chore(deps): update dependency express to v4.21.1 #3
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue |
|---|---|---|---|---|---|---|
CVE-941441-362681Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-scripts-1.0.10.tgz (Root Library) -> fsevents-1.1.2.tgz -> node-pre-gyp-0.6.36.tgz -> tar-pack-3.4.0.tgz -> ❌ once-1.4.0.tgz (Vulnerable Library) |
 Critical |
9.8 | Transitive once-1.4.0.tgz |
react-scripts-1.0.10.tgz | #10 | |
CVE-616547-419802Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.21.1.tgz (Root Library) -> ❌ parseurl-1.3.3.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive parseurl-1.3.3.tgz |
express-4.21.1.tgz | None | |
CVE-398484-724968Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.21.1.tgz (Root Library) -> send-0.19.0.tgz -> ❌ ms-2.1.3.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive ms-2.1.3.tgz |
express-4.21.1.tgz | None | |
CVE-289561-266276Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.21.1.tgz (Root Library) -> http-errors-2.0.0.tgz -> ❌ inherits-2.0.4.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive inherits-2.0.4.tgz |
express-4.21.1.tgz | None | |
CVE-214679-86261Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-scripts-1.0.10.tgz (Root Library) -> babel-core-6.25.0.tgz -> babel-register-6.24.1.tgz -> home-or-tmp-2.0.0.tgz -> ❌ os-tmpdir-1.0.2.tgz (Vulnerable Library) |
Critical |
9.8 | Transitive os-tmpdir-1.0.2.tgz |
react-scripts-1.0.10.tgz | #10 | |
CVE-2026-4867Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.21.1.tgz (Root Library) -> ❌ path-to-regexp-0.1.10.tgz (Vulnerable Library) |
 High |
7.5 | Transitive path-to-regexp-0.1.10.tgz |
express-4.21.1.tgz | Transitive Upgrade to version path-to-regexp - 0.1.13 or greater |
None |
CVE-2026-29063Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ immutable-3.8.1.tgz (Vulnerable Library) |
High |
7.5 | Direct immutable-3.8.1.tgz |
immutable-3.8.1.tgz | 3.8.3 | None |
CVE-2024-52798Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.21.1.tgz (Root Library) -> ❌ path-to-regexp-0.1.10.tgz (Vulnerable Library) |
High |
7.5 | Transitive path-to-regexp-0.1.10.tgz |
express-4.21.1.tgz | Transitive path-to-regexp - 0.1.12 |
None |
CVE-2025-13466Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.21.1.tgz (Root Library) -> ❌ body-parser-1.20.3.tgz (Vulnerable Library) |
 Medium |
5.8 | Transitive body-parser-1.20.3.tgz |
express-4.21.1.tgz | Transitive body-parser - 2.2.1 |
None |
CVE-2026-6402Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-scripts-1.0.10.tgz (Root Library) -> ❌ webpack-dev-server-2.5.0.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive webpack-dev-server-2.5.0.tgz |
react-scripts-1.0.10.tgz | Transitive Upgrade to version webpack-dev-server - 5.2.4 or greater |
#10 |
CVE-2025-32997Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-scripts-1.0.10.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> ❌ http-proxy-middleware-0.17.4.tgz (Vulnerable Library) |
Medium |
4.0 | Transitive http-proxy-middleware-0.17.4.tgz |
react-scripts-1.0.10.tgz | Transitive 2.0.9 |
#10 |
CVE-2025-32996Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-scripts-1.0.10.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> ❌ http-proxy-middleware-0.17.4.tgz (Vulnerable Library) |
Medium |
4.0 | Transitive http-proxy-middleware-0.17.4.tgz |
react-scripts-1.0.10.tgz | Transitive 2.0.8 |
#10 |
CVE-2026-2391Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.21.1.tgz (Root Library) -> ❌ qs-6.13.0.tgz (Vulnerable Library) |
 Low |
3.7 | Transitive qs-6.13.0.tgz |
express-4.21.1.tgz | Transitive 6.14.2 |
None |
CVE-2025-15284Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-4.21.1.tgz (Root Library) -> ❌ qs-6.13.0.tgz (Vulnerable Library) |
Low |
3.7 | Transitive qs-6.13.0.tgz |
express-4.21.1.tgz | Transitive qs - 6.14.1 |
None |
CVE-2025-59437Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-scripts-1.0.10.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> bonjour-3.5.0.tgz -> multicast-dns-6.1.1.tgz -> dns-packet-1.1.1.tgz -> ❌ ip-1.1.5.tgz (Vulnerable Library) |
Low |
3.2 | Transitive ip-1.1.5.tgz |
react-scripts-1.0.10.tgz | Transitive ip - no_fix |
#10 |
CVE-2025-59436Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-scripts-1.0.10.tgz (Root Library) -> webpack-dev-server-2.5.0.tgz -> bonjour-3.5.0.tgz -> multicast-dns-6.1.1.tgz -> dns-packet-1.1.1.tgz -> ❌ ip-1.1.5.tgz (Vulnerable Library) |
Low |
3.2 | Transitive ip-1.1.5.tgz |
react-scripts-1.0.10.tgz | Transitive ip - no_fix |
#10 |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| WS-2019-0427 | elliptic-6.4.0.tgz |
| WS-2019-0424 | elliptic-6.4.0.tgz |
| WS-2018-0347 | eslint-3.19.0.tgz |
| CVE-2017-16119 | fresh-0.5.0.tgz |
| CVE-2021-37701 | tar-2.2.1.tgz |
| CVE-2017-16028 | randomatic-1.1.7.tgz |
Base branch total remaining vulnerabilities: 230
Base branch commit: null
Total libraries scanned: 1093
Scan token: 680feae0bd4b4becbfa08e06783c971f