{ "timestamp": "2026-02-16T15:42:09.730696", "project_path": "test-project", "dependencies": [ { "name": "express", "version": "4.18.1", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [ { "id": "CVE-2022-24999", "summary": "Open redirect in express", "severity": "MEDIUM", "cvss_score": 6.1, "affected_versions": "<4.18.2", "fixed_version": "4.18.2", "published_date": "2022-11-26", "references": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-24999" ] }, { "id": "CVE-2022-24999", "summary": "Open redirect in express", "severity": "MEDIUM", "cvss_score": 6.1, "affected_versions": "<4.18.2", "fixed_version": "4.18.2", "published_date": "2022-11-26", "references": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-24999" ] } ] }, { "name": "lodash", "version": "4.17.20", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [ { "id": "CVE-2021-23337", "summary": "Prototype pollution in lodash", "severity": "HIGH", "cvss_score": 7.2, "affected_versions": "<4.17.21", "fixed_version": "4.17.21", "published_date": "2021-02-15", "references": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-23337" ] }, { "id": "CVE-2021-23337", "summary": "Prototype pollution in lodash", "severity": "HIGH", "cvss_score": 7.2, "affected_versions": "<4.17.21", "fixed_version": "4.17.21", "published_date": "2021-02-15", "references": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-23337" ] } ] }, { "name": "axios", "version": "1.5.0", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [ { "id": "CVE-2023-45857", "summary": "Cross-site request forgery in axios", "severity": "MEDIUM", "cvss_score": 6.1, "affected_versions": ">=1.0.0 <1.6.0", "fixed_version": "1.6.0", "published_date": "2023-10-11", "references": [ "https://nvd.nist.gov/vuln/detail/CVE-2023-45857" ] }, { "id": "CVE-2023-45857", "summary": "Cross-site request forgery in axios", "severity": "MEDIUM", "cvss_score": 6.1, "affected_versions": ">=1.0.0 <1.6.0", "fixed_version": "1.6.0", "published_date": "2023-10-11", "references": [ "https://nvd.nist.gov/vuln/detail/CVE-2023-45857" ] } ] }, { "name": "jsonwebtoken", "version": "8.5.1", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "bcrypt", "version": "5.1.0", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "mongoose", "version": "6.10.0", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "cors", "version": "2.8.5", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "helmet", "version": "6.1.5", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "winston", "version": "3.8.2", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "dotenv", "version": "16.0.3", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "express-rate-limit", "version": "6.7.0", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "multer", "version": "1.4.5-lts.1", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "sharp", "version": "0.32.1", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "nodemailer", "version": "6.9.1", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "socket.io", "version": "4.6.1", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "redis", "version": "4.6.5", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "moment", "version": "2.29.4", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "chalk", "version": "4.1.2", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "commander", "version": "9.4.1", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "nodemon", "version": "2.0.22", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "jest", "version": "29.5.0", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "supertest", "version": "6.3.3", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "eslint", "version": "8.40.0", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "eslint-config-airbnb-base", "version": "15.0.0", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "eslint-plugin-import", "version": "2.27.5", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "webpack", "version": "5.82.1", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "webpack-cli", "version": "5.1.1", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "babel-loader", "version": "9.1.2", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "@babel/core", "version": "7.22.1", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "@babel/preset-env", "version": "7.22.2", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "css-loader", "version": "6.7.4", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "style-loader", "version": "3.3.3", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "html-webpack-plugin", "version": "5.5.1", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "mini-css-extract-plugin", "version": "2.7.6", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "postcss", "version": "8.4.23", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "postcss-loader", "version": "7.3.0", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "autoprefixer", "version": "10.4.14", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "cross-env", "version": "7.0.3", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] }, { "name": "rimraf", "version": "5.0.1", "ecosystem": "npm", "direct": true, "license": null, "vulnerabilities": [] } ], "vulnerabilities_found": 6, "high_severity_count": 2, "medium_severity_count": 4, "low_severity_count": 0, "ecosystems": [ "npm" ], "scan_summary": { "total_dependencies": 39, "unique_dependencies": 39, "ecosystems_found": 1, "vulnerable_dependencies": 3, "vulnerability_breakdown": { "high": 2, "medium": 4, "low": 0 } }, "recommendations": [ "URGENT: Address 2 high-severity vulnerabilities immediately", "Schedule fixes for 4 medium-severity vulnerabilities within 30 days", "Update express from 4.18.1 to 4.18.2 to fix CVE-2022-24999", "Update express from 4.18.1 to 4.18.2 to fix CVE-2022-24999", "Update lodash from 4.17.20 to 4.17.21 to fix CVE-2021-23337", "Update lodash from 4.17.20 to 4.17.21 to fix CVE-2021-23337", "Update axios from 1.5.0 to 1.6.0 to fix CVE-2023-45857", "Update axios from 1.5.0 to 1.6.0 to fix CVE-2023-45857" ] }