@datagrok/notebooks@1.6.2 — npm dependency audit

1 critical · 3 high · 12 medium · 0 low · 16 total (deduped by advisory)

NPM package @datagrok/notebooks@1.6.2 — production dependency tree audited with npm audit.

AdvisorySeverityDependency InstalledVulnerable rangeFixed byCVSSDescription
GHSA-hgjh-723h-mx2jCRITICALurl-parse1.4.7<1.5.8@jupyterlab/coreutils@6.6.19.1Authorization Bypass Through User-Controlled Key in url-parse
GHSA-5v2h-r2cx-5xgjHIGHmarked0.8.2<4.0.10@jupyterlab/rendermime@4.6.17.5Inefficient Regular Expression Complexity in marked
GHSA-cgfm-xwp7-2cvrHIGHsanitize-html1.20.1<2.7.1@jupyterlab/apputils@4.7.17.5Sanitize-html Vulnerable To REDoS Attacks
GHSA-rrrm-qjm4-v8hfHIGHmarked0.8.2<4.0.10@jupyterlab/rendermime@4.6.17.5Inefficient Regular Expression Complexity in marked
GHSA-4gw3-8f77-f72cMEDIUMcodemirror5.53.2<5.58.2@jupyterlab/documentsearch@4.6.15.3Regular expression denial of service in codemirror
GHSA-7fh5-64p2-3v2jMEDIUMpostcss7.0.39<8.4.31@jupyterlab/apputils@4.7.15.3PostCSS line return parsing error
GHSA-8v38-pw62-9cw2MEDIUMurl-parse1.4.7>=1.0.0 <1.5.7@jupyterlab/coreutils@6.6.16.5url-parse Incorrectly parses URLs that include an '@'
GHSA-9m6j-fcg5-2442MEDIUMurl-parse1.4.7>=0.1.0 <1.5.0@jupyterlab/coreutils@6.6.15.3Path traversal in url-parse
GHSA-hh27-ffr2-f2jcMEDIUMurl-parse1.4.7>=0.1.0 <1.5.2@jupyterlab/coreutils@6.6.16.1Open redirect in url-parse
GHSA-jf5r-8hm2-f872MEDIUMurl-parse1.4.7>=0.1.0 <1.5.9@jupyterlab/coreutils@6.6.16.5url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
GHSA-mjxr-4v3x-q3m4MEDIUMsanitize-html1.20.1<2.3.2@jupyterlab/apputils@4.7.15.3Improper Input Validation in sanitize-html
GHSA-qhxp-v273-g94hMEDIUMsanitize-html1.20.1<2.0.0-beta@jupyterlab/apputils@4.7.16.1sanitize-html is vulnerable to XSS through incomprehensive sanitization
GHSA-qx2v-qp2m-jg93MEDIUMpostcss7.0.39<8.5.10@jupyterlab/apputils@4.7.16.1PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
GHSA-rjqq-98f6-6j3rMEDIUMsanitize-html1.20.1<2.3.1@jupyterlab/apputils@4.7.15.3Improper Input Validation in sanitize-html
GHSA-rm97-x556-q36hMEDIUMsanitize-html1.20.1<2.12.1@jupyterlab/apputils@4.7.15.3sanitize-html Information Exposure vulnerability
GHSA-rqff-837h-mm52MEDIUMurl-parse1.4.7>=0.1.0 <1.5.6@jupyterlab/coreutils@6.6.15.3Authorization bypass in url-parse