Update dependency react-scripts to v5#4
Open
mend-for-github-com[bot] wants to merge 1 commit into
Open
Renovate / Mend Security Check
failed
Jul 7, 2026 in 11m 51s
Security Report
⛔ You have successfully resolved 89 findings, but introduced 49 new findings in this branch:
| Finding | Severity | Exploit Maturity | EPSS | Vulnerable Library | Direct Dependency | Suggested Fix | Reachability |
|---|---|---|---|---|---|---|---|
CVE-2025-61140Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->bfj-7.1.0.tgz ->❌ jsonpath-1.1.1.tgz |
🟣 Critical (9.8) | Not Defined | < 1% | Transitive jsonpath-1.1.1.tgz |
react-scripts-5.0.1.tgz | ||
CVE-2026-1615Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->bfj-7.1.0.tgz ->❌ jsonpath-1.1.1.tgz |
🟣 Critical (9.8) | Not Defined | 1.049% | Transitive jsonpath-1.1.1.tgz |
react-scripts-5.0.1.tgz | Transitive jsonpath - 1.3.0 |
|
CVE-2026-33228Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->eslint-8.57.0.tgz ->file-entry-cache-6.0.1.tgz ->flat-cache-3.2.0.tgz ->❌ flatted-3.3.1.tgz |
🟣 Critical (9.8) | Not Defined | < 1% | Transitive flatted-3.3.1.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/WebReflection/flatted.git - v3.4.2 |
|
CVE-2026-27606Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->workbox-webpack-plugin-6.6.1.tgz ->workbox-build-6.6.1.tgz ->❌ rollup-2.79.1.tgz |
🟣 Critical (9.1) | Not Defined | 1.402% | Transitive rollup-2.79.1.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/rollup/rollup.git - v2.80.0,https://github.com/rollup/rollup.git - v3.30.0,https://github.com/rollup/rollup.git - v4.59.0 |
|
CVE-2024-52011Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->webpack-dev-server-4.15.2.tgz ->❌ launch-editor-2.8.1.tgz |
🔴 High (8.8) | Not Defined | < 1% | Transitive launch-editor-2.8.1.tgz |
react-scripts-5.0.1.tgz | Transitive vite - 5.4.9,https://github.com/vitejs/launch-editor.git - v2.9.0,launch-editor - 2.9.0 |
|
CVE-2026-53632Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->webpack-dev-server-4.15.2.tgz ->❌ launch-editor-2.8.1.tgz |
🔴 High (8.3) | Not Defined | < 1% | Transitive launch-editor-2.8.1.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/vitejs/vite.git - v8.0.16,https://github.com/vitejs/vite.git - v6.4.3,https://github.com/vitejs/launch-editor.git - v2.14.1,https://github.com/vitejs/vite.git - v7.3.5 |
|
CVE-2026-44728Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->workbox-webpack-plugin-6.6.1.tgz ->workbox-build-6.6.1.tgz ->preset-env-7.25.3.tgz ->❌ plugin-transform-modules-systemjs-7.25.0.tgz |
🔴 High (8.2) | Not Defined | < 1% | Transitive plugin-transform-modules-systemjs-7.25.0.tgz |
react-scripts-5.0.1.tgz | Transitive @babel/plugin-transform-modules-systemjs - 8.0.0-alpha.13,@babel/plugin-transform-modules-systemjs - 7.29.4 |
|
CVE-2026-9277Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->react-dev-utils-12.0.1.tgz ->❌ shell-quote-1.8.1.tgz |
🔴 High (8.1) | Not Defined | < 1% | Transitive shell-quote-1.8.1.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/ljharb/shell-quote.git - v1.8.4,shell-quote - 1.8.4 |
|
CVE-2024-45590Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->webpack-dev-server-4.15.2.tgz ->express-4.19.2.tgz ->❌ body-parser-1.20.2.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive body-parser-1.20.2.tgz |
react-scripts-5.0.1.tgz | Transitive body-parser - 1.20.3,https://github.com/expressjs/body-parser.git - 1.20.3 |
|
CVE-2025-64756Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->tailwindcss-3.4.9.tgz ->sucrase-3.35.0.tgz ->❌ glob-10.4.5.tgz |
🔴 High (7.5) | Not Defined | 3.092% | Transitive glob-10.4.5.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/isaacs/node-glob.git - v10.5.0,glob - 11.1.0,https://github.com/isaacs/node-glob.git - v11.1.0,glob - 10.5.0 |
|
CVE-2026-13311Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->react-dev-utils-12.0.1.tgz ->❌ shell-quote-1.8.1.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive shell-quote-1.8.1.tgz |
react-scripts-5.0.1.tgz | Transitive shell-quote - 1.9.0 |
|
CVE-2026-13676Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->workbox-webpack-plugin-6.6.1.tgz ->workbox-build-6.6.1.tgz ->ajv-8.17.1.tgz ->❌ fast-uri-3.0.1.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive fast-uri-3.0.1.tgz |
react-scripts-5.0.1.tgz | Transitive fast-uri - 3.1.3,fast-uri - 4.0.1 |
|
CVE-2026-26996Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->workbox-webpack-plugin-6.6.1.tgz ->workbox-build-6.6.1.tgz ->rollup-plugin-off-main-thread-2.2.3.tgz ->ejs-3.1.10.tgz ->jake-10.9.2.tgz ->filelist-1.0.4.tgz ->❌ minimatch-5.1.6.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive minimatch-5.1.6.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/isaacs/minimatch.git - v10.2.1,https://github.com/isaacs/minimatch.git - v5.1.7,https://github.com/isaacs/minimatch.git - v4.2.4,https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v8.0.5,https://github.com/isaacs/minimatch.git - v9.0.6,https://github.com/isaacs/minimatch.git - v6.2.1,https://github.com/isaacs/minimatch.git - v7.4.7 |
|
CVE-2026-26996Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->tailwindcss-3.4.9.tgz ->sucrase-3.35.0.tgz ->glob-10.4.5.tgz ->❌ minimatch-9.0.5.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive minimatch-9.0.5.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/isaacs/minimatch.git - v10.2.1,https://github.com/isaacs/minimatch.git - v5.1.7,https://github.com/isaacs/minimatch.git - v4.2.4,https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v8.0.5,https://github.com/isaacs/minimatch.git - v9.0.6,https://github.com/isaacs/minimatch.git - v6.2.1,https://github.com/isaacs/minimatch.git - v7.4.7 |
|
CVE-2026-27601Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->bfj-7.1.0.tgz ->jsonpath-1.1.1.tgz ->❌ underscore-1.12.1.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive underscore-1.12.1.tgz |
react-scripts-5.0.1.tgz | Transitive underscore - 1.13.8,https://github.com/jashkenas/underscore.git - 1.13.8 |
|
CVE-2026-27903Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->tailwindcss-3.4.9.tgz ->sucrase-3.35.0.tgz ->glob-10.4.5.tgz ->❌ minimatch-9.0.5.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive minimatch-9.0.5.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v4.2.5,https://github.com/isaacs/minimatch.git - v6.2.2,https://github.com/isaacs/minimatch.git - v10.2.3,https://github.com/isaacs/minimatch.git - v5.1.8,https://github.com/isaacs/minimatch.git - v9.0.7,https://github.com/isaacs/minimatch.git - v7.4.8,https://github.com/isaacs/minimatch.git - v8.0.6 |
|
CVE-2026-27903Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->workbox-webpack-plugin-6.6.1.tgz ->workbox-build-6.6.1.tgz ->rollup-plugin-off-main-thread-2.2.3.tgz ->ejs-3.1.10.tgz ->jake-10.9.2.tgz ->filelist-1.0.4.tgz ->❌ minimatch-5.1.6.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive minimatch-5.1.6.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v4.2.5,https://github.com/isaacs/minimatch.git - v6.2.2,https://github.com/isaacs/minimatch.git - v10.2.3,https://github.com/isaacs/minimatch.git - v5.1.8,https://github.com/isaacs/minimatch.git - v9.0.7,https://github.com/isaacs/minimatch.git - v7.4.8,https://github.com/isaacs/minimatch.git - v8.0.6 |
|
CVE-2026-27904Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->tailwindcss-3.4.9.tgz ->sucrase-3.35.0.tgz ->glob-10.4.5.tgz ->❌ minimatch-9.0.5.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive minimatch-9.0.5.tgz |
react-scripts-5.0.1.tgz | Transitive minimatch - 7.4.8,minimatch - 10.2.3,minimatch - 8.0.6,minimatch - 6.2.2,minimatch - 9.0.7,minimatch - 5.1.8,minimatch - 4.2.5,minimatch - 3.1.4 |
|
CVE-2026-27904Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->workbox-webpack-plugin-6.6.1.tgz ->workbox-build-6.6.1.tgz ->rollup-plugin-off-main-thread-2.2.3.tgz ->ejs-3.1.10.tgz ->jake-10.9.2.tgz ->filelist-1.0.4.tgz ->❌ minimatch-5.1.6.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive minimatch-5.1.6.tgz |
react-scripts-5.0.1.tgz | Transitive minimatch - 7.4.8,minimatch - 10.2.3,minimatch - 8.0.6,minimatch - 6.2.2,minimatch - 9.0.7,minimatch - 5.1.8,minimatch - 4.2.5,minimatch - 3.1.4 |
|
CVE-2026-32141Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->eslint-8.57.0.tgz ->file-entry-cache-6.0.1.tgz ->flat-cache-3.2.0.tgz ->❌ flatted-3.3.1.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive flatted-3.3.1.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/WebReflection/flatted.git - v3.4.0 |
|
CVE-2026-48779Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->webpack-dev-server-4.15.2.tgz ->❌ ws-8.18.0.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive ws-8.18.0.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/websockets/ws.git - 7.5.11,https://github.com/websockets/ws.git - 8.21.0,https://github.com/websockets/ws.git - 6.2.4,https://github.com/websockets/ws.git - 5.2.5 |
|
CVE-2026-48779Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->jest-27.5.1.tgz ->core-27.5.1.tgz ->jest-config-27.5.1.tgz ->jest-environment-jsdom-27.5.1.tgz ->jsdom-16.7.0.tgz ->❌ ws-7.5.10.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive ws-7.5.10.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/websockets/ws.git - 7.5.11,https://github.com/websockets/ws.git - 8.21.0,https://github.com/websockets/ws.git - 6.2.4,https://github.com/websockets/ws.git - 5.2.5 |
|
CVE-2026-6321Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->workbox-webpack-plugin-6.6.1.tgz ->workbox-build-6.6.1.tgz ->ajv-8.17.1.tgz ->❌ fast-uri-3.0.1.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive fast-uri-3.0.1.tgz |
react-scripts-5.0.1.tgz | Transitive fast-uri - 3.1.1 |
|
CVE-2026-6322Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->workbox-webpack-plugin-6.6.1.tgz ->workbox-build-6.6.1.tgz ->ajv-8.17.1.tgz ->❌ fast-uri-3.0.1.tgz |
🔴 High (7.5) | Not Defined | < 1% | Transitive fast-uri-3.0.1.tgz |
react-scripts-5.0.1.tgz | Transitive fast-uri - 3.1.2,https://github.com/fastify/fast-uri.git - v3.1.2 |
|
CVE-2025-30360Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->❌ webpack-dev-server-4.15.2.tgz |
🟠 Medium (6.5) | Not Defined | < 1% | Transitive webpack-dev-server-4.15.2.tgz |
react-scripts-5.0.1.tgz | Transitive webpack-dev-server - 5.2.1,https://github.com/webpack/webpack-dev-server.git - v5.2.1 |
|
CVE-2024-43788Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->❌ webpack-5.93.0.tgz |
🟠 Medium (6.4) | Not Defined | < 1% | Transitive webpack-5.93.0.tgz |
react-scripts-5.0.1.tgz | Transitive webpack - 5.94.0 |
|
CVE-2025-27789Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->workbox-webpack-plugin-6.6.1.tgz ->workbox-build-6.6.1.tgz ->core-7.25.2.tgz ->❌ helpers-7.25.0.tgz |
🟠 Medium (6.2) | Not Defined | < 1% | Transitive helpers-7.25.0.tgz |
react-scripts-5.0.1.tgz | Transitive @babel/runtime - 8.0.0-alpha.17,@babel/helpers - 8.0.0-alpha.17,@babel/runtime-corejs3 - 8.0.0-alpha.17,https://github.com/babel/babel.git - v7.26.10,@babel/runtime-corejs2 - 8.0.0-alpha.17,@babel/runtime - 7.26.10,@babel/helpers - 7.26.10 |
|
CVE-2025-27789Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->workbox-webpack-plugin-6.6.1.tgz ->workbox-build-6.6.1.tgz ->❌ runtime-7.25.0.tgz |
🟠 Medium (6.2) | Not Defined | < 1% | Transitive runtime-7.25.0.tgz |
react-scripts-5.0.1.tgz | Transitive @babel/runtime - 8.0.0-alpha.17,@babel/helpers - 8.0.0-alpha.17,@babel/runtime-corejs3 - 8.0.0-alpha.17,https://github.com/babel/babel.git - v7.26.10,@babel/runtime-corejs2 - 8.0.0-alpha.17,@babel/runtime - 7.26.10,@babel/helpers - 7.26.10 |
|
CVE-2024-47068Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->workbox-webpack-plugin-6.6.1.tgz ->workbox-build-6.6.1.tgz ->❌ rollup-2.79.1.tgz |
🟠 Medium (6.1) | Not Defined | < 1% | Transitive rollup-2.79.1.tgz |
react-scripts-5.0.1.tgz | Transitive rollup - 3.29.5,4.22.4,rollup - 2.79.2,rollup - 4.22.4,rollup - 3.29.5 |
|
CVE-2026-41305Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->❌ postcss-8.4.41.tgz |
🟠 Medium (6.1) | Not Defined | < 1% | Transitive postcss-8.4.41.tgz |
react-scripts-5.0.1.tgz | Transitive postcss - 8.5.10,https://github.com/postcss/postcss.git - 8.5.10 |
|
CVE-2026-34043Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->terser-webpack-plugin-5.3.10.tgz ->❌ serialize-javascript-6.0.2.tgz |
🟠 Medium (5.9) | Not Defined | < 1% | Transitive serialize-javascript-6.0.2.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/yahoo/serialize-javascript.git - v7.0.5 |
|
CVE-2024-4067Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->react-dev-utils-12.0.1.tgz ->globby-11.1.0.tgz ->fast-glob-3.3.2.tgz ->❌ micromatch-4.0.7.tgz |
🟠 Medium (5.3) | Not Defined | 1.429% | Transitive micromatch-4.0.7.tgz |
react-scripts-5.0.1.tgz | Transitive micromatch - 4.0.8 |
|
CVE-2024-47764Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->webpack-dev-server-4.15.2.tgz ->express-4.19.2.tgz ->❌ cookie-0.6.0.tgz |
🟠 Medium (5.3) | Not Defined | < 1% | Transitive cookie-0.6.0.tgz |
react-scripts-5.0.1.tgz | Transitive cookie - 0.7.0 |
|
CVE-2025-30359Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->❌ webpack-dev-server-4.15.2.tgz |
🟠 Medium (5.3) | Not Defined | < 1% | Transitive webpack-dev-server-4.15.2.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/webpack/webpack-dev-server.git - v5.2.1,webpack-dev-server - 5.2.1 |
|
CVE-2026-14631Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->❌ webpack-dev-server-4.15.2.tgz |
🟠 Medium (5.3) | Not Defined | < 1% | Transitive webpack-dev-server-4.15.2.tgz |
react-scripts-5.0.1.tgz | Transitive webpack-dev-server - 5.2.6 |
|
CVE-2026-6402Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->❌ webpack-dev-server-4.15.2.tgz |
🟠 Medium (5.3) | Not Defined | < 1% | Transitive webpack-dev-server-4.15.2.tgz |
react-scripts-5.0.1.tgz | Transitive webpack-dev-server - 5.2.4,https://github.com/webpack/webpack-dev-server.git - v5.2.4 |
|
CVE-2026-9595Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->❌ webpack-dev-server-4.15.2.tgz |
🟠 Medium (5.3) | Not Defined | < 1% | Transitive webpack-dev-server-4.15.2.tgz |
react-scripts-5.0.1.tgz | ||
CVE-2024-43796Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->webpack-dev-server-4.15.2.tgz ->❌ express-4.19.2.tgz |
🟠 Medium (5.0) | Not Defined | < 1% | Transitive express-4.19.2.tgz |
react-scripts-5.0.1.tgz | Transitive express - 4.20.0,5.0.0 |
|
CVE-2026-14620Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->❌ webpack-dev-server-4.15.2.tgz |
🟠 Medium (4.7) | Not Defined | < 1% | Transitive webpack-dev-server-4.15.2.tgz |
react-scripts-5.0.1.tgz | Transitive webpack-dev-server - 5.2.6 |
|
CVE-2026-45736Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->webpack-dev-server-4.15.2.tgz ->❌ ws-8.18.0.tgz |
🟠 Medium (4.4) | Not Defined | < 1% | Transitive ws-8.18.0.tgz |
react-scripts-5.0.1.tgz | Transitive ws - 8.20.1,https://github.com/websockets/ws.git - 8.20.1 |
|
CVE-2024-55565Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->postcss-8.4.41.tgz ->❌ nanoid-3.3.7.tgz |
🟠 Medium (4.3) | Not Defined | < 1% | Transitive nanoid-3.3.7.tgz |
react-scripts-5.0.1.tgz | Transitive nanoid - 3.3.8,5.0.9,nanoid - 5.0.9,nanoid - 3.3.8 |
|
CVE-2026-33532Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->tailwindcss-3.4.9.tgz ->postcss-load-config-4.0.2.tgz ->❌ yaml-2.5.0.tgz |
🟠 Medium (4.3) | Not Defined | < 1% | Transitive yaml-2.5.0.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/eemeli/yaml.git - v1.10.3,https://github.com/eemeli/yaml.git - v2.8.3 |
|
CVE-2026-9358Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->postcss-preset-env-7.8.3.tgz ->postcss-attribute-case-insensitive-5.0.2.tgz ->❌ postcss-selector-parser-6.1.2.tgz |
🟠 Medium (4.3) | Proof of concept | < 1% | Transitive postcss-selector-parser-6.1.2.tgz |
react-scripts-5.0.1.tgz | ||
CVE-2025-15284Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->webpack-dev-server-4.15.2.tgz ->express-4.19.2.tgz ->body-parser-1.20.2.tgz ->❌ qs-6.11.0.tgz |
🟡 Low (3.7) | Not Defined | < 1% | Transitive qs-6.11.0.tgz |
react-scripts-5.0.1.tgz | Transitive qs - 6.14.1,qs - 6.14.1,https://github.com/ljharb/qs.git - v6.14.1 |
|
CVE-2025-68157Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->❌ webpack-5.93.0.tgz |
🟡 Low (3.7) | Not Defined | < 1% | Transitive webpack-5.93.0.tgz |
react-scripts-5.0.1.tgz | Transitive webpack - 5.104.0 |
|
CVE-2025-68458Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->❌ webpack-5.93.0.tgz |
🟡 Low (3.7) | Not Defined | < 1% | Transitive webpack-5.93.0.tgz |
react-scripts-5.0.1.tgz | Transitive webpack - 5.104.1 |
|
CVE-2026-2391Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->webpack-dev-server-4.15.2.tgz ->express-4.19.2.tgz ->body-parser-1.20.2.tgz ->❌ qs-6.11.0.tgz |
🟡 Low (3.7) | Not Defined | < 1% | Transitive qs-6.11.0.tgz |
react-scripts-5.0.1.tgz | Transitive qs - 6.14.2,https://github.com/ljharb/qs.git - v6.14.2,qs - 6.14.2 |
|
CVE-2026-49356Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->workbox-webpack-plugin-6.6.1.tgz ->workbox-build-6.6.1.tgz ->❌ core-7.25.2.tgz |
🟡 Low (3.2) | Not Defined | < 1% | Transitive core-7.25.2.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/babel/babel.git - 7.29.6,https://github.com/babel/babel.git - 8.0.0-rc.6 |
|
CVE-2025-69873Path to dependency file: /package.json Dependency Hierarchy: ->react-scripts-5.0.1.tgz (Vulnerable Library) ->workbox-webpack-plugin-6.6.1.tgz ->workbox-build-6.6.1.tgz ->❌ ajv-8.17.1.tgz |
🟡 Low (2.9) | Not Defined | < 1% | Transitive ajv-8.17.1.tgz |
react-scripts-5.0.1.tgz | Transitive https://github.com/ajv-validator/ajv.git - v8.18.0,https://github.com/ajv-validator/ajv.git - v6.14.0 |
✅ Resolved findings:
| Finding | Vulnerable Library |
|---|---|
| CVE-2022-24773 | node-forge-0.10.0.tgz |
| CVE-2022-24771 | node-forge-0.10.0.tgz |
| CVE-2025-27789 | runtime-7.9.0.tgz |
| CVE-2024-29180 | webpack-dev-middleware-3.7.3.tgz |
| CVE-2024-21536 | http-proxy-middleware-0.19.1.tgz |
| CVE-2021-20066 | jsdom-14.1.0.tgz |
| WS-2022-0008 | node-forge-0.10.0.tgz |
| CVE-2025-32997 | http-proxy-middleware-0.19.1.tgz |
| CVE-2026-41907 | uuid-3.4.0.tgz |
| CVE-2026-41305 | postcss-7.0.21.tgz |
| CVE-2024-21538 | cross-spawn-7.0.1.tgz |
| CVE-2026-49356 | core-7.9.0.tgz |
| CVE-2026-55602 | http-proxy-middleware-0.19.1.tgz |
| CVE-2024-42460 | elliptic-6.5.4.tgz |
| CVE-2023-44270 | postcss-7.0.21.tgz |
| CVE-2026-48779 | ws-5.2.3.tgz |
| CVE-2026-33895 | node-forge-0.10.0.tgz |
| CVE-2022-37599 | loader-utils-1.4.0.tgz |
| CVE-2024-48949 | elliptic-6.5.4.tgz |
| CVE-2024-42459 | elliptic-6.5.4.tgz |
| CVE-2024-42461 | elliptic-6.5.4.tgz |
| CVE-2025-30360 | webpack-dev-server-3.11.0.tgz |
| CVE-2022-37599 | loader-utils-1.2.3.tgz |
| CVE-2022-38900 | decode-uri-component-0.2.0.tgz |
| CVE-2026-48779 | ws-6.2.2.tgz |
| CVE-2026-44705 | tmp-0.0.33.tgz |
| CVE-2025-66030 | node-forge-0.10.0.tgz |
| CVE-2023-26136 | tough-cookie-2.5.0.tgz |
| CVE-2024-21538 | cross-spawn-6.0.5.tgz |
| CVE-2024-48948 | elliptic-6.5.4.tgz |
| CVE-2021-24033 | react-dev-utils-10.2.1.tgz |
| CVE-2026-14620 | webpack-dev-server-3.11.0.tgz |
| CVE-2026-32141 | flatted-2.0.2.tgz |
| CVE-2026-9358 | postcss-selector-parser-3.1.2.tgz |
| CVE-2021-23337 | lodash.template-4.5.0.tgz |
| CVE-2022-0122 | node-forge-0.10.0.tgz |
| CVE-2025-30359 | webpack-dev-server-3.11.0.tgz |
| CVE-2026-6402 | webpack-dev-server-3.11.0.tgz |
| CVE-2026-33896 | node-forge-0.10.0.tgz |
| CVE-2025-9288 | sha.js-2.4.11.tgz |
| CVE-2020-7789 | node-notifier-5.4.5.tgz |
| CVE-2023-28155 | request-2.88.2.tgz |
| CVE-2025-12816 | node-forge-0.10.0.tgz |
| CVE-2026-2739 | bn.js-4.12.0.tgz |
| CVE-2026-33228 | flatted-2.0.2.tgz |
| CVE-2022-37601 | loader-utils-1.4.0.tgz |
| CVE-2025-14505 | elliptic-6.5.4.tgz |
| CVE-2022-24772 | node-forge-0.10.0.tgz |
| CVE-2026-2739 | bn.js-5.2.1.tgz |
| CVE-2024-37890 | ws-5.2.3.tgz |
| CVE-2026-9277 | shell-quote-1.7.2.tgz |
| CVE-2020-28477 | immer-1.10.0.tgz |
| CVE-2021-20066 | jsdom-11.12.0.tgz |
| CVE-2026-12143 | form-data-2.3.3.tgz |
| CVE-2025-59437 | ip-1.1.8.tgz |
| CVE-2026-9595 | webpack-dev-server-3.11.0.tgz |
| CVE-2022-37603 | loader-utils-1.4.0.tgz |
| CVE-2023-42282 | ip-1.1.8.tgz |
| CVE-2025-59436 | ip-1.1.8.tgz |
| CVE-2021-23382 | postcss-7.0.21.tgz |
| WS-2025-0006 | elliptic-6.5.4.tgz |
| CVE-2024-29415 | ip-1.1.8.tgz |
| CVE-2026-45822 | decode-uri-component-0.2.0.tgz |
| CVE-2025-54798 | tmp-0.0.33.tgz |
| CVE-2025-32996 | http-proxy-middleware-0.19.1.tgz |
| CVE-2021-23368 | postcss-7.0.21.tgz |
| CVE-2026-4800 | lodash.template-4.5.0.tgz |
| CVE-2024-4068 | braces-2.3.2.tgz |
| CVE-2026-9358 | postcss-selector-parser-5.0.0.tgz |
| CVE-2025-15284 | qs-6.5.3.tgz |
| CVE-2026-13311 | shell-quote-1.7.2.tgz |
| CVE-2025-6547 | pbkdf2-3.1.2.tgz |
| CVE-2026-2391 | qs-6.5.3.tgz |
| CVE-2026-14802 | react-dev-utils-10.2.1.tgz |
| CVE-2025-6545 | pbkdf2-3.1.2.tgz |
| CVE-2026-33891 | node-forge-0.10.0.tgz |
| CVE-2023-46234 | browserify-sign-4.2.1.tgz |
| CVE-2022-37603 | loader-utils-1.2.3.tgz |
| CVE-2025-66031 | node-forge-0.10.0.tgz |
| CVE-2025-9287 | cipher-base-1.0.4.tgz |
| CVE-2026-14631 | webpack-dev-server-3.11.0.tgz |
| CVE-2024-37890 | ws-6.2.2.tgz |
| CVE-2025-7783 | form-data-2.3.3.tgz |
| CVE-2024-27088 | es5-ext-0.10.61.tgz |
| CVE-2021-23364 | browserslist-4.10.0.tgz |
| CVE-2022-37601 | loader-utils-1.2.3.tgz |
| CVE-2024-4067 | micromatch-3.1.10.tgz |
| CVE-2021-42740 | shell-quote-1.7.2.tgz |
| CVE-2026-33894 | node-forge-0.10.0.tgz |
Remaining findings in base branch: 220
Base branch commit: a3ba1679b8965c9f00f5ca1f92a5800372757c57
Total libraries scanned: 1852
Scan token: cbbc928c086b4d12b428128dd9c325d0
Loading