Skip to content

Update dependency express to ^4.22.2 (main)#24

Open
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/main-express-4.x
Open

Update dependency express to ^4.22.2 (main)#24
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/main-express-4.x

Update dependency express to ^4.22.2

e9baa05
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Jun 22, 2026 in 1m 33s

Security Report

You have successfully remediated 4 vulnerabilities, but introduced 6 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2026-41907

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/uuid/package.json

Dependency Hierarchy:

-> nexmo-1.2.1.tgz (Root Library)

   -> ❌ uuid-2.0.3.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.311% Transitive uuid-2.0.3.tgz nexmo-1.2.1.tgz Transitive https://github.com/uuidjs/uuid.git - v11.1.1,https://github.com/uuidjs/uuid.git - v12.0.1,https://github.com/uuidjs/uuid.git - v13.0.1 #⁠18

Unreachable

CVE-2020-36604

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/hoek/package.json

Dependency Hierarchy:

-> nexmo-1.2.1.tgz (Root Library)

   -> jsonwebtoken-7.4.3.tgz

     -> joi-6.10.1.tgz

       -> ❌ hoek-2.16.3.tgz (Vulnerable Library)

High 8.1 Not Defined 0.925% Transitive hoek-2.16.3.tgz nexmo-1.2.1.tgz Transitive @⁠hapi/hoek - 8.5.1,@⁠hapi/hoek - 9.0.3 #⁠18

Unreachable

CVE-2022-23540

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> nexmo-1.2.1.tgz (Root Library)

   -> ❌ jsonwebtoken-7.4.3.tgz (Vulnerable Library)

Medium 6.4 Not Defined 0.532% Transitive jsonwebtoken-7.4.3.tgz nexmo-1.2.1.tgz Transitive 9.0.0 #⁠18

Unreachable

CVE-2022-23539

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> nexmo-1.2.1.tgz (Root Library)

   -> ❌ jsonwebtoken-7.4.3.tgz (Vulnerable Library)

Medium 5.9 Not Defined 0.479% Transitive jsonwebtoken-7.4.3.tgz nexmo-1.2.1.tgz Transitive 9.0.0 #⁠18

Unreachable

CVE-2026-48038

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/joi/package.json

Dependency Hierarchy:

-> nexmo-1.2.1.tgz (Root Library)

   -> jsonwebtoken-7.4.3.tgz

     -> ❌ joi-6.10.1.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.039% Transitive joi-6.10.1.tgz nexmo-1.2.1.tgz Transitive https://github.com/hapijs/joi.git - 17.13.4 #⁠18

Unreachable

CVE-2022-23541

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> nexmo-1.2.1.tgz (Root Library)

   -> ❌ jsonwebtoken-7.4.3.tgz (Vulnerable Library)

Medium 5.0 Not Defined 0.753% Transitive jsonwebtoken-7.4.3.tgz nexmo-1.2.1.tgz Transitive 9.0.0 #⁠18

Unreachable

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2026-4867 path-to-regexp-0.1.12.tgz
CVE-2025-15284 qs-6.13.0.tgz
CVE-2026-2391 qs-6.13.0.tgz
CVE-2026-8723 qs-6.13.0.tgz

Base branch total remaining vulnerabilities: 4
Base branch commit: null


Total libraries scanned: 83

Scan token: 2e2e1dc627af41eba4f89d64340f3f27