strong-mesh-models 8.1.1

Recommendation: Upgrade to version 2.2.1 or later

via: loopback-explorer@1.8.0

swagger-ui@2.0.24

Cross-site scripting in Swagger-UI

Recommendation: Upgrade to version 2.2.1 or later

via: loopback-explorer@1.8.0

swagger-ui@2.0.24

Recommendation: Upgrade to version 3.23.11 or later

via: loopback-explorer@1.8.0

ejs@2.7.4

ejs template injection vulnerability

Recommendation: Upgrade to version 3.1.7 or later

via: loopback@2.42.0

nodemailer@2.7.2

Command injection in nodemailer

Recommendation: Upgrade to version 6.4.16 or later

via: loopback@2.42.0

swagger-ui@2.0.24

Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js

Recommendation: Upgrade to version 2.2.1 or later

via: loopback-explorer@1.8.0

uglify-js@2.3.6

Recommendation: Upgrade to version 2.4.24 or later

via: loopback-explorer@1.8.0

morgan@1.6.1

Code Injection in morgan

Recommendation: Upgrade to version 1.9.1 or later

via: loopback-explorer@1.8.0

lodash@3.10.1

Recommendation: Upgrade to version 4.17.12 or later

via: lodash@3.10.1 & others

handlebars@1.0.12

Remote code execution in handlebars when compiling templates

Recommendation: Upgrade to version 3.0.8 or later

via: loopback-explorer@1.8.0

handlebars@1.0.12

Recommendation: Upgrade to version 4.7.7 or later

via: loopback-explorer@1.8.0

underscore@1.7.0

Arbitrary Code Execution in underscore

Recommendation: Upgrade to version 1.12.1 or later

via: loopback@2.42.0

handlebars@1.0.12

Prototype Pollution in minimist

Recommendation: Upgrade to version 4.7.7 or later

via: loopback-explorer@1.8.0

minimist@0.0.8

Recommendation: Upgrade to version 0.2.4 or later

via: loopback-explorer@1.8.0

base64-js@0.0.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback@2.42.0

debug@1.0.5

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback@2.42.0 & others

duplex@1.0.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback@2.42.0

handlebars@1.0.12

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback-explorer@1.8.0

mime@1.2.11

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback-explorer@1.8.0

ms@0.7.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback-explorer@1.8.0

msgpack-js@0.3.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback@2.42.0

mux-demux@3.7.9

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback@2.42.0

options@0.0.6

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback@2.42.0

sprintf@0.1.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback-explorer@1.8.0

sse@0.0.7

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback@2.42.0

uglify-js@2.3.6

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback-explorer@1.8.0

uid2@0.0.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback@2.42.0

Arbitrary Code Execution in handlebars

57 high severity issues

high

handlebars@1.0.12

Recommendation: Upgrade to version 3.0.8 or later

via: loopback-explorer@1.8.0

handlebars@1.0.12

Prototype Pollution Protection Bypass in qs

Recommendation: Upgrade to version 3.0.8 or later

via: loopback-explorer@1.8.0

qs@4.0.0

Recommendation: Upgrade to version 6.0.4 or later

via: loopback-explorer@1.8.0

base64-url@1.2.1

Out-of-bounds Read in base64-url

Recommendation: Upgrade to version 2.0.0 or later

via: loopback-explorer@1.8.0

negotiator@0.5.3

Regular Expression Denial of Service in negotiator

Recommendation: Upgrade to version 0.6.1 or later

via: loopback-explorer@1.8.0

uglify-js@2.3.6

Regular Expression Denial of Service in uglify-js

Recommendation: Upgrade to version 2.6.0 or later

via: loopback-explorer@1.8.0

fresh@0.3.0

Regular Expression Denial of Service in fresh

Recommendation: Upgrade to version 0.5.2 or later

via: loopback-explorer@1.8.0

mime@1.3.4

mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input

Recommendation: Upgrade to version 1.4.1 or later

via: loopback-explorer@1.8.0

swagger-ui@2.0.24

debug Inefficient Regular Expression Complexity vulnerability

Recommendation: Upgrade to version 2.2.1 or later

via: loopback-explorer@1.8.0

debug@1.0.5

Recommendation: Upgrade to version 2.6.9 or later

via: loopback@2.42.0 & others

lodash@3.10.1

Arbitrary Code Execution in Handlebars

Recommendation: Upgrade to version 4.17.11 or later

via: lodash@3.10.1 & others

handlebars@1.0.12

Recommendation: Upgrade to version 3.0.8 or later

via: loopback-explorer@1.8.0

handlebars@1.0.12

Recommendation: Upgrade to version 3.0.7 or later

via: loopback-explorer@1.8.0

lodash@3.10.1

Arbitrary Code Execution in handlebars

Recommendation: Upgrade to version 4.17.19 or later

via: lodash@3.10.1

handlebars@1.0.12

Recommendation: Upgrade to version 3.0.8 or later

via: loopback-explorer@1.8.0

ssh2@0.4.15

OS Command Injection in ssh2

Recommendation: Upgrade to version 1.4.0 or later

via: strong-tunnel@1.1.6

qs@4.0.0

qs vulnerable to Prototype Pollution

Recommendation: Upgrade to version 6.2.4 or later

via: loopback-explorer@1.8.0

lodash@3.10.1

Command Injection in lodash

Recommendation: Upgrade to version 4.17.21 or later

via: lodash@3.10.1 & others

canonical-json@0.0.4

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: loopback@2.42.0

source-map@0.1.43

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: loopback-explorer@1.8.0

stream-counter@0.2.0

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: loopback-explorer@1.8.0

ycssmin@1.0.1

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: loopback-explorer@1.8.0

btoa@1.1.1

Package uses an invalid SPDX license ("Apache2")

Recommendation: Validate that the package complies with your license policy

via: loopback-explorer@1.8.0

less@1.4.2

Package uses an invalid SPDX license ("Apache v2")

Recommendation: Validate that the package complies with your license policy

via: loopback-explorer@1.8.0

loopback-explorer@1.8.0

Package uses an invalid SPDX license ("Dual MIT/StrongLoop")

Recommendation: Validate that the package complies with your license policy

via: loopback-explorer@1.8.0

optimist@0.3.7

Package uses an invalid SPDX license ("MIT/X11")

Recommendation: Validate that the package complies with your license policy

via: loopback-explorer@1.8.0

rc@1.2.8

Package uses a custom license expression: `(BSD-2-Clause OR MIT OR Apache-2.0)`

Recommendation: Validate that the license expression complies with your license policy

via: loopback@2.42.0 & others

spdx-exceptions@2.5.0

Package uses an atypical license ("CC-BY-3.0")

Recommendation: Read and validate the license terms

via: strong-npm-ls@1.0.10

strong-mesh-models@8.1.1

Package uses an invalid SPDX license ("SEE LICENSE IN LICENSE.md")

Recommendation: Validate that the package complies with your license policy

via: strong-mesh-models@8.1.1

swagger-client@2.0.36

Package uses an invalid SPDX license ("apache 2.0")

Recommendation: Validate that the package complies with your license policy

via: loopback-explorer@1.8.0

swagger-ui@2.0.24

Package uses an invalid SPDX license ("Apache")

Recommendation: Validate that the package complies with your license policy

via: loopback-explorer@1.8.0

buildmail@4.0.1

Deprecated package

via: loopback@2.42.0

coffee-script@1.6.3

Deprecated package

via: loopback-explorer@1.8.0

connect@2.30.2

Deprecated package

via: loopback-explorer@1.8.0

core-js-pure@3.37.0

Package uses postinstall script: "node -e "try{require('./postinstall')}catch(e){}""

via: loopback@2.42.0 & others

ejs@2.7.4

Package uses postinstall script: "node ./postinstall.js"

via: loopback@2.42.0

har-validator@5.1.5

Deprecated package

via: loopback@2.42.0 & others

loopback-boot@2.28.0

Deprecated package

via: loopback-boot@2.28.0

loopback-datasource-juggler@2.59.3

Deprecated package

via: loopback@2.42.0 & others

loopback-explorer@1.8.0

Deprecated package

via: loopback-explorer@1.8.0

loopback@2.42.0

Deprecated package

via: loopback@2.42.0

mailcomposer@4.0.1

Deprecated package

via: loopback@2.42.0

mkdirp@0.3.5

Deprecated package

via: loopback-explorer@1.8.0

mkdirp@0.5.1

Deprecated package

via: loopback-explorer@1.8.0

node-uuid@1.4.8

Deprecated package

via: http-auth@2.4.11

nodemailer@2.7.2

Deprecated package

via: loopback@2.42.0

readdir-scoped-modules@1.1.0

Deprecated package

via: strong-npm-ls@1.0.10

request@2.88.2

Deprecated package

via: loopback@2.42.0 & others

socks@1.1.9

Deprecated package

via: loopback@2.42.0

sprintf@0.1.1

Deprecated package

via: loopback-explorer@1.8.0

sprintf@0.1.5

Deprecated package

via: sprintf@0.1.5

stable@0.1.8

Deprecated package

via: loopback@2.42.0 & others

strong-remoting@2.36.1

Deprecated package

via: loopback@2.42.0

swagger-client@2.0.36

Deprecated package

via: loopback-explorer@1.8.0

swagger-ui@2.0.24

Deprecated package

via: loopback-explorer@1.8.0

tree-sitter@0.20.4

Package uses install script: "prebuild-install || node-gyp rebuild"

via: loopback@2.42.0 & others

uuid@3.4.0

Deprecated package

via: loopback@2.42.0 & others

Regular Expression Denial of Service (ReDoS) in lodash

25 moderate severity issues

moderate

lodash@3.10.1

Recommendation: Upgrade to version 4.17.11 or later

via: lodash@3.10.1 & others

mem@1.1.0

Denial of Service in mem

Recommendation: Upgrade to version 4.0.0 or later

via: loopback@2.42.0 & others

swagger-ui@2.0.24

Reverse Tabnapping in swagger-ui

Recommendation: Upgrade to version 3.18.0 or later

via: loopback-explorer@1.8.0

swagger-ui@2.0.24

Recommendation: Upgrade to version 2.2.1 or later

via: loopback-explorer@1.8.0

swagger-ui@2.0.24

Recommendation: Upgrade to version 2.2.1 or later

via: loopback-explorer@1.8.0

swagger-ui@2.0.24

Recommendation: Upgrade to version 2.2.1 or later

via: loopback-explorer@1.8.0

swagger-ui@2.0.24

Cross-Site Scripting in handlebars

Recommendation: Upgrade to version 3.0.13 or later

via: loopback-explorer@1.8.0

handlebars@1.0.12

Recommendation: Upgrade to version 4.0.0 or later

via: loopback-explorer@1.8.0

cookiejar@1.3.1

cookiejar Regular Expression Denial of Service via Cookie.parse function

Recommendation: Upgrade to version 2.1.4 or later

via: loopback-explorer@1.8.0

swagger-ui@2.0.24

Spoofing attack in swagger-ui

Recommendation: Upgrade to version 4.1.3 or later

via: loopback-explorer@1.8.0

swagger-ui@2.0.24

Improper Neutralization of Input During Web Page Generation in swagger-ui

Recommendation: Upgrade to version 2.2.1 or later

via: loopback-explorer@1.8.0

nodemailer@2.7.2

Header injection in nodemailer

Recommendation: Upgrade to version 6.6.1 or later

via: loopback@2.42.0

swagger-ui@2.0.24

Server side request forgery in SwaggerUI

Recommendation: Upgrade to version 4.1.3 or later

via: loopback-explorer@1.8.0

swagger-ui@2.0.24

Vercel ms Inefficient Regular Expression Complexity vulnerability

Recommendation: Upgrade to version 3.20.9 or later

via: loopback-explorer@1.8.0

ms@0.7.1

Recommendation: Upgrade to version 2.0.0 or later

via: loopback-explorer@1.8.0

lodash@3.10.1

Regular Expression Denial of Service (ReDoS) in lodash

Recommendation: Upgrade to version 4.17.21 or later

via: lodash@3.10.1 & others

nodemailer@2.7.2

nodemailer ReDoS when trying to send a specially crafted email

Recommendation: Upgrade to version 6.9.9 or later

via: loopback@2.42.0

minimist@0.0.8

Prototype Pollution in minimist

Recommendation: Upgrade to version 0.2.1 or later

via: loopback-explorer@1.8.0

tough-cookie@2.5.0

tough-cookie Prototype Pollution vulnerability

Recommendation: Upgrade to version 4.1.3 or later

via: loopback@2.42.0 & others

xml2js@0.4.23

xml2js is vulnerable to prototype pollution

Recommendation: Upgrade to version 0.5.0 or later

via: loopback@2.42.0

request@2.88.2

Server-Side Request Forgery in Request

Recommendation: None

via: loopback@2.42.0 & others

express@3.21.2

Express.js Open Redirect in malformed URLs

Recommendation: Upgrade to version 4.19.2 or later

via: loopback-explorer@1.8.0

eyes@0.1.8

Package has no specified source code repository

via: loopback@2.42.0

sprintf@0.1.1

Package has no specified source code repository

via: loopback-explorer@1.8.0

uid2@0.0.3

Package has no specified source code repository

via: loopback@2.42.0

15 low severity issues

low

lodash@3.10.1

Regular Expression Denial of Service in debug

Recommendation: Upgrade to version 4.17.5 or later

via: lodash@3.10.1 & others

debug@1.0.5

Recommendation: Upgrade to version 2.6.9 or later

via: loopback@2.42.0 & others

canonical-json@0.0.4

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: loopback@2.42.0

source-map@0.1.43

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: loopback-explorer@1.8.0

stream-counter@0.2.0

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: loopback-explorer@1.8.0

ycssmin@1.0.1

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: loopback-explorer@1.8.0

btoa@1.1.1

Package uses a license that is not OSI approved ("Apache2")

Recommendation: Read and validate the license terms

via: loopback-explorer@1.8.0

less@1.4.2

Package uses a license that is not OSI approved ("Apache v2")

Recommendation: Read and validate the license terms

via: loopback-explorer@1.8.0

loopback-explorer@1.8.0

Package uses a license that is not OSI approved ("Dual MIT/StrongLoop")

Recommendation: Read and validate the license terms

via: loopback-explorer@1.8.0

optimist@0.3.7

Package uses a license that is not OSI approved ("MIT/X11")

Recommendation: Read and validate the license terms

via: loopback-explorer@1.8.0

spdx-exceptions@2.5.0

Package uses a license that is not OSI approved ("CC-BY-3.0")

Recommendation: Read and validate the license terms

via: strong-npm-ls@1.0.10

spdx-license-ids@3.0.17

Package uses a license that is not OSI approved ("CC0-1.0")

Recommendation: Read and validate the license terms

via: strong-npm-ls@1.0.10

strong-mesh-models@8.1.1

Package uses a license that is not OSI approved ("SEE LICENSE IN LICENSE.md")

Recommendation: Read and validate the license terms

via: strong-mesh-models@8.1.1

swagger-client@2.0.36

Package uses a license that is not OSI approved ("apache 2.0")

Recommendation: Read and validate the license terms

via: loopback-explorer@1.8.0

swagger-ui@2.0.24

Package uses a license that is not OSI approved ("Apache")

Recommendation: Read and validate the license terms

via: loopback-explorer@1.8.0