npm-audit-sarif

{ "auditReportVersion": 2, "vulnerabilities": { "@nestjs/core": { "name": "@nestjs/core", "severity": "moderate", "isDirect": false, "via": [ "@nestjs/websockets", { "source": 1091325, "name": "@nestjs/core", "dependency": "@nestjs/core", "title": "@nestjs/core vulnerable to Information Exposure via StreamableFile pipe", "url": "https://github.com/advisories/GHSA-4jpv-8r57-pv7j", "severity": "moderate", "cwe": [ "CWE-200" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": "<9.0.5" } ], "effects": [ "@nestjs/websockets" ], "range": "<=9.0.4", "nodes": [ "node_modules/@nestjs/core" ], "fixAvailable": { "name": "@nestjs/websockets", "version": "9.4.2", "isSemVerMajor": true } }, "@nestjs/websockets": { "name": "@nestjs/websockets", "severity": "moderate", "isDirect": true, "via": [ "@nestjs/core" ], "effects": [ "@nestjs/core" ], "range": "<=9.0.0-next.2", "nodes": [ "node_modules/@nestjs/websockets" ], "fixAvailable": { "name": "@nestjs/websockets", "version": "9.4.2", "isSemVerMajor": true } }, "jsonwebtoken": { "name": "jsonwebtoken", "severity": "moderate", "isDirect": true, "via": [ { "source": 1089434, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken unrestricted key type could lead to legacy keys usage ", "url": "https://github.com/advisories/GHSA-8cf7-32gw-wr33", "severity": "moderate", "cwe": [ "CWE-327" ], "cvss": { "score": 0, "vectorString": null }, "range": "<=8.5.1" }, { "source": 1091087, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC", "url": "https://github.com/advisories/GHSA-hjrf-2m68-5959", "severity": "moderate", "cwe": [ "CWE-287" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, "range": "<=8.5.1" }, { "source": 1091170, "name": "jsonwebtoken", "dependency": "jsonwebtoken", "title": "jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()", "url": "https://github.com/advisories/GHSA-qwph-4952-7xr6", "severity": "moderate", "cwe": [ "CWE-287", "CWE-327" ], "cvss": { "score": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L" }, "range": "<9.0.0" } ], "effects": [], "range": "<=8.5.1", "nodes": [ "node_modules/jsonwebtoken" ], "fixAvailable": { "name": "jsonwebtoken", "version": "9.0.0", "isSemVerMajor": true } }, "morgan": { "name": "morgan", "severity": "moderate", "isDirect": true, "via": [ { "source": 1087563, "name": "morgan", "dependency": "morgan", "title": "Code Injection in morgan", "url": "https://github.com/advisories/GHSA-gwg9-rgvj-4h5j", "severity": "moderate", "cwe": [ "CWE-94" ], "cvss": { "score": 0, "vectorString": null }, "range": "<1.9.1" } ], "effects": [], "range": "<1.9.1", "nodes": [ "node_modules/morgan" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 4, "high": 0, "critical": 0, "total": 4 }, "dependencies": { "prod": 22, "dev": 0, "optional": 0, "peer": 29, "peerOptional": 0, "total": 50 } } }