Scribd
Upload
55 views6 pages

Output

Uploaded by

ajiart01
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
55 views6 pages

Output

Uploaded by

ajiart01
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 6

# npm audit report

axios 0.8.1 - 0.27.2


Severity: moderate
Axios Cross-Site Request Forgery Vulnerability -
https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
No fix available
node_modules/api-dylux/node_modules/axios
node_modules/axios
node_modules/openai/node_modules/axios
node_modules/wa-sticker-formatter/node_modules/axios
node_modules/wibusoft/node_modules/axios
api-dylux *
Depends on vulnerable versions of axios
Depends on vulnerable versions of publish
Depends on vulnerable versions of request
node_modules/api-dylux
openai 2.0.0 - 3.3.0
Depends on vulnerable versions of axios
node_modules/openai
wa-sticker-formatter >=2.0.0
Depends on vulnerable versions of axios
Depends on vulnerable versions of sharp
node_modules/wa-sticker-formatter
wibusoft *
Depends on vulnerable versions of axios
node_modules/wibusoft

bl <1.2.3
Severity: moderate
Remote Memory Exposure in bl - https://github.com/advisories/GHSA-pp7h-53gx-mx7r
No fix available
node_modules/npm/node_modules/request/node_modules/bl
request *
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of tunnel-agent
node_modules/npm/node_modules/request
node_modules/request
node-gtts *
Depends on vulnerable versions of request
node_modules/node-gtts
node-gyp <=7.1.2
Depends on vulnerable versions of request
Depends on vulnerable versions of semver
Depends on vulnerable versions of tar
node_modules/npm/node_modules/node-gyp
npm <=7.1.0 || 7.21.0 - 8.5.4 || 8.19.0 - 8.19.2 || 9.0.0-pre.0 - 9.0.0-
pre.6
Depends on vulnerable versions of chownr
Depends on vulnerable versions of fstream
Depends on vulnerable versions of hosted-git-info
Depends on vulnerable versions of ini
Depends on vulnerable versions of minimatch
Depends on vulnerable versions of mkdirp
Depends on vulnerable versions of node-gyp
Depends on vulnerable versions of npm-registry-client
Depends on vulnerable versions of npm-user-validate
Depends on vulnerable versions of request
Depends on vulnerable versions of semver
Depends on vulnerable versions of tar
node_modules/npm
npm-registry-client *
Depends on vulnerable versions of request
node_modules/npm/node_modules/npm-registry-client
remove.bg *
Depends on vulnerable versions of request
Depends on vulnerable versions of unirest
node_modules/remove.bg
unirest *
Depends on vulnerable versions of request
node_modules/unirest

brace-expansion <1.1.7
Severity: high
ReDoS in brace-expansion - https://github.com/advisories/GHSA-832h-xg76-4gv6
fix available via `npm audit fix`
node_modules/npm/node_modules/minimatch/node_modules/brace-expansion

chownr <1.1.0
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr -
https://github.com/advisories/GHSA-c6rq-rjc2-86v2
fix available via `npm audit fix`
node_modules/npm/node_modules/chownr

extend 3.0.0 - 3.0.1


Severity: moderate
Prototype Pollution in extend - https://github.com/advisories/GHSA-qrmc-fj45-qfc2
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/extend

fstream <1.0.12
Severity: high
Arbitrary File Overwrite in fstream - https://github.com/advisories/GHSA-xf7w-r453-
m56c
fix available via `npm audit fix`
node_modules/npm/node_modules/fstream

got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-
2q88-qq97
fix available via `npm audit fix --force`
Will install @vitalets/google-translate-api@9.2.0, which is a breaking change
node_modules/@vitalets/google-translate-api/node_modules/got
@vitalets/google-translate-api <=8.0.0
Depends on vulnerable versions of got
node_modules/@vitalets/google-translate-api

hawk <=9.0.0
Severity: high
Uncontrolled Resource Consumption in Hawk - https://github.com/advisories/GHSA-
44pw-h2cw-w3vq
Depends on vulnerable versions of boom
Depends on vulnerable versions of cryptiles
Depends on vulnerable versions of hoek
Depends on vulnerable versions of sntp
No fix available
node_modules/npm/node_modules/request/node_modules/hawk

hoek *
Severity: high
Prototype Pollution in hoek - https://github.com/advisories/GHSA-jp4x-w63m-7wgm
hoek subject to prototype pollution via the clone function. -
https://github.com/advisories/GHSA-c429-5p7v-vgjp
No fix available
node_modules/npm/node_modules/request/node_modules/hawk/node_modules/hoek
boom <=3.1.2
Depends on vulnerable versions of hoek
node_modules/npm/node_modules/request/node_modules/hawk/node_modules/boom
cryptiles <=2.0.5
Depends on vulnerable versions of boom
node_modules/npm/node_modules/request/node_modules/hawk/node_modules/cryptiles
sntp 0.0.0 || 0.1.1 - 2.0.0
Depends on vulnerable versions of hoek
node_modules/npm/node_modules/request/node_modules/hawk/node_modules/sntp

hosted-git-info <2.8.9
Severity: moderate
Regular Expression Denial of Service in hosted-git-info -
https://github.com/advisories/GHSA-43f8-2h32-f4cj
fix available via `npm audit fix`
node_modules/npm/node_modules/hosted-git-info

ini <1.3.6
Severity: high
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse -
https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/npm/node_modules/ini

is-my-json-valid 2.0.0 - 2.20.5


Severity: high
Regular expression deinal of service (ReDoS) in is-my-json-valid -
https://github.com/advisories/GHSA-4hpf-3wq7-5rpr
Regular Expression Denial of Service in is-my-json-valid -
https://github.com/advisories/GHSA-f522-ffg8-j8r6
Depends on vulnerable versions of jsonpointer
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/har-validator/node_modules/is-
my-json-valid

json-schema <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution -
https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/http-signature/node_modules/
jsprim/node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/npm/node_modules/request/node_modules/http-signature/node_modules/
jsprim

jsonpointer <5.0.0
Severity: moderate
Prototype Pollution in node-jsonpointer - https://github.com/advisories/GHSA-282f-
qqgm-c34q
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/har-validator/node_modules/is-
my-json-valid/node_modules/jsonpointer

minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/npm/node_modules/minimatch

minimist <=0.2.3
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/npm/node_modules/mkdirp/node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/npm/node_modules/mkdirp

npm-user-validate <=1.0.0
Severity: high
Regular Expression Denial of Service in npm-user-validate -
https://github.com/advisories/GHSA-xgh6-85xh-479p
Regular expression denial of service in npm-user-validate -
https://github.com/advisories/GHSA-pw54-mh39-w3hc
fix available via `npm audit fix`
node_modules/npm/node_modules/npm-user-validate

phin <3.7.1
Severity: moderate
phin may include sensitive headers in subsequent requests after redirect -
https://github.com/advisories/GHSA-x565-32qp-m3vf
fix available via `npm audit fix --force`
Will install terminal-image@1.0.0, which is a breaking change
node_modules/phin
@jimp/core <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
Depends on vulnerable versions of phin
node_modules/@jimp/core
node_modules/render-gif/node_modules/@jimp/core
@jimp/custom <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
Depends on vulnerable versions of @jimp/core
node_modules/@jimp/custom
node_modules/render-gif/node_modules/@jimp/custom
jimp >=0.3.6-alpha.5
Depends on vulnerable versions of @jimp/custom
Depends on vulnerable versions of @jimp/plugins
node_modules/jimp
node_modules/render-gif/node_modules/jimp
@whiskeysockets/baileys *
Depends on vulnerable versions of jimp
node_modules/@adiwajshing/baileys
render-gif *
Depends on vulnerable versions of jimp
node_modules/render-gif
terminal-image >=1.0.1
Depends on vulnerable versions of jimp
Depends on vulnerable versions of render-gif
node_modules/terminal-image
load-bmfont >=1.4.0
Depends on vulnerable versions of phin
node_modules/load-bmfont
@jimp/plugin-print >=0.4.0
Depends on vulnerable versions of load-bmfont
node_modules/@jimp/plugin-print
node_modules/render-gif/node_modules/@jimp/plugin-print
@jimp/plugins >=0.4.0
Depends on vulnerable versions of @jimp/plugin-print
node_modules/@jimp/plugins
node_modules/render-gif/node_modules/@jimp/plugins

qs <=6.2.3
Severity: high
Prototype Pollution Protection Bypass in qs - https://github.com/advisories/GHSA-
gqgv-6jq5-jjj9
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-
h998-j3pp
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/qs

semver <5.7.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service -
https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
No fix available
node_modules/npm/node_modules/node-gyp/node_modules/semver
node_modules/npm/node_modules/semver
node_modules/publish/node_modules/semver
publish *
Depends on vulnerable versions of npm
Depends on vulnerable versions of semver
node_modules/publish

sharp <0.32.6
Severity: high
sharp vulnerability in libwebp dependency CVE-2023-4863 -
https://github.com/advisories/GHSA-54xq-cgqr-rpm3
fix available via `npm audit fix --force`
Will install wa-sticker-formatter@1.6.0, which is a breaking change
node_modules/wa-sticker-formatter/node_modules/sharp

sshpk <1.13.2
Severity: high
Regular Expression Denial of Service in sshpk - https://github.com/advisories/GHSA-
2m39-62fm-q8r3
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/http-signature/node_modules/
sshpk

stringstream <0.0.6
Severity: moderate
Out-of-bounds Read in stringstream - https://github.com/advisories/GHSA-mf6x-7mm4-
x2g7
fix available via `npm audit fix`
node_modules/npm/node_modules/request/node_modules/stringstream

tar <=6.2.0
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization -
https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite on Windows via insufficient relative path
sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Overwrite in tar - https://github.com/advisories/GHSA-j44m-qm6p-hp7m
Denial of service while parsing a tar file due to lack of folders count validation
- https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix`
node_modules/npm/node_modules/tar

tough-cookie <=4.1.2
Severity: high
Regular Expression Denial of Service in tough-cookie -
https://github.com/advisories/GHSA-g7q5-pjjr-gqvp
tough-cookie Prototype Pollution vulnerability -
https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/npm/node_modules/request/node_modules/tough-cookie
node_modules/request/node_modules/tough-cookie

tunnel-agent <0.6.0
Severity: moderate
Memory Exposure in tunnel-agent - https://github.com/advisories/GHSA-xc7v-wxcw-j472
No fix available
node_modules/npm/node_modules/request/node_modules/tunnel-agent

validator <13.7.0
Severity: moderate
Inefficient Regular Expression Complexity in validator.js -
https://github.com/advisories/GHSA-qgmg-gppg-76g5
No fix available
node_modules/validator
url-validator *
Depends on vulnerable versions of validator
node_modules/url-validator

55 vulnerabilities (1 low, 31 moderate, 20 high, 3 critical)

To address issues that do not require attention, run:


npm audit fix

To address all issues possible (including breaking changes), run:


npm audit fix --force

Some issues need review, and may require choosing


a different dependency.

You might also like