-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
26 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -13,6 +13,8 @@ fixtures/locks-e2e/1-Gemfile.lock: found 229 packages | |
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-ch3h-j2vf-95pv: XSS Vulnerability in Action View tag helpers (https://github.com/advisories/GHSA-ch3h-j2vf-95pv) | ||
| GHSA-xp5h-f8jf-rc8q: rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements (https://github.com/advisories/GHSA-xp5h-f8jf-rc8q) | ||
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-356j-hg45-x525: Potential CSV export data leak (https://github.com/advisories/GHSA-356j-hg45-x525) | ||
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-3hhc-qp5v-9p2j: Active Record RCE bug with Serialized Columns (https://github.com/advisories/GHSA-3hhc-qp5v-9p2j) | ||
| GHSA-579w-22j4-4749: Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter (https://github.com/advisories/GHSA-579w-22j4-4749) | ||
|
|
@@ -69,6 +71,12 @@ fixtures/locks-e2e/1-Gemfile.lock: found 229 packages | |
| GHSA-mcvf-2q2m-x72m: Improper neutralization of data URIs may allow XSS in rails-html-sanitizer (https://github.com/advisories/GHSA-mcvf-2q2m-x72m) | ||
| GHSA-pg8v-g4xq-hww9: Rails::Html::Sanitizer vulnerable to Cross-site Scripting (https://github.com/advisories/GHSA-pg8v-g4xq-hww9) | ||
| GHSA-rrfc-7g8p-99q8: Possible XSS vulnerability with certain configurations of rails-html-sanitizer (https://github.com/advisories/GHSA-rrfc-7g8p-99q8) | ||
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-gc3j-vvwf-4rp8: Resque vulnerable to reflected XSS in resque-web failed and queues lists (https://github.com/advisories/GHSA-gc3j-vvwf-4rp8) | ||
| GHSA-r8xx-8vm8-x6wj: Resque vulnerable to Reflected Cross Site Scripting through pathnames (https://github.com/advisories/GHSA-r8xx-8vm8-x6wj) | ||
| GHSA-r9mq-m72x-257g: Resque vulnerable to reflected XSS in Queue Endpoint (https://github.com/advisories/GHSA-r9mq-m72x-257g) | ||
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-9hmq-fm33-x4xx: Resque Scheduler Reflected XSS In Delayed Jobs View (https://github.com/advisories/GHSA-9hmq-fm33-x4xx) | ||
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-8cr8-4vfw-mr7h: REXML round-trip instability (https://github.com/advisories/GHSA-8cr8-4vfw-mr7h) | ||
| [email protected] is affected by the following vulnerabilities: | ||
|
|
@@ -77,4 +85,4 @@ fixtures/locks-e2e/1-Gemfile.lock: found 229 packages | |
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-5cm2-9h8c-rvfx: TZInfo relative path traversal vulnerability allows loading of arbitrary files (https://github.com/advisories/GHSA-5cm2-9h8c-rvfx) | ||
|
|
||
| 54 known vulnerabilities found in fixtures/locks-e2e/1-Gemfile.lock | ||
| 59 known vulnerabilities found in fixtures/locks-e2e/1-Gemfile.lock | ||
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -26,7 +26,7 @@ fixtures/locks-e2e/1-yarn.lock: found 1678 packages | |
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-6h5x-7c5m-7cr7: Exposure of Sensitive Information in eventsource (https://github.com/advisories/GHSA-6h5x-7c5m-7cr7) | ||
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-ww39-953v-wcq6: glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6) | ||
| GHSA-ww39-953v-wcq6: glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6) | ||
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-6g8v-hpgw-h2v7: Prototype pollution in gsap (https://github.com/advisories/GHSA-6g8v-hpgw-h2v7) | ||
| [email protected] is affected by the following vulnerabilities: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,6 +18,7 @@ fixtures/locks-e2e/2-go.mod: found 73 packages | |
| GHSA-x24g-9w7v-vprh: HashiCorp go-getter command injection (https://github.com/advisories/GHSA-x24g-9w7v-vprh) | ||
| GO-2022-0586: Resource exhaustion in github.com/hashicorp/go-getter and related modules | ||
| golang.org/x/[email protected] is affected by the following vulnerabilities: | ||
| GHSA-45x7-px36-x8w8: Russh vulnerable to Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC (https://github.com/advisories/GHSA-45x7-px36-x8w8) | ||
| GHSA-8c26-wmh5-6g9v: golang.org/x/crypto/ssh Denial of service via crafted Signer (https://github.com/advisories/GHSA-8c26-wmh5-6g9v) | ||
| GHSA-gwc9-m7rh-j2ww: x/crypto/ssh vulnerable to panic via malformed packets (https://github.com/advisories/GHSA-gwc9-m7rh-j2ww) | ||
| golang.org/x/[email protected] is affected by the following vulnerabilities: | ||
|
|
@@ -26,6 +27,7 @@ fixtures/locks-e2e/2-go.mod: found 73 packages | |
| GHSA-69cg-p879-7622: golang.org/x/net/http2 Denial of Service vulnerability (https://github.com/advisories/GHSA-69cg-p879-7622) | ||
| GHSA-83g2-8m93-v3w7: golang.org/x/net/html Infinite Loop vulnerability (https://github.com/advisories/GHSA-83g2-8m93-v3w7) | ||
| GHSA-h86h-8ppg-mxmh: golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion (https://github.com/advisories/GHSA-h86h-8ppg-mxmh) | ||
| GHSA-qppj-fm5r-hxr3: swift-nio-http2 vulnerable to HTTP/2 Stream Cancellation Attack (https://github.com/advisories/GHSA-qppj-fm5r-hxr3) | ||
| GHSA-vvpx-j8f3-3w6h: Uncontrolled Resource Consumption (https://github.com/advisories/GHSA-vvpx-j8f3-3w6h) | ||
| GO-2022-0288: Unbounded memory growth in net/http and golang.org/x/net/http2 | ||
| GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2 | ||
|
|
@@ -38,4 +40,4 @@ fixtures/locks-e2e/2-go.mod: found 73 packages | |
| GHSA-m425-mq94-257g: gRPC-Go HTTP/2 Rapid Reset vulnerability (https://github.com/advisories/GHSA-m425-mq94-257g) | ||
| GHSA-qppj-fm5r-hxr3: swift-nio-http2 vulnerable to HTTP/2 Stream Cancellation Attack (https://github.com/advisories/GHSA-qppj-fm5r-hxr3) | ||
|
|
||
| 25 known vulnerabilities found in fixtures/locks-e2e/2-go.mod | ||
| 27 known vulnerabilities found in fixtures/locks-e2e/2-go.mod | ||
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -45,9 +45,9 @@ fixtures/locks-e2e/2-yarn.lock: found 1991 packages | |
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-4q6p-r6v2-jvc5: Chaijs/get-func-name vulnerable to ReDoS (https://github.com/advisories/GHSA-4q6p-r6v2-jvc5) | ||
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-ww39-953v-wcq6: glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6) | ||
| GHSA-ww39-953v-wcq6: glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6) | ||
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-ww39-953v-wcq6: glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6) | ||
| GHSA-ww39-953v-wcq6: glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6) | ||
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-7wwv-vh3v-89cq: ReDOS vulnerabities: multiple grammars (https://github.com/advisories/GHSA-7wwv-vh3v-89cq) | ||
| [email protected] is affected by the following vulnerabilities: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -17,7 +17,7 @@ fixtures/locks-e2e/3-yarn.lock: found 1225 packages | |
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-w573-4hg7-7wgq: decode-uri-component vulnerable to Denial of Service (DoS) (https://github.com/advisories/GHSA-w573-4hg7-7wgq) | ||
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-ww39-953v-wcq6: glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6) | ||
| GHSA-ww39-953v-wcq6: glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6) | ||
| [email protected] is affected by the following vulnerabilities: | ||
| GHSA-pfrx-2q88-qq97: Got allows a redirect to a UNIX socket (https://github.com/advisories/GHSA-pfrx-2q88-qq97) | ||
| [email protected] is affected by the following vulnerabilities: | ||
|
|
||