Skip to content
Tools / lowcoder / Security

Security Deep Dive

lowcoder

Security posture and CVE patch evidence from tracked releases.

Back to Tool

2 open KEV CVEs affects 2.7.6.

KEV-listed CVEs are confirmed exploited in the wild — patch urgently.

— Signed — SLSA ✓ SBOM ✗ Security policy Unknown cadence Active maintainer

Trust Signals — 2 of 9 Present

Evidence already collected from releases and repository metadata.

2/9 Present
Signed releases Unknown
Latest release artifact signature Latest release
SLSA provenance Unknown
Attestation predicate level Latest release
SBOM published Present
GitHub SBOM API Latest release
Last verified: 28d ago
SECURITY.md Absent
GitHub repository metadata Repository policy
Checked: 17d ago
Release cadence Unknown
12-release median Release history
Latest release: 5mo ago
Maintainer active Present
Recent commit activity Repository
Last commit: 20d ago
Checksums (SHA256SUMS) Not active yet
SHA256SUMS or equivalent Release asset
Latest release: 5mo ago
GitHub Actions attestation Not active yet
actions/attest-build-provenance Workflow file
Latest release: 5mo ago
Signing assets Not active yet
.sig, .crt, cosign.pub, or similar Release asset
Latest release: 5mo ago
3.8/10 Security Score
Dependency Exposure 369 transitive dependency CVEs found in the latest SBOM. 48 critical.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.25 / 0.5

No EPSS data

freshness

1.00 / 1.0

19d stale

scorecard

2.00 / 4.0

⚠ Estimated — not yet collected

cve health

0.00 / 2.5

No open CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

1.50 / 1.5

No KEV exposure

supply chain risk

-1.50 / 10.0

Risk 100.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

0.0

25%

direct cves: clear cve scan: available

Release responsiveness

release responsiveness

10.0

5%

patch speed days: no_history

Dependency exposure

dependency exposure

0.0

10%

supply chain risk: 100.0 transitive cves: 48c/165h

Provenance trust

provenance trust

5.0

40%

scorecard score: estimated openssf badge: none

Maintainer health

maintainer health

10.0

10%

activity freshness: 19d

Operational risk

operational risk

8.5

10%

kev exposure: detected epss max: none
How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 100.0/100
48 Transitive critical CVEs
3 KEV-transitive CVEs
55% Dependency freshness

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

2 open CVEs against lowcoder

Sorted by KEV-listed first, then longest exposure.
CVE Severity CVSS EPSS Days open KEV Status
CVE-2022-22965 CRITICAL 9.8 99%ile 1522d KEV Affects vLATEST
CVE-2025-31125 medium 5.3 99%ile 429d KEV Affects vLATEST

Dependency Vulnerabilities

3796 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

48

High

165

Medium

132

Low

23

Unknown

1

3 dependency vulnerabilities are in KEV.

CISA confirmed these vulnerabilities are actively exploited. Treat as critical priority.

Still affecting latest (130) All (369)
Critical 48 High 165 Medium 132 Low 23 Unknown 1
CVE Severity KEV Dependency Affected version Cleared in release
CVE-2013-4366 critical org.apache.httpcomponents:httpclient
CVE-2014-3527 critical org.springframework.security:spring-security-core
CVE-2014-9390 critical org.eclipse.jgit:org.eclipse.jgit
CVE-2015-7501 critical org.apache.commons:commons-collections4
CVE-2016-1000027 critical org.springframework:spring-web
CVE-2017-15095 critical com.fasterxml.jackson.core:jackson-databind
CVE-2017-17485 critical com.fasterxml.jackson.core:jackson-databind
CVE-2017-5929 critical ch.qos.logback:logback-classic
CVE-2017-7525 critical com.fasterxml.jackson.core:jackson-databind
CVE-2018-11307 critical com.fasterxml.jackson.core:jackson-databind
CVE-2018-14718 critical com.fasterxml.jackson.core:jackson-databind
CVE-2018-14719 critical com.fasterxml.jackson.core:jackson-databind
CVE-2018-14720 critical com.fasterxml.jackson.core:jackson-databind
CVE-2018-14721 critical com.fasterxml.jackson.core:jackson-databind
CVE-2018-19360 critical com.fasterxml.jackson.core:jackson-databind
CVE-2018-19361 critical com.fasterxml.jackson.core:jackson-databind
CVE-2018-19362 critical com.fasterxml.jackson.core:jackson-databind
CVE-2018-7489 critical com.fasterxml.jackson.core:jackson-databind
CVE-2019-10744 critical lodash 3.10.1
CVE-2019-14379 critical com.fasterxml.jackson.core:jackson-databind
CVE-2019-14540 critical com.fasterxml.jackson.core:jackson-databind
CVE-2019-16335 critical com.fasterxml.jackson.core:jackson-databind
CVE-2019-16942 critical com.fasterxml.jackson.core:jackson-databind
CVE-2019-16943 critical com.fasterxml.jackson.core:jackson-databind
CVE-2019-17267 critical com.fasterxml.jackson.core:jackson-databind
CVE-2019-17531 critical com.fasterxml.jackson.core:jackson-databind
CVE-2019-20330 critical com.fasterxml.jackson.core:jackson-databind
CVE-2020-8840 critical com.fasterxml.jackson.core:jackson-databind
CVE-2020-9546 critical com.fasterxml.jackson.core:jackson-databind
CVE-2020-9547 critical com.fasterxml.jackson.core:jackson-databind
CVE-2020-9548 critical com.fasterxml.jackson.core:jackson-databind
CVE-2022-22965 critical KEV org.springframework:spring-webflux
CVE-2022-22965 critical KEV org.springframework.boot:spring-boot-starter-webflux
CVE-2022-22978 critical org.springframework.security:spring-security-core
CVE-2022-22980 critical org.springframework.data:spring-data-mongodb
CVE-2022-31692 critical org.springframework.security:spring-security-core
CVE-2022-42889 critical org.apache.commons:commons-text
CVE-2023-34034 critical org.springframework.security:spring-security-config
CVE-2024-1597 critical org.postgresql:postgresql 42.3.8
CVE-2025-41232 critical org.springframework.security:spring-security-core
CVE-2025-6545 critical pbkdf2 3.1.2
CVE-2025-6547 critical pbkdf2 3.1.2
CVE-2025-7783 critical form-data 4.0.0
CVE-2025-9288 critical sha.js 2.4.11
CVE-2026-25896 critical fast-xml-parser 4.4.1
CVE-2026-27699 critical basic-ftp 5.1.0
CVE-2026-40976 critical org.springframework.boot:spring-boot
CVE-2026-41242 critical protobufjs 7.5.4
CVE-2011-2730 high org.springframework:spring-core
CVE-2012-6153 high org.apache.httpcomponents:httpclient
CVE-2014-0097 high org.springframework.security:spring-security-core
CVE-2015-5211 high org.springframework:spring-core
CVE-2015-6420 high org.apache.commons:commons-collections4
CVE-2015-8855 high semver 2.3.2
CVE-2016-5007 high org.springframework:spring-core
CVE-2016-5007 high org.springframework.security:spring-security-core
CVE-2016-9879 high org.springframework.security:spring-security-core
CVE-2017-4995 high org.springframework.security:spring-security-core
CVE-2018-12022 high com.fasterxml.jackson.core:jackson-databind
CVE-2018-12023 high com.fasterxml.jackson.core:jackson-databind
CVE-2018-1258 high org.springframework:spring-core
CVE-2018-1272 high org.springframework:spring-core
CVE-2018-15756 high org.springframework:spring-core
CVE-2018-15801 high org.springframework.security:spring-security-core
CVE-2018-16487 high lodash 3.10.1
CVE-2018-5968 high com.fasterxml.jackson.core:jackson-databind
CVE-2019-11272 high org.springframework.security:spring-security-core
CVE-2019-12086 high com.fasterxml.jackson.core:jackson-databind
CVE-2019-14439 high com.fasterxml.jackson.core:jackson-databind
CVE-2019-14892 high com.fasterxml.jackson.core:jackson-databind
CVE-2019-14893 high com.fasterxml.jackson.core:jackson-databind
CVE-2019-16869 high io.netty:netty-all
CVE-2020-10650 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-10672 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-10673 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-10968 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-10969 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-11111 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-11112 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-11113 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-11619 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-11620 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-14060 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-14061 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-14062 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-14195 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-24616 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-24750 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-25649 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-35490 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-35491 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-35728 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-36179 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-36180 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-36181 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-36182 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-36183 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-36184 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-36185 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-36186 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-36187 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-36188 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-36189 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-36518 high com.fasterxml.jackson.core:jackson-databind
CVE-2020-5398 high org.springframework:spring-webflux
CVE-2020-5403 high io.projectreactor.netty:reactor-netty-http
CVE-2020-5407 high org.springframework.security:spring-security-core
CVE-2020-8203 high lodash.pick 4.4.0
CVE-2020-8203 high lodash 3.10.1
CVE-2021-20190 high com.fasterxml.jackson.core:jackson-databind
CVE-2021-22118 high org.springframework:spring-web
CVE-2021-22119 high org.springframework.security:spring-security-core
CVE-2021-23337 high lodash 3.10.1
CVE-2021-31684 high net.minidev:json-smart
CVE-2021-46877 high com.fasterxml.jackson.core:jackson-databind
CVE-2022-25647 high com.google.code.gson:gson
CVE-2022-25883 high semver 2.3.2
CVE-2022-27772 high org.springframework.boot:spring-boot
CVE-2022-31129 high moment 2.29.2
CVE-2022-42003 high com.fasterxml.jackson.core:jackson-databind
CVE-2022-42004 high com.fasterxml.jackson.core:jackson-databind
CVE-2022-45688 high org.json:json
CVE-2023-1370 high net.minidev:json-smart
CVE-2023-20883 high org.springframework.boot:spring-boot-autoconfigure
CVE-2023-22102 high mysql:mysql-connector-java 8.0.30
CVE-2023-30533 high xlsx 0.18.5
CVE-2023-34035 high org.springframework.security:spring-security-config
CVE-2023-34062 high io.projectreactor.netty:reactor-netty-http
CVE-2023-40826 high org.pf4j:pf4j
CVE-2023-40827 high org.pf4j:pf4j
CVE-2023-40828 high org.pf4j:pf4j
CVE-2023-4759 high org.eclipse.jgit:org.eclipse.jgit
CVE-2023-5072 high org.json:json
CVE-2023-6378 high ch.qos.logback:logback-classic
CVE-2024-21536 high http-proxy-middleware 2.0.6
CVE-2024-21538 high cross-spawn 7.0.3
CVE-2024-22233 high org.springframework:spring-core
CVE-2024-22234 high org.springframework.security:spring-security-core
CVE-2024-22243 high org.springframework:spring-web
CVE-2024-22257 high org.springframework.security:spring-security-core
CVE-2024-22259 high org.springframework:spring-web
CVE-2024-22262 high org.springframework:spring-web
CVE-2024-22363 high xlsx 0.18.5
CVE-2024-38816 high org.springframework:spring-webflux
CVE-2024-38819 high org.springframework:spring-webflux
CVE-2024-47068 high rollup 2
CVE-2024-47554 high commons-io:commons-io
CVE-2024-49203 high com.querydsl:querydsl-jpa 5.1.0
CVE-2024-49203 high com.querydsl:querydsl-apt 5.1.0
CVE-2024-52798 high path-to-regexp 0.1.10
CVE-2024-57699 high net.minidev:json-smart
CVE-2025-12816 high node-forge 1.3.1
CVE-2025-22228 high org.springframework.security:spring-security-crypto
CVE-2025-22235 high org.springframework.boot:spring-boot
CVE-2025-27152 high axios 1.7.4
CVE-2025-41248 high org.springframework.security:spring-security-core
CVE-2025-41249 high org.springframework:spring-core
CVE-2025-58754 high axios 1.7.4
CVE-2025-59250 high com.microsoft.sqlserver:mssql-jdbc 10.2.1.jre11
CVE-2025-64756 high glob 10.4.5
CVE-2025-65945 high jws 4.0.0
CVE-2025-66031 high node-forge 1.3.1
CVE-2025-70952 high org.pf4j:pf4j
CVE-2026-1615 high jsonpath 1.1.1
CVE-2026-22731 high org.springframework.boot:spring-boot-starter-actuator
CVE-2026-22733 high org.springframework.boot:spring-boot-starter-actuator
CVE-2026-22753 high org.springframework.security:spring-security-config
CVE-2026-22754 high org.springframework.security:spring-security-config
CVE-2026-23745 high tar 7.4.3
CVE-2026-23950 high tar 7.4.3
CVE-2026-24400 high org.assertj:assertj-core
CVE-2026-24842 high tar 7.4.3
CVE-2026-25547 high @isaacs/brace-expansion 5.0.0
CVE-2026-25639 high axios 1.7.4
CVE-2026-26278 high fast-xml-parser 4.4.1
CVE-2026-26960 high tar 7.4.3
CVE-2026-26996 high minimatch 9.0.5
CVE-2026-27013 high fabric 4.6.0
CVE-2026-27601 high underscore 1.12.1
CVE-2026-27606 high rollup 2
CVE-2026-27903 high minimatch 9.0.5
CVE-2026-27904 high minimatch 9.0.5
CVE-2026-29074 high svgo 2.8.0
CVE-2026-29786 high tar 7.4.3
CVE-2026-31802 high tar 7.4.3
CVE-2026-32141 high flatted 3.3.3
CVE-2026-33036 high fast-xml-parser 4.4.1
CVE-2026-33228 high flatted 3.3.3
CVE-2026-33671 high picomatch 4.0.2
CVE-2026-33870 high io.netty:netty-codec-http 4.1.77
CVE-2026-33891 high node-forge 1.3.1
CVE-2026-33894 high node-forge 1.3.1
CVE-2026-33895 high node-forge 1.3.1
CVE-2026-33896 high node-forge 1.3.1
CVE-2026-40973 high org.springframework.boot:spring-boot
CVE-2026-41324 high basic-ftp 5.1.0
CVE-2026-42033 high axios 1.7.4
CVE-2026-42035 high axios 1.7.4
CVE-2026-42043 high axios 1.7.4
CVE-2026-42198 high org.postgresql:postgresql 42.3.8
CVE-2026-42264 high axios 1.7.4
CVE-2026-42584 high io.netty:netty-codec-http 4.1.77
CVE-2026-42587 high io.netty:netty-codec-http 4.1.77
CVE-2026-44240 high basic-ftp 5.1.0
CVE-2026-44728 high @babel/plugin-transform-modules-systemjs 7.27.1
CVE-2026-4800 high lodash-es 4.17.21
CVE-2026-4800 high lodash 4.17.21
CVE-2026-4867 high path-to-regexp 0.1.12
CVE-2026-6321 high fast-uri 3.0.6
CVE-2026-6322 high fast-uri 3.0.6
GHSA-5c6j-r48x-rmvq high serialize-javascript 4.0.0
GHSA-6v7q-wjvx-w8wg high basic-ftp 5.1.0
GHSA-m4gq-x24j-jpmf high mermaid 10.6.1
CVE-2009-1190 medium org.springframework:spring-core
CVE-2010-3700 medium org.springframework.security:spring-security-core
CVE-2011-1498 medium org.apache.httpcomponents:httpclient
CVE-2011-2731 medium org.springframework.security:spring-security-core
CVE-2011-2732 medium org.springframework.security:spring-security-core
CVE-2011-2894 medium org.springframework.security:spring-security-core
CVE-2011-2894 medium org.springframework:spring-core
CVE-2012-5055 medium org.springframework.security:spring-security-core
CVE-2013-6429 medium org.springframework:spring-web
CVE-2013-6430 medium org.springframework:spring-web
CVE-2014-0193 medium io.netty:netty-all
CVE-2014-3577 medium org.apache.httpcomponents:httpclient
CVE-2014-3578 medium org.springframework:spring-core
CVE-2015-0201 medium org.springframework:spring-core
CVE-2015-3192 medium org.springframework:spring-web
CVE-2015-5262 medium org.apache.httpcomponents:httpclient
CVE-2018-1000873 medium com.fasterxml.jackson.datatype:jackson-datatype-jsr310
CVE-2018-10237 medium com.google.guava:guava
CVE-2018-11039 medium org.springframework:spring-web
CVE-2018-11040 medium org.springframework:spring-core
CVE-2018-1196 medium org.springframework.boot:spring-boot
CVE-2018-1199 medium org.springframework:spring-core
CVE-2018-1199 medium org.springframework.security:spring-security-core
CVE-2018-1257 medium org.springframework:spring-core
CVE-2018-1271 medium org.springframework:spring-core
CVE-2018-3721 medium lodash 3.10.1
CVE-2019-10219 medium org.hibernate.validator:hibernate-validator
CVE-2019-12384 medium com.fasterxml.jackson.core:jackson-databind
CVE-2019-12814 medium com.fasterxml.jackson.core:jackson-databind
CVE-2019-3795 medium org.springframework.security:spring-security-core
CVE-2020-10693 medium org.hibernate.validator:hibernate-validator
CVE-2020-13956 medium org.apache.httpcomponents:httpclient
CVE-2020-15250 medium junit:junit
CVE-2020-5397 medium org.springframework:spring-webflux
CVE-2020-5404 medium io.projectreactor.netty:reactor-netty-http
CVE-2020-5408 medium org.springframework.security:spring-security-core
CVE-2020-8244 medium bl 0.8.2
CVE-2021-22060 medium org.springframework:spring-core
CVE-2021-22096 medium org.springframework:spring-core
CVE-2021-27568 medium net.minidev:json-smart
CVE-2021-28170 medium org.glassfish:javax.el 3.0.0
CVE-2021-29425 medium commons-io:commons-io
CVE-2022-22976 medium org.springframework.security:spring-security-core
CVE-2022-31684 medium io.projectreactor.netty:reactor-netty-http
CVE-2023-1932 medium org.hibernate.validator:hibernate-validator
CVE-2023-20862 medium org.springframework.security:spring-security-core
CVE-2023-26136 medium tough-cookie 2.5.0
CVE-2023-28155 medium request 2.88.2
CVE-2023-2976 medium com.google.guava:guava
CVE-2023-34042 medium org.springframework.security:spring-security-config
CVE-2023-51074 medium com.jayway.jsonpath:json-path
CVE-2024-23689 medium com.clickhouse:clickhouse-jdbc 0.3.2-patch11
CVE-2024-29025 medium io.netty:netty-codec-http 4.1.77
CVE-2024-38809 medium org.springframework:spring-web
CVE-2024-38810 medium org.springframework.security:spring-security-core
CVE-2024-38820 medium org.springframework:spring-web
CVE-2024-38827 medium org.springframework.security:spring-security-core
CVE-2024-4067 medium micromatch 4.0.5
CVE-2024-43788 medium webpack 5.90.3
CVE-2025-13465 medium lodash-es 4.17.21
CVE-2025-13465 medium lodash 4.17.21
CVE-2025-15284 medium qs 6.5.3
CVE-2025-15599 medium dompurify 3.1.6
CVE-2025-22223 medium org.springframework.security:spring-security-core
CVE-2025-22227 medium io.projectreactor.netty:reactor-netty-http
CVE-2025-22234 medium org.springframework.security:spring-security-core
CVE-2025-24010 medium vite 4.5.5
CVE-2025-26791 medium dompurify 3.1.6
CVE-2025-27789 medium @babel/helpers 7.25.7
CVE-2025-30208 medium vite 4.5.5
CVE-2025-30359 medium webpack-dev-server 5.0.4
CVE-2025-30360 medium webpack-dev-server 5.0.4
CVE-2025-31125 medium KEV vite 4.5.5
CVE-2025-31486 medium vite 4.5.5
CVE-2025-32395 medium vite 4.5.5
CVE-2025-32996 medium http-proxy-middleware 2.0.6
CVE-2025-32997 medium http-proxy-middleware 2.0.6
CVE-2025-35036 medium org.hibernate.validator:hibernate-validator
CVE-2025-41234 medium org.springframework:spring-web
CVE-2025-46565 medium vite 4.5.5
CVE-2025-48924 medium org.apache.commons:commons-lang3
CVE-2025-4949 medium org.eclipse.jgit:org.eclipse.jgit 6.9.0.202403050737-r
CVE-2025-54881 medium mermaid 10.9.3
CVE-2025-61140 medium jsonpath 1.1.1
CVE-2025-62522 medium vite 4.5.5
CVE-2025-62718 medium axios 1.7.4
CVE-2025-64718 medium js-yaml 4.1.0
CVE-2025-66030 medium node-forge 1.3.1
CVE-2025-66400 medium mdast-util-to-hast 13.2.0
CVE-2025-67735 medium io.netty:netty-codec-http 4.1.77
CVE-2025-69873 medium ajv 8.17.1
CVE-2025-7962 medium com.sun.mail:jakarta.mail 2.0.1
CVE-2026-0540 medium dompurify 3.1.6
CVE-2026-22737 medium org.springframework:spring-webflux
CVE-2026-22745 medium org.springframework:spring-webflux
CVE-2026-22751 medium org.springframework.security:spring-security-core
CVE-2026-2739 medium bn.js 5.2.2
CVE-2026-2950 medium lodash 3.10.1
CVE-2026-2950 medium lodash-es 4.17.21
CVE-2026-33349 medium fast-xml-parser 4.4.1
CVE-2026-33532 medium yaml 2.3.1
CVE-2026-33672 medium picomatch 4.0.2
CVE-2026-33750 medium brace-expansion 1.1.11
CVE-2026-34043 medium serialize-javascript 4.0.0
CVE-2026-39365 medium vite 4.5.5
CVE-2026-40175 medium axios 1.7.4
CVE-2026-41238 medium dompurify 3.1.6
CVE-2026-41239 medium dompurify 3.1.6
CVE-2026-41240 medium dompurify 3.1.6
CVE-2026-41305 medium postcss 8.4.49
CVE-2026-41417 medium io.netty:netty-codec-http 4.1.77
CVE-2026-41650 medium fast-xml-parser 4.4.1
CVE-2026-41907 medium uuid 11.1.0
CVE-2026-42034 medium axios 1.7.4
CVE-2026-42036 medium axios 1.7.4
CVE-2026-42037 medium axios 1.7.4
CVE-2026-42038 medium axios 1.7.4
CVE-2026-42039 medium axios 1.7.4
CVE-2026-42041 medium axios 1.7.4
CVE-2026-42042 medium axios 1.7.4
CVE-2026-42044 medium axios 1.7.4
CVE-2026-42338 medium ip-address 9.0.5
CVE-2026-42580 medium io.netty:netty-codec-http 4.1.77
CVE-2026-42581 medium io.netty:netty-codec-http 4.1.77
CVE-2026-42585 medium io.netty:netty-codec-http 4.1.77
GHSA-39q2-94rc-95cp medium dompurify 3.1.6
GHSA-67mh-4wv8-2f99 medium esbuild 0.18.20
GHSA-cj63-jhhr-wcxv medium dompurify 3.1.6
GHSA-cjmm-f4jc-qw8r medium dompurify 3.1.6
GHSA-h8r8-wccr-v5f2 medium dompurify 3.1.6
GHSA-r4q5-vmmm-2653 medium follow-redirects 1.15.9
GHSA-wrw9-m778-g6mc medium bl 0.8.2
CVE-2020-8908 low com.google.guava:guava
CVE-2025-14505 low elliptic 6.6.1
CVE-2025-15056 low quill 2.0.3
CVE-2025-27496 low net.snowflake:snowflake-jdbc 3.22.0
CVE-2025-48370 low @supabase/auth-js 2.69.1
CVE-2025-58056 low io.netty:netty-codec-http 4.1.77
CVE-2025-58751 low vite 4.5.5
CVE-2025-58752 low vite 4.5.5
CVE-2025-5889 low brace-expansion 1.1.11
CVE-2025-68157 low webpack 5.99.9
CVE-2025-68458 low webpack 5.99.9
CVE-2025-7339 low on-headers 1.0.2
CVE-2026-22735 low org.springframework:spring-webflux
CVE-2026-22740 low org.springframework:spring-webflux
CVE-2026-22741 low org.springframework:spring-webflux
CVE-2026-22746 low org.springframework.security:spring-security-core
CVE-2026-2391 low qs 6.14.0
CVE-2026-24001 low diff 4.0.2
CVE-2026-27942 low fast-xml-parser 4.4.1
CVE-2026-3293 low net.snowflake:snowflake-jdbc 3.22.0
CVE-2026-3449 low @tootallnate/once 2.0.0
CVE-2026-42040 low axios 1.7.4
GHSA-6475-r3vj-m8vf low @smithy/config-resolver 4.0.1
MAL-2025-21003 unknown fs 0.0.1-security

Showing 369 of 369

Beta — feedback welcome: [email protected]