Update dependency backpack-core to v0.8.4 #1
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
CVE-2024-43788Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.4.tgz (Root Library) -> ❌ webpack-4.47.0.tgz (Vulnerable Library) |
 Medium |
6.4 | Transitive webpack-4.47.0.tgz |
backpack-core-0.8.4.tgz | Transitive besnik/laravel-filtering - no_fix,piksera/core - no_fix,auspice - no_fix,axistrustee/compliance-overview - no_fix,chilister/nova-translation-manager - no_fix,slackstone/radix_rsvp - no_fix,na-ekb/service-site-module - no_fix,dnaklik/dna-exchange-bundle - no_fix,saphyr-solutions/saphyr-web-generator - no_fix,rogelio1502/ef-package - no_fix,meesy/shopavel - no_fix,habeuk/wb_universe - no_fix,flarum/ai-toolkit - no_fix,ryguy2407/nwostarter - no_fix,Fable.Sutil.Templates - no_fix,ViewPacker - no_fix,buddy/deploy-buddy - no_fix,antoniosiles/nova-4-card-map-plus - no_fix,org.webjars.npm:webpack:no_fix,bigeweb/framework - no_fix,webpack - no_fix,Envisia.DotNet.Templates - no_fix,narirock/marrs-catalog - no_fix,laraxot/module_job_fila3 - no_fix,lsi.js.build - no_fix,imumz/nova-4-card-map - no_fix,XivoBlue.CleanArchitecture.MechanicalEngineering.Template - no_fix,jeffersonpereira/realestatelaravel - no_fix,rzakhanov/translation - no_fix,stephane888/wb_universe - no_fix,andrew-vozniak/pantheon - no_fix,gmsl/flarum-abc - no_fix,vesperphp/project - no_fix,stephane888/generate_style_theme - no_fix |
None |
|
CVE-2026-34043Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.4.tgz (Root Library) -> webpack-4.47.0.tgz -> terser-webpack-plugin-1.4.6.tgz -> ❌ serialize-javascript-4.0.0.tgz (Vulnerable Library) |
Medium |
5.9 | Transitive serialize-javascript-4.0.0.tgz |
backpack-core-0.8.4.tgz | Transitive Upgrade to version serialize-javascript - 7.0.5 or greater |
None |
|
CVE-2025-14505Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.4.tgz (Root Library) -> webpack-4.47.0.tgz -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.1.tgz -> create-ecdh-4.0.4.tgz -> ❌ elliptic-6.6.1.tgz (Vulnerable Library) |
Medium |
5.6 | Transitive elliptic-6.6.1.tgz |
backpack-core-0.8.4.tgz | None |
|
|
CVE-398484-724968Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> babel-plugin-styled-components-1.10.0.tgz (Root Library) -> helper-module-imports-7.28.6.tgz -> traverse-7.29.0.tgz -> debug-4.4.3.tgz -> ❌ ms-2.1.3.tgz (Vulnerable Library) |
 Critical |
9.8 | Transitive ms-2.1.3.tgz |
babel-plugin-styled-components-1.10.0.tgz | None | ||
CVE-398484-724968Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.4.tgz (Root Library) -> core-7.29.0.tgz -> debug-4.4.3.tgz -> ❌ ms-2.1.3.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive ms-2.1.3.tgz |
backpack-core-0.8.4.tgz | None | ||
CVE-289561-266276Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> jest-21.2.1.tgz (Root Library) -> jest-cli-21.2.1.tgz -> glob-7.1.4.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
jest-21.2.1.tgz | None | ||
CVE-289561-266276Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> apollo-server-express-2.5.0-alpha.0.tgz (Root Library) -> apollo-server-core-2.5.0-alpha.0.tgz -> sha.js-2.4.11.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
apollo-server-express-2.5.0-alpha.0.tgz | None | ||
CVE-289561-266276Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> pre-commit-1.2.2.tgz (Root Library) -> spawn-sync-1.0.15.tgz -> concat-stream-1.6.2.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
pre-commit-1.2.2.tgz | None | ||
CVE-289561-266276Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> sw-precache-webpack-plugin-0.11.5.tgz (Root Library) -> del-3.0.0.tgz -> globby-6.1.0.tgz -> glob-7.1.4.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
sw-precache-webpack-plugin-0.11.5.tgz | None | ||
CVE-289561-266276Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.4.tgz (Root Library) -> nodemon-1.19.4.tgz -> chokidar-2.1.8.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
backpack-core-0.8.4.tgz | None | ||
CVE-289561-266276Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> web-push-3.3.5.tgz (Root Library) -> asn1.js-5.0.1.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
web-push-3.3.5.tgz | None | ||
CVE-289561-266276Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> flow-typed-2.5.2.tgz (Root Library) -> glob-7.2.3.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
flow-typed-2.5.2.tgz | None | ||
CVE-2021-42581Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.4.tgz (Root Library) -> ❌ ramda-0.26.1.tgz (Vulnerable Library) |
Critical |
9.1 | Transitive ramda-0.26.1.tgz |
backpack-core-0.8.4.tgz | None | ||
CVE-2026-26996Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> jest-21.2.1.tgz (Root Library) -> jest-cli-21.2.1.tgz -> jest-runtime-21.2.1.tgz -> babel-core-6.26.3.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library) |
 High |
7.5 | Transitive minimatch-3.1.5.tgz |
jest-21.2.1.tgz | Transitive 10.2.1 |
None | |
CVE-2026-26996Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> sw-precache-webpack-plugin-0.11.5.tgz (Root Library) -> del-3.0.0.tgz -> globby-6.1.0.tgz -> glob-7.1.4.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.5.tgz |
sw-precache-webpack-plugin-0.11.5.tgz | Transitive 10.2.1 |
None | |
CVE-2026-26996Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.4.tgz (Root Library) -> nodemon-1.19.4.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.5.tgz |
backpack-core-0.8.4.tgz | Transitive 10.2.1 |
None | |
CVE-2026-26996Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> flow-typed-2.5.2.tgz (Root Library) -> glob-7.2.3.tgz -> ❌ minimatch-3.1.5.tgz (Vulnerable Library) |
High |
7.5 | Transitive minimatch-3.1.5.tgz |
flow-typed-2.5.2.tgz | Transitive 10.2.1 |
None | |
CVE-2024-21538Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.4.tgz (Root Library) -> ❌ cross-spawn-6.0.6.tgz (Vulnerable Library) |
High |
7.5 | Transitive cross-spawn-6.0.6.tgz |
backpack-core-0.8.4.tgz | Transitive https://github.com/moxystudio/node-cross-spawn.git - v7.0.5,https://github.com/moxystudio/node-cross-spawn.git - v6.0.6,org.webjars.npm:cross-spawn:6.0.6 |
None | |
CVE-2026-2739Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.4.tgz (Root Library) -> webpack-4.47.0.tgz -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.1.tgz -> create-ecdh-4.0.4.tgz -> ❌ bn.js-4.12.3.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive bn.js-4.12.3.tgz |
backpack-core-0.8.4.tgz | Transitive https://github.com/indutny/bn.js.git - v5.2.3 |
None | |
CVE-2026-2739Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> web-push-3.3.5.tgz (Root Library) -> asn1.js-5.0.1.tgz -> ❌ bn.js-4.12.3.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive bn.js-4.12.3.tgz |
web-push-3.3.5.tgz | Transitive https://github.com/indutny/bn.js.git - v5.2.3 |
None |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| GHSA-6chw-6frg-f759 | acorn-6.1.1.tgz |
| GHSA-v2p6-4mp7-3r9v | underscore.string-2.4.0.tgz |
| GHSA-c3m8-x3cg-qm2c | helmet-csp-2.7.1.tgz |
| CVE-2019-10746 | mixin-deep-1.3.1.tgz |
| GHSA-7fhm-mqm4-2wp7 | acorn-6.1.1.tgz |
| GHSA-pc5p-h8pf-mvwp | https-proxy-agent-2.2.1.tgz |
| CVE-2022-46175 | json5-1.0.1.tgz |
| CVE-2022-37599 | loader-utils-1.2.3.tgz |
| CVE-2021-27290 | ssri-6.0.1.tgz |
| CVE-2020-8116 | dot-prop-4.2.0.tgz |
| GHSA-64g7-mvw6-v9qj | shelljs-0.8.3.tgz |
| CVE-2025-404142 | buffers-0.1.1.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.8.tgz |
| GHSA-7wwv-vh3v-89cq | highlight.js-9.15.8.tgz |
| GHSA-7fhm-mqm4-2wp7 | acorn-4.0.13.tgz |
| CVE-2024-43788 | webpack-4.32.2.tgz |
| GHSA-w42g-7vfc-xf37 | apollo-server-express-2.9.12.tgz |
| CVE-2022-46175 | json5-2.1.0.tgz |
| GHSA-8x6c-cv3v-vp6g | cacheable-request-2.1.4.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-1.2.0.tgz |
| GHSA-g95f-p29q-9xw4 | braces-1.8.5.tgz |
| CVE-2019-10795 | undefsafe-2.0.2.tgz |
| CVE-2022-37603 | loader-utils-1.2.3.tgz |
| GHSA-7fhm-mqm4-2wp7 | minimist-0.0.10.tgz |
| CVE-2022-25881 | http-cache-semantics-3.8.1.tgz |
| CVE-2022-37601 | loader-utils-1.2.3.tgz |
| GHSA-w42g-7vfc-xf37 | apollo-server-express-2.5.0-alpha.0.tgz |
| GHSA-4xcv-9jjx-gfj3 | mem-1.1.0.tgz |
| CVE-2022-25883 | semver-6.1.1.tgz |
Base branch total remaining vulnerabilities: 288
Base branch commit: d8a4d1743dfb4e8c2596563c8b569bb9ec3f1892
Total libraries scanned: 2075
Scan token: 9d3b57e9067d4c6f9e4148d49d1134a0