Scribd
Upload
27 views

Output

Uploaded by

ajiart01
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
27 views

Output

Uploaded by

ajiart01
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 6

# npm audit report

axios 0.8.1 - 0.27.2


Severity: moderate
Axios Cross-Site Request Forgery Vulnerability -
https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
No fix available
node_modules/api-dylux/node_modules/axios
node_modules/axios
node_modules/openai/node_modules/axios
node_modules/wa-sticker-formatter/node_modules/axios
node_modules/wibusoft/node_modules/axios
api-dylux *
Depends on vulnerable versions of axios
Depends on vulnerable versions of publish
Depends on vulnerable versions of request
node_modules/api-dylux
openai 2.0.0 - 3.3.0
Depends on vulnerable versions of axios
node_modules/openai
wa-sticker-formatter >=2.0.0
Depends on vulnerable versions of axios
Depends on vulnerable versions of sharp
node_modules/wa-sticker-formatter
wibusoft *
Depends on vulnerable versions of axios
node_modules/wibusoft

bl <1.2.3
Severity: moderate
Remote Memory Exposure in bl - https://github.com/advisories/GHSA-pp7h-53gx-mx7r
No fix available
node_modules/npm/node_modules/request/node_modules/bl
request *
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of tunnel-agent
node_modules/npm/node_modules/request
node_modules/request
node-gtts *
Depends on vulnerable versions of request
node_modules/node-gtts
node-gyp <=7.1.2
Depends on vulnerable versions of request
Depends on vulnerable versions of semver
Depends on vulnerable versions of tar
node_modules/npm/node_modules/node-gyp
npm <=7.1.0 || 7.21.0 - 8.5.4 || 8.19.0 - 8.19.2 || 9.0.0-pre.0 - 9.0.0-
pre.6
Depends on vulnerable versions of chownr
Depends on vulnerable versions of fstream
Depends on vulnerable versions of hosted-git-info
Depends on vulnerable versions of ini
Depends on vulnerable versions of minimatch
Depends on vulnerable versions of mkdirp
Depends on vulnerable versions of node-gyp
Depends on vulnerable versions of npm-registry-client
Depends on vulnerable versions of npm-user-validate
Depends on vulnerable versions of request
Depends on vulnerable versions of semver
Depends on vulnerable versions of tar
node_modules/npm
npm-registry-client *
Depends on vulnerable versions of request
node_modules/npm/node_modules/npm-registry-client
remove.bg *
Depends on vulnerable versions of request
Depends on vulnerable versions of unirest
node_modules/remove.bg
unirest *
Depends on vulnerable versions of request
node_modules/unirest

brace-expansion <1.1.7
Severity: high
ReDoS in brace-expansion - https://github.com/advisories/GHSA-832h-xg76-4gv6
fix available via `npm audit fix`
node_modules/npm/node_modules/minimatch/node_modules/brace-expansion

chownr <1.1.0
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr -
https://github.com/advisories/GHSA-c6rq-rjc2-86v2
fix available via `npm audit fix`
node_modules/npm/node_modules/chownr

extend 3.0.0 - 3.0.1


Severity: moderate
Prototype Pollution in extend - https://github.com/advisories/GHSA-qrmc-fj45-qfc2
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/extend

fstream <1.0.12
Severity: high
Arbitrary File Overwrite in fstream - https://github.com/advisories/GHSA-xf7w-r453-
m56c
fix available via `npm audit fix`
node_modules/npm/node_modules/fstream

got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-
2q88-qq97
fix available via `npm audit fix --force`
Will install @vitalets/[email protected], which is a breaking change
node_modules/@vitalets/google-translate-api/node_modules/got
@vitalets/google-translate-api <=8.0.0
Depends on vulnerable versions of got
node_modules/@vitalets/google-translate-api

hawk <=9.0.0
Severity: high
Uncontrolled Resource Consumption in Hawk - https://github.com/advisories/GHSA-
44pw-h2cw-w3vq
Depends on vulnerable versions of boom
Depends on vulnerable versions of cryptiles
Depends on vulnerable versions of hoek
Depends on vulnerable versions of sntp
No fix available
node_modules/npm/node_modules/request/node_modules/hawk

hoek *
Severity: high
Prototype Pollution in hoek - https://github.com/advisories/GHSA-jp4x-w63m-7wgm
hoek subject to prototype pollution via the clone function. -
https://github.com/advisories/GHSA-c429-5p7v-vgjp
No fix available
node_modules/npm/node_modules/request/node_modules/hawk/node_modules/hoek
boom <=3.1.2
Depends on vulnerable versions of hoek
node_modules/npm/node_modules/request/node_modules/hawk/node_modules/boom
cryptiles <=2.0.5
Depends on vulnerable versions of boom
node_modules/npm/node_modules/request/node_modules/hawk/node_modules/cryptiles
sntp 0.0.0 || 0.1.1 - 2.0.0
Depends on vulnerable versions of hoek
node_modules/npm/node_modules/request/node_modules/hawk/node_modules/sntp

hosted-git-info <2.8.9
Severity: moderate
Regular Expression Denial of Service in hosted-git-info -
https://github.com/advisories/GHSA-43f8-2h32-f4cj
fix available via `npm audit fix`
node_modules/npm/node_modules/hosted-git-info

ini <1.3.6
Severity: high
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse -
https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/npm/node_modules/ini

is-my-json-valid 2.0.0 - 2.20.5


Severity: high
Regular expression deinal of service (ReDoS) in is-my-json-valid -
https://github.com/advisories/GHSA-4hpf-3wq7-5rpr
Regular Expression Denial of Service in is-my-json-valid -
https://github.com/advisories/GHSA-f522-ffg8-j8r6
Depends on vulnerable versions of jsonpointer
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/har-validator/node_modules/is-
my-json-valid

json-schema <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution -
https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/http-signature/node_modules/
jsprim/node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/npm/node_modules/request/node_modules/http-signature/node_modules/
jsprim

jsonpointer <5.0.0
Severity: moderate
Prototype Pollution in node-jsonpointer - https://github.com/advisories/GHSA-282f-
qqgm-c34q
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/har-validator/node_modules/is-
my-json-valid/node_modules/jsonpointer

minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/npm/node_modules/minimatch

minimist <=0.2.3
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/npm/node_modules/mkdirp/node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/npm/node_modules/mkdirp

npm-user-validate <=1.0.0
Severity: high
Regular Expression Denial of Service in npm-user-validate -
https://github.com/advisories/GHSA-xgh6-85xh-479p
Regular expression denial of service in npm-user-validate -
https://github.com/advisories/GHSA-pw54-mh39-w3hc
fix available via `npm audit fix`
node_modules/npm/node_modules/npm-user-validate

phin <3.7.1
Severity: moderate
phin may include sensitive headers in subsequent requests after redirect -
https://github.com/advisories/GHSA-x565-32qp-m3vf
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/phin
@jimp/core <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
Depends on vulnerable versions of phin
node_modules/@jimp/core
node_modules/render-gif/node_modules/@jimp/core
@jimp/custom <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
Depends on vulnerable versions of @jimp/core
node_modules/@jimp/custom
node_modules/render-gif/node_modules/@jimp/custom
jimp >=0.3.6-alpha.5
Depends on vulnerable versions of @jimp/custom
Depends on vulnerable versions of @jimp/plugins
node_modules/jimp
node_modules/render-gif/node_modules/jimp
@whiskeysockets/baileys *
Depends on vulnerable versions of jimp
node_modules/@adiwajshing/baileys
render-gif *
Depends on vulnerable versions of jimp
node_modules/render-gif
terminal-image >=1.0.1
Depends on vulnerable versions of jimp
Depends on vulnerable versions of render-gif
node_modules/terminal-image
load-bmfont >=1.4.0
Depends on vulnerable versions of phin
node_modules/load-bmfont
@jimp/plugin-print >=0.4.0
Depends on vulnerable versions of load-bmfont
node_modules/@jimp/plugin-print
node_modules/render-gif/node_modules/@jimp/plugin-print
@jimp/plugins >=0.4.0
Depends on vulnerable versions of @jimp/plugin-print
node_modules/@jimp/plugins
node_modules/render-gif/node_modules/@jimp/plugins

qs <=6.2.3
Severity: high
Prototype Pollution Protection Bypass in qs - https://github.com/advisories/GHSA-
gqgv-6jq5-jjj9
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-
h998-j3pp
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/qs

semver <5.7.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service -
https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
No fix available
node_modules/npm/node_modules/node-gyp/node_modules/semver
node_modules/npm/node_modules/semver
node_modules/publish/node_modules/semver
publish *
Depends on vulnerable versions of npm
Depends on vulnerable versions of semver
node_modules/publish

sharp <0.32.6
Severity: high
sharp vulnerability in libwebp dependency CVE-2023-4863 -
https://github.com/advisories/GHSA-54xq-cgqr-rpm3
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/wa-sticker-formatter/node_modules/sharp

sshpk <1.13.2
Severity: high
Regular Expression Denial of Service in sshpk - https://github.com/advisories/GHSA-
2m39-62fm-q8r3
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/http-signature/node_modules/
sshpk

stringstream <0.0.6
Severity: moderate
Out-of-bounds Read in stringstream - https://github.com/advisories/GHSA-mf6x-7mm4-
x2g7
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/stringstream

tar <=6.2.0
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization -
https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite on Windows via insufficient relative path
sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Overwrite in tar - https://github.com/advisories/GHSA-j44m-qm6p-hp7m
Denial of service while parsing a tar file due to lack of folders count validation
- https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix`
node_modules/npm/node_modules/tar

tough-cookie <=4.1.2
Severity: high
Regular Expression Denial of Service in tough-cookie -
https://github.com/advisories/GHSA-g7q5-pjjr-gqvp
tough-cookie Prototype Pollution vulnerability -
https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/npm/node_modules/request/node_modules/tough-cookie
node_modules/request/node_modules/tough-cookie

tunnel-agent <0.6.0
Severity: moderate
Memory Exposure in tunnel-agent - https://github.com/advisories/GHSA-xc7v-wxcw-j472
No fix available
node_modules/npm/node_modules/request/node_modules/tunnel-agent

validator <13.7.0
Severity: moderate
Inefficient Regular Expression Complexity in validator.js -
https://github.com/advisories/GHSA-qgmg-gppg-76g5
No fix available
node_modules/validator
url-validator *
Depends on vulnerable versions of validator
node_modules/url-validator

55 vulnerabilities (1 low, 31 moderate, 20 high, 3 critical)

To address issues that do not require attention, run:


npm audit fix

To address all issues possible (including breaking changes), run:


npm audit fix --force

Some issues need review, and may require choosing


a different dependency.

You might also like