An automation triggered a pipeline failure
Found 70 vulnerabilities. An additional 0 vulnerabilities have been marked as unaffected.
Output from Automations
4 rules were checked:
If a new dependency is added where the license risk is at least medium
then notify all users in the group admins by email
✔️ The rule did not trigger. Manage rule
If a dependency contains a vulnerability which has not been marked as unaffected and which has not triggered this rule for this dependency before
then notify all users in the group admins by email
✔️ The rule did not trigger. Manage rule
If there is a dependency where the license risk is at least high
then send a pipeline warning
✔️ The rule did not trigger. Manage rule
If a dependency contains a vulnerability which has not been marked as unaffected
then fail pipeline
❌ The rule triggered for the following vulnerabilities, causing a pipeline failure. Manage rule
Vulnerability |
CVSS2 |
CVSS3 |
Dependency |
Dependency Licenses |
CVE-2020-12265 |
7.5 |
9.8 |
decompress (npm) |
MIT |
CVE-2023-26136 |
N/A |
9.8 |
tough-cookie (npm) |
BSD-3-Clause |
CVE-2022-37602 |
N/A |
9.8 |
grunt-karma (npm) |
MIT |
CVE-2015-8857 |
7.5 |
9.8 |
uglify-js (npm) |
BSD-2-Clause |
CVE-2018-16487 |
7.5 |
9.8 |
lodash (npm) |
MIT |
CVE-2019-10744 |
6.4 |
9.1 |
lodash (npm) |
MIT |
CVE-2018-3728 |
6.5 |
8.8 |
hoek (npm) |
BSD-3-Clause |
CVE-2021-37713 |
4.4 |
8.6 |
tar (npm) |
BSD-2-Clause |
CVE-2021-32804 |
5.8 |
8.1 |
tar (npm) |
BSD-2-Clause |
CVE-2020-36604 |
N/A |
8.1 |
hoek (npm) |
BSD-3-Clause |
CVE-2020-28502 |
6.8 |
8.1 |
xmlhttprequest (npm) |
MIT |
CVE-2014-6394 |
7.5 |
N/A |
send (npm) |
MIT |
CVE-2015-8860 |
5 |
7.5 |
tar (npm) |
BSD-2-Clause |
CVE-2017-15010 |
5 |
7.5 |
tough-cookie (npm) |
BSD-3-Clause |
CVE-2019-13173 |
6.4 |
7.5 |
fstream (npm) |
BSD-2-Clause |
CVE-2017-16138 |
5 |
7.5 |
mime (npm) |
MIT |
CVE-2015-8858 |
7.8 |
7.5 |
uglify-js (npm) |
BSD-2-Clause |
CVE-2022-3517 |
N/A |
7.5 |
minimatch (npm) |
ISC, MIT |
CVE-2019-5484 |
5 |
7.5 |
bower (npm) |
MIT |
CVE-2020-7792 |
7.5 |
7.5 |
mout (npm) |
MIT |
CVE-2022-21213 |
5 |
7.5 |
mout (npm) |
MIT |
CVE-2017-16030 |
5 |
7.5 |
useragent (npm) |
MIT |
CVE-2019-17221 |
5 |
7.5 |
phantomjs (npm) |
Apache-2.0 |
CVE-2022-29167 |
5 |
7.5 |
hawk (npm) |
BSD-3-Clause |
CVE-2017-16119 |
5 |
7.5 |
fresh (npm) |
MIT |
CVE-2018-20834 |
6.4 |
7.5 |
tar (npm) |
BSD-2-Clause |
CVE-2016-10540 |
5 |
7.5 |
minimatch (npm) |
ISC, MIT |
CVE-2022-25883 |
N/A |
7.5 |
semver (npm) |
BSD-2-Clause, ISC, MIT |
CVE-2015-8855 |
7.8 |
7.5 |
semver (npm) |
BSD-2-Clause, ISC, MIT |
CVE-2017-1000048 |
5 |
7.5 |
qs (npm) |
BSD-3-Clause, MIT |
CVE-2022-24999 |
N/A |
7.5 |
qs (npm) |
BSD-3-Clause, MIT |
CVE-2014-10064 |
5 |
7.5 |
qs (npm) |
BSD-3-Clause, MIT |
CVE-2016-10542 |
5 |
7.5 |
ws (npm) |
MIT |
CVE-2016-10518 |
5 |
7.5 |
ws (npm) |
MIT |
CVE-2017-20165 |
2.7 |
7.5 |
debug (npm) |
MIT |
CVE-2020-7788 |
7.5 |
7.3 |
ini (npm) |
ISC, MIT |
CVE-2021-23337 |
6.5 |
7.2 |
lodash (npm) |
MIT |
CVE-2021-23358 |
6.5 |
7.2 |
underscore (npm) |
MIT |
CVE-2022-0144 |
3.6 |
7.1 |
shelljs (npm) |
BSD-3-Clause |
CVE-2022-1537 |
6.9 |
7 |
grunt (npm) |
MIT |
CVE-2020-8244 |
6.4 |
6.5 |
bl (npm) |
MIT |
CVE-2018-3721 |
4 |
6.5 |
lodash (npm) |
MIT |
CVE-2019-1010266 |
4 |
6.5 |
lodash (npm) |
MIT |
CVE-2022-0437 |
4.3 |
6.1 |
karma (npm) |
MIT |
CVE-2023-28155 |
N/A |
6.1 |
request (npm) |
Apache-2.0 |
CVE-2013-7370 |
4.3 |
6.1 |
connect (npm) |
MIT |
CVE-2013-7371 |
4.3 |
6.1 |
connect (npm) |
MIT |
CVE-2021-23495 |
5.8 |
6.1 |
karma (npm) |
MIT |
CVE-2017-16026 |
7.1 |
5.9 |
request (npm) |
Apache-2.0 |
CVE-2022-21704 |
2.1 |
5.5 |
log4js (npm) |
Apache-2.0 |
CVE-2022-0436 |
2.1 |
5.5 |
grunt (npm) |
MIT |
CVE-2018-3717 |
3.5 |
5.4 |
connect (npm) |
MIT |
CVE-2016-1000232 |
5 |
5.3 |
tough-cookie (npm) |
BSD-3-Clause |
CVE-2017-16137 |
5 |
5.3 |
debug (npm) |
MIT |
CVE-2015-8859 |
5 |
5.3 |
send (npm) |
MIT |
CVE-2022-33987 |
5 |
5.3 |
got (npm) |
MIT |
CVE-2020-28500 |
5 |
5.3 |
lodash (npm) |
MIT |
CVE-2014-7191 |
5 |
N/A |
qs (npm) |
BSD-3-Clause, MIT |
CVE-2016-1000236 |
3.5 |
4.4 |
cookie-signature (npm) |
MIT |
CVE-2020-28481 |
4 |
4.3 |
socket.io (npm) |
MIT |
CVE-2016-10538 |
4.9 |
3.5 |
cli (npm) |
MIT |
debricked-149655 |
N/A |
N/A |
ws (npm) |
MIT |
debricked-180554 |
N/A |
N/A |
shelljs (npm) |
BSD-3-Clause |
debricked-149712 |
N/A |
N/A |
tunnel-agent (npm) |
Apache-2.0 |
debricked-149740 |
N/A |
N/A |
http-proxy (npm) |
MIT |
debricked-155741 |
N/A |
N/A |
ini (npm) |
ISC, MIT |
debricked-149710 |
N/A |
N/A |
concat-stream (npm) |
MIT |
debricked-149651 |
N/A |
N/A |
clean-css (npm) |
MIT |
debricked-149668 |
N/A |
N/A |
underscore.string (npm) |
MIT |
debricked-149665 |
N/A |
N/A |
open (npm) |
MIT |