Update dependency express to ^4.22.2 (main)#24
Security Report
You have successfully remediated 4 vulnerabilities, but introduced 6 new vulnerabilities in this branch.
❌ New vulnerabilities:
| Vulnerability | Severity | Exploit Maturity | EPSS | Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability | |
|---|---|---|---|---|---|---|---|---|---|
CVE-2026-41907Path to dependency file: /package.json Path to vulnerable library: /node_modules/uuid/package.json Dependency Hierarchy: -> nexmo-1.2.1.tgz (Root Library) -> ❌ uuid-2.0.3.tgz (Vulnerable Library) |
9.8 | Not Defined | 0.311% | Transitive uuid-2.0.3.tgz |
nexmo-1.2.1.tgz | Transitive https://github.com/uuidjs/uuid.git - v11.1.1,https://github.com/uuidjs/uuid.git - v12.0.1,https://github.com/uuidjs/uuid.git - v13.0.1 |
#18 | ||
CVE-2020-36604Path to dependency file: /package.json Path to vulnerable library: /node_modules/hoek/package.json Dependency Hierarchy: -> nexmo-1.2.1.tgz (Root Library) -> jsonwebtoken-7.4.3.tgz -> joi-6.10.1.tgz -> ❌ hoek-2.16.3.tgz (Vulnerable Library) |
8.1 | Not Defined | 0.925% | Transitive hoek-2.16.3.tgz |
nexmo-1.2.1.tgz | Transitive @hapi/hoek - 8.5.1,@hapi/hoek - 9.0.3 |
#18 | ||
CVE-2022-23540Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> nexmo-1.2.1.tgz (Root Library) -> ❌ jsonwebtoken-7.4.3.tgz (Vulnerable Library) |
6.4 | Not Defined | 0.532% | Transitive jsonwebtoken-7.4.3.tgz |
nexmo-1.2.1.tgz | Transitive 9.0.0 |
#18 | ||
CVE-2022-23539Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> nexmo-1.2.1.tgz (Root Library) -> ❌ jsonwebtoken-7.4.3.tgz (Vulnerable Library) |
5.9 | Not Defined | 0.479% | Transitive jsonwebtoken-7.4.3.tgz |
nexmo-1.2.1.tgz | Transitive 9.0.0 |
#18 | ||
CVE-2026-48038Path to dependency file: /package.json Path to vulnerable library: /node_modules/joi/package.json Dependency Hierarchy: -> nexmo-1.2.1.tgz (Root Library) -> jsonwebtoken-7.4.3.tgz -> ❌ joi-6.10.1.tgz (Vulnerable Library) |
5.3 | Not Defined | 0.039% | Transitive joi-6.10.1.tgz |
nexmo-1.2.1.tgz | Transitive https://github.com/hapijs/joi.git - 17.13.4 |
#18 | ||
CVE-2022-23541Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonwebtoken/package.json Dependency Hierarchy: -> nexmo-1.2.1.tgz (Root Library) -> ❌ jsonwebtoken-7.4.3.tgz (Vulnerable Library) |
5.0 | Not Defined | 0.753% | Transitive jsonwebtoken-7.4.3.tgz |
nexmo-1.2.1.tgz | Transitive 9.0.0 |
#18 |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2026-4867 | path-to-regexp-0.1.12.tgz |
| CVE-2025-15284 | qs-6.13.0.tgz |
| CVE-2026-2391 | qs-6.13.0.tgz |
| CVE-2026-8723 | qs-6.13.0.tgz |
Base branch total remaining vulnerabilities: 4
Base branch commit: null
Total libraries scanned: 83
Scan token: 2e2e1dc627af41eba4f89d64340f3f27