1 critical · 3 high · 12 medium · 0 low · 16 total (deduped by advisory)
NPM package @datagrok/notebooks@1.6.2 — production dependency tree audited with npm audit.
| Advisory | Severity | Dependency | Installed | Vulnerable range | Fixed by | CVSS | Description |
|---|---|---|---|---|---|---|---|
| GHSA-hgjh-723h-mx2j | CRITICAL | url-parse | 1.4.7 | <1.5.8 | @jupyterlab/coreutils@6.6.1 | 9.1 | Authorization Bypass Through User-Controlled Key in url-parse |
| GHSA-5v2h-r2cx-5xgj | HIGH | marked | 0.8.2 | <4.0.10 | @jupyterlab/rendermime@4.6.1 | 7.5 | Inefficient Regular Expression Complexity in marked |
| GHSA-cgfm-xwp7-2cvr | HIGH | sanitize-html | 1.20.1 | <2.7.1 | @jupyterlab/apputils@4.7.1 | 7.5 | Sanitize-html Vulnerable To REDoS Attacks |
| GHSA-rrrm-qjm4-v8hf | HIGH | marked | 0.8.2 | <4.0.10 | @jupyterlab/rendermime@4.6.1 | 7.5 | Inefficient Regular Expression Complexity in marked |
| GHSA-4gw3-8f77-f72c | MEDIUM | codemirror | 5.53.2 | <5.58.2 | @jupyterlab/documentsearch@4.6.1 | 5.3 | Regular expression denial of service in codemirror |
| GHSA-7fh5-64p2-3v2j | MEDIUM | postcss | 7.0.39 | <8.4.31 | @jupyterlab/apputils@4.7.1 | 5.3 | PostCSS line return parsing error |
| GHSA-8v38-pw62-9cw2 | MEDIUM | url-parse | 1.4.7 | >=1.0.0 <1.5.7 | @jupyterlab/coreutils@6.6.1 | 6.5 | url-parse Incorrectly parses URLs that include an '@' |
| GHSA-9m6j-fcg5-2442 | MEDIUM | url-parse | 1.4.7 | >=0.1.0 <1.5.0 | @jupyterlab/coreutils@6.6.1 | 5.3 | Path traversal in url-parse |
| GHSA-hh27-ffr2-f2jc | MEDIUM | url-parse | 1.4.7 | >=0.1.0 <1.5.2 | @jupyterlab/coreutils@6.6.1 | 6.1 | Open redirect in url-parse |
| GHSA-jf5r-8hm2-f872 | MEDIUM | url-parse | 1.4.7 | >=0.1.0 <1.5.9 | @jupyterlab/coreutils@6.6.1 | 6.5 | url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. |
| GHSA-mjxr-4v3x-q3m4 | MEDIUM | sanitize-html | 1.20.1 | <2.3.2 | @jupyterlab/apputils@4.7.1 | 5.3 | Improper Input Validation in sanitize-html |
| GHSA-qhxp-v273-g94h | MEDIUM | sanitize-html | 1.20.1 | <2.0.0-beta | @jupyterlab/apputils@4.7.1 | 6.1 | sanitize-html is vulnerable to XSS through incomprehensive sanitization |
| GHSA-qx2v-qp2m-jg93 | MEDIUM | postcss | 7.0.39 | <8.5.10 | @jupyterlab/apputils@4.7.1 | 6.1 | PostCSS has XSS via Unescaped </style> in its CSS Stringify Output |
| GHSA-rjqq-98f6-6j3r | MEDIUM | sanitize-html | 1.20.1 | <2.3.1 | @jupyterlab/apputils@4.7.1 | 5.3 | Improper Input Validation in sanitize-html |
| GHSA-rm97-x556-q36h | MEDIUM | sanitize-html | 1.20.1 | <2.12.1 | @jupyterlab/apputils@4.7.1 | 5.3 | sanitize-html Information Exposure vulnerability |
| GHSA-rqff-837h-mm52 | MEDIUM | url-parse | 1.4.7 | >=0.1.0 <1.5.6 | @jupyterlab/coreutils@6.6.1 | 5.3 | Authorization bypass in url-parse |