Skip to content

Node-Forge Update #194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Angello-droid wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Node-Forge Update #194

Angello-droid wants to merge 1 commit into from

Conversation

@Angello-droid
Copy link
Contributor

@Angello-droid Angello-droid commented Jan 16, 2026

The node-forge version has been updated. Tested the card collection service locally, as the package is used for encryption.

@Angello-droid
Node-Forge Update
68c0e74 
Node-Forge Update
@github-actions
Copy link

github-actions bot commented Jan 16, 2026

Logo
Checkmarx One – Scan Summary & Details3aa997dc-b4ca-4303-9b1e-939261e5cdf7

New Issues (6)

Checkmarx found the following issues in this Pull Request

# Severity Issue Source File / Package Checkmarx Insight
1 CRITICAL CVE-2025-7783 Npm-form-data-4.0.2
detailsRecommended version: 4.0.4
Description: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with the pro...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
2 CRITICAL CVE-2025-9288 Npm-sha.js-2.4.11
detailsRecommended version: 2.4.12
Description: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js through 2.4.11.
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
3 HIGH CVE-2025-58754 Npm-axios-1.8.4
detailsRecommended version: 1.12.0
Description: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.12.0 runs on Node.js and is given a URL with the "d...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
4 MEDIUM CVE-2025-64718 Npm-js-yaml-4.1.0
detailsRecommended version: 4.1.1
Description: js-yaml is a JavaScript YAML parser and dumper. In js-yaml versions through 3.14.1 and 4.x through 4.1.0, it's possible for an attacker to modify t...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
5 MEDIUM CVE-2025-64718 Npm-js-yaml-3.14.1
detailsRecommended version: 3.14.2
Description: js-yaml is a JavaScript YAML parser and dumper. In js-yaml versions through 3.14.1 and 4.x through 4.1.0, it's possible for an attacker to modify t...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
6 LOW CVE-2025-5889 Npm-brace-expansion-1.1.11
detailsRecommended version: 1.1.12
Description: A vulnerability was found in juliangruber brace-expansion. It has been rated as problematic. Affected by this issue is the function "expand" of the...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
Policy Management Violations (1)
Policy Name Rule(s) Break Build
Quality Gate - v3 Open Source Vulnerable Package false

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Angello-droid