Skip to content

[Snyk] Fix for 197 vulnerabilities #95

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 24, 2024
Merged

[Snyk] Fix for 197 vulnerabilities #95

merged 1 commit into from
Oct 24, 2024

Conversation

snyk-io[bot]
Copy link

@snyk-io snyk-io bot commented Oct 22, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/tweetnacl/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 165/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0037, Social Trends: No, Days since published: 1559, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5		 Prototype Pollution
SNYK-JS-AJV-584908		 Yes No Known Exploit
high severity 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00396, Social Trends: No, Days since published: 1136, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
high severity 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00103, Social Trends: No, Days since published: 1757, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.99, Likelihood: 2.64, Score Version: V5		 Denial of Service (DoS)
SNYK-JS-ECSTATIC-540354		 Yes Proof of Concept
high severity 423/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.03191, Social Trends: No, Days since published: 1462, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.99, Likelihood: 7.06, Score Version: V5		 Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1021884		 Yes Mature
high severity 648/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00229, Social Trends: No, Days since published: 1432, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 6.61, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1041745		 Yes Mature
high severity 397/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00374, Social Trends: No, Days since published: 1420, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.62, Likelihood: 7.06, Score Version: V5		 Improper Validation
SNYK-JS-ELECTRON-1047306		 Yes Mature
high severity 143/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00241, Social Trends: No, Days since published: 1432, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.45, Score Version: V5		 Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1048693		 Yes No Known Exploit
high severity 142/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00118, Social Trends: No, Days since published: 1432, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.45, Score Version: V5		 Improper Access Control
SNYK-JS-ELECTRON-1049321		 Yes No Known Exploit
high severity 142/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00129, Social Trends: No, Days since published: 1432, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.45, Score Version: V5		 Improper Input Validation
SNYK-JS-ELECTRON-1049323		 Yes No Known Exploit
high severity 143/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00161, Social Trends: No, Days since published: 1432, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.45, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1049547		 Yes No Known Exploit
high severity 134/1000
Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00155, Social Trends: No, Days since published: 1409, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 7.03, Likelihood: 1.89, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1050424		 Yes No Known Exploit
medium severity 118/1000
Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0011, Social Trends: No, Days since published: 1405, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 7.03, Likelihood: 1.67, Score Version: V5		 Information Exposure
SNYK-JS-ELECTRON-1050427		 Yes No Known Exploit
high severity 248/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Functional, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.30244, Social Trends: No, Days since published: 1409, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.62, Likelihood: 4.4, Score Version: V5		 Insufficient Validation
SNYK-JS-ELECTRON-1050882		 Yes Mature
critical severity 186/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00159, Social Trends: No, Days since published: 1376, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.89, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1050999		 Yes No Known Exploit
high severity 114/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00119, Social Trends: No, Days since published: 1376, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.99, Likelihood: 1.89, Score Version: V5		 Out-of-bounds Read
SNYK-JS-ELECTRON-1051000		 Yes No Known Exploit
medium severity 111/1000
Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00113, Social Trends: No, Days since published: 1367, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 4.19, Likelihood: 2.64, Score Version: V5		 Improper Input Validation
SNYK-JS-ELECTRON-1064555		 Yes Proof of Concept
high severity 143/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00291, Social Trends: No, Days since published: 1367, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.45, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1064558		 Yes No Known Exploit
high severity 143/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00312, Social Trends: No, Days since published: 1367, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.45, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1064561		 Yes No Known Exploit
medium severity 45/1000
Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00102, Social Trends: No, Days since published: 1361, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 2.35, Likelihood: 1.89, Score Version: V5		 Information Exposure
SNYK-JS-ELECTRON-1065981		 Yes No Known Exploit
critical severity 186/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00155, Social Trends: No, Days since published: 1356, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.89, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1070013		 Yes No Known Exploit
high severity 107/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00311, Social Trends: No, Days since published: 1356, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.62, Likelihood: 1.9, Score Version: V5		 Insufficient Validation
SNYK-JS-ELECTRON-1070014		 Yes No Known Exploit
medium severity 70/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00291, Social Trends: No, Days since published: 1356, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 5.62, Likelihood: 1.23, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1070015		 Yes No Known Exploit
high severity 144/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00767, Social Trends: No, Days since published: 1316, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.47, Score Version: V5		 Heap Buffer Overflow
SNYK-JS-ELECTRON-1085647		 Yes No Known Exploit
high severity 648/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01139, Social Trends: No, Days since published: 1316, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 6.61, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1085705		 Yes Mature
high severity 144/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0091, Social Trends: No, Days since published: 1316, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.47, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1085994		 Yes No Known Exploit
high severity 145/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01287, Social Trends: No, Days since published: 1316, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.48, Score Version: V5		 Out-of-Bounds
SNYK-JS-ELECTRON-1085996		 Yes No Known Exploit
medium severity 46/1000
Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01274, Social Trends: No, Days since published: 1316, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 2.35, Likelihood: 1.92, Score Version: V5		 Information Exposure
SNYK-JS-ELECTRON-1085998		 Yes No Known Exploit
high severity 151/1000
Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01287, Social Trends: No, Days since published: 1306, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 7.84, Likelihood: 1.92, Score Version: V5		 Out-of-Bounds
SNYK-JS-ELECTRON-1086693		 Yes No Known Exploit
medium severity 81/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01226, Social Trends: No, Days since published: 1306, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 4.19, Likelihood: 1.92, Score Version: V5		 Access Restriction Bypass
SNYK-JS-ELECTRON-1086694		 Yes No Known Exploit
high severity 150/1000
Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00523, Social Trends: No, Days since published: 1306, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 7.84, Likelihood: 1.9, Score Version: V5		 Improper Input Validation
SNYK-JS-ELECTRON-1086695		 Yes No Known Exploit
high severity 144/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0091, Social Trends: No, Days since published: 1306, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.47, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1087442		 Yes No Known Exploit
high severity 648/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.03804, Social Trends: No, Days since published: 1306, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 6.61, Score Version: V5		 Out-of-bounds Write
SNYK-JS-ELECTRON-1088600		 Yes Mature
high severity 127/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00578, Social Trends: No, Days since published: 1306, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 8.63, Likelihood: 1.46, Score Version: V5		 Insecure Defaults
SNYK-JS-ELECTRON-1088602		 Yes No Known Exploit
high severity 648/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.03993, Social Trends: No, Days since published: 1273, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 6.61, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1252279		 Yes Mature
high severity 145/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01195, Social Trends: No, Days since published: 1279, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.48, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1252280		 Yes No Known Exploit
high severity 145/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01195, Social Trends: No, Days since published: 1279, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.48, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1253279		 Yes No Known Exploit
high severity 145/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01195, Social Trends: No, Days since published: 1279, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.48, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1253281		 Yes No Known Exploit
critical severity 359/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Functional, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00973, Social Trends: No, Days since published: 1273, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 97, Impact: 9.79, Likelihood: 3.66, Score Version: V5		 Out-of-bounds
SNYK-JS-ELECTRON-1257943		 Yes Mature
high severity 146/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01639, Social Trends: No, Days since published: 1269, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.49, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1258207		 Yes No Known Exploit
high severity 142/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00107, Social Trends: No, Days since published: 1273, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.45, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1259349		 Yes No Known Exploit
high severity 172/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0132, Social Trends: No, Days since published: 1269, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.76, Score Version: V5		 Integer Overflow or Wraparound
SNYK-JS-ELECTRON-1260586		 Yes No Known Exploit
high severity 98/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00452, Social Trends: No, Days since published: 1273, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 6.65, Likelihood: 1.46, Score Version: V5		 Out-of-bounds Read
SNYK-JS-ELECTRON-1261111		 Yes No Known Exploit
high severity 114/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00333, Social Trends: No, Days since published: 1273, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.99, Likelihood: 1.9, Score Version: V5		 Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1277203		 Yes No Known Exploit
high severity 145/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0132, Social Trends: No, Days since published: 1273, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.48, Score Version: V5		 Integer Overflow
SNYK-JS-ELECTRON-1277205		 Yes No Known Exploit
medium severity 72/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01558, Social Trends: No, Days since published: 1269, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 4.19, Likelihood: 1.71, Score Version: V5		 Improper Input Validation
SNYK-JS-ELECTRON-1277526		 Yes No Known Exploit
low severity 40/1000
Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00533, Social Trends: No, Days since published: 1269, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 97, Impact: 2.35, Likelihood: 1.68, Score Version: V5		 Out Of Bounds Read
SNYK-JS-ELECTRON-1278596		 Yes No Known Exploit
high severity 108/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00551, Social Trends: No, Days since published: 1236, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.62, Likelihood: 1.9, Score Version: V5		 Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1296553		 Yes No Known Exploit
high severity 108/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00551, Social Trends: No, Days since published: 1236, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.62, Likelihood: 1.9, Score Version: V5		 Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1296555		 Yes No Known Exploit
high severity 144/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00632, Social Trends: No, Days since published: 1236, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.46, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1296557		 Yes No Known Exploit
high severity 217/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00632, Social Trends: No, Days since published: 1236, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 2.21, Score Version: V5		 Type Confusion
SNYK-JS-ELECTRON-1296559		 Yes Proof of Concept
high severity 144/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00632, Social Trends: No, Days since published: 1236, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.46, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1296561		 Yes No Known Exploit
high severity 108/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00632, Social Trends: No, Days since published: 1236, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.62, Likelihood: 1.91, Score Version: V5		 Race Condition
SNYK-JS-ELECTRON-1296563		 Yes No Known Exploit
high severity 107/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00312, Social Trends: No, Days since published: 1236, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.62, Likelihood: 1.9, Score Version: V5		 Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1296565		 Yes No Known Exploit
high severity 144/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00808, Social Trends: No, Days since published: 1209, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.47, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1312313		 Yes No Known Exploit
high severity 648/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.28508, Social Trends: No, Days since published: 1209, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 6.61, Score Version: V5		 Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-ELECTRON-1312314		 Yes Mature
high severity 144/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00808, Social Trends: No, Days since published: 1209, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.47, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1312315		 Yes No Known Exploit
high severity 648/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01817, Social Trends: No, Days since published: 1211, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 6.61, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1313765		 Yes Mature
medium severity 83/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00808, Social Trends: No, Days since published: 1211, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 5.62, Likelihood: 1.47, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1313767		 Yes No Known Exploit
high severity 144/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00632, Social Trends: No, Days since published: 1203, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.46, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1314896		 Yes No Known Exploit
high severity 147/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.02176, Social Trends: No, Days since published: 1203, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.5, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1315151		 Yes No Known Exploit
critical severity 188/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00829, Social Trends: No, Days since published: 1209, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.91, Score Version: V5		 Out-of-bounds Write
SNYK-JS-ELECTRON-1315668		 Yes No Known Exploit
high severity 144/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00701, Social Trends: No, Days since published: 1175, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.46, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1533614		 Yes No Known Exploit
high severity 144/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00945, Social Trends: No, Days since published: 1175, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.47, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1534881		 Yes No Known Exploit
high severity 152/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.03895, Social Trends: No, Days since published: 1175, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.54, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1534882		 Yes No Known Exploit
high severity 648/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00374, Social Trends: No, Days since published: 1175, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 6.61, Score Version: V5		 Type Confusion
SNYK-JS-ELECTRON-1534883		 Yes Mature
medium severity 80/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00526, Social Trends: No, Days since published: 1175, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 4.19, Likelihood: 1.9, Score Version: V5		 Heap-based Buffer Overflow
SNYK-JS-ELECTRON-1534884		 Yes No Known Exploit
medium severity 83/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00914, Social Trends: No, Days since published: 1175, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 5.62, Likelihood: 1.47, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1536579		 Yes No Known Exploit
high severity 217/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00762, Social Trends: No, Days since published: 1175, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 2.22, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1536581		 Yes Proof of Concept
high severity 144/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00762, Social Trends: No, Days since published: 1175, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.47, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1536587		 Yes No Known Exploit
medium severity 167/1000
Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.61062, Social Trends: No, Days since published: 1120, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 2.35, Likelihood: 7.06, Score Version: V5		 Out-of-Bounds
SNYK-JS-ELECTRON-1585619		 Yes Mature
high severity 143/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00469, Social Trends: No, Days since published: 1120, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.46, Score Version: V5		 Type Confusion
SNYK-JS-ELECTRON-1586050		 Yes No Known Exploit
high severity 107/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00411, Social Trends: No, Days since published: 1120, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.62, Likelihood: 1.9, Score Version: V5		 Buffer Overflow
SNYK-JS-ELECTRON-1656742		 Yes No Known Exploit
high severity 648/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00721, Social Trends: No, Days since published: 1120, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 6.61, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1656743		 Yes Mature
high severity 107/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00469, Social Trends: No, Days since published: 1120, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.62, Likelihood: 1.9, Score Version: V5		 Out-of-Bounds
SNYK-JS-ELECTRON-1656745		 Yes No Known Exploit
high severity 143/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00285, Social Trends: No, Days since published: 1120, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.45, Score Version: V5		 Access Restriction Bypass
SNYK-JS-ELECTRON-1656746		 Yes No Known Exploit
medium severity 167/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01619, Social Trends: No, Days since published: 1117, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 2.35, Likelihood: 7.06, Score Version: V5		 Improper Input Validation
SNYK-JS-ELECTRON-1727344		 Yes Mature
medium severity 137/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00265, Social Trends: No, Days since published: 1084, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 5.62, Likelihood: 2.43, Score Version: V5		 Sandbox Bypass
SNYK-JS-ELECTRON-1731315		 Yes Proof of Concept
high severity 648/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.97233, Social Trends: No, Days since published: 2032, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 6.61, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-174045		 Yes Mature
high severity 648/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.12528, Social Trends: No, Days since published: 1082, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 6.61, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1910985		 Yes Mature
high severity 143/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00427, Social Trends: No, Days since published: 1082, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.46, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1910987		 Yes No Known Exploit
medium severity 35/1000
Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00835, Social Trends: No, Days since published: 1082, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 2.35, Likelihood: 1.47, Score Version: V5		 Exposure of Resource to Wrong Sphere
SNYK-JS-ELECTRON-1910988		 Yes No Known Exploit
medium severity 35/1000
Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00416, Social Trends: No, Days since published: 1082, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 2.35, Likelihood: 1.46, Score Version: V5		 Improper Access Control
SNYK-JS-ELECTRON-1910991		 Yes No Known Exploit
critical severity 261/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00667, Social Trends: No, Days since published: 1060, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 97, Impact: 9.79, Likelihood: 2.66, Score Version: V5		 Type Confusion
SNYK-JS-ELECTRON-1911949		 Yes Proof of Concept
high severity 144/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00761, Social Trends: No, Days since published: 1060, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 1.47, Score Version: V5		 Use After Free
SNYK-JS-ELECTRON-1912074		 Yes No Known Exploit
high severity 143/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00348, Social Trends: No, Days since published: 1060, Reachable: No, Transitive dependency: Yes, Is Malicio...

@snyk-io
fix: workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_module…
dceee46 
…s/tweetnacl/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-ECSTATIC-540354
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1021884
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1041745
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1047306
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1048693
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1049321
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1049323
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1049547
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1050424
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1050427
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1050882
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1050999
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1051000
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1064555
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1064558
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1064561
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1065981
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1070013
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1070014
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1070015
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1085647
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1085705
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1085994
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1085996
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1085998
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1086693
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1086694
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1086695
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1087442
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1088600
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1088602
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1252279
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1252280
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1253279
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1253281
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1257943
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1258207
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1259349
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1260586
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1261111
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1277203
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1277205
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1277526
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1278596
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296553
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296555
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296557
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296559
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296561
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296563
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296565
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1312313
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1312314
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1312315
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1313765
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1313767
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1314896
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1315151
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1315668
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1533614
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1534881
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1534882
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1534883
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1534884
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1536579
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1536581
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1536587
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1585619
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1586050
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1656742
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1656743
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1656745
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1656746
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1727344
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1731315
- https://snyk.io/vuln/SNYK-JS-ELECTRON-174045
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1910985
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1910987
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1910988
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1910991
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1911949
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1912074
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1912075
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1912082
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1912084
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1912085
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1924893
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1924894
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1924895
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1930826
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2322001
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2329155
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2329162
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2329257
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2330890
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2332173
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2332176
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2338684
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2339883
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2351961
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2404183
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2404184
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2414027
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2420972
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2420994
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2422385
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2431353
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2434822
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2434824
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2774694
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2803052
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2803053
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2805803
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2805927
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2806357
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2806730
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2807802
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2807803
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2807804
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2808872
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2808873
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2808874
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2812497
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2812499
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2824110
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2838863
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2869408
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2869410
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2870632
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2932172
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2934721
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2946881
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2946891
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2961655
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2977510
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2977512
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2978483
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2978519
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2992453
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2992478
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2992482
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2994414
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3014402
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3014405
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3014407
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3014409
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3014411
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3028028
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3091122
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3097694
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3097832
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3107036
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3111876
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3111878
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3111879
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3111880
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3111881
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3160317
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3237489
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3252475
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3370271
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3370529
- https://snyk.io/vuln/SNYK-JS-ELECTRON-483050
- https://snyk.io/vuln/SNYK-JS-ELECTRON-483056
- https://snyk.io/vuln/SNYK-JS-ELECTRON-564272
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565051
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565052
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565362
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565366
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565368
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565441
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565488
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565490
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565494
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565571
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565705
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565709
- https://snyk.io/vuln/SNYK-JS-ELECTRON-565713
- https://snyk.io/vuln/SNYK-JS-ELECTRON-570624
- https://snyk.io/vuln/SNYK-JS-ELECTRON-570833
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5734243
- https://snyk.io/vuln/SNYK-JS-ELECTRON-575393
- https://snyk.io/vuln/SNYK-JS-ELECTRON-575394
- https://snyk.io/vuln/SNYK-JS-ELECTRON-575395
- https://snyk.io/vuln/SNYK-JS-ELECTRON-575396
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5880432
- https://snyk.io/vuln/SNYK-JS-ELECTRON-5885098
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-SHELLJS-2332187
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
- https://snyk.io/vuln/npm:eslint:20180222
@sourcery-ai Sourcery AI
Copy link

sourcery-ai bot commented Oct 22, 2024
edited
Loading

🧙 Sourcery has finished reviewing your pull request!

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time. You can also use
    this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Oct 22, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot (hey, snyk-io[bot]!). We assume it knows what it's doing!
  • It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
  • We don't review packaging changes - Let us know if you'd like us to change this.

@snyk-io snyk-io bot mentioned this pull request Oct 23, 2024
Open
@Graysonbarton Graysonbarton merged commit 688fe12 into latest Oct 24, 2024
7 of 10 checks passed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Graysonbarton