webpack-dev-server - 5.2.1 Unreachable
CVE-2026-14631
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->❌ webpack-dev-server-4.15.2.tgz
🟠 Medium (5.3) Not Defined < 1% Transitive webpack-dev-server-4.15.2.tgz react-scripts-5.0.1.tgz Transitive webpack-dev-server - 5.2.6 Unreachable
CVE-2026-6402
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->❌ webpack-dev-server-4.15.2.tgz
🟠 Medium (5.3) Not Defined < 1% Transitive webpack-dev-server-4.15.2.tgz react-scripts-5.0.1.tgz Transitive webpack-dev-server - 5.2.4,https://github.com/webpack/webpack-dev-server.git - v5.2.4 Unreachable
CVE-2026-9595
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->❌ webpack-dev-server-4.15.2.tgz
🟠 Medium (5.3) Not Defined < 1% Transitive webpack-dev-server-4.15.2.tgz react-scripts-5.0.1.tgz Unreachable
CVE-2024-43796
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->webpack-dev-server-4.15.2.tgz
->❌ express-4.19.2.tgz
🟠 Medium (5.0) Not Defined < 1% Transitive express-4.19.2.tgz react-scripts-5.0.1.tgz Transitive express - 4.20.0,5.0.0 Reachable
CVE-2026-14620
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->❌ webpack-dev-server-4.15.2.tgz
🟠 Medium (4.7) Not Defined < 1% Transitive webpack-dev-server-4.15.2.tgz react-scripts-5.0.1.tgz Transitive webpack-dev-server - 5.2.6 Unreachable
CVE-2026-45736
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->webpack-dev-server-4.15.2.tgz
->❌ ws-8.18.0.tgz
🟠 Medium (4.4) Not Defined < 1% Transitive ws-8.18.0.tgz react-scripts-5.0.1.tgz Transitive ws - 8.20.1,https://github.com/websockets/ws.git - 8.20.1 Unreachable
CVE-2024-55565
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->postcss-8.4.41.tgz
->❌ nanoid-3.3.7.tgz
🟠 Medium (4.3) Not Defined < 1% Transitive nanoid-3.3.7.tgz react-scripts-5.0.1.tgz Transitive nanoid - 3.3.8,5.0.9,nanoid - 5.0.9,nanoid - 3.3.8 Unreachable
CVE-2026-33532
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->tailwindcss-3.4.9.tgz
->postcss-load-config-4.0.2.tgz
->❌ yaml-2.5.0.tgz
🟠 Medium (4.3) Not Defined < 1% Transitive yaml-2.5.0.tgz react-scripts-5.0.1.tgz Transitive https://github.com/eemeli/yaml.git - v1.10.3,https://github.com/eemeli/yaml.git - v2.8.3 Unreachable
CVE-2026-9358
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->postcss-preset-env-7.8.3.tgz
->postcss-attribute-case-insensitive-5.0.2.tgz
->❌ postcss-selector-parser-6.1.2.tgz
🟠 Medium (4.3) Proof of concept < 1% Transitive postcss-selector-parser-6.1.2.tgz react-scripts-5.0.1.tgz Unreachable
CVE-2025-15284
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->webpack-dev-server-4.15.2.tgz
->express-4.19.2.tgz
->body-parser-1.20.2.tgz
->❌ qs-6.11.0.tgz
🟡 Low (3.7) Not Defined < 1% Transitive qs-6.11.0.tgz react-scripts-5.0.1.tgz Transitive qs - 6.14.1,qs - 6.14.1,https://github.com/ljharb/qs.git - v6.14.1 Reachable
CVE-2025-68157
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->❌ webpack-5.93.0.tgz
🟡 Low (3.7) Not Defined < 1% Transitive webpack-5.93.0.tgz react-scripts-5.0.1.tgz Transitive webpack - 5.104.0 Unreachable
CVE-2025-68458
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->❌ webpack-5.93.0.tgz
🟡 Low (3.7) Not Defined < 1% Transitive webpack-5.93.0.tgz react-scripts-5.0.1.tgz Transitive webpack - 5.104.1 Unreachable
CVE-2026-2391
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->webpack-dev-server-4.15.2.tgz
->express-4.19.2.tgz
->body-parser-1.20.2.tgz
->❌ qs-6.11.0.tgz
🟡 Low (3.7) Not Defined < 1% Transitive qs-6.11.0.tgz react-scripts-5.0.1.tgz Transitive qs - 6.14.2,https://github.com/ljharb/qs.git - v6.14.2,qs - 6.14.2 Reachable
CVE-2026-49356
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->workbox-webpack-plugin-6.6.1.tgz
->workbox-build-6.6.1.tgz
->❌ core-7.25.2.tgz
🟡 Low (3.2) Not Defined < 1% Transitive core-7.25.2.tgz react-scripts-5.0.1.tgz Transitive https://github.com/babel/babel.git - 7.29.6,https://github.com/babel/babel.git - 8.0.0-rc.6 Unreachable
CVE-2025-69873
Path to dependency file: /package.json

Dependency Hierarchy:

->react-scripts-5.0.1.tgz (Vulnerable Library)
->workbox-webpack-plugin-6.6.1.tgz
->workbox-build-6.6.1.tgz
->❌ ajv-8.17.1.tgz
🟡 Low (2.9) Not Defined < 1% Transitive ajv-8.17.1.tgz react-scripts-5.0.1.tgz Transitive https://github.com/ajv-validator/ajv.git - v8.18.0,https://github.com/ajv-validator/ajv.git - v6.14.0 Unreachable

✅ Resolved findings:

Finding Vulnerable Library
CVE-2022-24773 node-forge-0.10.0.tgz
CVE-2022-24771 node-forge-0.10.0.tgz
CVE-2025-27789 runtime-7.9.0.tgz
CVE-2024-29180 webpack-dev-middleware-3.7.3.tgz
CVE-2024-21536 http-proxy-middleware-0.19.1.tgz
CVE-2021-20066 jsdom-14.1.0.tgz
WS-2022-0008 node-forge-0.10.0.tgz
CVE-2025-32997 http-proxy-middleware-0.19.1.tgz
CVE-2026-41907 uuid-3.4.0.tgz
CVE-2026-41305 postcss-7.0.21.tgz
CVE-2024-21538 cross-spawn-7.0.1.tgz
CVE-2026-49356 core-7.9.0.tgz
CVE-2026-55602 http-proxy-middleware-0.19.1.tgz
CVE-2024-42460 elliptic-6.5.4.tgz
CVE-2023-44270 postcss-7.0.21.tgz
CVE-2026-48779 ws-5.2.3.tgz
CVE-2026-33895 node-forge-0.10.0.tgz
CVE-2022-37599 loader-utils-1.4.0.tgz
CVE-2024-48949 elliptic-6.5.4.tgz
CVE-2024-42459 elliptic-6.5.4.tgz
CVE-2024-42461 elliptic-6.5.4.tgz
CVE-2025-30360 webpack-dev-server-3.11.0.tgz
CVE-2022-37599 loader-utils-1.2.3.tgz
CVE-2022-38900 decode-uri-component-0.2.0.tgz
CVE-2026-48779 ws-6.2.2.tgz
CVE-2026-44705 tmp-0.0.33.tgz
CVE-2025-66030 node-forge-0.10.0.tgz
CVE-2023-26136 tough-cookie-2.5.0.tgz
CVE-2024-21538 cross-spawn-6.0.5.tgz
CVE-2024-48948 elliptic-6.5.4.tgz
CVE-2021-24033 react-dev-utils-10.2.1.tgz
CVE-2026-14620 webpack-dev-server-3.11.0.tgz
CVE-2026-32141 flatted-2.0.2.tgz
CVE-2026-9358 postcss-selector-parser-3.1.2.tgz
CVE-2021-23337 lodash.template-4.5.0.tgz
CVE-2022-0122 node-forge-0.10.0.tgz
CVE-2025-30359 webpack-dev-server-3.11.0.tgz
CVE-2026-6402 webpack-dev-server-3.11.0.tgz
CVE-2026-33896 node-forge-0.10.0.tgz
CVE-2025-9288 sha.js-2.4.11.tgz
CVE-2020-7789 node-notifier-5.4.5.tgz
CVE-2023-28155 request-2.88.2.tgz
CVE-2025-12816 node-forge-0.10.0.tgz
CVE-2026-2739 bn.js-4.12.0.tgz
CVE-2026-33228 flatted-2.0.2.tgz
CVE-2022-37601 loader-utils-1.4.0.tgz
CVE-2025-14505 elliptic-6.5.4.tgz
CVE-2022-24772 node-forge-0.10.0.tgz
CVE-2026-2739 bn.js-5.2.1.tgz
CVE-2024-37890 ws-5.2.3.tgz
CVE-2026-9277 shell-quote-1.7.2.tgz
CVE-2020-28477 immer-1.10.0.tgz
CVE-2021-20066 jsdom-11.12.0.tgz
CVE-2026-12143 form-data-2.3.3.tgz
CVE-2025-59437 ip-1.1.8.tgz
CVE-2026-9595 webpack-dev-server-3.11.0.tgz
CVE-2022-37603 loader-utils-1.4.0.tgz
CVE-2023-42282 ip-1.1.8.tgz
CVE-2025-59436 ip-1.1.8.tgz
CVE-2021-23382 postcss-7.0.21.tgz
WS-2025-0006 elliptic-6.5.4.tgz
CVE-2024-29415 ip-1.1.8.tgz
CVE-2026-45822 decode-uri-component-0.2.0.tgz
CVE-2025-54798 tmp-0.0.33.tgz
CVE-2025-32996 http-proxy-middleware-0.19.1.tgz
CVE-2021-23368 postcss-7.0.21.tgz
CVE-2026-4800 lodash.template-4.5.0.tgz
CVE-2024-4068 braces-2.3.2.tgz
CVE-2026-9358 postcss-selector-parser-5.0.0.tgz
CVE-2025-15284 qs-6.5.3.tgz
CVE-2026-13311 shell-quote-1.7.2.tgz
CVE-2025-6547 pbkdf2-3.1.2.tgz
CVE-2026-2391 qs-6.5.3.tgz
CVE-2026-14802 react-dev-utils-10.2.1.tgz
CVE-2025-6545 pbkdf2-3.1.2.tgz
CVE-2026-33891 node-forge-0.10.0.tgz
CVE-2023-46234 browserify-sign-4.2.1.tgz
CVE-2022-37603 loader-utils-1.2.3.tgz
CVE-2025-66031 node-forge-0.10.0.tgz
CVE-2025-9287 cipher-base-1.0.4.tgz
CVE-2026-14631 webpack-dev-server-3.11.0.tgz
CVE-2024-37890 ws-6.2.2.tgz
CVE-2025-7783 form-data-2.3.3.tgz
CVE-2024-27088 es5-ext-0.10.61.tgz
CVE-2021-23364 browserslist-4.10.0.tgz
CVE-2022-37601 loader-utils-1.2.3.tgz
CVE-2024-4067 micromatch-3.1.10.tgz
CVE-2021-42740 shell-quote-1.7.2.tgz
CVE-2026-33894 node-forge-0.10.0.tgz

Remaining findings in base branch: 220

Base branch commit: a3ba1679b8965c9f00f5ca1f92a5800372757c57

Total libraries scanned: 1852

Scan token: cbbc928c086b4d12b428128dd9c325d0