Skip to content

Update dependency body-parser to ^1.20.6 (main)#25

Open
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/main-body-parser-1.x
Open

Update dependency body-parser to ^1.20.6 (main)#25
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/main-body-parser-1.x

Update dependency body-parser to ^1.20.6

100f88f
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Jul 12, 2026 in 1m 38s

Security Report

You have successfully remediated 5 vulnerabilities, but introduced 6 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2026-41907

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/uuid/package.json

Dependency Hierarchy:

-> nexmo-1.2.1.tgz (Root Library)

   -> ❌ uuid-2.0.3.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.337% Transitive uuid-2.0.3.tgz nexmo-1.2.1.tgz Transitive https://github.com/uuidjs/uuid.git - v11.1.1,https://github.com/uuidjs/uuid.git - v12.0.1,https://github.com/uuidjs/uuid.git - v13.0.1 #⁠18

Unreachable

CVE-2020-36604

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/hoek/package.json

Dependency Hierarchy:

-> nexmo-1.2.1.tgz (Root Library)

   -> jsonwebtoken-7.4.3.tgz

     -> joi-6.10.1.tgz

       -> ❌ hoek-2.16.3.tgz (Vulnerable Library)

High 8.1 Not Defined 0.95% Transitive hoek-2.16.3.tgz nexmo-1.2.1.tgz Transitive @⁠hapi/hoek - 8.5.1,@⁠hapi/hoek - 9.0.3 #⁠18

Unreachable

CVE-2022-23540

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> nexmo-1.2.1.tgz (Root Library)

   -> ❌ jsonwebtoken-7.4.3.tgz (Vulnerable Library)

Medium 6.4 Not Defined 0.532% Transitive jsonwebtoken-7.4.3.tgz nexmo-1.2.1.tgz Transitive 9.0.0 #⁠18

Unreachable

CVE-2022-23539

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> nexmo-1.2.1.tgz (Root Library)

   -> ❌ jsonwebtoken-7.4.3.tgz (Vulnerable Library)

Medium 5.9 Not Defined 0.479% Transitive jsonwebtoken-7.4.3.tgz nexmo-1.2.1.tgz Transitive 9.0.0 #⁠18

Unreachable

CVE-2026-48038

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/joi/package.json

Dependency Hierarchy:

-> nexmo-1.2.1.tgz (Root Library)

   -> jsonwebtoken-7.4.3.tgz

     -> ❌ joi-6.10.1.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.039% Transitive joi-6.10.1.tgz nexmo-1.2.1.tgz Transitive https://github.com/hapijs/joi.git - 17.13.4 #⁠18

Unreachable

CVE-2022-23541

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> nexmo-1.2.1.tgz (Root Library)

   -> ❌ jsonwebtoken-7.4.3.tgz (Vulnerable Library)

Medium 5.0 Not Defined 0.753% Transitive jsonwebtoken-7.4.3.tgz nexmo-1.2.1.tgz Transitive 9.0.0 #⁠18

Unreachable

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2026-4867 path-to-regexp-0.1.12.tgz
CVE-2025-15284 qs-6.13.0.tgz
CVE-2026-2391 qs-6.13.0.tgz
CVE-2026-8723 qs-6.13.0.tgz
CVE-2026-12590 body-parser-1.20.3.tgz

Base branch total remaining vulnerabilities: 5
Base branch commit: null


Total libraries scanned: 83

Scan token: c78a356afb5f4206bb469e915560b1fa