You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: osv-scanner.toml
+4Lines changed: 4 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -5,3 +5,7 @@ reason = "drizzle-orm SQL injection via dynamic identifiers (CVE-2026-39356). No
5
5
[[IgnoredVulns]]
6
6
id = "GHSA-j687-52p2-xcff"
7
7
reason = "Astro XSS via define:vars on <script> tags. Not exploitable in ENSNode: docs sites are statically generated and do not pass user-controlled input to define:vars. Upgrading to the fixed version (astro 6.x) requires a major version bump that needs broader testing."
8
+
9
+
[[IgnoredVulns]]
10
+
id = "GHSA-w5hq-g745-h8pq"
11
+
reason = "uuid missing buffer bounds check in v3/v5/v6. Fix backported to v11.1.1, which our pnpm override resolves to. OSV marks v14.0.0 as the fixed version, but the patch is present in 11.1.1. We do not use uuid directly and our Node engine (>=24) satisfies v14 requirements if a future bump is needed."
0 commit comments