Skip to content

Update dependency express-session to v1.18.2#59

Open
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/express-session-1.x-lockfile
Open

Update dependency express-session to v1.18.2#59
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/express-session-1.x-lockfile

Update dependency express-session to v1.18.2

a449a50
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Jul 14, 2026 in 5m 3s

Security Report

You have successfully remediated 1 vulnerabilities, but introduced 8 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2026-5079

Path to dependency file: /backend/package.json

Path to vulnerable library: /backend/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.2.0 #⁠28

Reachable

CVE-2026-3520

Path to dependency file: /backend/package.json

Path to vulnerable library: /backend/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.1.1 #⁠28

Reachable

CVE-2026-3304

Path to dependency file: /backend/package.json

Path to vulnerable library: /backend/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.1.0 #⁠28

Reachable

CVE-2026-2359

Path to dependency file: /backend/package.json

Path to vulnerable library: /backend/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.1.0 #⁠28

Reachable

CVE-2025-7338

Path to dependency file: /backend/package.json

Path to vulnerable library: /backend/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.2 #⁠28

Reachable

CVE-2025-48997

Path to dependency file: /backend/package.json

Path to vulnerable library: /backend/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.1 #⁠28

Reachable

CVE-2025-47944

Path to dependency file: /backend/package.json

Path to vulnerable library: /backend/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.0 #⁠28

Reachable

CVE-2025-47935

Path to dependency file: /backend/package.json

Path to vulnerable library: /backend/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.0 #⁠28

Reachable

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2024-47764 cookie-0.4.2.tgz

Base branch total remaining vulnerabilities: 223
Base branch commit: a3ba1679b8965c9f00f5ca1f92a5800372757c57


Total libraries scanned: 2141

Scan token: 010eb25e138b492ea47450cdf8ec1700