{
  "retire-example": {
    "vulnerabilities": [
      {
        "below": "0.0.2",
        "severity": "low",
        "cwe": ["CWE-477"],
        "identifiers": {
          "CVE": ["CVE-XXXX-XXXX"],
          "bug": "1234",
          "summary": "bug summary"
        },
        "info": ["http://github.com/eoftedal/retire.js/"]
      }
    ],
    "extractors": {
      "func": ["retire.VERSION"],
      "filename": ["retire-example-(§§version§§)(.min)?\\.js"],
      "filecontent": ["/\\*!? Retire-example v(§§version§§)"],
      "hashes": { "07f8b94c8d601a24a1914a1a92bec0e4fafda964": "0.0.1" }
    }
  },
  "jquery": {
    "bowername": ["jQuery"],
    "npmname": "jquery",
    "vulnerabilities": [
      {
        "below": "1.6.3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2011-4969"],
          "summary": "XSS with location.hash",
          "githubID": "GHSA-579v-mp3v-rrw5"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2011-4969",
          "http://research.insecurelabs.org/jquery/test/",
          "https://bugs.jquery.com/ticket/9521"
        ]
      },
      {
        "below": "1.9.0b1",
        "cwe": ["CWE-64", "CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2012-6708"],
          "bug": "11290",
          "summary": "Selector interpreted as HTML",
          "githubID": "GHSA-2pqj-h3vj-pqgw"
        },
        "severity": "medium",
        "info": [
          "http://bugs.jquery.com/ticket/11290",
          "https://nvd.nist.gov/vuln/detail/CVE-2012-6708",
          "http://research.insecurelabs.org/jquery/test/"
        ]
      },
      {
        "below": "1.9.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2020-7656"],
          "summary": "Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.\n\n\n## Recommendation\n\nUpgrade to version 1.9.0 or later.",
          "githubID": "GHSA-q4m3-2j7h-f7xw"
        },
        "severity": "medium",
        "info": [
          "https://github.com/advisories/GHSA-q4m3-2j7h-f7xw",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
        ]
      },
      {
        "atOrAbove": "1.4.0",
        "below": "1.12.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "2432",
          "summary": "3rd party CORS request may execute",
          "CVE": ["CVE-2015-9251"],
          "githubID": "GHSA-rmxg-73gg-4p98"
        },
        "severity": "medium",
        "info": [
          "https://github.com/jquery/jquery/issues/2432",
          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
          "http://research.insecurelabs.org/jquery/test/"
        ]
      },
      {
        "atOrAbove": "1.12.3",
        "below": "3.0.0-beta1",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "2432",
          "summary": "3rd party CORS request may execute",
          "CVE": ["CVE-2015-9251"],
          "githubID": "GHSA-rmxg-73gg-4p98"
        },
        "severity": "medium",
        "info": [
          "https://github.com/jquery/jquery/issues/2432",
          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
          "http://research.insecurelabs.org/jquery/test/"
        ]
      },
      {
        "atOrAbove": "1.8.0",
        "below": "1.12.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2015-9251"],
          "issue": "11974",
          "summary": "parseHTML() executes scripts in event handlers",
          "githubID": "GHSA-rmxg-73gg-4p98"
        },
        "severity": "medium",
        "info": [
          "https://bugs.jquery.com/ticket/11974",
          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
          "http://research.insecurelabs.org/jquery/test/"
        ]
      },
      {
        "atOrAbove": "1.12.2",
        "below": "2.2.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2015-9251"],
          "issue": "11974",
          "summary": "parseHTML() executes scripts in event handlers",
          "githubID": "GHSA-rmxg-73gg-4p98"
        },
        "severity": "medium",
        "info": [
          "https://bugs.jquery.com/ticket/11974",
          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
          "http://research.insecurelabs.org/jquery/test/"
        ]
      },
      {
        "atOrAbove": "2.2.2",
        "below": "3.0.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2015-9251"],
          "issue": "11974",
          "summary": "parseHTML() executes scripts in event handlers",
          "githubID": "GHSA-rmxg-73gg-4p98"
        },
        "severity": "medium",
        "info": [
          "https://bugs.jquery.com/ticket/11974",
          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251",
          "http://research.insecurelabs.org/jquery/test/"
        ]
      },
      {
        "atOrAbove": "3.0.0-rc.1",
        "below": "3.0.0",
        "cwe": ["CWE-400"],
        "identifiers": {
          "CVE": ["CVE-2016-10707"],
          "summary": "Denial of Service in jquery",
          "githubID": "GHSA-mhpp-875w-9cpv"
        },
        "severity": "high",
        "info": ["https://nvd.nist.gov/vuln/detail/CVE-2016-10707"]
      },
      {
        "atOrAbove": "1.1.4",
        "below": "3.4.0",
        "cwe": ["CWE-1321", "CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2019-11358"],
          "PR": "4333",
          "summary": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution",
          "githubID": "GHSA-6c3j-c64m-qhgq"
        },
        "severity": "medium",
        "info": [
          "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
          "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
          "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
        ]
      },
      {
        "below": "3.5.0",
        "atOrAbove": "1.2.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2020-11022"],
          "issue": "4642",
          "summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS",
          "githubID": "GHSA-gxr4-xjj5-5px2"
        },
        "severity": "medium",
        "info": ["https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"]
      },
      {
        "below": "3.5.0",
        "atOrAbove": "1.0.3",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2020-11023", "CVE-2020-23064"],
          "issue": "4647",
          "summary": "passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.",
          "githubID": "GHSA-jpcq-cgw6-v4j6"
        },
        "severity": "medium",
        "info": ["https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"]
      },
      {
        "below": "2.999.999",
        "cwe": ["CWE-1104"],
        "identifiers": {
          "retid": "73",
          "summary": "jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates"
        },
        "severity": "low",
        "info": ["https://github.com/jquery/jquery.com/issues/162"]
      }
    ],
    "extractors": {
      "func": [
        "(window.jQuery || window.$ || window.$jq || window.$j).fn.jquery",
        "require('jquery').fn.jquery"
      ],
      "uri": ["/(§§version§§)/jquery(\\.min)?\\.js"],
      "filename": ["jquery-(§§version§§)(\\.min)?\\.js"],
      "filecontent": [
        "/\\*!? jQuery v(§§version§§)",
        "\\* jQuery JavaScript Library v(§§version§§)",
        "\\* jQuery (§§version§§) - New Wave Javascript",
        "// \\$Id: jquery.js,v (§§version§§)",
        "/\\*! jQuery v(§§version§§)",
        "[^a-z]f=\"(§§version§§)\",.*[^a-z]jquery:f,",
        "[^a-z]m=\"(§§version§§)\",.*[^a-z]jquery:m,",
        "[^a-z.]jquery:[ ]?\"(§§version§§)\"",
        "\\$\\.documentElement,Q=e.jQuery,Z=e\\.\\$,ee=\\{\\},te=\\[\\],ne=\"(§§version§§)\""
      ],
      "filecontentreplace": [
        "/var [a-z]=[a-z]\\.document,([a-z])=\"(§§version§§)\",([a-z])=.{130,160};\\3\\.fn=\\3\\.prototype=\\{jquery:\\1/$2/"
      ],
      "hashes": {}
    }
  },
  "jquery-migrate": {
    "vulnerabilities": [
      {
        "below": "1.2.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "36",
          "release": "jQuery Migrate 1.2.0 Released",
          "summary": "cross-site-scripting"
        },
        "info": [
          "http://blog.jquery.com/2013/05/01/jquery-migrate-1-2-0-released/",
          "https://github.com/jquery/jquery-migrate/issues/36"
        ]
      },
      {
        "below": "1.2.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "bug": "11290",
          "summary": "Selector interpreted as HTML"
        },
        "info": [
          "http://bugs.jquery.com/ticket/11290",
          "http://research.insecurelabs.org/jquery/test/"
        ]
      }
    ],
    "extractors": {
      "filename": ["jquery-migrate-(§§version§§)(.min)?\\.js"],
      "filecontent": [
        "/\\*!?(?:\n \\*)? jQuery Migrate(?: -)? v(§§version§§)",
        "\\.migrateVersion ?= ?\"(§§version§§)\"[\\s\\S]{10,150}(migrateDisablePatches|migrateWarnings|JQMIGRATE)",
        "jQuery\\.migrateVersion ?= ?\"(§§version§§)\""
      ],
      "hashes": {}
    }
  },
  "jquery-validation": {
    "bowername": ["jquery-validation"],
    "vulnerabilities": [
      {
        "below": "1.19.5",
        "severity": "high",
        "cwe": ["CWE-1333"],
        "identifiers": {
          "CVE": ["CVE-2022-31147"],
          "summary": "ReDoS vulnerability in url and URL2 validation",
          "githubID": "GHSA-ffmh-x56j-9rc3"
        },
        "info": [
          "https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd",
          "https://github.com/advisories/GHSA-ffmh-x56j-9rc3"
        ]
      },
      {
        "below": "1.19.4",
        "severity": "low",
        "cwe": ["CWE-1333"],
        "identifiers": {
          "CVE": ["CVE-2021-43306"],
          "issue": "2428",
          "summary": "ReDoS vulnerability in URL2 validation",
          "githubID": "GHSA-j9m2-h2pv-wvph"
        },
        "info": [
          "https://github.com/jquery-validation/jquery-validation/blob/master/changelog.md#1194--2022-05-19"
        ]
      },
      {
        "below": "1.19.3",
        "severity": "high",
        "cwe": ["CWE-400"],
        "identifiers": {
          "CVE": ["CVE-2021-21252"],
          "summary": "Regular Expression Denial of Service vulnerability",
          "githubID": "GHSA-jxwx-85vp-gvwm"
        },
        "info": [
          "https://github.com/jquery-validation/jquery-validation/blob/master/changelog.md#1193--2021-01-09"
        ]
      }
    ],
    "extractors": {
      "func": ["jQuery.validation.version"],
      "filename": ["jquery.validat(?:ion|e)-(§§version§§)(.min)?\\.js"],
      "uri": [
        "/(§§version§§)/jquery.validat(ion|e)(\\.min)?\\.js",
        "/jquery-validation@(§§version§§)/dist/.*\\.js"
      ],
      "filecontent": [
        "/\\*!?(?:\n \\*)?[\\s]*jQuery Validation Plugin -? ?v(§§version§§)",
        "Original file: /npm/jquery-validation@(§§version§§)/dist/jquery.validate.js"
      ],
      "hashes": {}
    }
  },
  "jquery-mobile": {
    "bowername": [
      "jquery-mobile",
      "jquery-mobile-min",
      "jquery-mobile-build",
      "jquery-mobile-dist",
      "jquery-mobile-bower"
    ],
    "vulnerabilities": [
      {
        "below": "1.0RC2",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "osvdb": ["94563", "93562", "94316", "94561", "94560"]
        },
        "info": [
          "http://osvdb.org/show/osvdb/94563",
          "http://osvdb.org/show/osvdb/94562",
          "http://osvdb.org/show/osvdb/94316",
          "http://osvdb.org/show/osvdb/94561",
          "http://osvdb.org/show/osvdb/94560"
        ]
      },
      {
        "below": "1.0.1",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": { "osvdb": ["94317"] },
        "info": ["http://osvdb.org/show/osvdb/94317"]
      },
      {
        "below": "1.1.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "4787",
          "release": "http://jquerymobile.com/changelog/1.1.2/",
          "summary": "location.href cross-site scripting"
        },
        "info": [
          "http://jquerymobile.com/changelog/1.1.2/",
          "https://github.com/jquery/jquery-mobile/issues/4787"
        ]
      },
      {
        "below": "1.2.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "4787",
          "release": "http://jquerymobile.com/changelog/1.2.0/",
          "summary": "location.href cross-site scripting"
        },
        "info": [
          "http://jquerymobile.com/changelog/1.2.0/",
          "https://github.com/jquery/jquery-mobile/issues/4787"
        ]
      },
      {
        "below": "100.0.0",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "blog": "sirdarckcat/unpatched-0day-jquery-mobile-xss",
          "summary": "open redirect leads to cross site scripting",
          "githubID": "GHSA-fj93-7wm4-8x2g"
        },
        "info": [
          "http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html",
          "https://github.com/jquery/jquery-mobile/issues/8640",
          "https://snyk.io/vuln/SNYK-JS-JQUERYMOBILE-174599"
        ]
      },
      {
        "below": "1.3.0",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "gist": "jupenur/e5d0c6f9b58aa81860bf74e010cf1685",
          "summary": "Endpoint that reflect user input leads to cross site scripting"
        },
        "info": [
          "https://gist.github.com/jupenur/e5d0c6f9b58aa81860bf74e010cf1685"
        ]
      }
    ],
    "extractors": {
      "func": ["jQuery.mobile.version"],
      "filename": ["jquery.mobile-(§§version§§)(.min)?\\.js"],
      "uri": ["/(§§version§§)/jquery.mobile(\\.min)?\\.js"],
      "filecontent": ["/\\*!?(?:\n \\*)? jQuery Mobile(?: -)? v(§§version§§)"],
      "hashes": {}
    }
  },
  "jquery-ui": {
    "bowername": ["jquery-ui", "jquery.ui"],
    "npmname": "jquery-ui",
    "vulnerabilities": [
      {
        "below": "1.13.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS when refreshing checkboxes if usercontrolled data in labels",
          "issue": "2101",
          "CVE": ["CVE-2022-31160"],
          "githubID": "GHSA-h6gj-6jjq-h8g9"
        },
        "info": [
          "https://github.com/jquery/jquery-ui/issues/2101",
          "https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9",
          "https://github.com/advisories/GHSA-h6gj-6jjq-h8g9",
          "https://nvd.nist.gov/vuln/detail/CVE-2022-31160"
        ]
      },
      {
        "below": "1.13.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2021-41184"],
          "summary": "XSS in the `of` option of the `.position()` util",
          "githubID": "GHSA-gpqq-952q-5327"
        },
        "info": [
          "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-41184"
        ]
      },
      {
        "below": "1.13.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2021-41183"],
          "bug": "15284",
          "summary": "XSS Vulnerability on text options of jQuery UI datepicker",
          "githubID": "GHSA-j7qv-pgf6-hvh4"
        },
        "info": [
          "https://bugs.jqueryui.com/ticket/15284",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-41183"
        ]
      },
      {
        "below": "1.13.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2021-41182"],
          "summary": "XSS in the `altField` option of the Datepicker widget",
          "githubID": "GHSA-9gj3-hwp5-pmwc"
        },
        "info": [
          "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-41182"
        ]
      },
      {
        "below": "1.13.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2022-31160"],
          "summary": "XSS when refreshing a checkboxradio with an HTML-like initial text label ",
          "githubID": "GHSA-h6gj-6jjq-h8g9"
        },
        "info": [
          "https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9",
          "https://nvd.nist.gov/vuln/detail/CVE-2022-31160"
        ]
      }
    ],
    "extractors": {
      "func": ["jQuery.ui.version"],
      "uri": ["/(§§version§§)/jquery-ui(\\.min)?\\.js"],
      "filecontent": [
        "/\\*!? jQuery UI - v(§§version§§)",
        "/\\*!?[\n *]+jQuery UI (§§version§§)"
      ],
      "hashes": {}
    }
  },
  "jquery-ui-dialog": {
    "bowername": ["jquery-ui", "jquery.ui"],
    "npmname": "jquery-ui",
    "vulnerabilities": [
      {
        "atOrAbove": "1.7.0",
        "below": "1.10.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2010-5312"],
          "bug": "6016",
          "summary": "Title cross-site scripting vulnerability",
          "githubID": "GHSA-wcm2-9c89-wmfm"
        },
        "info": [
          "http://bugs.jqueryui.com/ticket/6016",
          "https://nvd.nist.gov/vuln/detail/CVE-2010-5312"
        ]
      },
      {
        "below": "1.12.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2016-7103"],
          "bug": "281",
          "summary": "XSS Vulnerability on closeText option",
          "githubID": "GHSA-hpcf-8vf9-q4gj"
        },
        "info": [
          "https://github.com/jquery/api.jqueryui.com/issues/281",
          "https://nvd.nist.gov/vuln/detail/CVE-2016-7103",
          "https://snyk.io/vuln/npm:jquery-ui:20160721"
        ]
      }
    ],
    "extractors": {
      "func": ["jQuery.ui.dialog.version"],
      "filecontent": [
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.dialog\\.js",
        "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.dialog",
        "/\\*!?[\n *]+jQuery UI Dialog (§§version§§)",
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}\\* Includes: .* dialog\\.js"
      ],
      "hashes": {}
    }
  },
  "jquery-ui-autocomplete": {
    "bowername": ["jquery-ui", "jquery.ui"],
    "npmname": "jquery-ui",
    "vulnerabilities": [],
    "extractors": {
      "func": ["jQuery.ui.autocomplete.version"],
      "filecontent": [
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.autocomplete\\.js",
        "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.autocomplete",
        "/\\*!?[\n *]+jQuery UI Autocomplete (§§version§§)",
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}\\* Includes: .* autocomplete\\.js"
      ],
      "hashes": {}
    }
  },
  "jquery-ui-tooltip": {
    "bowername": ["jquery-ui", "jquery.ui"],
    "npmname": "jquery-ui",
    "vulnerabilities": [
      {
        "atOrAbove": "1.9.2",
        "below": "1.10.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2012-6662"],
          "bug": "8859",
          "summary": "Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip",
          "githubID": "GHSA-qqxp-xp9v-vvx6"
        },
        "info": [
          "http://bugs.jqueryui.com/ticket/8859",
          "https://nvd.nist.gov/vuln/detail/CVE-2012-6662"
        ]
      }
    ],
    "extractors": {
      "func": ["jQuery.ui.tooltip.version"],
      "filecontent": [
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.tooltip\\.js",
        "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.tooltip",
        "/\\*!?[\n *]+jQuery UI Tooltip (§§version§§)"
      ],
      "hashes": {}
    }
  },
  "jquery.prettyPhoto": {
    "bowername": ["jquery-prettyPhoto"],
    "basePurl": "pkg:github/scaron/prettyphoto",
    "vulnerabilities": [
      {
        "below": "3.1.5",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2013-6837"] },
        "info": ["https://nvd.nist.gov/vuln/detail/CVE-2013-6837"]
      },
      {
        "below": "3.1.6",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": { "issue": "149" },
        "info": [
          "https://github.com/scaron/prettyphoto/issues/149",
          "https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto"
        ]
      }
    ],
    "extractors": {
      "func": ["jQuery.prettyPhoto.version"],
      "uri": [
        "/prettyPhoto/(§§version§§)/js/jquery\\.prettyPhoto(\\.min?)\\.js",
        "/prettyphoto@(§§version§§)/js/jquery\\.prettyPhoto\\.js"
      ],
      "filecontent": [
        "/\\*[\r\n -]+Class: prettyPhoto(?:.*\n){1,3}[ ]*Version: (§§version§§)",
        "\\.prettyPhoto[ ]?=[ ]?\\{version:[ ]?(?:'|\")(§§version§§)(?:'|\")\\}"
      ],
      "hashes": {}
    }
  },
  "jquery.terminal": {
    "vulnerabilities": [
      {
        "below": "1.21.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Reflected Cross-Site Scripting in jquery.terminal",
          "githubID": "GHSA-2hwp-g4g7-mwwj"
        },
        "info": [
          "https://github.com/jcubic/jquery.terminal/commit/c8b7727d21960031b62a4ef1ed52f3c634046211",
          "https://www.npmjs.com/advisories/769"
        ]
      },
      {
        "below": "2.31.1",
        "severity": "low",
        "cwe": ["CWE-79", "CWE-80"],
        "identifiers": {
          "summary": "jquery.terminal self XSS on user input",
          "githubID": "GHSA-x9r5-jxvq-4387",
          "CVE": ["CVE-2021-43862"]
        },
        "info": [
          "https://github.com/jcubic/jquery.terminal/security/advisories/GHSA-x9r5-jxvq-4387",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-43862"
        ]
      }
    ],
    "extractors": {
      "uri": ["/jquery.terminal[@/](§§version§§)/"],
      "filecontent": [
        "version (§§version§§)[\\s]+\\*[\\s]+\\* This file is part of jQuery Terminal.",
        "\\$\\.terminal=\\{version:\"(§§version§§)\""
      ]
    }
  },
  "jquery-deparam": {
    "vulnerabilities": [
      {
        "below": "999",
        "severity": "high",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "githubID": "GHSA-xg68-chx2-253g",
          "CVE": ["CVE-2021-20087"]
        },
        "info": ["https://nvd.nist.gov/vuln/detail/CVE-2021-20087"]
      }
    ],
    "extractors": {
      "hashes": {
        "61c9d49ae64331402c3bde766c9dc504ed2ca509": "0.5.3",
        "10a68e5048995351a01b0ad7f322bb755a576a02": "0.5.2",
        "b8f063c860fa3aab266df06b290e7da648f9328d": "0.4.2",
        "851bc74dc664aa55130ecc74dd6b1243becc3242": "0.4.1",
        "2aae12841f4d00143ffc1effa59fbd058218c29f": "0.4.0",
        "967942805137f9eb0ae26005d94e8285e2e288a0": "0.3.0",
        "fbf2e115feae7ade26788e38ebf338af11a98bb2": "0.1.0"
      }
    }
  },
  "tableexport.jquery.plugin": {
    "vulnerabilities": [
      {
        "below": "1.25.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "There is a cross-site scripting vulnerability with default `onCellHtmlData`",
          "githubID": "GHSA-j636-crp3-m584",
          "CVE": ["CVE-2022-1291"]
        },
        "info": [
          "https://github.com/hhurz/tableexport.jquery.plugin/commit/dcbaee23cf98328397a153e71556f75202988ec9"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/tableexport.jquery.plugin@(§§version§§)/tableExport.min.js",
        "/TableExport/(§§version§§)/js/tableexport.min.js"
      ],
      "filecontent": [
        "/\\*[\\s]+tableExport.jquery.plugin[\\s]+Version (§§version§§)",
        "/\\*![\\s]+\\* TableExport.js v(§§version§§)"
      ]
    }
  },
  "jPlayer": {
    "bowername": ["jPlayer"],
    "npmname": "jplayer",
    "vulnerabilities": [
      {
        "below": "2.3.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2013-2023"],
          "release": "2.3.1",
          "summary": "XSS vulnerability in actionscript/Jplayer.as in the Flash SWF component"
        },
        "info": [
          "http://jplayer.org/latest/release-notes/",
          "https://nvd.nist.gov/vuln/detail/CVE-2013-2023"
        ]
      },
      {
        "below": "2.3.23",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2013-2022"],
          "release": "2.3.23",
          "summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component"
        },
        "info": [
          "http://jplayer.org/latest/release-notes/",
          "https://nvd.nist.gov/vuln/detail/CVE-2013-2022"
        ]
      },
      {
        "below": "2.2.20",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2013-1942"],
          "release": "2.2.20",
          "summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component"
        },
        "info": [
          "http://jplayer.org/latest/release-notes/",
          "https://nvd.nist.gov/vuln/detail/CVE-2013-1942"
        ]
      }
    ],
    "extractors": {
      "func": ["new jQuery.jPlayer().version.script"],
      "filecontent": [
        "/\\*!?[\n *]+jPlayer Plugin for jQuery (?:.*\n){1,10}[ *]+Version: (§§version§§)",
        "/\\*!? jPlayer (§§version§§) for jQuery"
      ],
      "hashes": {}
    }
  },
  "knockout": {
    "vulnerabilities": [
      {
        "below": "3.5.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "1244",
          "summary": "XSS injection point in attr name binding for browser IE7 and older",
          "CVE": ["CVE-2019-14862"],
          "githubID": "GHSA-vcjj-xf2r-mwvc"
        },
        "info": ["https://github.com/knockout/knockout/issues/1244"]
      }
    ],
    "extractors": {
      "func": ["ko.version"],
      "filename": ["knockout-(§§version§§)(.min)?\\.js"],
      "uri": ["/knockout/(§§version§§)/knockout(-[a-z.]+)?\\.js"],
      "filecontent": ["(?:\\*|//) Knockout JavaScript library v(§§version§§)"],
      "hashes": {}
    }
  },
  "sessvars": {
    "vulnerabilities": [
      {
        "below": "1.01",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "tenable": "98645",
          "summary": "Unsanitized data passed to eval()"
        },
        "info": ["http://www.thomasfrank.se/sessionvars.html"]
      }
    ],
    "extractors": {
      "filename": ["sessvars-(§§version§§)(.min)?\\.js"],
      "filecontent": ["sessvars ver (§§version§§)"],
      "hashes": {}
    }
  },
  "swfobject": {
    "bowername": ["swfobject", "swfobject-bower"],
    "vulnerabilities": [
      {
        "below": "2.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "summary": "DOM-based XSS", "retid": "1" },
        "info": [
          "https://github.com/swfobject/swfobject/wiki/SWFObject-Release-Notes#swfobject-v21-beta7-june-6th-2008"
        ]
      }
    ],
    "extractors": {
      "filename": ["swfobject_(§§version§§)(.min)?\\.js"],
      "filecontent": ["SWFObject v(§§version§§) "],
      "hashes": {}
    }
  },
  "tinyMCE": {
    "bowername": ["tinymce", "tinymce-dist"],
    "npmname": "tinymce",
    "vulnerabilities": [
      {
        "below": "1.4.2",
        "severity": "high",
        "cwe": ["CWE-94"],
        "identifiers": {
          "summary": "Static code injection vulnerability in inc/function.base.php",
          "CVE": ["CVE-2011-4825"]
        },
        "info": ["http://www.cvedetails.com/cve/CVE-2011-4825/"]
      },
      {
        "below": "4.2.4",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "xss issues with media plugin not properly filtering out some script attributes.",
          "retid": "61"
        },
        "info": ["https://www.tinymce.com/docs/changelog/"]
      },
      {
        "below": "4.2.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "FIXED so script elements gets removed by default to prevent possible XSS issues in default config implementations",
          "retid": "62"
        },
        "info": ["https://www.tinymce.com/docs/changelog/"]
      },
      {
        "below": "4.7.12",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "FIXED so links with xlink:href attributes are filtered correctly to prevent XSS.",
          "retid": "63"
        },
        "info": ["https://www.tinymce.com/docs/changelog/"]
      },
      {
        "below": "4.9.7",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.",
          "githubID": "GHSA-p7j5-4mwm-hv86"
        },
        "info": [
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-p7j5-4mwm-hv86"
        ]
      },
      {
        "below": "5.1.4",
        "atOrAbove": "5.0.0",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.",
          "githubID": "GHSA-p7j5-4mwm-hv86"
        },
        "info": [
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-p7j5-4mwm-hv86"
        ]
      },
      {
        "below": "4.9.10",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "cross-site scripting (XSS) vulnerability was discovered in: the core parser and `media` plugin. ",
          "githubID": "GHSA-c78w-2gw7-gjv3",
          "CVE": ["CVE-2019-1010091"]
        },
        "info": [
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
        ]
      },
      {
        "atOrAbove": "5.0.0",
        "below": "5.2.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "cross-site scripting (XSS) vulnerability was discovered in: the core parser and `media` plugin. ",
          "githubID": "GHSA-c78w-2gw7-gjv3",
          "CVE": ["CVE-2019-1010091"]
        },
        "info": [
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
        ]
      },
      {
        "below": "4.9.11",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Cross-site scripting vulnerability in TinyMCE",
          "githubID": "GHSA-vrv8-v4w8-f95h",
          "CVE": ["CVE-2020-12648"]
        },
        "info": [
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
        ]
      },
      {
        "below": "5.4.1",
        "atOrAbove": "5.0.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Cross-site scripting vulnerability in TinyMCE",
          "githubID": "GHSA-vrv8-v4w8-f95h",
          "CVE": ["CVE-2020-12648"]
        },
        "info": [
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
        ]
      },
      {
        "below": "5.1.4",
        "atOrAbove": "5.0.0",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
          "githubID": "GHSA-27gm-ghr9-4v95",
          "CVE": ["CVE-2020-17480"]
        },
        "info": [
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95"
        ]
      },
      {
        "below": "4.9.7",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
          "githubID": "GHSA-27gm-ghr9-4v95",
          "CVE": ["CVE-2020-17480"]
        },
        "info": [
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95"
        ]
      },
      {
        "below": "5.1.6",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "CDATA parsing and sanitization has been improved to address a cross-site scripting (XSS) vulnerability.",
          "retid": "64"
        },
        "info": ["https://www.tiny.cloud/docs/release-notes/release-notes516/"]
      },
      {
        "below": "5.2.2",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "media embed content not processing safely in some cases.",
          "retid": "65"
        },
        "info": ["https://www.tiny.cloud/docs/release-notes/release-notes522/"]
      },
      {
        "below": "5.4.0",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "content in an iframe element parsing as DOM elements instead of text content.",
          "retid": "66"
        },
        "info": ["https://www.tiny.cloud/docs/release-notes/release-notes54/"]
      },
      {
        "below": "5.6.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "security issue where URLs in attributes weren’t correctly sanitized. security issue in the codesample plugin",
          "retid": "67",
          "githubID": "GHSA-w7jx-j77m-wp65"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes"
        ]
      },
      {
        "below": "5.6.0",
        "severity": "low",
        "cwe": ["CWE-400"],
        "identifiers": {
          "summary": "Regex denial of service vulnerability in codesample plugin",
          "githubID": "GHSA-h96f-fc7c-9r55"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes"
        ]
      },
      {
        "below": "5.7.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "URLs are not correctly filtered in some cases.",
          "retid": "68",
          "githubID": "GHSA-5vm8-hhgr-jcjp"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes571/#securityfixes"
        ]
      },
      {
        "below": "5.9.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Inserting certain HTML content into the editor could result in invalid HTML once parsed. This caused a medium severity Cross Site Scripting (XSS) vulnerability",
          "retid": "69",
          "githubID": "GHSA-5h9g-x5rv-25wg"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes"
        ]
      },
      {
        "below": "5.10.0",
        "severity": "medium",
        "cwe": ["CWE-64", "CWE-79"],
        "identifiers": {
          "summary": "URLs not cleaned correctly in some cases in the link and image plugins",
          "retid": "70",
          "githubID": "GHSA-r8hm-w5f7-wj39"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes510/#securityfixes"
        ]
      },
      {
        "below": "5.10.7",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2022-23494"],
          "summary": "A cross-site scripting (XSS) vulnerability in TinyMCE alerts which allowed arbitrary JavaScript execution was found and fixed.",
          "githubID": "GHSA-gg8r-xjwq-4w92"
        },
        "info": [
          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06",
          "https://www.cve.org/CVERecord?id=CVE-2022-23494"
        ]
      },
      {
        "below": "6.3.1",
        "atOrAbove": "6.0.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2022-23494"],
          "summary": "A cross-site scripting (XSS) vulnerability in TinyMCE alerts which allowed arbitrary JavaScript execution was found and fixed.",
          "githubID": "GHSA-gg8r-xjwq-4w92"
        },
        "info": [
          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06",
          "https://www.cve.org/CVERecord?id=CVE-2022-23494"
        ]
      },
      {
        "below": "6.7.1",
        "atOrAbove": "6.0.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2023-45819"],
          "summary": "TinyMCE XSS vulnerability in notificationManager.open API",
          "githubID": "GHSA-hgqx-r2hp-jr38"
        },
        "info": [
          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06",
          "https://www.cve.org/CVERecord?id=CVE-2022-23494"
        ]
      },
      {
        "below": "5.10.8",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2023-45819"],
          "summary": "TinyMCE XSS vulnerability in notificationManager.open API",
          "githubID": "GHSA-hgqx-r2hp-jr38"
        },
        "info": ["https://github.com/advisories/GHSA-hgqx-r2hp-jr38"]
      },
      {
        "below": "6.7.1",
        "atOrAbove": "6.0.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2023-45818"],
          "summary": "TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin",
          "githubID": "GHSA-v65r-p3vv-jjfv"
        },
        "info": ["https://github.com/advisories/GHSA-v65r-p3vv-jjfv"]
      },
      {
        "below": "5.10.8",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2023-45818"],
          "summary": "TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin",
          "githubID": "GHSA-v65r-p3vv-jjfv"
        },
        "info": ["https://github.com/advisories/GHSA-v65r-p3vv-jjfv"]
      }
    ],
    "extractors": {
      "uri": ["/tinymce/(§§version§§)/tinymce(\\.min)?\\.js"],
      "filecontent": [
        "// (§§version§§) \\([0-9\\-]+\\)[\n\r]+.{0,1200}l=.tinymce/geom/Rect.",
        "/\\*\\*[\\s]*\\* TinyMCE version (§§version§§)"
      ],
      "filecontentreplace": [
        "/tinyMCEPreInit.*majorVersion:.([0-9]+).,minorVersion:.([0-9.]+)./$1.$2/",
        "/majorVersion:.([0-9]+).,minorVersion:.([0-9.]+).,.*tinyMCEPreInit/$1.$2/"
      ],
      "func": ["tinyMCE.majorVersion + '.'+ tinyMCE.minorVersion"]
    }
  },
  "YUI": {
    "bowername": ["yui", "yui3"],
    "npmname": "yui",
    "vulnerabilities": [
      {
        "atOrAbove": "3.5.0",
        "below": "3.9.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2013-4942"] },
        "info": ["http://www.cvedetails.com/cve/CVE-2013-4942/"]
      },
      {
        "atOrAbove": "3.2.0",
        "below": "3.9.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2013-4941"] },
        "info": ["http://www.cvedetails.com/cve/CVE-2013-4941/"]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.10.3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2013-4940"] },
        "info": ["http://www.cvedetails.com/cve/CVE-2013-4940/"]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.10.3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2013-4939"],
          "githubID": "GHSA-mj87-8xf8-fp4w"
        },
        "info": [
          "https://clarle.github.io/yui3/support/20130515-vulnerability/",
          "http://www.cvedetails.com/cve/CVE-2013-4939/"
        ]
      },
      {
        "atOrAbove": "2.8.0",
        "below": "2.9.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2012-5883"] },
        "info": ["http://www.cvedetails.com/cve/CVE-2012-5883/"]
      },
      {
        "atOrAbove": "2.5.0",
        "below": "2.9.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2012-5882"] },
        "info": ["http://www.cvedetails.com/cve/CVE-2012-5882/"]
      },
      {
        "atOrAbove": "2.4.0",
        "below": "2.9.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2012-5881"] },
        "info": ["http://www.cvedetails.com/cve/CVE-2012-5881/"]
      },
      {
        "below": "2.9.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2010-4710"] },
        "info": ["http://www.cvedetails.com/cve/CVE-2010-4710/"]
      },
      {
        "atOrAbove": "2.8.0",
        "below": "2.8.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2010-4209"] },
        "info": ["http://www.cvedetails.com/cve/CVE-2010-4209/"]
      },
      {
        "atOrAbove": "2.5.0",
        "below": "2.8.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2010-4208"] },
        "info": ["http://www.cvedetails.com/cve/CVE-2010-4208/"]
      },
      {
        "atOrAbove": "2.4.0",
        "below": "2.8.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2010-4207"] },
        "info": ["http://www.cvedetails.com/cve/CVE-2010-4207/"]
      }
    ],
    "extractors": {
      "func": ["YUI.Version", "YAHOO.VERSION"],
      "filename": ["yui-(§§version§§)(.min)?\\.js"],
      "filecontent": [
        "/*\nYUI (§§version§§)",
        "/yui/license.(?:html|txt)\nversion: (§§version§§)"
      ],
      "hashes": {}
    }
  },
  "prototypejs": {
    "bowername": ["prototypejs", "prototype.js", "prototypejs-bower"],
    "vulnerabilities": [
      {
        "atOrAbove": "1.6.0",
        "below": "1.6.0.2",
        "severity": "high",
        "cwe": ["CWE-942"],
        "identifiers": { "CVE": ["CVE-2008-7220"] },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2008-7220/",
          "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/"
        ]
      },
      {
        "below": "1.5.1.2",
        "severity": "high",
        "cwe": ["CWE-942"],
        "identifiers": { "CVE": ["CVE-2008-7220"] },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2008-7220/",
          "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/"
        ]
      }
    ],
    "extractors": {
      "func": ["Prototype.Version"],
      "uri": ["/(§§version§§)/prototype(\\.min)?\\.js"],
      "filename": ["prototype-(§§version§§)(.min)?\\.js"],
      "filecontent": [
        "Prototype JavaScript framework, version (§§version§§)",
        "Prototype[ ]?=[ ]?\\{[ \r\n\t]*Version:[ ]?(?:'|\")(§§version§§)(?:'|\")"
      ],
      "hashes": {}
    }
  },
  "ember": {
    "vulnerabilities": [
      {
        "atOrAbove": "4.9.0-alpha.1",
        "below": "4.9.0-beta.3",
        "severity": "high",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "55"
        },
        "info": ["https://blog.emberjs.com/ember-4-8-1-released/"]
      },
      {
        "atOrAbove": "4.5.0",
        "below": "4.8.1",
        "severity": "high",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "56"
        },
        "info": ["https://blog.emberjs.com/ember-4-8-1-released/"]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.4.4",
        "severity": "high",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "57"
        },
        "info": ["https://blog.emberjs.com/ember-4-8-1-released/"]
      },
      {
        "atOrAbove": "3.25.0",
        "below": "3.28.10",
        "severity": "high",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "58"
        },
        "info": ["https://blog.emberjs.com/ember-4-8-1-released/"]
      },
      {
        "below": "3.24.7",
        "severity": "high",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "59"
        },
        "info": ["https://blog.emberjs.com/ember-4-8-1-released/"]
      },
      {
        "atOrAbove": "1.8.0",
        "below": "1.11.4",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2015-7565"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "1.12.0",
        "below": "1.12.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2015-7565"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "1.13.0",
        "below": "1.13.12",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2015-7565"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "2.0.0",
        "below": "2.0.3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2015-7565"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "2.1.0",
        "below": "2.1.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2015-7565"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "2.2.0",
        "below": "2.2.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2015-7565"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "below": "1.5.0",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2014-0046"],
          "summary": "ember-routing-auto-location can be forced to redirect to another domain"
        },
        "info": ["https://github.com/emberjs/ember.js/blob/v1.5.0/CHANGELOG.md"]
      },
      {
        "atOrAbove": "1.3.0-*",
        "below": "1.3.2",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2014-0046"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
        ]
      },
      {
        "atOrAbove": "1.2.0-*",
        "below": "1.2.2",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2014-0046"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
        ]
      },
      {
        "atOrAbove": "1.4.0-*",
        "below": "1.4.0-beta.2",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2014-0013", "CVE-2014-0014"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "atOrAbove": "1.3.0-*",
        "below": "1.3.1",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2014-0013", "CVE-2014-0014"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "atOrAbove": "1.2.0-*",
        "below": "1.2.1",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2014-0013", "CVE-2014-0014"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "atOrAbove": "1.1.0-*",
        "below": "1.1.3",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2014-0013", "CVE-2014-0014"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "atOrAbove": "1.0.0-*",
        "below": "1.0.1",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2014-0013", "CVE-2014-0014"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.1",
        "below": "1.0.0-rc.1.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2013-4170"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.2",
        "below": "1.0.0-rc.2.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2013-4170"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.3",
        "below": "1.0.0-rc.3.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2013-4170"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.4",
        "below": "1.0.0-rc.4.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2013-4170"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.5",
        "below": "1.0.0-rc.5.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2013-4170"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.6",
        "below": "1.0.0-rc.6.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2013-4170"] },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "below": "0.9.7.1",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "retid": "60",
          "summary": "More rigorous XSS escaping from bindAttr"
        },
        "info": ["https://github.com/emberjs/ember.js/blob/master/CHANGELOG.md"]
      },
      {
        "below": "0.9.7",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "bug": "699",
          "summary": "Bound attributes aren't escaped properly"
        },
        "info": ["https://github.com/emberjs/ember.js/issues/699"]
      }
    ],
    "extractors": {
      "func": ["Ember.VERSION"],
      "uri": [
        "/(?:v)?(§§version§§)/ember(\\.min)?\\.js",
        "/ember\\.?js/(§§version§§)/ember((\\.|-)[a-z\\-.]+)?\\.js"
      ],
      "filename": ["ember-(§§version§§)(\\.min)?\\.js"],
      "filecontent": [
        "Project:   Ember -(?:.*\n){9,11}// Version: v(§§version§§)",
        "// Version: v(§§version§§)(.*\n){10,15}(Ember Debug|@module ember|@class ember)",
        "Ember.VERSION[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\")",
        "meta\\.revision=\"Ember@(§§version§§)\"",
        "e\\(\"ember/version\",\\[\"exports\"\\],function\\(e\\)\\{\"use strict\";?[\\s]*e(?:\\.|\\[\")default(?:\"\\])?=\"(§§version§§)\"",
        "\\(\"ember/version\",\\[\"exports\"\\],function\\(e\\)\\{\"use strict\";.{1,70}\\.default=\"(§§version§§)\"",
        "/\\*![\\s]+\\* @overview  Ember - JavaScript Application Framework[\\s\\S]{0,400}\\* @version   (§§version§§)"
      ],
      "hashes": {}
    }
  },
  "dojo": {
    "vulnerabilities": [
      {
        "atOrAbove": "0.4",
        "below": "0.4.4",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "http://www.cvedetails.com/cve/CVE-2010-2272/"
        ]
      },
      {
        "atOrAbove": "1.0",
        "below": "1.0.3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/"
        ]
      },
      {
        "atOrAbove": "1.1",
        "below": "1.1.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/"
        ]
      },
      {
        "atOrAbove": "1.2",
        "below": "1.2.4",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/"
        ]
      },
      {
        "atOrAbove": "1.3",
        "below": "1.3.3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/"
        ]
      },
      {
        "atOrAbove": "1.4",
        "below": "1.4.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/"
        ]
      },
      {
        "below": "1.4.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2010-2275"] },
        "info": ["http://www.cvedetails.com/cve/CVE-2010-2275/"]
      },
      {
        "below": "1.1.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2008-6681"],
          "githubID": "GHSA-39cx-xcwj-3rc4"
        },
        "info": ["http://www.cvedetails.com/cve/CVE-2008-6681/"]
      },
      {
        "below": "1.9.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2015-5654"],
          "githubID": "GHSA-p82g-2xpp-m5r3"
        },
        "info": ["https://nvd.nist.gov/vuln/detail/CVE-2015-5654"]
      },
      {
        "atOrAbove": "1.10.0",
        "below": "1.10.10",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "PR": "307",
          "CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "https://github.com/dojo/dojo/pull/307",
          "https://dojotoolkit.org/blog/dojo-1-14-released"
        ]
      },
      {
        "atOrAbove": "1.11.0",
        "below": "1.11.6",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "PR": "307",
          "CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "https://github.com/dojo/dojo/pull/307",
          "https://dojotoolkit.org/blog/dojo-1-14-released"
        ]
      },
      {
        "atOrAbove": "1.12.0",
        "below": "1.12.4",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "PR": "307",
          "CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "https://github.com/dojo/dojo/pull/307",
          "https://dojotoolkit.org/blog/dojo-1-14-released"
        ]
      },
      {
        "atOrAbove": "1.13.0",
        "below": "1.13.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "PR": "307",
          "CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "https://github.com/dojo/dojo/pull/307",
          "https://dojotoolkit.org/blog/dojo-1-14-released"
        ]
      },
      {
        "below": "1.14",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2018-15494"] },
        "info": ["https://dojotoolkit.org/blog/dojo-1-14-released"]
      },
      {
        "below": "1.11.10",
        "severity": "high",
        "cwe": ["CWE-1321", "CWE-74", "CWE-94"],
        "identifiers": {
          "CVE": ["CVE-2020-5258"],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "below": "1.12.8",
        "atOrAbove": "1.12.0",
        "severity": "high",
        "cwe": ["CWE-1321", "CWE-74", "CWE-94"],
        "identifiers": {
          "CVE": ["CVE-2020-5258"],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "below": "1.13.7",
        "atOrAbove": "1.13.0",
        "severity": "high",
        "cwe": ["CWE-1321", "CWE-74", "CWE-94"],
        "identifiers": {
          "CVE": ["CVE-2020-5258"],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "below": "1.14.6",
        "atOrAbove": "1.14.0",
        "severity": "high",
        "cwe": ["CWE-1321", "CWE-74", "CWE-94"],
        "identifiers": {
          "CVE": ["CVE-2020-5258"],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "below": "1.15.3",
        "atOrAbove": "1.15.0",
        "severity": "high",
        "cwe": ["CWE-1321", "CWE-74", "CWE-94"],
        "identifiers": {
          "CVE": ["CVE-2020-5258"],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "below": "1.16.2",
        "atOrAbove": "1.16.0",
        "severity": "high",
        "cwe": ["CWE-1321", "CWE-74", "CWE-94"],
        "identifiers": {
          "CVE": ["CVE-2020-5258"],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "below": "1.17.0",
        "severity": "high",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "Prototype pollution",
          "CVE": ["CVE-2021-23450"],
          "githubID": "GHSA-m8gw-hjpr-rjv7"
        },
        "info": ["https://github.com/dojo/dojo/pull/418"]
      }
    ],
    "extractors": {
      "func": ["dojo.version.toString()"],
      "uri": ["/(?:dojo-)?(§§version§§)/dojo(\\.min)?\\.js"],
      "filename": ["dojo-(§§version§§)(\\.min)?\\.js"],
      "filecontentreplace": [
        "/dojo.version=\\{major:([0-9]+),minor:([0-9]+),patch:([0-9]+)/$1.$2.$3/"
      ],
      "hashes": {
        "73cdd262799aab850abbe694cd3bfb709ea23627": "1.4.1",
        "c8c84eddc732c3cbf370764836a7712f3f873326": "1.4.0",
        "d569ce9efb7edaedaec8ca9491aab0c656f7c8f0": "1.0.0",
        "ad44e1770895b7fa84aff5a56a0f99b855a83769": "1.3.2",
        "8fc10142a06966a8709cd9b8732f7b6db88d0c34": "1.3.1",
        "a09b5851a0a3e9d81353745a4663741238ee1b84": "1.3.0",
        "2ab48d45abe2f54cdda6ca32193b5ceb2b1bc25d": "1.2.3",
        "12208a1e649402e362f528f6aae2c614fc697f8f": "1.2.0",
        "72a6a9fbef9fa5a73cd47e49942199147f905206": "1.1.1"
      }
    }
  },
  "angularjs": {
    "bowername": ["angularjs", "angular.js"],
    "npmname": "angular",
    "vulnerabilities": [
      {
        "below": "1.8.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS via JQLite DOM manipulation functions in AngularJS",
          "githubID": "GHSA-5cp4-xmrw-59wf"
        },
        "info": ["https://github.com/advisories/GHSA-5cp4-xmrw-59wf"]
      },
      {
        "below": "1.8.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element.",
          "CVE": ["CVE-2020-7676"],
          "githubID": "GHSA-mhp6-pxh8-r675"
        },
        "info": ["https://github.com/advisories/GHSA-5cp4-xmrw-59wf"]
      },
      {
        "below": "1.8.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one.",
          "CVE": ["CVE-2020-7676"],
          "githubID": "GHSA-mhp6-pxh8-r675"
        },
        "info": ["https://nvd.nist.gov/vuln/detail/CVE-2020-7676"]
      },
      {
        "below": "1.7.9",
        "severity": "high",
        "cwe": ["CWE-1321", "CWE-20", "CWE-915"],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "47",
          "githubID": "GHSA-89mq-4x47-5v83",
          "CVE": ["CVE-2019-10768"]
        },
        "info": [
          "https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a",
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19"
        ]
      },
      {
        "atOrAbove": "1.5.0",
        "below": "1.6.9",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS through SVG if enableSvg is set",
          "retid": "48"
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02",
          "https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html"
        ]
      },
      {
        "below": "1.5.0-beta.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS through xlink:href attributes",
          "CVE": ["CVE-2019-14863"],
          "githubID": "GHSA-r5fx-8r73-v86c"
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#150-beta1-dense-dispersion-2015-09-29",
          "https://github.com/advisories/GHSA-r5fx-8r73-v86c"
        ]
      },
      {
        "atOrAbove": "1.3.0",
        "below": "1.5.0-rc2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "The attribute usemap can be used as a security exploit",
          "retid": "49"
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21"
        ]
      },
      {
        "atOrAbove": "1.0.0",
        "below": "1.2.30",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "The attribute usemap can be used as a security exploit",
          "retid": "50"
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21"
        ]
      },
      {
        "below": "1.6.3",
        "severity": "medium",
        "cwe": ["CWE-942"],
        "identifiers": {
          "summary": "Universal CSP bypass via add-on in Firefox",
          "retid": "51"
        },
        "info": [
          "https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435",
          "http://pastebin.com/raw/kGrdaypP"
        ]
      },
      {
        "below": "1.6.3",
        "severity": "medium",
        "cwe": ["CWE-400"],
        "identifiers": {
          "summary": "DOS in $sanitize",
          "retid": "52"
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md",
          "https://github.com/angular/angular.js/pull/15699"
        ]
      },
      {
        "below": "1.6.5",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS in $sanitize in Safari/Firefox",
          "retid": "53"
        },
        "info": [
          "https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94"
        ]
      },
      {
        "below": "1.6.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Cross-Site Scripting via JSONP",
          "githubID": "GHSA-28hp-fgcr-2r4h"
        },
        "info": ["https://github.com/advisories/GHSA-28hp-fgcr-2r4h"]
      },
      {
        "below": "999",
        "severity": "medium",
        "cwe": ["CWE-1333"],
        "identifiers": {
          "summary": "angular vulnerable to regular expression denial of service via the <input type=\"url\"> element",
          "githubID": "GHSA-qwqh-hm9m-p5hr",
          "CVE": ["CVE-2023-26118"]
        },
        "info": ["https://github.com/advisories/GHSA-qwqh-hm9m-p5hr"]
      },
      {
        "below": "1.999",
        "severity": "low",
        "cwe": ["CWE-1104"],
        "identifiers": {
          "summary": "End-of-Life: Long term support for AngularJS has been discontinued",
          "retid": "54"
        },
        "info": [
          "https://blog.angular.io/discontinued-long-term-support-for-angularjs-cc066b82e65a?gi=9d3103b5445c"
        ]
      },
      {
        "below": "999",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Angular (deprecated package) Cross-site Scripting",
          "CVE": ["CVE-2022-25869"],
          "githubID": "GHSA-prc3-vjfx-vhm9"
        },
        "info": ["https://github.com/advisories/GHSA-prc3-vjfx-vhm9"]
      },
      {
        "below": "999",
        "atOrAbove": "1.7.0",
        "severity": "medium",
        "cwe": ["CWE-1333", "CWE-770"],
        "identifiers": {
          "summary": "angular vulnerable to regular expression denial of service (ReDoS)",
          "CVE": ["CVE-2022-25844"],
          "githubID": "GHSA-m2h2-264f-f486"
        },
        "info": ["https://github.com/advisories/GHSA-m2h2-264f-f486"]
      },
      {
        "below": "999",
        "severity": "medium",
        "cwe": ["CWE-1333"],
        "identifiers": {
          "summary": "angular vulnerable to regular expression denial of service via the angular.copy() utility",
          "CVE": ["CVE-2023-26116"],
          "githubID": "GHSA-2vrf-hf26-jrp5"
        },
        "info": ["https://github.com/advisories/GHSA-2vrf-hf26-jrp5"]
      },
      {
        "below": "999",
        "severity": "medium",
        "cwe": ["CWE-1333"],
        "identifiers": {
          "summary": "angular vulnerable to regular expression denial of service via the $resource service",
          "CVE": ["CVE-2023-26117"],
          "githubID": "GHSA-2qqx-w9hr-q5gx"
        },
        "info": ["https://github.com/advisories/GHSA-2qqx-w9hr-q5gx"]
      }
    ],
    "extractors": {
      "func": ["angular.version.full"],
      "uri": ["/(§§version§§)/angular(\\.min)?\\.js"],
      "filename": ["angular(?:js)?-(§§version§§)(.min)?\\.js"],
      "filecontent": [
        "/\\*[ \n]+AngularJS v(§§version§§)",
        "http://errors\\.angularjs\\.org/(§§version§§)/"
      ],
      "hashes": {}
    }
  },
  "backbone.js": {
    "bowername": ["backbonejs", "backbone"],
    "npmname": "backbone",
    "basePurl": "npm:npm/backbone",
    "vulnerabilities": [
      {
        "below": "0.5.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "release": "0.5.0",
          "summary": "cross-site scripting vulnerability",
          "retid": "46",
          "githubID": "GHSA-j6p2-cx3w-6jcp",
          "CVE": ["CVE-2016-10537"]
        },
        "info": ["http://backbonejs.org/#changelog"]
      }
    ],
    "extractors": {
      "func": ["Backbone.VERSION"],
      "uri": ["/(§§version§§)/backbone(\\.min)?\\.js"],
      "filename": ["backbone(?:js)?-(§§version§§)(.min)?\\.js"],
      "filecontent": [
        "//[ ]+Backbone.js (§§version§§)",
        "a=t.Backbone=\\{\\}\\}a.VERSION=\"(§§version§§)\""
      ],
      "hashes": {}
    }
  },
  "mustache.js": {
    "bowername": ["mustache.js", "mustache"],
    "npmname": "mustache",
    "basePurl": "npm:npm/mustache",
    "vulnerabilities": [
      {
        "below": "0.3.1",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "bug": "112",
          "summary": "execution of arbitrary javascript"
        },
        "info": ["https://github.com/janl/mustache.js/issues/112"]
      },
      {
        "below": "2.2.1",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "bug": "pull request 530",
          "summary": "weakness in HTML escaping",
          "githubID": "GHSA-w3w8-37jv-2c58",
          "CVE": ["CVE-2015-8862"]
        },
        "info": [
          "https://github.com/janl/mustache.js/releases/tag/v2.2.1",
          "https://github.com/janl/mustache.js/pull/530"
        ]
      }
    ],
    "extractors": {
      "func": ["Mustache.version"],
      "uri": ["/(§§version§§)/mustache(\\.min)?\\.js"],
      "filename": ["mustache(?:js)?-(§§version§§)(.min)?\\.js"],
      "filecontent": [
        "name:\"mustache.js\",version:\"(§§version§§)\"",
        "name=\"mustache.js\"[;,].\\.version=\"(§§version§§)\"",
        "[^a-z]mustache.version[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\")",
        "exports.name[ ]?=[ ]?\"mustache.js\";[\n ]*exports.version[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\");"
      ],
      "hashes": {}
    }
  },
  "handlebars": {
    "bowername": ["handlebars", "handlebars.js"],
    "vulnerabilities": [
      {
        "below": "1.0.0.beta.3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "poorly sanitized input passed to eval()",
          "issue": "68"
        },
        "info": ["https://github.com/wycats/handlebars.js/pull/68"]
      },
      {
        "below": "4.0.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Quoteless attributes in templates can lead to XSS",
          "issue": "1083",
          "CVE": ["CVE-2015-8861"],
          "githubID": "GHSA-9prh-257w-9277"
        },
        "info": ["https://github.com/wycats/handlebars.js/pull/1083"]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.0.13",
        "severity": "high",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
          "retid": "43"
        },
        "info": [
          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692",
          "https://github.com/wycats/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86"
        ]
      },
      {
        "below": "3.0.7",
        "severity": "high",
        "cwe": ["CWE-471"],
        "identifiers": {
          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
          "issue": "1495",
          "githubID": "GHSA-q42p-pg8m-cqh6"
        },
        "info": [
          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183",
          "https://github.com/wycats/handlebars.js/issues/1495",
          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.0.14",
        "severity": "high",
        "cwe": ["CWE-471"],
        "identifiers": {
          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
          "issue": "1495",
          "githubID": "GHSA-q42p-pg8m-cqh6"
        },
        "info": [
          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183",
          "https://github.com/wycats/handlebars.js/issues/1495",
          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e"
        ]
      },
      {
        "atOrAbove": "4.1.0",
        "below": "4.1.2",
        "severity": "high",
        "cwe": ["CWE-471"],
        "identifiers": {
          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
          "issue": "1495",
          "githubID": "GHSA-q42p-pg8m-cqh6"
        },
        "info": [
          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183",
          "https://github.com/wycats/handlebars.js/issues/1495",
          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e"
        ]
      },
      {
        "below": "4.3.0",
        "severity": "high",
        "cwe": ["CWE-1321", "CWE-74"],
        "identifiers": {
          "summary": "Disallow calling helperMissing and blockHelperMissing directly",
          "retid": "44",
          "CVE": ["CVE-2019-19919"],
          "githubID": "GHSA-w457-6q6x-cgp9"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v430---september-24th-2019"
        ]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "45",
          "githubID": "GHSA-g9r4-xpmj-mj65"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
        ]
      },
      {
        "below": "4.5.3",
        "atOrAbove": "4.0.0",
        "severity": "high",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "45",
          "githubID": "GHSA-g9r4-xpmj-mj65"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
        ]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": ["CWE-94"],
        "identifiers": {
          "summary": "Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).",
          "githubID": "GHSA-3cqr-58rm-57f8",
          "CVE": ["CVE-2019-20920"]
        },
        "info": ["https://nvd.nist.gov/vuln/detail/CVE-2019-20920"]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.5.3",
        "severity": "high",
        "cwe": ["CWE-94"],
        "identifiers": {
          "summary": "Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).",
          "githubID": "GHSA-3cqr-58rm-57f8",
          "CVE": ["CVE-2019-20920"]
        },
        "info": ["https://nvd.nist.gov/vuln/detail/CVE-2019-20920"]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting)",
          "githubID": "GHSA-q2c6-c6pm-g3gh"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
        ]
      },
      {
        "below": "4.5.3",
        "atOrAbove": "4.0.0",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting)",
          "githubID": "GHSA-q2c6-c6pm-g3gh"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
        ]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).\n\nThe following template can be used to demonstrate the vulnerability:  \n```{{#with \"constructor\"}}\n\t{{#with split as |a|}}\n\t\t{{pop (push \"alert('Vulnerable Handlebars JS');\")}}\n\t\t{{#with (concat (lookup join (slice 0 1)))}}\n\t\t\t{{#each (slice 2 3)}}\n\t\t\t\t{{#with (apply 0 a)}}\n\t\t\t\t\t{{.}}\n\t\t\t\t{{/with}}\n\t\t\t{{/each}}\n\t\t{{/with}}\n\t{{/with}}\n{{/with}}```\n\n\n## Recommendation\n\nUpgrade to version 3.0.8, 4.5.2 or later.",
          "githubID": "GHSA-2cf5-4w76-r9qv"
        },
        "info": ["https://www.npmjs.com/advisories/1316"]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.5.2",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).\n\nThe following template can be used to demonstrate the vulnerability:  \n```{{#with \"constructor\"}}\n\t{{#with split as |a|}}\n\t\t{{pop (push \"alert('Vulnerable Handlebars JS');\")}}\n\t\t{{#with (concat (lookup join (slice 0 1)))}}\n\t\t\t{{#each (slice 2 3)}}\n\t\t\t\t{{#with (apply 0 a)}}\n\t\t\t\t\t{{.}}\n\t\t\t\t{{/with}}\n\t\t\t{{/each}}\n\t\t{{/with}}\n\t{{/with}}\n{{/with}}```\n\n\n## Recommendation\n\nUpgrade to version 3.0.8, 4.5.2 or later.",
          "githubID": "GHSA-2cf5-4w76-r9qv"
        },
        "info": ["https://www.npmjs.com/advisories/1316"]
      },
      {
        "below": "4.6.0",
        "severity": "medium",
        "cwe": ["CWE-400"],
        "identifiers": {
          "summary": "Denial of service",
          "issue": "1633"
        },
        "info": ["https://github.com/handlebars-lang/handlebars.js/pull/1633"]
      },
      {
        "below": "4.7.7",
        "severity": "high",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "Prototype Pollution in handlebars",
          "retid": "71",
          "CVE": ["CVE-2021-23383"],
          "githubID": "GHSA-765h-qjxv-5f44"
        },
        "info": ["https://nvd.nist.gov/vuln/detail/CVE-2021-23383"]
      },
      {
        "below": "4.7.7",
        "severity": "high",
        "cwe": ["CWE-94"],
        "identifiers": {
          "summary": "Remote code execution in handlebars when compiling templates",
          "CVE": ["CVE-2021-23369"],
          "githubID": "GHSA-f2jv-r9rf-7988"
        },
        "info": ["https://nvd.nist.gov/vuln/detail/CVE-2021-23369"]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.4.5",
        "severity": "medium",
        "cwe": ["CWE-400"],
        "identifiers": {
          "summary": "Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to version 4.4.5 or later.",
          "retid": "71",
          "githubID": "GHSA-f52g-6jhx-586p"
        },
        "info": [
          "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.4.5",
        "severity": "high",
        "cwe": ["CWE-400"],
        "identifiers": {
          "summary": "Regular Expression Denial of Service in Handlebars",
          "githubID": "GHSA-62gr-4qp9-h98f",
          "CVE": ["CVE-2019-20922"]
        },
        "info": ["https://nvd.nist.gov/vuln/detail/CVE-2019-20922"]
      }
    ],
    "extractors": {
      "func": ["Handlebars.VERSION"],
      "uri": ["/(§§version§§)/handlebars(\\.min)?\\.js"],
      "filename": ["handlebars(?:js)?-(§§version§§)(.min)?\\.js"],
      "filecontent": [
        "Handlebars.VERSION = \"(§§version§§)\";",
        "Handlebars=\\{VERSION:(?:'|\")(§§version§§)(?:'|\")",
        "this.Handlebars=\\{\\};[\n\r \t]+\\(function\\([a-z]\\)\\{[a-z].VERSION=(?:'|\")(§§version§§)(?:'|\")",
        "exports.HandlebarsEnvironment=[\\s\\S]{70,120}exports.VERSION=(?:'|\")(§§version§§)(?:'|\")",
        "/\\*+![\\s]+(?:@license)?[\\s]+handlebars v(§§version§§)"
      ],
      "hashes": {}
    }
  },
  "easyXDM": {
    "npmname": "easyxdm",
    "vulnerabilities": [
      {
        "below": "2.4.18",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2013-5212"] },
        "info": [
          "http://blog.kotowicz.net/2013/09/exploiting-easyxdm-part-1-not-usual.html",
          "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5212"
        ]
      },
      {
        "below": "2.4.19",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2014-1403"] },
        "info": [
          "http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html",
          "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1403"
        ]
      },
      {
        "below": "2.4.20",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "This release fixes a potential XSS for IE running in compatibility mode.",
          "retid": "39"
        },
        "info": ["https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.20"]
      },
      {
        "below": "2.5.0",
        "severity": "medium",
        "cwe": ["CWE-942"],
        "identifiers": {
          "summary": "This tightens down the default origin whitelist in the CORS example.",
          "retid": "40"
        },
        "info": ["https://github.com/oyvindkinsey/easyXDM/releases/tag/2.5.0"]
      }
    ],
    "extractors": {
      "uri": ["/(?:easyXDM-)?(§§version§§)/easyXDM(\\.min)?\\.js"],
      "filename": ["easyXDM-(§§version§§)(.min)?\\.js"],
      "filecontent": [
        " \\* easyXDM\n \\* http://easyxdm.net/(?:\r|\n|.)+version:\"(§§version§§)\"",
        "@class easyXDM(?:.|\r|\n)+@version (§§version§§)(\r|\n)"
      ],
      "hashes": { "cf266e3bc2da372c4f0d6b2bd87bcbaa24d5a643": "2.4.6" }
    }
  },
  "plupload": {
    "bowername": ["Plupload", "plupload"],
    "vulnerabilities": [
      {
        "below": "1.5.4",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2012-2401"]
        },
        "info": ["http://www.cvedetails.com/cve/CVE-2012-2401/"]
      },
      {
        "below": "1.5.5",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2013-0237"] },
        "info": ["http://www.cvedetails.com/cve/CVE-2013-0237/"]
      },
      {
        "below": "2.1.9",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2016-4566"] },
        "info": ["https://github.com/moxiecode/plupload/releases"]
      },
      {
        "below": "2.3.7",
        "severity": "medium",
        "cwe": ["CWE-434"],
        "identifiers": {
          "summary": "Fixed security vulnerability by adding die calls to all php files to prevent them from being executed unless modified.",
          "retid": "35"
        },
        "info": ["https://github.com/moxiecode/plupload/releases/tag/v2.3.7"]
      },
      {
        "below": "3.1.3",
        "atOrAbove": "3.0.0",
        "severity": "medium",
        "cwe": ["CWE-434"],
        "identifiers": {
          "summary": "Fixed security vulnerability by adding die calls to all php files to prevent them from being executed unless modified.",
          "retid": "36"
        },
        "info": ["https://github.com/moxiecode/plupload/releases/tag/v3.1.3"]
      },
      {
        "below": "3.1.4",
        "atOrAbove": "3.0.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Fixed a potential security issue with not entity encoding the file names in the html in the queue/ui widgets.",
          "retid": "37"
        },
        "info": ["https://github.com/moxiecode/plupload/releases/tag/v3.1.4"]
      },
      {
        "below": "2.3.8",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Fixed a potential security issue with not entity encoding the file names in the html in the queue/ui widgets.",
          "retid": "38"
        },
        "info": ["https://github.com/moxiecode/plupload/releases/tag/v2.3.8"]
      },
      {
        "below": "3.1.5",
        "atOrAbove": "3.0.0",
        "severity": "medium",
        "cwe": ["CWE-434"],
        "identifiers": {
          "summary": "Fixed another case of html entities not being encoded that could be exploded by uploading a file name with html in it.",
          "retid": "41"
        },
        "info": ["https://github.com/moxiecode/plupload/releases/tag/v3.1.5"]
      },
      {
        "below": "2.3.9",
        "severity": "medium",
        "cwe": ["CWE-434", "CWE-75"],
        "identifiers": {
          "summary": "Fixed another case of html entities not being encoded that could be exploded by uploading a file name with html in it.",
          "retid": "42",
          "CVE": ["CVE-2021-23562"],
          "githubID": "GHSA-rp2c-jrgp-cvr8"
        },
        "info": ["https://github.com/moxiecode/plupload/releases/tag/v2.3.9"]
      }
    ],
    "extractors": {
      "func": ["plupload.VERSION"],
      "uri": ["/(§§version§§)/plupload(\\.min)?\\.js"],
      "filename": ["plupload-(§§version§§)(.min)?\\.js"],
      "filecontent": [
        "\\* Plupload - multi-runtime File Uploader(?:\r|\n)+ \\* v(§§version§§)",
        "var g=\\{VERSION:\"(§§version§§)\",.*;window.plupload=g\\}"
      ],
      "hashes": {}
    }
  },
  "DOMPurify": {
    "bowername": ["dompurify", "DOMPurify"],
    "npmname": "dompurify",
    "vulnerabilities": [
      {
        "below": "0.6.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "retid": "24" },
        "info": ["https://github.com/cure53/DOMPurify/releases/tag/0.6.1"]
      },
      {
        "below": "0.8.6",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "retid": "25" },
        "info": ["https://github.com/cure53/DOMPurify/releases/tag/0.8.6"]
      },
      {
        "below": "0.8.9",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": { "summary": "safari UXSS", "retid": "26" },
        "info": [
          "https://github.com/cure53/DOMPurify/releases/tag/0.8.9",
          "https://lists.ruhr-uni-bochum.de/pipermail/dompurify-security/2017-May/000006.html"
        ]
      },
      {
        "below": "0.9.0",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": { "summary": "safari UXSS", "retid": "27" },
        "info": ["https://github.com/cure53/DOMPurify/releases/tag/0.9.0"]
      },
      {
        "below": "2.0.3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Fixed an mXSS-based bypass caused by nested forms inside MathML",
          "githubID": "GHSA-chqj-j4fh-rw7m",
          "CVE": ["CVE-2019-16728"]
        },
        "info": ["https://github.com/cure53/DOMPurify/releases"]
      },
      {
        "below": "2.0.7",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "possible to bypass the package sanitization through Mutation XSS",
          "githubID": "GHSA-mjjq-c88q-qhr6"
        },
        "info": ["https://github.com/cure53/DOMPurify/releases"]
      },
      {
        "below": "2.0.16",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Fixed an mXSS-based bypass caused by nested forms inside MathML",
          "retid": "28"
        },
        "info": ["https://github.com/cure53/DOMPurify/releases"]
      },
      {
        "below": "2.0.17",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Fixed another bypass causing mXSS by using MathML",
          "retid": "29",
          "githubID": "GHSA-63q7-h895-m982",
          "CVE": ["CVE-2020-26870"]
        },
        "info": ["https://github.com/cure53/DOMPurify/releases"]
      },
      {
        "below": "2.1.1",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Fixed several possible mXSS patterns, thanks @hackvertor",
          "retid": "30"
        },
        "info": ["https://github.com/cure53/DOMPurify/releases"]
      },
      {
        "below": "2.2.0",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Fix a possible XSS in Chrome that is hidden behind #enable-experimental-web-platform-features",
          "retid": "31"
        },
        "info": ["https://github.com/cure53/DOMPurify/releases"]
      },
      {
        "below": "2.2.2",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Fixed an mXSS bypass dropped on us publicly via",
          "retid": "32"
        },
        "info": ["https://github.com/cure53/DOMPurify/releases"]
      },
      {
        "below": "2.2.3",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Fixed an mXSS issue reported",
          "retid": "33"
        },
        "info": ["https://github.com/cure53/DOMPurify/releases"]
      },
      {
        "below": "2.2.4",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Fixed a new MathML-based bypass submitted by PewGrand. Fixed a new SVG-related bypass submitted by SecurityMB",
          "retid": "34"
        },
        "info": ["https://github.com/cure53/DOMPurify/releases"]
      }
    ],
    "extractors": {
      "func": ["DOMPurify.version"],
      "filecontent": [
        "DOMPurify.version = '(§§version§§)';",
        "DOMPurify.version=\"(§§version§§)\"",
        "DOMPurify=.[^\\r\\n]{10,850}?\\.version=\"(§§version§§)\"",
        "/\\*! @license DOMPurify (§§version§§)",
        "var .=\"dompurify\"+.{10,550}?\\.version=\"(§§version§§)\""
      ],
      "hashes": {}
    }
  },
  "react": {
    "vulnerabilities": [
      {
        "atOrAbove": "0.4.0",
        "below": "0.4.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2013-7035"],
          "summary": "potential XSS vulnerability can arise when using user data as a key",
          "githubID": "GHSA-g53w-52xc-2j85"
        },
        "info": [
          "https://facebook.github.io/react/blog/2013/12/18/react-v0.5.2-v0.4.2.html"
        ]
      },
      {
        "atOrAbove": "0.5.0",
        "below": "0.5.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2013-7035"],
          "summary": "potential XSS vulnerability can arise when using user data as a key",
          "githubID": "GHSA-g53w-52xc-2j85"
        },
        "info": [
          "https://facebook.github.io/react/blog/2013/12/18/react-v0.5.2-v0.4.2.html"
        ]
      },
      {
        "below": "0.14.0",
        "atOrAbove": "0.0.1",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": " including untrusted objects as React children can result in an XSS security vulnerability",
          "retid": "23",
          "githubID": "GHSA-hg79-j56m-fxgv"
        },
        "info": [
          "http://danlec.com/blog/xss-via-a-spoofed-react-element",
          "https://facebook.github.io/react/blog/2015/10/07/react-v0.14.html"
        ]
      },
      {
        "atOrAbove": "16.0.0",
        "below": "16.0.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2018-6341"],
          "summary": "potential XSS vulnerability when the attacker controls an attribute name"
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.1.0",
        "below": "16.1.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2018-6341"],
          "summary": "potential XSS vulnerability when the attacker controls an attribute name"
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.2.0",
        "below": "16.2.1",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2018-6341"],
          "summary": "potential XSS vulnerability when the attacker controls an attribute name"
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.3.0",
        "below": "16.3.3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2018-6341"],
          "summary": "potential XSS vulnerability when the attacker controls an attribute name"
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.4.0",
        "below": "16.4.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2018-6341"],
          "summary": "potential XSS vulnerability when the attacker controls an attribute name"
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      }
    ],
    "extractors": {
      "func": ["react.version", "require('react').version"],
      "filecontent": [
        "/\\*\\*\n +\\* React \\(with addons\\) ?v(§§version§§)",
        "/\\*\\*\n +\\* React v(§§version§§)",
        "\"\\./ReactReconciler\":[0-9]+,\"\\./Transaction\":[0-9]+,\"fbjs/lib/invariant\":[0-9]+\\}\\],[0-9]+:\\[function\\(require,module,exports\\)\\{\"use strict\";module\\.exports=\"(§§version§§)\"\\}",
        "ReactVersion\\.js[\\*! \\\\/\n\r]{0,100}function\\(e,t\\)\\{\"use strict\";e\\.exports=\"(§§version§§)\"",
        "expected a ReactNode.[\\s\\S]{0,1800}?function\\(e,t\\)\\{\"use strict\";e\\.exports=\"(§§version§§)\""
      ]
    }
  },
  "flowplayer": {
    "vulnerabilities": [
      {
        "below": "5.4.3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS vulnerability in Flash fallback",
          "issue": "381"
        },
        "info": ["https://github.com/flowplayer/flowplayer/issues/381"]
      }
    ],
    "extractors": {
      "uri": ["flowplayer-(§§version§§)(\\.min)?\\.js"],
      "filename": ["flowplayer-(§§version§§)(\\.min)?\\.js"]
    }
  },
  "DWR": {
    "npmname": "dwr",
    "vulnerabilities": [
      {
        "below": "1.1.4",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2007-01-09"] },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2014-5326/",
          "http://www.cvedetails.com/cve/CVE-2014-5326/"
        ]
      },
      {
        "below": "2.0.11",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2014-5326", "CVE-2014-5325"] },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2014-5326/",
          "http://www.cvedetails.com/cve/CVE-2014-5326/"
        ]
      },
      {
        "above": "3",
        "below": "3.0.RC3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": { "CVE": ["CVE-2014-5326", "CVE-2014-5325"] },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2014-5326/",
          "http://www.cvedetails.com/cve/CVE-2014-5326/"
        ]
      }
    ],
    "extractors": {
      "func": ["dwr.version"],
      "filecontent": [" dwr-(§§version§§).jar"]
    }
  },
  "moment.js": {
    "bowername": ["moment", "momentjs"],
    "npmname": "moment",
    "basePurl": "pkg:npm/moment",
    "vulnerabilities": [
      {
        "below": "2.11.2",
        "severity": "medium",
        "cwe": ["CWE-400"],
        "identifiers": {
          "summary": "reDOS - regular expression denial of service",
          "issue": "2936",
          "githubID": "GHSA-87vv-r9j6-g5qv",
          "CVE": ["CVE-2016-4055"]
        },
        "info": ["https://github.com/moment/moment/issues/2936"]
      },
      {
        "below": "2.15.2",
        "severity": "medium",
        "cwe": ["CWE-1333"],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS)",
          "retid": "22"
        },
        "info": ["https://security.snyk.io/vuln/npm:moment:20161019"]
      },
      {
        "below": "2.19.3",
        "severity": "high",
        "cwe": ["CWE-1333", "CWE-400"],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS)",
          "CVE": ["CVE-2017-18214"],
          "githubID": "GHSA-446m-mv8f-q348"
        },
        "info": [
          "https://security.snyk.io/vuln/npm:moment:20170905",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18214",
          "https://github.com/moment/moment/issues/4163"
        ]
      },
      {
        "below": "2.29.2",
        "severity": "high",
        "cwe": ["CWE-22", "CWE-27"],
        "identifiers": {
          "summary": "This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale.",
          "CVE": ["CVE-2022-24785"],
          "githubID": "GHSA-8hfj-j24r-96c4"
        },
        "info": [
          "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
        ]
      },
      {
        "below": "2.29.4",
        "atOrAbove": "2.18.0",
        "severity": "high",
        "cwe": ["CWE-1333", "CWE-400"],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4",
          "CVE": ["CVE-2022-31129"],
          "githubID": "GHSA-wc69-rhjr-hc9g"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238",
          "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
        ]
      }
    ],
    "extractors": {
      "uri": ["/moment\\.js/(§§version§§)/moment(.min)?\\.js"],
      "filename": ["moment(?:-|\\.)(§§version§§)(?:-min)?\\.js"],
      "func": ["moment.version"],
      "filecontent": [
        "//!? moment.js(?:[\n\r]+)//!? version : (§§version§§)",
        "/\\* Moment.js +\\| +version : (§§version§§) \\|",
        "\\.version=\"(§§version§§)\".{20,60}\"isBefore\".{20,60}\"isAfter\".{200,500}\\.isMoment=",
        "\\.version=\"(§§version§§)\".{20,300}duration.{2,100}\\.isMoment=",
        "\\.isMoment\\(.{50,400}_isUTC.{50,400}=\"(§§version§§)\"",
        "=\"(§§version§§)\".{300,1000}Years:31536e6.{60,80}\\.isMoment"
      ]
    }
  },
  "underscore.js": {
    "bowername": ["Underscore", "underscore"],
    "npmname": "underscore",
    "vulnerabilities": [
      {
        "below": "1.12.1",
        "atOrAbove": "1.3.2",
        "severity": "high",
        "cwe": ["CWE-94"],
        "identifiers": {
          "summary": " vulnerable to Arbitrary Code Injection via the template function",
          "CVE": ["CVE-2021-23358"],
          "githubID": "GHSA-cf4h-3jhx-xvhq"
        },
        "info": ["https://nvd.nist.gov/vuln/detail/CVE-2021-23358"]
      }
    ],
    "extractors": {
      "uri": ["/underscore\\.js/(§§version§§)/underscore(-min)?\\.js"],
      "func": ["underscore.version"],
      "filecontent": ["//[\\s]*Underscore.js (§§version§§)"]
    }
  },
  "bootstrap": {
    "vulnerabilities": [
      {
        "below": "4.3.1",
        "atOrAbove": "4.0.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "28236",
          "summary": "XSS in data-template, data-content and data-title properties of tooltip/popover",
          "CVE": ["CVE-2019-8331"],
          "githubID": "GHSA-9v3m-8fp8-mj99"
        },
        "severity": "medium",
        "info": ["https://github.com/twbs/bootstrap/issues/28236"]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.4.1",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "28236",
          "summary": "XSS in data-template, data-content and data-title properties of tooltip/popover",
          "CVE": ["CVE-2019-8331"],
          "githubID": "GHSA-9v3m-8fp8-mj99"
        },
        "severity": "medium",
        "info": ["https://github.com/twbs/bootstrap/issues/28236"]
      },
      {
        "below": "4.1.2",
        "atOrAbove": "4.0.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "20184",
          "summary": "XSS in data-target property of scrollspy",
          "CVE": ["CVE-2018-14041"],
          "githubID": "GHSA-pj7m-g53m-7638"
        },
        "severity": "medium",
        "info": ["https://github.com/twbs/bootstrap/issues/20184"]
      },
      {
        "below": "3.4.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "20184",
          "summary": "XSS in data-target property of scrollspy",
          "CVE": ["CVE-2018-14041"],
          "githubID": "GHSA-pj7m-g53m-7638"
        },
        "severity": "medium",
        "info": ["https://github.com/twbs/bootstrap/issues/20184"]
      },
      {
        "below": "4.1.2",
        "atOrAbove": "4.0.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "20184",
          "summary": "XSS in collapse data-parent attribute",
          "CVE": ["CVE-2018-14040"],
          "githubID": "GHSA-3wqf-4x89-9g79"
        },
        "severity": "medium",
        "info": ["https://github.com/twbs/bootstrap/issues/20184"]
      },
      {
        "below": "3.4.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "27044",
          "summary": "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.",
          "CVE": ["CVE-2018-20676"],
          "githubID": "GHSA-3mgp-fx93-9xv5"
        },
        "severity": "medium",
        "info": ["https://nvd.nist.gov/vuln/detail/CVE-2018-20676"]
      },
      {
        "below": "4.1.2",
        "atOrAbove": "4.0.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "20184",
          "summary": "XSS in data-container property of tooltip",
          "CVE": ["CVE-2018-14042"]
        },
        "severity": "medium",
        "info": ["https://github.com/twbs/bootstrap/issues/20184"]
      },
      {
        "below": "3.4.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "issue": "20184",
          "summary": "XSS in data-container property of tooltip",
          "CVE": ["CVE-2018-14042"]
        },
        "severity": "medium",
        "info": ["https://github.com/twbs/bootstrap/issues/20184"]
      },
      {
        "below": "3.4.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.",
          "CVE": ["CVE-2018-20677"],
          "githubID": "GHSA-ph58-4vrj-w6hr"
        },
        "info": ["https://github.com/advisories/GHSA-ph58-4vrj-w6hr"]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.4.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS is possible in the data-target attribute.",
          "CVE": ["CVE-2016-10735"],
          "githubID": "GHSA-4p24-vmcr-4gqj"
        },
        "info": ["https://github.com/advisories/GHSA-4p24-vmcr-4gqj"]
      },
      {
        "atOrAbove": "4.0.0-beta",
        "below": "4.0.0-beta.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS is possible in the data-target attribute.",
          "CVE": ["CVE-2016-10735"],
          "githubID": "GHSA-4p24-vmcr-4gqj"
        },
        "info": ["https://github.com/advisories/GHSA-4p24-vmcr-4gqj"]
      },
      {
        "below": "2.1.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "cross-site scripting vulnerability",
          "issue": "3421"
        },
        "info": ["https://github.com/twbs/bootstrap/pull/3421"]
      },
      {
        "below": "3.999.999",
        "severity": "low",
        "cwe": ["CWE-1104"],
        "identifiers": {
          "retid": "72",
          "summary": "Bootstrap before 4.0.0 is end-of-life and no longer maintained."
        },
        "info": ["https://github.com/twbs/bootstrap/issues/20631"]
      }
    ],
    "extractors": {
      "uri": [
        "/(§§version§§)/bootstrap(\\.min)?\\.js",
        "/(§§version§§)/js/bootstrap(\\.min)?\\.js"
      ],
      "filename": ["bootstrap-(§§version§§)(\\.min)?\\.js"],
      "filecontent": [
        "/\\*!? Bootstrap v(§§version§§)",
        "\\* Bootstrap v(§§version§§)",
        "/\\*! Bootstrap v(§§version§§)",
        "this\\.close\\)\\};.\\.VERSION=\"(§§version§§)\"(?:,.\\.TRANSITION_DURATION=150)?,.\\.prototype\\.close"
      ],
      "hashes": {}
    }
  },
  "bootstrap-select": {
    "vulnerabilities": [
      {
        "below": "1.13.6",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS) via title and data-content",
          "CVE": ["CVE-2019-20921"],
          "githubID": "GHSA-7c82-mp33-r854"
        },
        "info": [
          "https://github.com/snapappointments/bootstrap-select/issues/2199#issuecomment-701806876"
        ]
      },
      {
        "below": "1.13.6",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Cross-Site Scripting in bootstrap-select",
          "githubID": "GHSA-9r7h-6639-v5mw"
        },
        "info": [
          "https://github.com/snapappointments/bootstrap-select/issues/2199"
        ]
      }
    ],
    "extractors": {
      "uri": ["/bootstrap-select/(§§version§§)/"],
      "filecontent": [
        "/\\*![\\s]+\\*[\\s]+Bootstrap-select[\\s]+v(§§version§§)",
        ".\\.data\\(\"selectpicker\",.=new .\\(this,.\\)\\)\\}\"string\"==typeof .&&\\(.=.\\[.\\]instanceof Function\\?.\\[.\\]\\.apply\\(.,.\\):.\\.options\\[.\\]\\)\\}\\}\\);return void 0!==.\\?.:.\\}.\\.VERSION=\"(§§version§§)\","
      ]
    }
  },
  "ckeditor": {
    "vulnerabilities": [
      {
        "below": "4.4.3",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS",
          "retid": "13"
        },
        "severity": "medium",
        "info": [
          "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-443"
        ]
      },
      {
        "below": "4.4.6",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS",
          "retid": "14"
        },
        "severity": "medium",
        "info": [
          "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-446"
        ]
      },
      {
        "below": "4.4.8",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS",
          "retid": "15"
        },
        "severity": "medium",
        "info": [
          "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-448"
        ]
      },
      {
        "below": "4.5.11",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS",
          "retid": "16"
        },
        "severity": "medium",
        "info": [
          "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-4511"
        ]
      },
      {
        "below": "4.9.2",
        "atOrAbove": "4.5.11",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS if the enhanced image plugin is installed",
          "retid": "17"
        },
        "severity": "medium",
        "info": [
          "https://ckeditor.com/blog/CKEditor-4.9.2-with-a-security-patch-released/",
          "https://ckeditor.com/cke4/release-notes"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.11.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS vulnerability in the HTML parser",
          "retid": "18",
          "CVE": ["CVE-2018-17960"],
          "githubID": "GHSA-g68x-vvqq-pvw3"
        },
        "severity": "medium",
        "info": [
          "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/",
          "https://snyk.io/vuln/SNYK-JS-CKEDITOR-72618"
        ]
      },
      {
        "below": "4.15.1",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted HTML code into the Color Button dialog",
          "retid": "19"
        },
        "severity": "medium",
        "info": [
          "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-4151"
        ]
      },
      {
        "below": "4.14.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS",
          "retid": "20"
        },
        "severity": "low",
        "info": [
          "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-414"
        ]
      },
      {
        "below": "4.16.0",
        "cwe": ["CWE-1333"],
        "identifiers": {
          "summary": "ReDoS vulnerability in Autolink plugin and Advanced Tab for Dialogs plugin",
          "retid": "21"
        },
        "severity": "low",
        "info": ["https://ckeditor.com/cke4/release/CKEditor-4.16.0"]
      },
      {
        "below": "4.16.2",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS vulnerability in the Clipboard plugin",
          "CVE": ["CVE-2021-32809"]
        },
        "severity": "low",
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg"
        ]
      },
      {
        "below": "4.16.2",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS vulnerability in the Widget plugin",
          "CVE": ["CVE-2021-32808"]
        },
        "severity": "low",
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c"
        ]
      },
      {
        "below": "4.16.2",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS vulnerability in the Fake Objects plugin",
          "CVE": ["CVE-2021-37695"]
        },
        "severity": "medium",
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc"
        ]
      },
      {
        "below": "4.17.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS vulnerabilities in the core module",
          "CVE": ["CVE-2021-41164", "CVE-2021-41165"]
        },
        "severity": "medium",
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj",
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2"
        ]
      },
      {
        "below": "4.18.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Inject malformed URL to bypass content sanitization for XSS",
          "CVE": ["CVE-2022-24728"]
        },
        "severity": "low",
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh"
        ]
      },
      {
        "below": "4.21.0",
        "severity": "Medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code",
          "CVE": ["CVE-2023-28439"]
        },
        "info": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439",
          "https://nvd.nist.gov/vuln/detail/CVE-2023-28439",
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g"
        ]
      }
    ],
    "extractors": {
      "uri": ["/(§§version§§)/ckeditor(\\.min)?\\.js"],
      "filename": ["ckeditor-(§§version§§)(\\.min)?\\.js"],
      "filecontent": [
        "ckeditor..js.{4,30}=\\{timestamp:\"[^\"]+\",version:\"(§§version§§)",
        "window\\.CKEDITOR=function\\(\\)\\{var [a-z]=\\{timestamp:\"[^\"]+\",version:\"(§§version§§)"
      ],
      "hashes": {},
      "func": ["CKEDITOR.version"]
    }
  },
  "ckeditor5": {
    "vulnerabilities": [
      {
        "below": "10.0.1",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS in the link package",
          "CVE": ["CVE-2018-11093"]
        },
        "severity": "low",
        "info": ["https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/"]
      },
      {
        "below": "25.0.0",
        "cwe": ["CWE-1333"],
        "identifiers": {
          "summary": "ReDos in several packages",
          "CVE": ["CVE-2021-21254"]
        },
        "severity": "low",
        "info": [
          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-hgmg-hhc8-g5wr"
        ]
      },
      {
        "below": "27.0.0",
        "cwe": ["CWE-1333"],
        "identifiers": {
          "summary": "ReDos in several packages",
          "CVE": ["CVE-2021-21391"]
        },
        "severity": "low",
        "info": [
          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj"
        ]
      },
      {
        "below": "35.0.0",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "security fix for the Markdown GFM, HTML support and HTML embed packages",
          "CVE": ["CVE-2022-31175"]
        },
        "severity": "low",
        "info": [
          "https://github.com/ckeditor/ckeditor5/compare/v34.2.0...v35.0.0",
          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j"
        ]
      }
    ],
    "extractors": {
      "uri": ["/(§§version§§)/ckeditor5(\\.min)?\\.js"],
      "filename": ["ckeditor5-(§§version§§)(\\.min)?\\.js"],
      "filecontent": [
        "const .=\"(§§version§§)\";.{0,140}?\\.CKEDITOR_VERSION=.;",
        "CKEDITOR_VERSION=\"(§§version§§)\""
      ],
      "hashes": {},
      "func": ["CKEDITOR_VERSION"]
    }
  },
  "vue": {
    "vulnerabilities": [
      {
        "below": "2.6.11",
        "severity": "medium",
        "cwe": ["CWE-94"],
        "identifiers": {
          "summary": "Bump vue-server-renderer's dependency of serialize-javascript to 2.1.2",
          "retid": "10"
        },
        "info": ["https://github.com/vuejs/vue/releases/tag/v2.6.11"]
      },
      {
        "below": "2.5.17",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "potential xss in ssr when using v-bind",
          "retid": "11"
        },
        "info": ["https://github.com/vuejs/vue/releases/tag/v2.5.17"]
      },
      {
        "below": "2.4.3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "possible xss vector",
          "retid": "12"
        },
        "info": ["https://github.com/vuejs/vue/releases/tag/v2.4.3"]
      }
    ],
    "extractors": {
      "uri": [
        "/vue@(§§version§§)/dist/vue\\.js",
        "/vue/(§§version§§)/vue\\..*\\.js",
        "/npm/vue@(§§version§§)"
      ],
      "filename": ["vue-(§§version§§)(\\.min)?\\.js"],
      "filecontent": [
        "/\\*!\\n \\* Vue.js v(§§version§§)",
        "Vue.version = '(§§version§§)';",
        "'(§§version§§)'[^\\n]{0,8000}Vue compiler",
        "\\* Original file: /npm/vue@(§§version§§)/dist/vue.(global|common).js",
        "const version[ ]*=[ ]*\"(§§version§§)\";[\\s]*/\\*\\*[\\s]*\\* SSR utils for \\\\@vue/server-renderer",
        "\\.__vue_app__=.{0,8000}?const [a-z]+=\"(§§version§§)\","
      ],
      "func": ["Vue.version"]
    }
  },
  "ExtJS": {
    "vulnerabilities": [
      {
        "below": "6.6.0",
        "atOrAbove": "4.0.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2018-8046"],
          "summary": "XSS in Sencha Ext JS 4 to 6 via getTip() method of Action Columns"
        },
        "info": [
          "http://seclists.org/fulldisclosure/2018/Jul/8",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-8046"
        ]
      },
      {
        "below": "6.0.0",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2007-2285"],
          "summary": "Directory traversal and arbitrary file read"
        },
        "info": [
          "https://www.cvedetails.com/cve/CVE-2007-2285/",
          "https://packetstormsecurity.com/files/132052/extjs-Arbitrary-File-Read.html",
          "https://www.akawebdesign.com/2018/08/14/should-js-frameworks-prevent-xss/"
        ]
      },
      {
        "below": "4.0.0",
        "atOrAbove": "3.0.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2010-4207", "CVE-2012-5881"],
          "summary": "XSS vulnerability in ExtJS charts.swf"
        },
        "info": [
          "https://www.acunetix.com/vulnerabilities/web/extjs-charts-swf-cross-site-scripting",
          "https://typo3.org/security/advisory/typo3-core-sa-2014-001/",
          "https://www.akawebdesign.com/2018/08/14/should-js-frameworks-prevent-xss/"
        ]
      }
    ],
    "extractors": {
      "uri": ["/extjs/(§§version§§)/.*\\.js"],
      "filename": [
        "/ext-all-(§§version§§)(\\.min)?\\.js",
        "/ext-all-debug-(§§version§§)(\\.min)?\\.js",
        "/ext-base-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": ["/*!\n * Ext JS Library (§§version§§)"],
      "func": [
        "Ext && Ext.versions && Ext.versions.extjs.version",
        "Ext && Ext.version"
      ]
    }
  },
  "svelte": {
    "vulnerabilities": [
      {
        "below": "3.49.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS",
          "issue": "7530",
          "githubID": "GHSA-wv8q-r932-8hc7",
          "CVE": ["CVE-2022-25875"]
        },
        "info": ["https://github.com/sveltejs/svelte/pull/7530"]
      },
      {
        "below": "3.46.5",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS",
          "retid": "8"
        },
        "info": ["https://github.com/sveltejs/svelte/pull/7333"]
      },
      {
        "below": "2.9.8",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS",
          "retid": "9"
        },
        "info": ["https://github.com/sveltejs/svelte/pull/1623"]
      }
    ],
    "extractors": {
      "uri": ["/svelte@(§§version§§)/"],
      "filename": ["svelte[@\\-](§§version§§)(.min)?\\.m?js"],
      "filecontent": [
        "generated by Svelte v\\$\\{['\"](§§version§§)['\"]\\}",
        "version: '(§§version§§)' [\\s\\S]{80,200}'SvelteDOMInsert'",
        "VERSION = '(§§version§§)'[\\s\\S]{21,200}parse\\$[0-9][\\s\\S]{10,80}preprocess",
        "var version\\$[0-9] = \"(§§version§§)\";[\\s\\S]{10,30}normalizeOptions\\(options\\)[\\s\\S]{80,200}'SvelteComponent.html'"
      ],
      "func": ["svelte.VERSION"]
    }
  },
  "axios": {
    "vulnerabilities": [
      {
        "below": "0.21.3",
        "severity": "high",
        "cwe": ["CWE-1333", "CWE-400"],
        "identifiers": {
          "summary": "Axios is vulnerable to Inefficient Regular Expression Complexity",
          "CVE": ["CVE-2021-3749"],
          "githubID": "GHSA-cph5-m8f7-6c5x"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-1579269",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3749"
        ]
      },
      {
        "below": "0.21.1",
        "severity": "medium",
        "cwe": ["CWE-918"],
        "identifiers": {
          "summary": "Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability",
          "CVE": ["CVE-2020-28168"],
          "githubID": "GHSA-4w2v-q235-vp99"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-1038255",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168"
        ]
      },
      {
        "below": "0.18.1",
        "severity": "high",
        "cwe": ["CWE-20", "CWE-755"],
        "identifiers": {
          "summary": "Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded",
          "CVE": ["CVE-2019-10742"],
          "githubID": "GHSA-42xw-2xvc-qx8m"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-174505",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10742"
        ]
      }
    ],
    "extractors": {
      "uri": ["/axios/(§§version§§)/.*\\.js"],
      "filename": ["axios-(§§version§§)(\\.min)?\\.js"],
      "filecontent": ["/\\* *axios v(§§version§§) "],
      "func": ["axios && axios.VERSION"]
    }
  },
  "markdown-it": {
    "vulnerabilities": [
      {
        "below": "12.3.2",
        "severity": "medium",
        "cwe": ["CWE-1333", "CWE-400"],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS)",
          "CVE": ["CVE-2022-21670"],
          "githubID": "GHSA-6vfc-qv3f-vr6c"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-2331914",
          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
          "https://nvd.nist.gov/vuln/detail/CVE-2022-21670"
        ]
      },
      {
        "below": "10.0.0",
        "severity": "medium",
        "cwe": ["CWE-1333"],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS)",
          "retid": "6"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438",
          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md"
        ]
      },
      {
        "below": "4.3.1",
        "atOrAbove": "4.0.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS)",
          "retid": "7"
        },
        "info": [
          "https://security.snyk.io/vuln/npm:markdown-it:20150702",
          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md"
        ]
      },
      {
        "below": "4.1.0",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS)",
          "CVE": ["CVE-2015-3295"]
        },
        "info": [
          "https://security.snyk.io/vuln/npm:markdown-it:20160912",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3295",
          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md"
        ]
      },
      {
        "below": "3.0.0",
        "severity": "high",
        "cwe": ["CWE-1333"],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS)",
          "CVE": ["CVE-2015-10005"],
          "githubID": "GHSA-j5p7-jf4q-742q"
        },
        "info": ["https://nvd.nist.gov/vuln/detail/CVE-2015-10005"]
      }
    ],
    "extractors": {
      "uri": ["/markdown-it[/@](§§version§§)/?.*\\.js"],
      "filename": ["markdown-it-(§§version§§)(\\.min)?\\.js"],
      "filecontent": ["/\\*! markdown-it(?:-ins)? (§§version§§)"],
      "func": []
    }
  },
  "jszip": {
    "vulnerabilities": [
      {
        "below": "3.8.0",
        "severity": "high",
        "cwe": ["CWE-22"],
        "identifiers": {
          "summary": "Santize filenames when files are loaded with loadAsync, to avoid “zip slip” attacks.",
          "retid": "5",
          "CVE": ["CVE-2022-48285"],
          "githubID": "GHSA-36fh-84j7-cv5h"
        },
        "info": ["https://stuk.github.io/jszip/CHANGES.html"]
      },
      {
        "below": "3.7.0",
        "atOrAbove": "3.0.0",
        "severity": "medium",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "Prototype Pollution",
          "CVE": ["CVE-2021-23413"],
          "githubID": "GHSA-jg8v-48h5-wgxg"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-JSZIP-1251497",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23413"
        ]
      },
      {
        "below": "2.7.0",
        "severity": "medium",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "Prototype Pollution",
          "CVE": ["CVE-2021-23413"],
          "githubID": "GHSA-jg8v-48h5-wgxg"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-JSZIP-1251497",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23413"
        ]
      }
    ],
    "extractors": {
      "uri": ["/jszip[/@](§§version§§)/.*\\.js"],
      "filename": ["jszip-(§§version§§)(\\.min)?\\.js"],
      "filecontent": ["/\\*![\\s]+JSZip v(§§version§§) "],
      "func": ["JSZip && JSZip.version"]
    }
  },
  "AlaSQL": {
    "npmname": "alasql",
    "vulnerabilities": [
      {
        "below": "0.7.0",
        "severity": "high",
        "cwe": ["CWE-94"],
        "identifiers": {
          "bug": "SNYK-JS-ALASQL-1082932",
          "summary": "An arbitrary code execution exists as AlaSQL doesn't sanitize input when characters are placed between square brackets [] or preceded with a backtik (accent grave) ` character. Versions older that 0.7.0 were deprecated in March of 2021 and should no longer be used."
        },
        "info": ["https://security.snyk.io/vuln/SNYK-JS-ALASQL-1082932"]
      }
    ],
    "extractors": {
      "uri": ["/alasql[/@](§§version§§)/.*\\.js"],
      "filename": ["alasql-(§§version§§)(\\.min)?\\.js"],
      "filecontent": ["/\\*!?[ \n]*AlaSQL v(§§version§§)"],
      "func": ["alasql && alasql.version"]
    }
  },
  "jquery.datatables": {
    "npmname": "datatables.net",
    "vulnerabilities": [
      {
        "below": "1.11.3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Cross site scripting in datatables.net",
          "CVE": ["CVE-2021-23445"],
          "githubID": "GHSA-h73q-5wmj-q8pj"
        },
        "info": ["https://github.com/advisories/GHSA-h73q-5wmj-q8pj"]
      },
      {
        "below": "1.10.22",
        "severity": "high",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "datatables.net vulnerable to Prototype Pollution due to incomplete fix",
          "CVE": ["CVE-2020-28458"],
          "githubID": "GHSA-m7j4-fhg6-xf5v"
        },
        "info": ["https://github.com/advisories/GHSA-m7j4-fhg6-xf5v"]
      },
      {
        "below": "1.11.3",
        "severity": "low",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "possible XSS",
          "retid": "2"
        },
        "info": [
          "https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b",
          "https://cdn.datatables.net/1.11.3/"
        ]
      },
      {
        "below": "1.10.23",
        "severity": "high",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "prototype pollution",
          "retid": "3"
        },
        "info": [
          "https://github.com/DataTables/DataTablesSrc/commit/a51cbe99fd3d02aa5582f97d4af1615d11a1ea03",
          "https://cdn.datatables.net/1.10.23/"
        ]
      },
      {
        "below": "1.10.22",
        "severity": "medium",
        "cwe": ["CWE-1321"],
        "identifiers": {
          "summary": "prototype pollution",
          "retid": "4"
        },
        "info": ["https://cdn.datatables.net/1.10.22/"]
      },
      {
        "below": "1.10.10",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "CVE": ["CVE-2015-6584"],
          "summary": "XSS"
        },
        "info": [
          "https://github.com/DataTables/DataTablesSrc/commit/ccf86dc5982bd8e16d",
          "https://www.invicti.com/web-applications-advisories/cve-2015-6384-xss-vulnerability-identified-in-datatables/",
          "https://github.com/advisories/GHSA-4mv4-gmmf-q382"
        ]
      }
    ],
    "extractors": {
      "uri": ["/(§§version§§)/(js/)?jquery.dataTables(.min)?.js"],
      "filename": ["jquery.dataTables-(§§version§§)(\\.min)?\\.js"],
      "filecontent": [
        "http://www.datatables.net\n +DataTables (§§version§§)",
        "/\\*! DataTables (§§version§§)",
        ".\\.version=\"(§§version§§)\";[\\s]*.\\.settings=\\[\\];[\\s]*.\\.models=\\{[\\s]*\\};[\\s]*.\\.models.oSearch"
      ],
      "func": ["DataTable && DataTable.version"]
    }
  },
  "nextjs": {
    "npmname": "next",
    "vulnerabilities": [
      {
        "atOrAbove": "10.0.0",
        "below": "12.1.0",
        "severity": "medium",
        "cwe": ["CWE-451"],
        "identifiers": {
          "summary": "Improper CSP in Image Optimization API",
          "CVE": ["CVE-2022-23646"],
          "githubID": "GHSA-fmvm-x8mv-47mj"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj"
        ]
      },
      {
        "atOrAbove": "12.0.0",
        "below": "12.0.9",
        "severity": "medium",
        "cwe": ["CWE-20", "CWE-400"],
        "identifiers": {
          "summary": "DOS Vulnerability for self-hosted next.js apps",
          "CVE": ["CVE-2022-21721"],
          "githubID": "GHSA-wr66-vrwm-5g5x"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-wr66-vrwm-5g5x"
        ]
      },
      {
        "atOrAbove": "0.9.9",
        "below": "11.1.3",
        "severity": "high",
        "cwe": ["CWE-20"],
        "identifiers": {
          "summary": "Unexpected server crash in Next.js versions",
          "CVE": ["CVE-2021-43803"],
          "githubID": "GHSA-25mp-g6fv-mqxx"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx"
        ]
      },
      {
        "atOrAbove": "12.0.0",
        "below": "12.0.5",
        "severity": "high",
        "cwe": ["CWE-20"],
        "identifiers": {
          "summary": "Unexpected server crash in Next.js versions",
          "CVE": ["CVE-2021-43803"],
          "githubID": "GHSA-25mp-g6fv-mqxx"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx"
        ]
      },
      {
        "atOrAbove": "10.0.0",
        "below": "11.1.1",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS in Image Optimization API",
          "CVE": ["CVE-2021-39178"],
          "githubID": "GHSA-9gr3-7897-pp7m"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3-7897-pp7m"
        ]
      },
      {
        "below": "11.1.0",
        "atOrAbove": "0.9.9",
        "severity": "medium",
        "cwe": ["CWE-601"],
        "identifiers": {
          "summary": "Open Redirect in Next.js",
          "CVE": ["CVE-2021-37699"],
          "githubID": "GHSA-vxf5-wxwp-m7g9"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-vxf5-wxwp-m7g9"
        ]
      },
      {
        "atOrAbove": "9.5.0",
        "below": "9.5.4",
        "severity": "medium",
        "cwe": ["CWE-601"],
        "identifiers": {
          "summary": "Open Redirect in Next.js",
          "CVE": ["CVE-2020-15242"],
          "githubID": "GHSA-x56p-c8cg-q435"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435"
        ]
      },
      {
        "below": "9.3.2",
        "severity": "medium",
        "cwe": ["CWE-23"],
        "identifiers": {
          "summary": "Directory Traversal in Next.js",
          "CVE": ["CVE-2020-5284"],
          "githubID": "GHSA-fq77-7p7r-83rj"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-fq77-7p7r-83rj"
        ]
      },
      {
        "below": "12.2.4",
        "atOrAbove": "12.2.3",
        "cwe": ["CWE-248", "CWE-754"],
        "severity": "medium",
        "identifiers": {
          "summary": "Unexpected server crash in Next.js",
          "githubID": "GHSA-wff4-fpwg-qqv3",
          "CVE": ["CVE-2022-36046"]
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3"
        ]
      },
      {
        "below": "7.0.2",
        "atOrAbove": "7.0.0",
        "cwe": ["CWE-79"],
        "severity": "medium",
        "identifiers": {
          "summary": "Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page",
          "CVE": ["CVE-2018-18282"],
          "githubID": "GHSA-qw96-mm2g-c8m7"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-qw96-mm2g-c8m7"
        ]
      },
      {
        "below": "4.2.3",
        "atOrAbove": "1.0.0",
        "cwe": ["CWE-22"],
        "severity": "high",
        "identifiers": {
          "summary": "Directory traversal vulnerability in Next.js",
          "CVE": ["CVE-2018-6184"],
          "githubID": "GHSA-m34x-wgrh-g897"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-m34x-wgrh-g897"
        ]
      },
      {
        "below": "5.1.0",
        "atOrAbove": "0.9.9",
        "cwe": ["CWE-20"],
        "severity": "high",
        "identifiers": {
          "summary": "Remote Code Execution in next",
          "githubID": "GHSA-5vj8-3v2h-h38v"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-5vj8-3v2h-h38v"
        ]
      },
      {
        "below": "2.4.1",
        "atOrAbove": "1.0.0",
        "severity": "high",
        "cwe": ["CWE-22"],
        "identifiers": {
          "summary": "Next.js Directory Traversal Vulnerability",
          "CVE": ["CVE-2017-16877"],
          "githubID": "GHSA-3f5c-4qxj-vmpf"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-3f5c-4qxj-vmpf"
        ]
      }
    ],
    "extractors": {
      "filecontent": [
        "version=\"(§§version§§)\".{1,1500}document\\.getElementById\\(\"__NEXT_DATA__\"\\)\\.textContent",
        "document\\.getElementById\\(\"__NEXT_DATA__\"\\)\\.textContent\\);window\\.__NEXT_DATA__=.;.\\.version=\"(§§version§§)\""
      ],
      "func": ["next && next.version"]
    }
  },
  "chart.js": {
    "vulnerabilities": [
      {
        "below": "2.9.4",
        "severity": "high",
        "cwe": ["CWE-1321", "CWE-915"],
        "identifiers": {
          "summary": "Prototype pollution in chart.js",
          "CVE": ["CVE-2020-7746"],
          "githubID": "GHSA-h68q-55jf-x68w"
        },
        "info": ["https://github.com/advisories/GHSA-h68q-55jf-x68w"]
      }
    ],
    "extractors": {
      "uri": [
        "/Chart.js/(§§version§§)/chart(\\.min)?\\.js",
        "/Chart.js/(§§version§§)/Chart.bundle(\\.min)?\\.js"
      ],
      "filecontent": [
        "var version=\"(§§version§§)\";const KNOWN_POSITIONS=\\[\"top\",\"bottom\",\"left\",\"right\",\"chartArea\"\\]",
        "/\\*![\\s]+\\* Chart.js v(§§version§§)",
        "/\\*![\\s]+\\* Chart.js[\\s]+\\* http://chartjs.org/[\\s]+\\* Version: (§§version§§)"
      ]
    }
  },
  "froala": {
    "npmname": "froala-editor",
    "vulnerabilities": [
      {
        "below": "4.0.11",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS vulnerability in [insert video]",
          "issue": "3880",
          "githubID": "GHSA-97x5-cc53-cv4v",
          "CVE": ["CVE-2020-22864"]
        },
        "info": [
          "https://github.com/froala/wysiwyg-editor/releases/tag/v4.0.11"
        ]
      },
      {
        "below": "3.2.7",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.",
          "CVE": ["CVE-2021-28114"]
        },
        "info": ["https://bishopfox.com/blog/froala-editor-v3-2-6-advisory"]
      },
      {
        "below": "3.2.7",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Froala WYSIWYG Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent XSS.",
          "CVE": ["CVE-2021-30109"],
          "githubID": "GHSA-cq6w-w5rj-p9x8"
        },
        "info": [
          "https://github.com/froala/wysiwyg-editor/releases/tag/v4.0.11"
        ]
      },
      {
        "below": "3.2.3",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "DOM-based cross-site scripting in Froala Editor",
          "githubID": "GHSA-h236-g5gh-vq6c",
          "CVE": ["CVE-2019-19935"]
        },
        "info": ["https://github.com/advisories/GHSA-h236-g5gh-vq6c"]
      },
      {
        "below": "3.2.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Security issue: XSS via pasted content",
          "issue": "3880"
        },
        "info": ["https://froala.com/wysiwyg-editor/changelog/#3.2.2"]
      },
      {
        "below": "3.2.2",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "XSS Issue In Link Insertion",
          "issue": "3270"
        },
        "info": ["https://github.com/froala/wysiwyg-editor/issues/3270"]
      }
    ],
    "extractors": {
      "uri": ["/froala-editor/(§§version§§)/", "/froala-editor@(§§version§§)/"],
      "filecontent": [
        "/\\*![\\s]+\\* froala_editor v(§§version§§)",
        "VERSION:\"(§§version§§)\",INSTANCES:\\[\\],OPTS_MAPPING:\\{\\}"
      ],
      "func": ["FroalaEditor.VERSION"]
    }
  },
  "pendo": {
    "vulnerabilities": [
      {
        "below": "2.15.18",
        "severity": "medium",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Patched XSS vulnerability around script loading",
          "retid": "74"
        },
        "info": ["https://developers.pendo.io/agent-version-2-15-18/"]
      }
    ],
    "extractors": {
      "filecontent": [
        "// Pendo Agent Wrapper\n//[\\s]+Environment:[\\s]+[^\n]+\n// Agent Version:[\\s]+(§§version§§)"
      ],
      "func": ["pendo.VERSION.split('_')[0]"]
    }
  },
  "highcharts": {
    "vulnerabilities": [
      {
        "below": "9.0.0",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS) and Prototype Pollution in Highcharts < 9.0.0",
          "CVE": ["CVE-2021-29489"],
          "githubID": "GHSA-8j65-4pcq-xq95"
        },
        "info": ["https://security.snyk.io/vuln/SNYK-JS-HIGHCHARTS-1290057"]
      },
      {
        "below": "7.2.2",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Versions of `highcharts` prior to 7.2.2 or 8.1.1 are vulnerable to Cross-Site Scripting (XSS)",
          "githubID": "GHSA-gr4j-r575-g665"
        },
        "info": ["https://github.com/highcharts/highcharts/issues/13559"]
      },
      {
        "below": "8.1.1",
        "atOrAbove": "8.0.0",
        "severity": "high",
        "cwe": ["CWE-79"],
        "identifiers": {
          "summary": "Versions of `highcharts` prior to 7.2.2 or 8.1.1 are vulnerable to Cross-Site Scripting (XSS)",
          "githubID": "GHSA-gr4j-r575-g665"
        },
        "info": ["https://github.com/highcharts/highcharts/issues/13559"]
      },
      {
        "below": "6.1.0",
        "severity": "high",
        "cwe": ["CWE-1333"],
        "identifiers": {
          "summary": "Regular Expression Denial of Service in highcharts",
          "CVE": ["CVE-2018-20801"],
          "githubID": "GHSA-xmc8-cjfr-phx3"
        },
        "info": ["https://security.snyk.io/vuln/SNYK-JS-HIGHCHARTS-1290057"]
      }
    ],
    "extractors": {
      "uri": ["highcharts/(§§version§§)/highcharts(\\.min)?\\.js"],
      "filecontent": [
        "product:\"Highcharts\",version:\"(§§version§§)\"",
        "product=\"Highcharts\"[,;].\\.version=\"(§§version§§)\""
      ]
    }
  },
  "dont check": {
    "extractors": {
      "uri": [
        "^http[s]?://(ssl|www).google-analytics.com/ga.js",
        "^http[s]?://apis.google.com/js/plusone.js",
        "^http[s]?://cdn.cxense.com/cx.js"
      ]
    }
  }
}