Skip to content

[Snyk] Security upgrade @angular/common from 4.4.7 to 19.2.16 #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
saurabharch wants to merge 1 commit into
base: dev
Choose a base branch
from

fix: src/Web/WebSPA/package.json & src/Web/WebSPA/package-lock.json t…

adcd929
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade @angular/common from 4.4.7 to 19.2.16 #55

fix: src/Web/WebSPA/package.json & src/Web/WebSPA/package-lock.json t…
adcd929
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Nov 28, 2025 in 24m 31s

Security Report

You have successfully remediated 217 vulnerabilities, but introduced 163 new vulnerabilities in this branch.

❌ New vulnerabilities:

Partial results (33 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.


Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-2025-55315

Path to dependency file: /src/Services/Identity/Identity.API/Identity.API.csproj

Path to vulnerable library: /opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.server.kestrel.core/2.2.0/microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg

Dependency Hierarchy:

-> microsoft.aspnetcore.2.2.0.nupkg (Root Library)

   -> microsoft.aspnetcore.server.kestrel.2.2.0.nupkg

     -> ❌ microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg (Vulnerable Library)

Critical 9.9 Transitive microsoft.aspnetcore.server.kestrel.core.2.2.0.nupkg microsoft.aspnetcore.2.2.0.nupkg Transitive 2.3.6 None
CVE-2019-1302

Path to dependency file: /src/Web/WebSPA/WebSPA.csproj

Path to vulnerable library: /opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.netcore.app/2.2.0/microsoft.netcore.app.2.2.0.nupkg

Dependency Hierarchy:

-> ❌ microsoft.netcore.app.2.2.0.nupkg (Vulnerable Library)

High 8.8 Direct microsoft.netcore.app.2.2.0.nupkg microsoft.netcore.app.2.2.0.nupkg 2.2.0-preview1-35029 None
CVE-2019-1302

Path to dependency file: /src/Services/AI.SalesForecasting/AI.SalesForecasting.MLNet.API/AI.SalesForecasting.MLNet.API.csproj

Path to vulnerable library: /opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/microsoft.aspnetcore.spaservices/2.2.0/microsoft.aspnetcore.spaservices.2.2.0.nupkg

Dependency Hierarchy:

-> microsoft.aspnetcore.spaservices.extensions.2.2.0.nupkg (Root Library)

   -> ❌ microsoft.aspnetcore.spaservices.2.2.0.nupkg (Vulnerable Library)

High 8.8 Transitive microsoft.aspnetcore.spaservices.2.2.0.nupkg microsoft.aspnetcore.spaservices.extensions.2.2.0.nupkg Transitive 2.2.0-preview1-35029 None
CVE-2024-0056

Path to dependency file: /src/Web/WebMonolithic/eShopWeb/eShopWeb.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.data.sqlclient/4.3.0/system.data.sqlclient.4.3.0.nupkg

Dependency Hierarchy:

-> microsoft.entityframeworkcore.sqlserver.1.1.0.nupkg (Root Library)

   -> ❌ system.data.sqlclient.4.3.0.nupkg (Vulnerable Library)

High 8.7 Transitive system.data.sqlclient.4.3.0.nupkg microsoft.entityframeworkcore.sqlserver.1.1.0.nupkg Transitive 4.8.6 None
CVE-2021-26701

Dependency Hierarchy:

-> ❌ System.Text.Encodings.Web-4.6.25519.03.dll (Vulnerable Library)

High 8.1 Direct System.Text.Encodings.Web-4.6.25519.03.dll System.Text.Encodings.Web-4.6.25519.03.dll System.Text.Encodings.Web - 4.5.1,4.7.2,5.0.1 None
CVE-2021-26701

Path to dependency file: /src/Bots/Bot.Core.API/Bot.Core.API.csproj

Path to vulnerable library: /opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg,/opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg

Dependency Hierarchy:

-> microsoft.aspnetcore.session.2.2.0.nupkg (Root Library)

   -> microsoft.aspnetcore.dataprotection.2.2.0.nupkg

     -> microsoft.aspnetcore.hosting.abstractions.2.2.0.nupkg

       -> microsoft.aspnetcore.http.abstractions.2.2.0.nupkg

         -> ❌ system.text.encodings.web.4.5.0.nupkg (Vulnerable Library)

High 8.1 Transitive system.text.encodings.web.4.5.0.nupkg microsoft.aspnetcore.session.2.2.0.nupkg Transitive System.Text.Encodings.Web - 4.5.1,4.7.2,5.0.1 None
CVE-2021-26701

Path to dependency file: /src/Web/WebMonolithic/eShopWeb/eShopWeb.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.text.encodings.web/4.3.0/system.text.encodings.web.4.3.0.nupkg

Dependency Hierarchy:

-> microsoft.entityframeworkcore.design.1.1.0.nupkg (Root Library)

   -> microsoft.aspnetcore.hosting.abstractions.1.1.0.nupkg

     -> microsoft.aspnetcore.http.abstractions.1.1.0.nupkg

       -> ❌ system.text.encodings.web.4.3.0.nupkg (Vulnerable Library)

High 8.1 Transitive system.text.encodings.web.4.3.0.nupkg microsoft.entityframeworkcore.design.1.1.0.nupkg Transitive System.Text.Encodings.Web - 4.5.1,4.7.2,5.0.1 None
CVE-2021-26701

Dependency Hierarchy:

-> ❌ System.Text.Encodings.Web-4.6.25519.03.dll (Vulnerable Library)

High 8.1 Direct System.Text.Encodings.Web-4.6.25519.03.dll System.Text.Encodings.Web-4.6.25519.03.dll System.Text.Encodings.Web - 4.5.1,4.7.2,5.0.1 None
WS-2018-0608

Path to dependency file: /src/ApiGateways/ApiGw-Base/OcelotApiGw.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.kestrel.transport.libuv/2.0.0/microsoft.aspnetcore.server.kestrel.transport.libuv.2.0.0.nupkg

Dependency Hierarchy:

-> ❌ microsoft.aspnetcore.server.kestrel.transport.libuv.2.0.0.nupkg (Vulnerable Library)

High 7.5 Direct microsoft.aspnetcore.server.kestrel.transport.libuv.2.0.0.nupkg microsoft.aspnetcore.server.kestrel.transport.libuv.2.0.0.nupkg 2.0.0-preview1-final None
WS-2018-0011

Path to dependency file: /src/Web/WebMonolithic/eShopWeb/eShopWeb.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.mvc.core/1.1.0/microsoft.aspnetcore.mvc.core.1.1.0.nupkg

Dependency Hierarchy:

-> microsoft.aspnetcore.mvc.1.1.0.nupkg (Root Library)

   -> microsoft.aspnetcore.mvc.viewfeatures.1.1.0.nupkg

     -> ❌ microsoft.aspnetcore.mvc.core.1.1.0.nupkg (Vulnerable Library)

High 7.5 Transitive microsoft.aspnetcore.mvc.core.1.1.0.nupkg microsoft.aspnetcore.mvc.1.1.0.nupkg Transitive 1.1.0-preview1-final None
CVE-2024-48924

Path to dependency file: /src/Services/Ordering/Ordering.SignalrHub/Ordering.SignalrHub.csproj

Path to vulnerable library: /opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/messagepack/1.7.3.4/messagepack.1.7.3.4.nupkg

Dependency Hierarchy:

-> microsoft.aspnetcore.signalr.redis.1.1.0.nupkg (Root Library)

   -> ❌ messagepack.1.7.3.4.nupkg (Vulnerable Library)

High 7.5 Transitive messagepack.1.7.3.4.nupkg microsoft.aspnetcore.signalr.redis.1.1.0.nupkg Transitive 2.5.187 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-10.0.3.21018.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.4.17603.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.4.17603.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.4.17603.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-10.0.3.21018.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-10.0.3.21018.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.4.17603.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.4.17603.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-10.0.3.21018.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to dependency file: /test/Services/UnitTest/UnitTest.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/buildbundlerminifier/2.6.375/buildbundlerminifier.2.6.375.nupkg,/home/wss-scanner/.nuget/packages/buildbundlerminifier/2.6.375/buildbundlerminifier.2.6.375.nupkg,/home/wss-scanner/.nuget/packages/buildbundlerminifier/2.6.375/buildbundlerminifier.2.6.375.nupkg,/home/wss-scanner/.nuget/packages/buildbundlerminifier/2.6.375/buildbundlerminifier.2.6.375.nupkg

Dependency Hierarchy:

-> ❌ buildbundlerminifier.2.6.375.nupkg (Vulnerable Library)

High 7.5 Direct buildbundlerminifier.2.6.375.nupkg buildbundlerminifier.2.6.375.nupkg Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.4.17603.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-10.0.3.21018.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-10.0.3.21018.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-10.0.3.21018.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json-10.0.3.21018.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json-11.0.2.21924.dll Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.4.17603.dll (Vulnerable Library)

High 7.5 Direct Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json-6.0.4.17603.dll Newtonsoft.Json - 13.0.1 None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
WS-2019-0064 handlebars-4.0.5.tgz
CVE-2023-45311 fsevents-1.2.4.tgz
CVE-2019-10744 lodash-4.17.11.tgz
CVE-2021-23362 hosted-git-info-2.6.0.tgz
CVE-2021-23386 dns-packet-1.3.1.tgz
CVE-2018-11694 node-sass-4.9.0.tgz
CVE-2021-3803 nth-check-1.0.1.tgz
CVE-2024-43796 express-4.16.3.tgz
CVE-2018-11694 opennms-opennms-source-23.0.0-1
CVE-2020-15366 ajv-4.11.8.tgz
CVE-2019-8331 bootstrap.3.0.0.nupkg
WS-2021-0153 ejs-2.6.1.tgz
CVE-2022-0512 url-parse-1.4.0.tgz
CVE-2019-10744 lodash-1.0.2.tgz
CVE-2020-7693 sockjs-0.3.19.tgz
CVE-2018-21270 stringstream-0.0.5.tgz
WS-2018-0347 eslint-2.13.1.tgz
CVE-2018-11693 opennms-opennms-source-23.0.0-1
CVE-2018-20821 opennms-opennms-source-23.0.0-1
CVE-2018-19826 opennms-opennms-source-23.0.0-1
WS-2019-0427 elliptic-6.4.0.tgz
CVE-2022-37601 loader-utils-1.1.0.tgz
CVE-2022-29078 ejs-2.6.1.tgz
CVE-2018-11696 node-sass-4.9.0.tgz
CVE-2023-28155 request-2.79.0.tgz
CVE-2019-6284 node-sass-4.9.0.tgz
CVE-2022-3517 minimatch-2.0.10.tgz
CVE-2018-20822 opennms-opennms-source-23.0.0-1
CVE-2019-10746 mixin-deep-1.3.1.tgz
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2024-21536 http-proxy-middleware-0.17.4.tgz
CVE-2020-28498 elliptic-6.4.0.tgz
CVE-2020-7774 y18n-4.0.0.tgz
CVE-2022-0155 follow-redirects-1.4.1.tgz
WS-2019-0424 elliptic-6.4.0.tgz
CVE-2021-23424 ansi-html-0.0.7.tgz
CVE-2022-0536 follow-redirects-1.4.1.tgz
CVE-2022-33987 got-6.7.1.tgz
CVE-2021-23337 lodash-4.17.11.tgz
CVE-2021-33623 trim-newlines-1.0.0.tgz
CVE-2024-11831 serialize-javascript-1.5.0.tgz
CVE-2021-23337 lodash-1.0.2.tgz
CVE-2020-7660 serialize-javascript-1.5.0.tgz
CVE-2025-7339 on-headers-1.0.1.tgz
WS-2019-0169 marked-0.3.19.tgz
CVE-2022-3517 minimatch-0.2.14.tgz
CVE-2018-20822 node-sass-4.9.0.tgz
CVE-2020-28469 glob-parent-2.0.0.tgz
CVE-2020-24025 node-sass-4.9.0.tgz
CVE-2024-45590 body-parser-1.18.2.tgz
CVE-2018-11697 CSS::Sass-v3.3.0
CVE-2024-47764 cookie-0.3.1.tgz
CVE-2020-8124 url-parse-1.4.0.tgz
CVE-2020-8203 lodash-4.17.11.tgz
WS-2020-0342 is-my-json-valid-2.17.2.tgz
CVE-2024-33883 ejs-2.6.1.tgz
CVE-2022-26592 opennms-opennms-source-23.0.0-1
CVE-2019-18797 opennms-opennms-source-23.0.0-1
CVE-2025-7783 form-data-2.1.4.tgz
CVE-2024-43799 send-0.16.2.tgz
CVE-2020-28500 lodash-4.17.11.tgz
CVE-2024-28863 tar-4.4.1.tgz
CVE-2021-23369 handlebars-4.0.5.tgz
CVE-2025-32997 http-proxy-middleware-0.17.4.tgz
CVE-2019-20920 handlebars-4.0.5.tgz
CVE-2020-7598 minimist-1.1.3.tgz
CVE-2022-0122 node-forge-0.7.5.tgz
CVE-2022-0639 url-parse-1.4.0.tgz
WS-2020-0163 marked-0.3.19.tgz
CVE-2022-38900 decode-uri-component-0.2.0.tgz
CVE-2023-28155 request-2.81.0.tgz
CVE-2018-11499 node-sass-4.9.0.tgz
CVE-2020-8116 dot-prop-4.2.0.tgz
CVE-2023-26136 tough-cookie-2.3.4.tgz
CVE-2021-43138 async-2.6.0.tgz
CVE-2019-19919 handlebars-4.0.5.tgz
CVE-2021-32803 tar-4.4.1.tgz
CVE-2018-19797 opennms-opennms-source-23.0.0-1
CVE-2018-3774 url-parse-1.4.0.tgz
CVE-2022-0686 url-parse-1.4.0.tgz
CVE-2022-21681 marked-0.3.19.tgz
CVE-2021-23440 set-value-2.0.0.tgz
CVE-2020-7774 y18n-3.2.1.tgz
CVE-2018-14732 webpack-dev-server-2.11.2.tgz
WS-2019-0605 opennms-opennms-source-23.0.0-1
CVE-2024-43800 serve-static-1.13.2.tgz
CVE-2024-21538 cross-spawn-3.0.1.tgz
CVE-2018-19837 node-sass-4.9.0.tgz
CVE-2020-28500 lodash-1.0.2.tgz
CVE-2018-19827 opennms-opennms-source-23.0.0-1
WS-2022-0008 node-forge-0.7.5.tgz
CVE-2025-59437 ip-1.1.5.tgz
CVE-2024-43788 webpack-3.11.0.tgz
WS-2020-0344 is-my-json-valid-2.17.2.tgz
CVE-2018-1109 braces-1.8.5.tgz
WS-2018-0103 stringstream-0.0.5.tgz
CVE-2019-20922 handlebars-4.0.5.tgz
CVE-2019-20149 kind-of-6.0.2.tgz
CVE-2022-0144 shelljs-0.7.8.tgz
CVE-2021-37701 tar-2.2.1.tgz
CVE-2025-9288 sha.js-2.4.11.tgz
CVE-2022-24999 qs-6.4.0.tgz
CVE-2024-27088 es5-ext-0.10.42.tgz
CVE-2018-19838 node-sass-4.9.0.tgz
CVE-2022-37603 loader-utils-1.1.0.tgz
CVE-2019-10744 lodash.template-3.6.2.tgz
CVE-2018-19839 node-sass-4.9.0.tgz
MSC-2023-16600 fsevents-1.2.4.tgz
CVE-2020-7662 websocket-extensions-0.1.3.tgz
CVE-2024-29415 ip-1.1.5.tgz
CVE-2018-11499 opennms-opennms-source-23.0.0-1
CVE-2021-37712 tar-4.4.1.tgz
CVE-2020-36604 hoek-2.16.3.tgz
CVE-2020-7608 yargs-parser-7.0.0.tgz
CVE-2018-20834 tar-4.4.1.tgz
CVE-2025-59436 ip-1.1.5.tgz
CVE-2021-23383 handlebars-4.0.5.tgz
CVE-2022-0691 url-parse-1.4.0.tgz
CVE-2022-21222 css-what-2.1.0.tgz
CVE-2024-4068 braces-1.8.5.tgz
CVE-2025-6545 pbkdf2-3.0.16.tgz
CVE-2021-32804 tar-4.4.1.tgz
CVE-2025-6547 pbkdf2-3.0.16.tgz
CVE-2019-6283 node-sass-4.9.0.tgz
CVE-2020-7788 ini-1.3.5.tgz
CVE-2025-30359 webpack-dev-server-2.11.2.tgz
CVE-2018-19827 node-sass-4.9.0.tgz
CVE-2022-24999 qs-6.5.1.tgz
CVE-2020-7608 yargs-parser-4.2.1.tgz
CVE-2018-20190 node-sass-4.9.0.tgz
WS-2018-0628 marked-0.3.19.tgz
CVE-2019-6286 opennms-opennms-source-23.0.0-1
CVE-2021-44906 minimist-1.1.3.tgz
CVE-2020-13822 elliptic-6.4.0.tgz
CVE-2021-37713 tar-2.2.1.tgz
CVE-2022-24771 node-forge-0.7.5.tgz
CVE-2019-18797 node-sass-4.9.0.tgz
CVE-2018-19837 opennms-opennms-source-23.0.0-1
CVE-2018-19797 node-sass-4.9.0.tgz
CVE-2023-26159 follow-redirects-1.4.1.tgz
CVE-2023-45133 babel-traverse-6.26.0.tgz
CVE-2022-25883 semver-4.3.6.tgz
CVE-2022-24772 node-forge-0.7.5.tgz
CVE-2018-20834 tar-2.2.1.tgz
CVE-2018-11693 node-sass-4.9.0.tgz
CVE-2020-28499 merge-1.2.0.tgz
CVE-2024-48948 elliptic-6.4.0.tgz
CVE-2024-48949 elliptic-6.4.0.tgz
CVE-2022-25758 scss-tokenizer-0.2.3.tgz
CVE-2021-37713 tar-4.4.1.tgz
CVE-2018-11698 opennms-opennms-source-23.0.0-1
CVE-2021-23807 jsonpointer-4.0.1.tgz
CVE-2021-32804 tar-2.2.1.tgz
CVE-2018-20821 node-sass-4.9.0.tgz
CVE-2022-29167 hawk-3.1.3.tgz
CVE-2021-37712 tar-2.2.1.tgz
CVE-2022-25883 semver-5.3.0.tgz
CVE-2018-11697 opennms-opennms-source-23.0.0-1
CVE-2025-30360 webpack-dev-server-2.11.2.tgz
CVE-2021-27290 ssri-5.3.0.tgz
CVE-2021-27515 url-parse-1.4.0.tgz
CVE-2020-7720 node-forge-0.7.5.tgz
CVE-2018-19839 CSS::Sass-v3.3.0
CVE-2018-20190 opennms-opennms-source-23.0.0-1
CVE-2019-16769 serialize-javascript-1.5.0.tgz
CVE-2021-23382 postcss-6.0.22.tgz
CVE-2020-7608 yargs-parser-5.0.0.tgz
CVE-2025-32996 http-proxy-middleware-0.17.4.tgz
WS-2018-0076 tunnel-agent-0.4.3.tgz
CVE-2020-8203 lodash-1.0.2.tgz
CVE-2022-24773 node-forge-0.7.5.tgz
CVE-2021-32803 tar-2.2.1.tgz
CVE-2024-42461 elliptic-6.4.0.tgz
CVE-2022-25883 semver-5.5.0.tgz
WS-2020-0450 handlebars-4.0.5.tgz
CVE-2024-42459 elliptic-6.4.0.tgz
CVE-2024-42460 elliptic-6.4.0.tgz
CVE-2024-21538 cross-spawn-5.1.0.tgz
CVE-2019-15599 tree-kill-1.2.0.tgz
WS-2020-0208 highlight.js-9.12.0.tgz
CVE-2021-23440 set-value-0.4.3.tgz
CVE-2021-37701 tar-4.4.1.tgz
CVE-2019-15598 tree-kill-1.2.0.tgz
WS-2019-0103 handlebars-4.0.5.tgz
CVE-2023-44270 postcss-6.0.22.tgz
CVE-2022-21680 marked-0.3.19.tgz
CVE-2024-45296 path-to-regexp-0.1.7.tgz
CVE-2018-19838 opennms-opennms-source-23.0.0-1
CVE-2025-9287 cipher-base-1.0.4.tgz
CVE-2020-28469 glob-parent-3.1.0.tgz
WS-2019-0307 mem-1.1.0.tgz
CVE-2021-3664 url-parse-1.4.0.tgz
CVE-2023-46234 browserify-sign-4.0.4.tgz
CVE-2021-3807 ansi-regex-3.0.0.tgz
CVE-2024-28863 tar-2.2.1.tgz
CVE-2019-6283 opennms-opennms-source-23.0.0-1
CVE-2024-28849 follow-redirects-1.4.1.tgz
WS-2020-0091 http-proxy-1.17.0.tgz
WS-2019-0180 lodash.mergewith-4.6.1.tgz
CVE-2024-29041 express-4.16.3.tgz
CVE-2020-15366 ajv-5.5.2.tgz
WS-2020-0345 jsonpointer-4.0.1.tgz
CVE-2018-11696 opennms-opennms-source-23.0.0-1
CVE-2018-11697 node-sass-4.9.0.tgz
CVE-2019-6286 node-sass-4.9.0.tgz
CVE-2018-3728 hoek-2.16.3.tgz
CVE-2019-10744 lodash.mergewith-4.6.1.tgz
CVE-2022-0144 shelljs-0.6.1.tgz
CVE-2022-37599 loader-utils-1.1.0.tgz
CVE-2022-1650 eventsource-0.1.6.tgz
CVE-2019-6284 opennms-opennms-source-23.0.0-1
CVE-2022-37620 html-minifier-3.5.15.tgz
CVE-2024-52798 path-to-regexp-0.1.7.tgz
CVE-2023-42282 ip-1.1.5.tgz
CVE-2017-18869 chownr-1.0.1.tgz
CVE-2022-24999 qs-6.3.2.tgz
CVE-2020-15366 ajv-6.5.0.tgz

Base branch total remaining vulnerabilities: 274
Base branch commit: null


Total libraries scanned: 2361

Scan token: 9c5b45f73e6642dfb3d2f5bd31258951

View more details on Mend Bolt for GitHub