An automation triggered a pipeline warning
Found 52 vulnerabilities. An additional 0 vulnerabilities have been marked as unaffected.
Output from Automations
4 rules were checked:
If a new dependency is added where the license risk is at least medium
then notify all users in the group admins by email
✔️ The rule did not trigger. Manage rule
If there is a dependency where the license risk is at least high
then send a pipeline warning
✔️ The rule did not trigger. Manage rule
If a dependency contains a vulnerability which has not been marked as unaffected and which has not triggered this rule for this dependency before
then notify all users in the group admins by email
📤 The rule triggered for the following vulnerabilities, causing an email notification. Manage rule
Vulnerability |
CVSS2 |
CVSS3 |
Dependency |
Dependency Licenses |
CVE-2022-2216 |
7.5 |
9.8 |
parse-url (npm) |
Debricked Unknown License, MIT |
CVE-2022-37601 |
N/A |
9.8 |
loader-utils (npm) |
MIT |
CVE-2023-28154 |
N/A |
9.8 |
webpack (npm) |
MIT |
CVE-2022-25912 |
N/A |
9.8 |
simple-git (npm) |
Debricked Unknown License, MIT |
CVE-2022-25860 |
N/A |
9.8 |
simple-git (npm) |
Debricked Unknown License, MIT |
CVE-2022-2900 |
N/A |
9.1 |
parse-url (npm) |
Debricked Unknown License, MIT |
CVE-2022-46175 |
N/A |
8.8 |
json5 (npm) |
Debricked Unknown License, MIT |
CVE-2022-37603 |
N/A |
7.5 |
loader-utils (npm) |
MIT |
CVE-2022-25887 |
N/A |
7.5 |
sanitize-html (npm) |
MIT |
CVE-2022-0722 |
5 |
7.5 |
parse-url (npm) |
Debricked Unknown License, MIT |
CVE-2020-7753 |
5 |
7.5 |
trim (npm) |
MIT |
CVE-2022-25883 |
N/A |
7.5 |
semver (npm) |
BSD-2-Clause, Debricked Unknown License, ISC, MIT |
CVE-2022-25851 |
5 |
7.5 |
jpeg-js (npm) |
BSD-3-Clause |
CVE-2022-38900 |
N/A |
7.5 |
decode-uri-component (npm) |
MIT |
CVE-2022-31129 |
5 |
7.5 |
moment (npm) |
MIT |
CVE-2022-25858 |
N/A |
7.5 |
terser (npm) |
BSD-2-Clause, ISC |
CVE-2023-22467 |
N/A |
7.5 |
luxon (npm) |
MIT |
CVE-2022-3517 |
N/A |
7.5 |
minimatch (npm) |
Debricked Unknown License, ISC, MIT |
CVE-2022-37599 |
N/A |
7.5 |
loader-utils (npm) |
MIT |
CVE-2022-24999 |
N/A |
7.5 |
express (npm) |
Debricked Unknown License, MIT |
CVE-2023-26115 |
N/A |
7.5 |
word-wrap (npm) |
MIT |
CVE-2022-25881 |
N/A |
7.5 |
http-cache-semantics (npm) |
BSD-2-Clause |
CVE-2022-24999 |
N/A |
7.5 |
qs (npm) |
BSD-3-Clause, Debricked Unknown License, MIT |
CVE-2022-0624 |
7.5 |
7.3 |
parse-path (npm) |
Debricked Unknown License, ISC, MIT |
CVE-2022-29256 |
4.6 |
6.7 |
sharp (npm) |
Apache-2.0 |
CVE-2023-31125 |
N/A |
6.5 |
engine.io (npm) |
Debricked Unknown License, MIT |
CVE-2023-25166 |
N/A |
6.5 |
@sideway/formula (npm) |
BSD-3-Clause |
CVE-2022-38778 |
N/A |
6.5 |
decode-uri-component (npm) |
MIT |
CVE-2022-3224 |
N/A |
6.1 |
parse-url (npm) |
Debricked Unknown License, MIT |
CVE-2022-2218 |
4.3 |
6.1 |
parse-url (npm) |
Debricked Unknown License, MIT |
CVE-2022-2217 |
4.3 |
6.1 |
parse-url (npm) |
Debricked Unknown License, MIT |
CVE-2022-0235 |
5.8 |
6.1 |
node-fetch (npm) |
MIT |
CVE-2022-36313 |
N/A |
5.5 |
file-type (npm) |
MIT |
CVE-2023-22491 |
N/A |
5.4 |
gatsby-transformer-remark (npm) |
MIT |
CVE-2023-0842 |
N/A |
5.3 |
xml2js (npm) |
Debricked Unknown License, MIT |
CVE-2022-33987 |
5 |
5.3 |
got (npm) |
MIT |
CVE-2023-30548 |
N/A |
4.3 |
gatsby-plugin-sharp (npm) |
MIT |
debricked-190258 |
N/A |
N/A |
gatsby-plugin-mdx (npm) |
MIT |
debricked-199296 |
N/A |
N/A |
d3-color (npm) |
BSD-3-Clause, ISC |
If a dependency contains a vulnerability which has not been marked as unaffected
then send a pipeline warning
⚠️ The rule triggered for the following vulnerabilities, causing a pipeline warning. Manage rule
Vulnerability |
CVSS2 |
CVSS3 |
Dependency |
Dependency Licenses |
CVE-2022-24433 |
7.5 |
9.8 |
simple-git (npm) |
Debricked Unknown License, MIT |
CVE-2022-25860 |
N/A |
9.8 |
simple-git (npm) |
Debricked Unknown License, MIT |
CVE-2022-25912 |
N/A |
9.8 |
simple-git (npm) |
Debricked Unknown License, MIT |
CVE-2022-24066 |
7.5 |
9.8 |
simple-git (npm) |
Debricked Unknown License, MIT |
CVE-2022-2216 |
7.5 |
9.8 |
parse-url (npm) |
Debricked Unknown License, MIT |
CVE-2022-37601 |
N/A |
9.8 |
loader-utils (npm) |
MIT |
CVE-2023-28154 |
N/A |
9.8 |
webpack (npm) |
MIT |
CVE-2022-2900 |
N/A |
9.1 |
parse-url (npm) |
Debricked Unknown License, MIT |
CVE-2022-46175 |
N/A |
8.8 |
json5 (npm) |
Debricked Unknown License, MIT |
CVE-2021-43138 |
6.8 |
7.8 |
async (npm) |
MIT |
CVE-2023-26115 |
N/A |
7.5 |
word-wrap (npm) |
MIT |
CVE-2022-24999 |
N/A |
7.5 |
express (npm) |
Debricked Unknown License, MIT |
CVE-2022-25858 |
N/A |
7.5 |
terser (npm) |
BSD-2-Clause, ISC |
CVE-2022-0722 |
5 |
7.5 |
parse-url (npm) |
Debricked Unknown License, MIT |
CVE-2022-31129 |
5 |
7.5 |
moment (npm) |
MIT |
CVE-2022-38900 |
N/A |
7.5 |
decode-uri-component (npm) |
MIT |
CVE-2022-25851 |
5 |
7.5 |
jpeg-js (npm) |
BSD-3-Clause |
CVE-2022-25887 |
N/A |
7.5 |
sanitize-html (npm) |
MIT |
CVE-2023-22467 |
N/A |
7.5 |
luxon (npm) |
MIT |
CVE-2022-25881 |
N/A |
7.5 |
http-cache-semantics (npm) |
BSD-2-Clause |
CVE-2022-24999 |
N/A |
7.5 |
qs (npm) |
BSD-3-Clause, Debricked Unknown License, MIT |
CVE-2022-37603 |
N/A |
7.5 |
loader-utils (npm) |
MIT |
CVE-2022-25883 |
N/A |
7.5 |
semver (npm) |
BSD-2-Clause, Debricked Unknown License, ISC, MIT |
CVE-2021-3803 |
5 |
7.5 |
nth-check (npm) |
BSD-2-Clause |
CVE-2021-23424 |
5 |
7.5 |
ansi-html (npm) |
Apache-2.0 |
CVE-2020-28469 |
5 |
7.5 |
glob-parent (npm) |
ISC |
CVE-2022-1929 |
5 |
7.5 |
devcert (npm) |
MIT |
CVE-2021-43307 |
5 |
7.5 |
semver-regex (npm) |
MIT |
CVE-2022-0355 |
5 |
7.5 |
simple-get (npm) |
MIT |
CVE-2020-7753 |
5 |
7.5 |
trim (npm) |
MIT |
CVE-2021-3807 |
7.8 |
7.5 |
ansi-regex (npm) |
MIT |
CVE-2022-3517 |
N/A |
7.5 |
minimatch (npm) |
Debricked Unknown License, ISC, MIT |
CVE-2022-37599 |
N/A |
7.5 |
loader-utils (npm) |
MIT |
CVE-2022-24785 |
5 |
7.5 |
moment (npm) |
MIT |
CVE-2022-0624 |
7.5 |
7.3 |
parse-path (npm) |
Debricked Unknown License, ISC, MIT |
CVE-2022-29256 |
4.6 |
6.7 |
sharp (npm) |
Apache-2.0 |
CVE-2023-25166 |
N/A |
6.5 |
@sideway/formula (npm) |
BSD-3-Clause |
CVE-2022-38778 |
N/A |
6.5 |
decode-uri-component (npm) |
MIT |
CVE-2023-31125 |
N/A |
6.5 |
engine.io (npm) |
Debricked Unknown License, MIT |
CVE-2022-1365 |
4 |
6.5 |
cross-fetch (npm) |
MIT |
CVE-2022-2218 |
4.3 |
6.1 |
parse-url (npm) |
Debricked Unknown License, MIT |
CVE-2022-2217 |
4.3 |
6.1 |
parse-url (npm) |
Debricked Unknown License, MIT |
CVE-2022-3224 |
N/A |
6.1 |
parse-url (npm) |
Debricked Unknown License, MIT |
CVE-2022-0235 |
5.8 |
6.1 |
node-fetch (npm) |
MIT |
CVE-2022-36313 |
N/A |
5.5 |
file-type (npm) |
MIT |
CVE-2023-22491 |
N/A |
5.4 |
gatsby-transformer-remark (npm) |
MIT |
CVE-2023-0842 |
N/A |
5.3 |
xml2js (npm) |
Debricked Unknown License, MIT |
CVE-2021-26540 |
5 |
5.3 |
sanitize-html (npm) |
MIT |
CVE-2021-26539 |
5 |
5.3 |
sanitize-html (npm) |
MIT |
CVE-2022-33987 |
5 |
5.3 |
got (npm) |
MIT |
CVE-2023-30548 |
N/A |
4.3 |
gatsby-plugin-sharp (npm) |
MIT |
debricked-190258 |
N/A |
N/A |
gatsby-plugin-mdx (npm) |
MIT |
debricked-199296 |
N/A |
N/A |
d3-color (npm) |
BSD-3-Clause, ISC |