{
  "retire-example": {
    "vulnerabilities": [
      {
        "below": "0.0.2",
        "severity": "low",
        "cwe": [
          "CWE-477"
        ],
        "identifiers": {
          "summary": "bug summary",
          "CVE": [
            "CVE-XXXX-XXXX"
          ],
          "bug": "1234"
        },
        "info": [
          "http://github.com/eoftedal/retire.js/"
        ]
      }
    ],
    "extractors": {
      "func": [
        "retire.VERSION"
      ],
      "filename": [
        "retire-example-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!? Retire-example v(§§version§§)"
      ],
      "hashes": {
        "07f8b94c8d601a24a1914a1a92bec0e4fafda964": "0.0.1"
      }
    }
  },
  "jquery": {
    "bowername": [
      "jQuery"
    ],
    "npmname": "jquery",
    "vulnerabilities": [
      {
        "below": "1.6.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS with location.hash",
          "CVE": [
            "CVE-2011-4969"
          ],
          "githubID": "GHSA-579v-mp3v-rrw5"
        },
        "info": [
          "http://research.insecurelabs.org/jquery/test/",
          "https://bugs.jquery.com/ticket/9521",
          "https://nvd.nist.gov/vuln/detail/CVE-2011-4969"
        ]
      },
      {
        "below": "1.9.0b1",
        "cwe": [
          "CWE-64",
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Selector interpreted as HTML",
          "CVE": [
            "CVE-2012-6708"
          ],
          "bug": "11290",
          "githubID": "GHSA-2pqj-h3vj-pqgw"
        },
        "info": [
          "http://bugs.jquery.com/ticket/11290",
          "http://research.insecurelabs.org/jquery/test/",
          "https://nvd.nist.gov/vuln/detail/CVE-2012-6708"
        ]
      },
      {
        "atOrAbove": "1.2.1",
        "below": "1.9.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.\n\n\n## Recommendation\n\nUpgrade to version 1.9.0 or later.",
          "CVE": [
            "CVE-2020-7656"
          ],
          "githubID": "GHSA-q4m3-2j7h-f7xw"
        },
        "info": [
          "https://github.com/advisories/GHSA-q4m3-2j7h-f7xw",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-7656",
          "https://research.insecurelabs.org/jquery/test/"
        ]
      },
      {
        "atOrAbove": "1.4.0",
        "below": "1.12.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "3rd party CORS request may execute",
          "issue": "2432",
          "CVE": [
            "CVE-2015-9251"
          ],
          "githubID": "GHSA-rmxg-73gg-4p98"
        },
        "info": [
          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
          "http://research.insecurelabs.org/jquery/test/",
          "https://bugs.jquery.com/ticket/11974",
          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
          "https://github.com/jquery/jquery/issues/2432",
          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
        ]
      },
      {
        "below": "2.999.999",
        "cwe": [
          "CWE-1104"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates",
          "retid": "73",
          "issue": "162"
        },
        "info": [
          "https://github.com/jquery/jquery.com/issues/162"
        ]
      },
      {
        "atOrAbove": "1.12.3",
        "below": "3.0.0-beta1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "3rd party CORS request may execute",
          "issue": "2432",
          "CVE": [
            "CVE-2015-9251"
          ],
          "githubID": "GHSA-rmxg-73gg-4p98"
        },
        "info": [
          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
          "http://research.insecurelabs.org/jquery/test/",
          "https://bugs.jquery.com/ticket/11974",
          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
          "https://github.com/jquery/jquery/issues/2432",
          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
        ]
      },
      {
        "atOrAbove": "3.0.0-rc.1",
        "below": "3.0.0",
        "cwe": [
          "CWE-400",
          "CWE-674"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Denial of Service in jquery",
          "CVE": [
            "CVE-2016-10707"
          ],
          "githubID": "GHSA-mhpp-875w-9cpv"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2016-10707"
        ]
      },
      {
        "atOrAbove": "1.1.4",
        "below": "3.4.0",
        "cwe": [
          "CWE-1321",
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution",
          "CVE": [
            "CVE-2019-11358"
          ],
          "PR": "4333",
          "githubID": "GHSA-6c3j-c64m-qhgq"
        },
        "info": [
          "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
          "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b",
          "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
        ]
      },
      {
        "atOrAbove": "1.0.3",
        "below": "3.5.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.",
          "CVE": [
            "CVE-2020-11023"
          ],
          "issue": "4647",
          "githubID": "GHSA-jpcq-cgw6-v4j6"
        },
        "info": [
          "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
        ]
      },
      {
        "atOrAbove": "1.2.0",
        "below": "3.5.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS",
          "CVE": [
            "CVE-2020-11022"
          ],
          "issue": "4642",
          "githubID": "GHSA-gxr4-xjj5-5px2"
        },
        "info": [
          "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
        ]
      }
    ],
    "extractors": {
      "func": [
        "(window.jQuery || window.$ || window.$jq || window.$j).fn.jquery",
        "require('jquery').fn.jquery"
      ],
      "uri": [
        "/(§§version§§)/jquery(\\.min)?\\.js"
      ],
      "filename": [
        "jquery-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!? jQuery v(§§version§§)",
        "\\* jQuery JavaScript Library v(§§version§§)",
        "\\* jQuery (§§version§§) - New Wave Javascript",
        "/\\*![\\s]+\\* jQuery JavaScript Library v(§§version§§)",
        "// \\$Id: jquery.js,v (§§version§§)",
        "/\\*! jQuery v(§§version§§)",
        "[^a-z]f=\"(§§version§§)\",.*[^a-z]jquery:f,",
        "[^a-z]m=\"(§§version§§)\",.*[^a-z]jquery:m,",
        "[^a-z.]jquery:[ ]?\"(§§version§§)\"",
        "\\$\\.documentElement,Q=e.jQuery,Z=e\\.\\$,ee=\\{\\},te=\\[\\],ne=\"(§§version§§)\"",
        "=\"(§§version§§)\",.{50,300}(.)\\.fn=(\\2)\\.prototype=\\{jquery:"
      ],
      "filecontentreplace": [
        "/var [a-z]=[a-z]\\.document,([a-z])=\"(§§version§§)\",([a-z])=.{130,160};\\3\\.fn=\\3\\.prototype=\\{jquery:\\1/$2/"
      ],
      "hashes": {}
    }
  },
  "jquery-migrate": {
    "vulnerabilities": [
      {
        "below": "1.2.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "cross-site-scripting",
          "issue": "36",
          "release": "jQuery Migrate 1.2.0 Released"
        },
        "info": [
          "http://blog.jquery.com/2013/05/01/jquery-migrate-1-2-0-released/",
          "https://github.com/jquery/jquery-migrate/issues/36"
        ]
      },
      {
        "below": "1.2.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Selector interpreted as HTML",
          "bug": "11290"
        },
        "info": [
          "http://bugs.jquery.com/ticket/11290",
          "http://research.insecurelabs.org/jquery/test/"
        ]
      }
    ],
    "extractors": {
      "filename": [
        "jquery-migrate-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!?(?:\n \\*)? jQuery Migrate(?: -)? v(§§version§§)",
        "\\.migrateVersion ?= ?\"(§§version§§)\"[\\s\\S]{10,150}(migrateDisablePatches|migrateWarnings|JQMIGRATE)",
        "jQuery\\.migrateVersion ?= ?\"(§§version§§)\""
      ],
      "hashes": {}
    }
  },
  "jquery-validation": {
    "bowername": [
      "jquery-validation"
    ],
    "vulnerabilities": [
      {
        "below": "1.19.3",
        "severity": "high",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service vulnerability",
          "CVE": [
            "CVE-2021-21252"
          ],
          "githubID": "GHSA-jxwx-85vp-gvwm"
        },
        "info": [
          "https://github.com/jquery-validation/jquery-validation/blob/master/changelog.md#1193--2021-01-09"
        ]
      },
      {
        "below": "1.19.4",
        "severity": "low",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "ReDoS vulnerability in URL2 validation",
          "CVE": [
            "CVE-2021-43306"
          ],
          "issue": "2428",
          "githubID": "GHSA-j9m2-h2pv-wvph"
        },
        "info": [
          "https://github.com/jquery-validation/jquery-validation/blob/master/changelog.md#1194--2022-05-19"
        ]
      },
      {
        "below": "1.19.5",
        "severity": "high",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "ReDoS vulnerability in url and URL2 validation",
          "CVE": [
            "CVE-2022-31147"
          ],
          "githubID": "GHSA-ffmh-x56j-9rc3"
        },
        "info": [
          "https://github.com/advisories/GHSA-ffmh-x56j-9rc3",
          "https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd"
        ]
      },
      {
        "below": "1.20.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Potential XSS via showLabel",
          "PR": "2462"
        },
        "info": [
          "https://github.com/jquery-validation/jquery-validation/blob/master/changelog.md#1200--2023-10-10"
        ]
      }
    ],
    "extractors": {
      "func": [
        "jQuery.validation.version"
      ],
      "filename": [
        "jquery.validat(?:ion|e)-(§§version§§)(.min)?\\.js"
      ],
      "uri": [
        "/(§§version§§)/jquery.validat(ion|e)(\\.min)?\\.js",
        "/jquery-validation@(§§version§§)/dist/.*\\.js"
      ],
      "filecontent": [
        "/\\*!?(?:\n \\*)?[\\s]*jQuery Validation Plugin -? ?v(§§version§§)",
        "Original file: /npm/jquery-validation@(§§version§§)/dist/jquery.validate.js"
      ],
      "hashes": {}
    }
  },
  "jquery-mobile": {
    "bowername": [
      "jquery-mobile",
      "jquery-mobile-min",
      "jquery-mobile-build",
      "jquery-mobile-dist",
      "jquery-mobile-bower"
    ],
    "vulnerabilities": [
      {
        "below": "1.0.1",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "osvdb": [
            "94317"
          ]
        },
        "info": [
          "http://osvdb.org/show/osvdb/94317"
        ]
      },
      {
        "below": "1.0RC2",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "osvdb": [
            "94563",
            "93562",
            "94316",
            "94561",
            "94560"
          ]
        },
        "info": [
          "http://osvdb.org/show/osvdb/94316",
          "http://osvdb.org/show/osvdb/94560",
          "http://osvdb.org/show/osvdb/94561",
          "http://osvdb.org/show/osvdb/94562",
          "http://osvdb.org/show/osvdb/94563"
        ]
      },
      {
        "below": "1.1.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "location.href cross-site scripting",
          "issue": "4787"
        },
        "info": [
          "http://jquerymobile.com/changelog/1.1.2/",
          "http://jquerymobile.com/changelog/1.2.0/",
          "https://github.com/jquery/jquery-mobile/issues/4787"
        ]
      },
      {
        "below": "1.2.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "location.href cross-site scripting",
          "issue": "4787"
        },
        "info": [
          "http://jquerymobile.com/changelog/1.2.0/",
          "https://github.com/jquery/jquery-mobile/issues/4787"
        ]
      },
      {
        "below": "1.3.0",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Endpoint that reflect user input leads to cross site scripting",
          "gist": "jupenur/e5d0c6f9b58aa81860bf74e010cf1685"
        },
        "info": [
          "https://gist.github.com/jupenur/e5d0c6f9b58aa81860bf74e010cf1685"
        ]
      },
      {
        "below": "100.0.0",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "open redirect leads to cross site scripting",
          "blog": "sirdarckcat/unpatched-0day-jquery-mobile-xss",
          "githubID": "GHSA-fj93-7wm4-8x2g"
        },
        "info": [
          "http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html",
          "https://github.com/jquery/jquery-mobile/issues/8640",
          "https://snyk.io/vuln/SNYK-JS-JQUERYMOBILE-174599"
        ]
      }
    ],
    "extractors": {
      "func": [
        "jQuery.mobile.version"
      ],
      "filename": [
        "jquery.mobile-(§§version§§)(.min)?\\.js"
      ],
      "uri": [
        "/(§§version§§)/jquery.mobile(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!?[\\s*]*jQuery Mobile(?: -)? v?(§§version§§)",
        "// Version of the jQuery Mobile Framework[\\s]+version: *[\"'](§§version§§)[\"'],"
      ],
      "hashes": {}
    }
  },
  "jquery-ui": {
    "bowername": [
      "jquery-ui",
      "jquery.ui"
    ],
    "npmname": "jquery-ui",
    "vulnerabilities": [
      {
        "below": "1.13.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS in the `altField` option of the Datepicker widget",
          "CVE": [
            "CVE-2021-41182"
          ],
          "githubID": "GHSA-9gj3-hwp5-pmwc"
        },
        "info": [
          "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-41182"
        ]
      },
      {
        "below": "1.13.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS in the `of` option of the `.position()` util",
          "CVE": [
            "CVE-2021-41184"
          ],
          "githubID": "GHSA-gpqq-952q-5327"
        },
        "info": [
          "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-41184"
        ]
      },
      {
        "below": "1.13.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS Vulnerability on text options of jQuery UI datepicker",
          "CVE": [
            "CVE-2021-41183"
          ],
          "bug": "15284",
          "githubID": "GHSA-j7qv-pgf6-hvh4"
        },
        "info": [
          "https://bugs.jqueryui.com/ticket/15284",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-41183"
        ]
      },
      {
        "below": "1.13.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS when refreshing a checkboxradio with an HTML-like initial text label ",
          "CVE": [
            "CVE-2022-31160"
          ],
          "issue": "2101",
          "githubID": "GHSA-h6gj-6jjq-h8g9"
        },
        "info": [
          "https://github.com/advisories/GHSA-h6gj-6jjq-h8g9",
          "https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9",
          "https://github.com/jquery/jquery-ui/issues/2101",
          "https://nvd.nist.gov/vuln/detail/CVE-2022-31160"
        ]
      }
    ],
    "extractors": {
      "func": [
        "jQuery.ui.version"
      ],
      "uri": [
        "/(§§version§§)/jquery-ui(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!? jQuery UI - v(§§version§§)",
        "/\\*!?[\n *]+jQuery UI (§§version§§)"
      ],
      "hashes": {}
    }
  },
  "jquery-ui-dialog": {
    "bowername": [
      "jquery-ui",
      "jquery.ui"
    ],
    "npmname": "jquery-ui",
    "vulnerabilities": [
      {
        "atOrAbove": "1.7.0",
        "below": "1.10.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Title cross-site scripting vulnerability",
          "CVE": [
            "CVE-2010-5312"
          ],
          "bug": "6016",
          "githubID": "GHSA-wcm2-9c89-wmfm"
        },
        "info": [
          "http://bugs.jqueryui.com/ticket/6016",
          "https://nvd.nist.gov/vuln/detail/CVE-2010-5312"
        ]
      },
      {
        "below": "1.12.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS Vulnerability on closeText option",
          "CVE": [
            "CVE-2016-7103"
          ],
          "bug": "281",
          "githubID": "GHSA-hpcf-8vf9-q4gj"
        },
        "info": [
          "https://github.com/jquery/api.jqueryui.com/issues/281",
          "https://nvd.nist.gov/vuln/detail/CVE-2016-7103",
          "https://snyk.io/vuln/npm:jquery-ui:20160721"
        ]
      }
    ],
    "extractors": {
      "func": [
        "jQuery.ui.dialog.version"
      ],
      "filecontent": [
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.dialog\\.js",
        "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.dialog",
        "/\\*!?[\n *]+jQuery UI Dialog (§§version§§)",
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}\\* Includes: .* dialog\\.js"
      ],
      "hashes": {}
    }
  },
  "jquery-ui-autocomplete": {
    "bowername": [
      "jquery-ui",
      "jquery.ui"
    ],
    "npmname": "jquery-ui",
    "vulnerabilities": [],
    "extractors": {
      "func": [
        "jQuery.ui.autocomplete.version"
      ],
      "filecontent": [
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.autocomplete\\.js",
        "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.autocomplete",
        "/\\*!?[\n *]+jQuery UI Autocomplete (§§version§§)",
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}\\* Includes: .* autocomplete\\.js"
      ],
      "hashes": {}
    }
  },
  "jquery-ui-tooltip": {
    "bowername": [
      "jquery-ui",
      "jquery.ui"
    ],
    "npmname": "jquery-ui",
    "vulnerabilities": [
      {
        "atOrAbove": "1.9.2",
        "below": "1.10.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip",
          "CVE": [
            "CVE-2012-6662"
          ],
          "bug": "8859",
          "githubID": "GHSA-qqxp-xp9v-vvx6"
        },
        "info": [
          "http://bugs.jqueryui.com/ticket/8859",
          "https://nvd.nist.gov/vuln/detail/CVE-2012-6662"
        ]
      }
    ],
    "extractors": {
      "func": [
        "jQuery.ui.tooltip.version"
      ],
      "filecontent": [
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.tooltip\\.js",
        "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.tooltip",
        "/\\*!?[\n *]+jQuery UI Tooltip (§§version§§)"
      ],
      "hashes": {}
    }
  },
  "jquery.prettyPhoto": {
    "bowername": [
      "jquery-prettyPhoto"
    ],
    "basePurl": "pkg:github/scaron/prettyphoto",
    "vulnerabilities": [
      {
        "below": "3.1.5",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-6837"
          ]
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2013-6837"
        ]
      },
      {
        "below": "3.1.6",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "issue": "149"
        },
        "info": [
          "https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto",
          "https://github.com/scaron/prettyphoto/issues/149"
        ]
      }
    ],
    "extractors": {
      "func": [
        "jQuery.prettyPhoto.version"
      ],
      "uri": [
        "/prettyPhoto/(§§version§§)/js/jquery\\.prettyPhoto(\\.min?)\\.js",
        "/prettyphoto@(§§version§§)/js/jquery\\.prettyPhoto\\.js"
      ],
      "filecontent": [
        "/\\*[\r\n -]+Class: prettyPhoto(?:.*\n){1,3}[ ]*Version: (§§version§§)",
        "\\.prettyPhoto[ ]?=[ ]?\\{version:[ ]?(?:'|\")(§§version§§)(?:'|\")\\}"
      ],
      "hashes": {}
    }
  },
  "jquery.terminal": {
    "vulnerabilities": [
      {
        "below": "1.21.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Reflected Cross-Site Scripting in jquery.terminal",
          "githubID": "GHSA-2hwp-g4g7-mwwj"
        },
        "info": [
          "https://github.com/jcubic/jquery.terminal/commit/c8b7727d21960031b62a4ef1ed52f3c634046211",
          "https://www.npmjs.com/advisories/769"
        ]
      },
      {
        "below": "2.31.1",
        "severity": "low",
        "cwe": [
          "CWE-79",
          "CWE-80"
        ],
        "identifiers": {
          "summary": "jquery.terminal self XSS on user input",
          "githubID": "GHSA-x9r5-jxvq-4387",
          "CVE": [
            "CVE-2021-43862"
          ]
        },
        "info": [
          "https://github.com/jcubic/jquery.terminal/security/advisories/GHSA-x9r5-jxvq-4387",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-43862"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/jquery.terminal[@/](§§version§§)/"
      ],
      "filecontent": [
        "version (§§version§§)[\\s]+\\*[\\s]+\\* This file is part of jQuery Terminal.",
        "\\$\\.terminal=\\{version:\"(§§version§§)\""
      ]
    }
  },
  "jquery-deparam": {
    "vulnerabilities": [
      {
        "below": "0.5.4",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "githubID": "GHSA-xg68-chx2-253g",
          "CVE": [
            "CVE-2021-20087"
          ]
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2021-20087"
        ]
      }
    ],
    "extractors": {
      "hashes": {
        "61c9d49ae64331402c3bde766c9dc504ed2ca509": "0.5.3",
        "10a68e5048995351a01b0ad7f322bb755a576a02": "0.5.2",
        "b8f063c860fa3aab266df06b290e7da648f9328d": "0.4.2",
        "851bc74dc664aa55130ecc74dd6b1243becc3242": "0.4.1",
        "2aae12841f4d00143ffc1effa59fbd058218c29f": "0.4.0",
        "967942805137f9eb0ae26005d94e8285e2e288a0": "0.3.0",
        "fbf2e115feae7ade26788e38ebf338af11a98bb2": "0.1.0"
      }
    }
  },
  "tableexport.jquery.plugin": {
    "vulnerabilities": [
      {
        "below": "1.25.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "There is a cross-site scripting vulnerability with default `onCellHtmlData`",
          "githubID": "GHSA-j636-crp3-m584",
          "CVE": [
            "CVE-2022-1291"
          ]
        },
        "info": [
          "https://github.com/hhurz/tableexport.jquery.plugin/commit/dcbaee23cf98328397a153e71556f75202988ec9"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/tableexport.jquery.plugin@(§§version§§)/tableExport.min.js",
        "/TableExport/(§§version§§)/js/tableexport.min.js"
      ],
      "filecontent": [
        "/\\*[\\s]+tableExport.jquery.plugin[\\s]+Version (§§version§§)",
        "/\\*![\\s]+\\* TableExport.js v(§§version§§)"
      ]
    }
  },
  "jPlayer": {
    "bowername": [
      "jPlayer"
    ],
    "npmname": "jplayer",
    "vulnerabilities": [
      {
        "below": "2.2.20",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component",
          "CVE": [
            "CVE-2013-1942"
          ],
          "release": "2.2.20"
        },
        "info": [
          "http://jplayer.org/latest/release-notes/",
          "https://nvd.nist.gov/vuln/detail/CVE-2013-1942"
        ]
      },
      {
        "below": "2.3.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component",
          "CVE": [
            "CVE-2013-2022"
          ],
          "githubID": "GHSA-3jcq-cwr7-6332"
        },
        "info": [
          "http://jplayer.org/latest/release-notes/",
          "https://nvd.nist.gov/vuln/detail/CVE-2013-2022"
        ]
      },
      {
        "below": "2.3.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS vulnerability in actionscript/Jplayer.as in the Flash SWF component",
          "CVE": [
            "CVE-2013-2023"
          ],
          "release": "2.3.1"
        },
        "info": [
          "http://jplayer.org/latest/release-notes/",
          "https://nvd.nist.gov/vuln/detail/CVE-2013-2023"
        ]
      }
    ],
    "extractors": {
      "func": [
        "new jQuery.jPlayer().version.script"
      ],
      "filecontent": [
        "/\\*!?[\n *]+jPlayer Plugin for jQuery (?:.*\n){1,10}[ *]+Version: (§§version§§)",
        "/\\*!? jPlayer (§§version§§) for jQuery"
      ],
      "hashes": {}
    }
  },
  "knockout": {
    "vulnerabilities": [
      {
        "below": "3.5.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS injection point in attr name binding for browser IE7 and older",
          "issue": "1244",
          "CVE": [
            "CVE-2019-14862"
          ],
          "githubID": "GHSA-vcjj-xf2r-mwvc"
        },
        "info": [
          "https://github.com/knockout/knockout/issues/1244"
        ]
      }
    ],
    "extractors": {
      "func": [
        "ko.version"
      ],
      "filename": [
        "knockout-(§§version§§)(.min)?\\.js"
      ],
      "uri": [
        "/knockout/(§§version§§)/knockout(-[a-z.]+)?\\.js"
      ],
      "filecontent": [
        "(?:\\*|//) Knockout JavaScript library v(§§version§§)"
      ],
      "hashes": {}
    }
  },
  "sessvars": {
    "vulnerabilities": [
      {
        "below": "1.01",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Unsanitized data passed to eval()",
          "tenable": "98645"
        },
        "info": [
          "http://www.thomasfrank.se/sessionvars.html"
        ]
      }
    ],
    "extractors": {
      "filename": [
        "sessvars-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "sessvars ver (§§version§§)"
      ],
      "hashes": {}
    }
  },
  "swfobject": {
    "bowername": [
      "swfobject",
      "swfobject-bower"
    ],
    "vulnerabilities": [
      {
        "below": "2.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "DOM-based XSS",
          "retid": "1"
        },
        "info": [
          "https://github.com/swfobject/swfobject/wiki/SWFObject-Release-Notes#swfobject-v21-beta7-june-6th-2008"
        ]
      }
    ],
    "extractors": {
      "filename": [
        "swfobject_(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "SWFObject v(§§version§§) "
      ],
      "hashes": {}
    }
  },
  "tinyMCE": {
    "bowername": [
      "tinymce",
      "tinymce-dist"
    ],
    "npmname": "tinymce",
    "vulnerabilities": [
      {
        "below": "1.4.2",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Static code injection vulnerability in inc/function.base.php",
          "CVE": [
            "CVE-2011-4825"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2011-4825/"
        ]
      },
      {
        "below": "4.2.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "FIXED so script elements gets removed by default to prevent possible XSS issues in default config implementations",
          "retid": "62"
        },
        "info": [
          "https://www.tinymce.com/docs/changelog/"
        ]
      },
      {
        "below": "4.2.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "xss issues with media plugin not properly filtering out some script attributes.",
          "retid": "61"
        },
        "info": [
          "https://www.tinymce.com/docs/changelog/"
        ]
      },
      {
        "below": "4.7.12",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "FIXED so links with xlink:href attributes are filtered correctly to prevent XSS.",
          "retid": "63"
        },
        "info": [
          "https://www.tinymce.com/docs/changelog/"
        ]
      },
      {
        "below": "4.9.7",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
          "githubID": "GHSA-27gm-ghr9-4v95",
          "CVE": [
            "CVE-2020-17480"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-27gm-ghr9-4v95",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95"
        ]
      },
      {
        "below": "4.9.7",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.",
          "githubID": "GHSA-p7j5-4mwm-hv86"
        },
        "info": [
          "https://github.com/advisories/GHSA-p7j5-4mwm-hv86",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-p7j5-4mwm-hv86"
        ]
      },
      {
        "below": "4.9.10",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "cross-site scripting (XSS) vulnerability was discovered in: the core parser and `media` plugin. ",
          "githubID": "GHSA-c78w-2gw7-gjv3",
          "CVE": [
            "CVE-2019-1010091"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-c78w-2gw7-gjv3",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
        ]
      },
      {
        "below": "4.9.11",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site scripting vulnerability in TinyMCE",
          "githubID": "GHSA-vrv8-v4w8-f95h",
          "CVE": [
            "CVE-2020-12648"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-vrv8-v4w8-f95h",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
        ]
      },
      {
        "atOrAbove": "5.0.0",
        "below": "5.1.4",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
          "githubID": "GHSA-27gm-ghr9-4v95",
          "CVE": [
            "CVE-2020-17480"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-27gm-ghr9-4v95",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95"
        ]
      },
      {
        "atOrAbove": "5.0.0",
        "below": "5.1.4",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.",
          "githubID": "GHSA-p7j5-4mwm-hv86"
        },
        "info": [
          "https://github.com/advisories/GHSA-p7j5-4mwm-hv86",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-p7j5-4mwm-hv86"
        ]
      },
      {
        "below": "5.1.6",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "CDATA parsing and sanitization has been improved to address a cross-site scripting (XSS) vulnerability.",
          "retid": "64"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes516/"
        ]
      },
      {
        "below": "5.2.2",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "media embed content not processing safely in some cases.",
          "retid": "65"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes522/"
        ]
      },
      {
        "atOrAbove": "5.0.0",
        "below": "5.2.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "cross-site scripting (XSS) vulnerability was discovered in: the core parser and `media` plugin. ",
          "githubID": "GHSA-c78w-2gw7-gjv3",
          "CVE": [
            "CVE-2019-1010091"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-c78w-2gw7-gjv3",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
        ]
      },
      {
        "below": "5.4.0",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "content in an iframe element parsing as DOM elements instead of text content.",
          "retid": "66"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes54/"
        ]
      },
      {
        "atOrAbove": "5.0.0",
        "below": "5.4.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site scripting vulnerability in TinyMCE",
          "githubID": "GHSA-vrv8-v4w8-f95h",
          "CVE": [
            "CVE-2020-12648"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-vrv8-v4w8-f95h",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
        ]
      },
      {
        "below": "5.6.0",
        "severity": "low",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Regex denial of service vulnerability in codesample plugin",
          "githubID": "GHSA-h96f-fc7c-9r55"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes"
        ]
      },
      {
        "below": "5.6.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "security issue where URLs in attributes weren’t correctly sanitized. security issue in the codesample plugin",
          "retid": "67",
          "githubID": "GHSA-w7jx-j77m-wp65",
          "CVE": [
            "CVE-2024-21911"
          ]
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes"
        ]
      },
      {
        "below": "5.7.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "URLs are not correctly filtered in some cases.",
          "retid": "68",
          "githubID": "GHSA-5vm8-hhgr-jcjp"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes571/#securityfixes"
        ]
      },
      {
        "below": "5.9.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Inserting certain HTML content into the editor could result in invalid HTML once parsed. This caused a medium severity Cross Site Scripting (XSS) vulnerability",
          "retid": "69",
          "githubID": "GHSA-5h9g-x5rv-25wg",
          "CVE": [
            "CVE-2024-21908"
          ]
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes"
        ]
      },
      {
        "below": "5.10.0",
        "severity": "medium",
        "cwe": [
          "CWE-64",
          "CWE-79"
        ],
        "identifiers": {
          "summary": "URLs not cleaned correctly in some cases in the link and image plugins",
          "retid": "70",
          "githubID": "GHSA-r8hm-w5f7-wj39",
          "CVE": [
            "CVE-2024-21910"
          ]
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes510/#securityfixes"
        ]
      },
      {
        "below": "5.10.7",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "A cross-site scripting (XSS) vulnerability in TinyMCE alerts which allowed arbitrary JavaScript execution was found and fixed.",
          "CVE": [
            "CVE-2022-23494"
          ],
          "githubID": "GHSA-gg8r-xjwq-4w92"
        },
        "info": [
          "https://github.com/advisories/GHSA-gg8r-xjwq-4w92",
          "https://www.cve.org/CVERecord?id=CVE-2022-23494",
          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06"
        ]
      },
      {
        "below": "5.10.8",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "TinyMCE XSS vulnerability in notificationManager.open API",
          "CVE": [
            "CVE-2023-45819"
          ],
          "githubID": "GHSA-hgqx-r2hp-jr38"
        },
        "info": [
          "https://github.com/advisories/GHSA-hgqx-r2hp-jr38",
          "https://www.cve.org/CVERecord?id=CVE-2022-23494",
          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06"
        ]
      },
      {
        "below": "5.10.8",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin",
          "CVE": [
            "CVE-2023-45818"
          ],
          "githubID": "GHSA-v65r-p3vv-jjfv"
        },
        "info": [
          "https://github.com/advisories/GHSA-v65r-p3vv-jjfv"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "5.10.9",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes",
          "CVE": [
            "CVE-2023-48219"
          ],
          "githubID": "GHSA-v626-r774-j7f8"
        },
        "info": [
          "https://github.com/advisories/GHSA-v626-r774-j7f8",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8",
          "https://nvd.nist.gov/vuln/detail/CVE-2023-48219",
          "https://github.com/tinymce/tinymce",
          "https://github.com/tinymce/tinymce/releases/tag/5.10.9",
          "https://github.com/tinymce/tinymce/releases/tag/6.7.3",
          "https://tiny.cloud/docs/release-notes/release-notes5109/",
          "https://tiny.cloud/docs/tinymce/6/6.7.3-release-notes/"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "5.11.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option",
          "CVE": [
            "CVE-2024-38356"
          ],
          "githubID": "GHSA-9hcv-j9pv-qmph"
        },
        "info": [
          "https://github.com/advisories/GHSA-9hcv-j9pv-qmph",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-38356",
          "https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d",
          "https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0",
          "https://github.com/tinymce/tinymce",
          "https://owasp.org/www-community/attacks/xss",
          "https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview",
          "https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview",
          "https://www.tiny.cloud/docs/tinymce/latest/7.2-release-notes/#overview"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "5.11.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements",
          "CVE": [
            "CVE-2024-38357"
          ],
          "githubID": "GHSA-w9jx-4g6g-rp7x"
        },
        "info": [
          "https://github.com/advisories/GHSA-w9jx-4g6g-rp7x",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-38357",
          "https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d",
          "https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0",
          "https://github.com/tinymce/tinymce",
          "https://owasp.org/www-community/attacks/xss",
          "https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview",
          "https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview"
        ]
      },
      {
        "atOrAbove": "6.0.0",
        "below": "6.3.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "A cross-site scripting (XSS) vulnerability in TinyMCE alerts which allowed arbitrary JavaScript execution was found and fixed.",
          "CVE": [
            "CVE-2022-23494"
          ],
          "githubID": "GHSA-gg8r-xjwq-4w92"
        },
        "info": [
          "https://github.com/advisories/GHSA-gg8r-xjwq-4w92",
          "https://www.cve.org/CVERecord?id=CVE-2022-23494",
          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06"
        ]
      },
      {
        "atOrAbove": "6.0.0",
        "below": "6.7.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "TinyMCE XSS vulnerability in notificationManager.open API",
          "CVE": [
            "CVE-2023-45819"
          ],
          "githubID": "GHSA-hgqx-r2hp-jr38"
        },
        "info": [
          "https://github.com/advisories/GHSA-hgqx-r2hp-jr38",
          "https://www.cve.org/CVERecord?id=CVE-2022-23494",
          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06"
        ]
      },
      {
        "atOrAbove": "6.0.0",
        "below": "6.7.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin",
          "CVE": [
            "CVE-2023-45818"
          ],
          "githubID": "GHSA-v65r-p3vv-jjfv"
        },
        "info": [
          "https://github.com/advisories/GHSA-v65r-p3vv-jjfv"
        ]
      },
      {
        "atOrAbove": "6.0.0",
        "below": "6.7.3",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes",
          "CVE": [
            "CVE-2023-48219"
          ],
          "githubID": "GHSA-v626-r774-j7f8"
        },
        "info": [
          "https://github.com/advisories/GHSA-v626-r774-j7f8",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8",
          "https://nvd.nist.gov/vuln/detail/CVE-2023-48219",
          "https://github.com/tinymce/tinymce",
          "https://github.com/tinymce/tinymce/releases/tag/5.10.9",
          "https://github.com/tinymce/tinymce/releases/tag/6.7.3",
          "https://tiny.cloud/docs/release-notes/release-notes5109/",
          "https://tiny.cloud/docs/tinymce/6/6.7.3-release-notes/"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "6.8.1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes",
          "CVE": [
            "CVE-2024-29203"
          ],
          "githubID": "GHSA-438c-3975-5x3f"
        },
        "info": [
          "https://github.com/advisories/GHSA-438c-3975-5x3f",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-29203",
          "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1",
          "https://github.com/tinymce/tinymce",
          "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types",
          "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true"
        ]
      },
      {
        "atOrAbove": "6.0.0",
        "below": "6.8.4",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option",
          "CVE": [
            "CVE-2024-38356"
          ],
          "githubID": "GHSA-9hcv-j9pv-qmph"
        },
        "info": [
          "https://github.com/advisories/GHSA-9hcv-j9pv-qmph",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-38356",
          "https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d",
          "https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0",
          "https://github.com/tinymce/tinymce",
          "https://owasp.org/www-community/attacks/xss",
          "https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview",
          "https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview",
          "https://www.tiny.cloud/docs/tinymce/latest/7.2-release-notes/#overview"
        ]
      },
      {
        "atOrAbove": "6.0.0",
        "below": "6.8.4",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements",
          "CVE": [
            "CVE-2024-38357"
          ],
          "githubID": "GHSA-w9jx-4g6g-rp7x"
        },
        "info": [
          "https://github.com/advisories/GHSA-w9jx-4g6g-rp7x",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-38357",
          "https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d",
          "https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0",
          "https://github.com/tinymce/tinymce",
          "https://owasp.org/www-community/attacks/xss",
          "https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview",
          "https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "7.0.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements",
          "CVE": [
            "CVE-2024-29881"
          ],
          "githubID": "GHSA-5359-pvf2-pw78"
        },
        "info": [
          "https://github.com/advisories/GHSA-5359-pvf2-pw78",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-29881",
          "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1",
          "https://github.com/tinymce/tinymce",
          "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types",
          "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true"
        ]
      },
      {
        "atOrAbove": "7.0.0",
        "below": "7.2.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option",
          "CVE": [
            "CVE-2024-38356"
          ],
          "githubID": "GHSA-9hcv-j9pv-qmph"
        },
        "info": [
          "https://github.com/advisories/GHSA-9hcv-j9pv-qmph",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-38356",
          "https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d",
          "https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0",
          "https://github.com/tinymce/tinymce",
          "https://owasp.org/www-community/attacks/xss",
          "https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview",
          "https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview",
          "https://www.tiny.cloud/docs/tinymce/latest/7.2-release-notes/#overview"
        ]
      },
      {
        "atOrAbove": "7.0.0",
        "below": "7.2.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements",
          "CVE": [
            "CVE-2024-38357"
          ],
          "githubID": "GHSA-w9jx-4g6g-rp7x"
        },
        "info": [
          "https://github.com/advisories/GHSA-w9jx-4g6g-rp7x",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-38357",
          "https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d",
          "https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0",
          "https://github.com/tinymce/tinymce",
          "https://owasp.org/www-community/attacks/xss",
          "https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview",
          "https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/tinymce/(§§version§§)/tinymce(\\.min)?\\.js"
      ],
      "filecontent": [
        "// (§§version§§) \\([0-9\\-]+\\)[\n\r]+.{0,1200}l=.tinymce/geom/Rect.",
        "/\\*\\*[\\s]*\\* TinyMCE version (§§version§§)"
      ],
      "filecontentreplace": [
        "/tinyMCEPreInit.*majorVersion:.([0-9]+).,minorVersion:.([0-9.]+)./$1.$2/",
        "/majorVersion:.([0-9]+).,minorVersion:.([0-9.]+).,.*tinyMCEPreInit/$1.$2/"
      ],
      "func": [
        "tinyMCE.majorVersion + '.'+ tinyMCE.minorVersion"
      ]
    }
  },
  "YUI": {
    "bowername": [
      "yui",
      "yui3"
    ],
    "npmname": "yui",
    "vulnerabilities": [
      {
        "atOrAbove": "2.4.0",
        "below": "2.8.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2010-4207"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2010-4207/"
        ]
      },
      {
        "atOrAbove": "2.5.0",
        "below": "2.8.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2010-4208"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2010-4208/"
        ]
      },
      {
        "atOrAbove": "2.8.0",
        "below": "2.8.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2010-4209"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2010-4209/"
        ]
      },
      {
        "below": "2.9.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2010-4710"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2010-4710/"
        ]
      },
      {
        "atOrAbove": "2.4.0",
        "below": "2.9.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2012-5881"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2012-5881/"
        ]
      },
      {
        "atOrAbove": "2.5.0",
        "below": "2.9.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2012-5882"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2012-5882/"
        ]
      },
      {
        "atOrAbove": "2.8.0",
        "below": "2.9.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2012-5883"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2012-5883/"
        ]
      },
      {
        "atOrAbove": "3.2.0",
        "below": "3.9.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4941"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2013-4941/"
        ]
      },
      {
        "atOrAbove": "3.5.0",
        "below": "3.9.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4942"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2013-4942/"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.10.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4939"
          ],
          "githubID": "GHSA-mj87-8xf8-fp4w"
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2013-4939/",
          "https://clarle.github.io/yui3/support/20130515-vulnerability/"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.10.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4940"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2013-4940/"
        ]
      }
    ],
    "extractors": {
      "func": [
        "YUI.Version",
        "YAHOO.VERSION"
      ],
      "filename": [
        "yui-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "/*\nYUI (§§version§§)",
        "/yui/license.(?:html|txt)\nversion: (§§version§§)"
      ],
      "hashes": {}
    }
  },
  "prototypejs": {
    "bowername": [
      "prototypejs",
      "prototype.js",
      "prototypejs-bower"
    ],
    "vulnerabilities": [
      {
        "below": "1.5.1.2",
        "severity": "high",
        "cwe": [
          "CWE-942"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2008-7220"
          ]
        },
        "info": [
          "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/",
          "http://www.cvedetails.com/cve/CVE-2008-7220/"
        ]
      },
      {
        "atOrAbove": "1.6.0",
        "below": "1.6.0.2",
        "severity": "high",
        "cwe": [
          "CWE-942"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2008-7220"
          ]
        },
        "info": [
          "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/",
          "http://www.cvedetails.com/cve/CVE-2008-7220/"
        ]
      }
    ],
    "extractors": {
      "func": [
        "Prototype.Version"
      ],
      "uri": [
        "/(§§version§§)/prototype(\\.min)?\\.js"
      ],
      "filename": [
        "prototype-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "Prototype JavaScript framework, version (§§version§§)",
        "Prototype[ ]?=[ ]?\\{[ \r\n\t]*Version:[ ]?(?:'|\")(§§version§§)(?:'|\")"
      ],
      "hashes": {}
    }
  },
  "ember": {
    "vulnerabilities": [
      {
        "below": "0.9.7",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Bound attributes aren't escaped properly",
          "bug": "699"
        },
        "info": [
          "https://github.com/emberjs/ember.js/issues/699"
        ]
      },
      {
        "below": "0.9.7.1",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "More rigorous XSS escaping from bindAttr",
          "retid": "60"
        },
        "info": [
          "https://github.com/emberjs/ember.js/blob/master/CHANGELOG.md"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.1",
        "below": "1.0.0-rc.1.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4170"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.2",
        "below": "1.0.0-rc.2.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4170"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.3",
        "below": "1.0.0-rc.3.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4170"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.4",
        "below": "1.0.0-rc.4.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4170"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.5",
        "below": "1.0.0-rc.5.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4170"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.6",
        "below": "1.0.0-rc.6.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4170"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0",
        "below": "1.0.1",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-0013",
            "CVE-2014-0014"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "atOrAbove": "1.1.0",
        "below": "1.1.3",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-0013",
            "CVE-2014-0014"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "atOrAbove": "1.2.0",
        "below": "1.2.1",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-0013",
            "CVE-2014-0014"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "atOrAbove": "1.2.0",
        "below": "1.2.2",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "ember-routing-auto-location can be forced to redirect to another domain",
          "CVE": [
            "CVE-2014-0046"
          ]
        },
        "info": [
          "https://github.com/emberjs/ember.js/blob/v1.5.0/CHANGELOG.md",
          "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
        ]
      },
      {
        "atOrAbove": "1.3.0",
        "below": "1.3.1",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-0013",
            "CVE-2014-0014"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "atOrAbove": "1.3.0",
        "below": "1.3.2",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "ember-routing-auto-location can be forced to redirect to another domain",
          "CVE": [
            "CVE-2014-0046"
          ]
        },
        "info": [
          "https://github.com/emberjs/ember.js/blob/v1.5.0/CHANGELOG.md",
          "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
        ]
      },
      {
        "atOrAbove": "1.4.0",
        "below": "1.4.0-beta.2",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-0013",
            "CVE-2014-0014"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "below": "1.5.0",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "ember-routing-auto-location can be forced to redirect to another domain",
          "CVE": [
            "CVE-2014-0046"
          ]
        },
        "info": [
          "https://github.com/emberjs/ember.js/blob/v1.5.0/CHANGELOG.md",
          "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
        ]
      },
      {
        "atOrAbove": "1.8.0",
        "below": "1.11.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2015-7565"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "1.12.0",
        "below": "1.12.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2015-7565"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "1.13.0",
        "below": "1.13.12",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2015-7565"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "2.0.0",
        "below": "2.0.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2015-7565"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "2.1.0",
        "below": "2.1.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2015-7565"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "2.2.0",
        "below": "2.2.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2015-7565"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "below": "3.24.7",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "59"
        },
        "info": [
          "https://blog.emberjs.com/ember-4-8-1-released/"
        ]
      },
      {
        "atOrAbove": "3.25.0",
        "below": "3.28.10",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "58"
        },
        "info": [
          "https://blog.emberjs.com/ember-4-8-1-released/"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.4.4",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "57"
        },
        "info": [
          "https://blog.emberjs.com/ember-4-8-1-released/"
        ]
      },
      {
        "atOrAbove": "4.5.0",
        "below": "4.8.1",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "56"
        },
        "info": [
          "https://blog.emberjs.com/ember-4-8-1-released/"
        ]
      },
      {
        "atOrAbove": "4.9.0-alpha.1",
        "below": "4.9.0-beta.3",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "55"
        },
        "info": [
          "https://blog.emberjs.com/ember-4-8-1-released/"
        ]
      }
    ],
    "extractors": {
      "func": [
        "Ember.VERSION"
      ],
      "uri": [
        "/(?:v)?(§§version§§)/ember(\\.min)?\\.js",
        "/ember\\.?js/(§§version§§)/ember((\\.|-)[a-z\\-.]+)?\\.js"
      ],
      "filename": [
        "ember-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "Project:   Ember -(?:.*\n){9,11}// Version: v(§§version§§)",
        "// Version: v(§§version§§)(.*\n){10,15}(Ember Debug|@module ember|@class ember)",
        "Ember.VERSION[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\")",
        "meta\\.revision=\"Ember@(§§version§§)\"",
        "e\\(\"ember/version\",\\[\"exports\"\\],function\\(e\\)\\{\"use strict\";?[\\s]*e(?:\\.|\\[\")default(?:\"\\])?=\"(§§version§§)\"",
        "\\(\"ember/version\",\\[\"exports\"\\],function\\(e\\)\\{\"use strict\";.{1,70}\\.default=\"(§§version§§)\"",
        "/\\*![\\s]+\\* @overview  Ember - JavaScript Application Framework[\\s\\S]{0,400}\\* @version   (§§version§§)",
        "// Version: (§§version§§)[\\s]+\\(function\\(\\) *\\{[\\s]*/\\*\\*[\\s]+@module ember[\\s]"
      ],
      "hashes": {}
    }
  },
  "dojo": {
    "vulnerabilities": [
      {
        "atOrAbove": "0.4",
        "below": "0.4.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "atOrAbove": "1.0",
        "below": "1.0.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "below": "1.1.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Affected versions of dojo are susceptible to a cross-site scripting vulnerability in the dijit.Editor and textarea components, which execute their contents as Javascript, even when sanitized.",
          "CVE": [
            "CVE-2008-6681"
          ],
          "githubID": "GHSA-39cx-xcwj-3rc4"
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2008-6681/"
        ]
      },
      {
        "atOrAbove": "1.1",
        "below": "1.1.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "below": "1.2.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.2.0 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize HTML code in user-controlled input, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "CVE": [
            "CVE-2015-5654"
          ],
          "githubID": "GHSA-p82g-2xpp-m5r3"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2015-5654"
        ]
      },
      {
        "atOrAbove": "1.2",
        "below": "1.2.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "atOrAbove": "1.3",
        "below": "1.3.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "below": "1.4.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html",
          "CVE": [
            "CVE-2010-2275"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2010-2275/"
        ]
      },
      {
        "atOrAbove": "1.4",
        "below": "1.4.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "atOrAbove": "1.10.0",
        "below": "1.10.10",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "atOrAbove": "1.11.0",
        "below": "1.11.6",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "below": "1.11.10",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74",
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Prototype pollution in dojo",
          "CVE": [
            "CVE-2020-5258"
          ],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "atOrAbove": "1.12.0",
        "below": "1.12.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "atOrAbove": "1.12.0",
        "below": "1.12.8",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74",
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Prototype pollution in dojo",
          "CVE": [
            "CVE-2020-5258"
          ],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "atOrAbove": "1.13.0",
        "below": "1.13.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "atOrAbove": "1.13.0",
        "below": "1.13.7",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74",
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Prototype pollution in dojo",
          "CVE": [
            "CVE-2020-5258"
          ],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "below": "1.14",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "In Dojo Toolkit before 1.14.0, there is unescaped string injection in dojox/Grid/DataGrid.",
          "CVE": [
            "CVE-2018-15494"
          ],
          "githubID": "GHSA-84cm-x2q5-8225"
        },
        "info": [
          "https://dojotoolkit.org/blog/dojo-1-14-released"
        ]
      },
      {
        "atOrAbove": "1.14.0",
        "below": "1.14.6",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74",
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Prototype pollution in dojo",
          "CVE": [
            "CVE-2020-5258"
          ],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "atOrAbove": "1.15.0",
        "below": "1.15.3",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74",
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Prototype pollution in dojo",
          "CVE": [
            "CVE-2020-5258"
          ],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "atOrAbove": "1.16.0",
        "below": "1.16.2",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74",
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Prototype pollution in dojo",
          "CVE": [
            "CVE-2020-5258"
          ],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "below": "1.17.0",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "CVE": [
            "CVE-2021-23450"
          ],
          "githubID": "GHSA-m8gw-hjpr-rjv7"
        },
        "info": [
          "https://github.com/dojo/dojo/pull/418"
        ]
      }
    ],
    "extractors": {
      "func": [
        "dojo.version.toString()"
      ],
      "uri": [
        "/(?:dojo-)?(§§version§§)(?:/dojo)?/dojo(\\.min)?\\.js"
      ],
      "filename": [
        "dojo-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontentreplace": [
        "/dojo.version=\\{major:([0-9]+),minor:([0-9]+),patch:([0-9]+)/$1.$2.$3/",
        "/\"dojox\"[\\s\\S]{1,350}\\.version=\\{major:([0-9]+),minor:([0-9]+),patch:([0-9]+)/$1.$2.$3/"
      ],
      "hashes": {
        "73cdd262799aab850abbe694cd3bfb709ea23627": "1.4.1",
        "c8c84eddc732c3cbf370764836a7712f3f873326": "1.4.0",
        "d569ce9efb7edaedaec8ca9491aab0c656f7c8f0": "1.0.0",
        "ad44e1770895b7fa84aff5a56a0f99b855a83769": "1.3.2",
        "8fc10142a06966a8709cd9b8732f7b6db88d0c34": "1.3.1",
        "a09b5851a0a3e9d81353745a4663741238ee1b84": "1.3.0",
        "2ab48d45abe2f54cdda6ca32193b5ceb2b1bc25d": "1.2.3",
        "12208a1e649402e362f528f6aae2c614fc697f8f": "1.2.0",
        "72a6a9fbef9fa5a73cd47e49942199147f905206": "1.1.1"
      }
    }
  },
  "angularjs": {
    "bowername": [
      "angularjs",
      "angular.js"
    ],
    "npmname": "angular",
    "vulnerabilities": [
      {
        "atOrAbove": "1.0.0",
        "below": "1.2.30",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "The attribute usemap can be used as a security exploit",
          "retid": "50"
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21"
        ]
      },
      {
        "below": "1.5.0-beta.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS through xlink:href attributes",
          "CVE": [
            "CVE-2019-14863"
          ],
          "githubID": "GHSA-r5fx-8r73-v86c"
        },
        "info": [
          "https://github.com/advisories/GHSA-r5fx-8r73-v86c",
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#150-beta1-dense-dispersion-2015-09-29"
        ]
      },
      {
        "atOrAbove": "1.3.0",
        "below": "1.5.0-rc2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "The attribute usemap can be used as a security exploit",
          "retid": "49"
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21"
        ]
      },
      {
        "below": "1.6.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-Site Scripting via JSONP",
          "githubID": "GHSA-28hp-fgcr-2r4h"
        },
        "info": [
          "https://github.com/advisories/GHSA-28hp-fgcr-2r4h"
        ]
      },
      {
        "below": "1.6.3",
        "severity": "medium",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "DOS in $sanitize",
          "retid": "52"
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md",
          "https://github.com/angular/angular.js/pull/15699"
        ]
      },
      {
        "below": "1.6.3",
        "severity": "medium",
        "cwe": [
          "CWE-942"
        ],
        "identifiers": {
          "summary": "Universal CSP bypass via add-on in Firefox",
          "retid": "51"
        },
        "info": [
          "http://pastebin.com/raw/kGrdaypP",
          "https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435"
        ]
      },
      {
        "below": "1.6.5",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS in $sanitize in Safari/Firefox",
          "retid": "53"
        },
        "info": [
          "https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94"
        ]
      },
      {
        "atOrAbove": "1.5.0",
        "below": "1.6.9",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS through SVG if enableSvg is set",
          "retid": "48"
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02",
          "https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html"
        ]
      },
      {
        "below": "1.7.9",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-20",
          "CWE-915"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "47",
          "githubID": "GHSA-89mq-4x47-5v83",
          "CVE": [
            "CVE-2019-10768"
          ]
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19",
          "https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a"
        ]
      },
      {
        "below": "1.8.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS via JQLite DOM manipulation functions in AngularJS",
          "githubID": "GHSA-5cp4-xmrw-59wf"
        },
        "info": [
          "https://github.com/advisories/GHSA-5cp4-xmrw-59wf"
        ]
      },
      {
        "below": "1.8.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element.",
          "CVE": [
            "CVE-2020-7676"
          ],
          "githubID": "GHSA-mhp6-pxh8-r675"
        },
        "info": [
          "https://github.com/advisories/GHSA-5cp4-xmrw-59wf",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-7676"
        ]
      },
      {
        "below": "1.8.4",
        "severity": "medium",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "angular vulnerable to regular expression denial of service via the $resource service",
          "CVE": [
            "CVE-2023-26117"
          ],
          "githubID": "GHSA-2qqx-w9hr-q5gx"
        },
        "info": [
          "https://github.com/advisories/GHSA-2qqx-w9hr-q5gx"
        ]
      },
      {
        "below": "1.8.4",
        "severity": "medium",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "angular vulnerable to regular expression denial of service via the angular.copy() utility",
          "CVE": [
            "CVE-2023-26116"
          ],
          "githubID": "GHSA-2vrf-hf26-jrp5"
        },
        "info": [
          "https://github.com/advisories/GHSA-2vrf-hf26-jrp5"
        ]
      },
      {
        "below": "1.8.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Angular (deprecated package) Cross-site Scripting",
          "CVE": [
            "CVE-2022-25869"
          ],
          "githubID": "GHSA-prc3-vjfx-vhm9"
        },
        "info": [
          "https://github.com/advisories/GHSA-prc3-vjfx-vhm9"
        ]
      },
      {
        "below": "1.8.4",
        "severity": "medium",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "angular vulnerable to regular expression denial of service via the <input type=\"url\"> element",
          "githubID": "GHSA-qwqh-hm9m-p5hr",
          "CVE": [
            "CVE-2023-26118"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-qwqh-hm9m-p5hr"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "1.8.4",
        "cwe": [
          "CWE-791"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "AngularJS allows attackers to bypass common image source restrictions",
          "CVE": [
            "CVE-2024-8373"
          ],
          "githubID": "GHSA-mqm9-c95h-x2p6"
        },
        "info": [
          "https://github.com/advisories/GHSA-mqm9-c95h-x2p6",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-8373",
          "https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b",
          "https://github.com/angular/angular.js",
          "https://www.herodevs.com/vulnerability-directory/cve-2024-8373"
        ]
      },
      {
        "atOrAbove": "1.3.0",
        "below": "1.8.4",
        "cwe": [
          "CWE-1333"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "angular vulnerable to super-linear runtime due to backtracking",
          "CVE": [
            "CVE-2024-21490"
          ],
          "githubID": "GHSA-4w4v-5hc9-xrr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-4w4v-5hc9-xrr2",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-21490",
          "https://github.com/angular/angular.js",
          "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746",
          "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747",
          "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113",
          "https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos"
        ]
      },
      {
        "atOrAbove": "1.3.0-rc.4",
        "below": "1.8.4",
        "cwe": [
          "CWE-1289"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "AngularJS allows attackers to bypass common image source restrictions",
          "CVE": [
            "CVE-2024-8372"
          ],
          "githubID": "GHSA-m9gf-397r-hwpg"
        },
        "info": [
          "https://github.com/advisories/GHSA-m9gf-397r-hwpg",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-8372",
          "https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017",
          "https://github.com/angular/angular.js",
          "https://www.herodevs.com/vulnerability-directory/cve-2024-8372"
        ]
      },
      {
        "below": "1.999",
        "severity": "low",
        "cwe": [
          "CWE-1104"
        ],
        "identifiers": {
          "summary": "End-of-Life: Long term support for AngularJS has been discontinued as of December 31, 2021",
          "retid": "54"
        },
        "info": [
          "https://docs.angularjs.org/misc/version-support-status"
        ]
      },
      {
        "atOrAbove": "1.7.0",
        "below": "999",
        "severity": "medium",
        "cwe": [
          "CWE-1333",
          "CWE-770"
        ],
        "identifiers": {
          "summary": "angular vulnerable to regular expression denial of service (ReDoS)",
          "CVE": [
            "CVE-2022-25844"
          ],
          "githubID": "GHSA-m2h2-264f-f486"
        },
        "info": [
          "https://github.com/advisories/GHSA-m2h2-264f-f486"
        ]
      }
    ],
    "extractors": {
      "func": [
        "angular.version.full"
      ],
      "uri": [
        "/(§§version§§)/angular(\\.min)?\\.js"
      ],
      "filename": [
        "angular(?:js)?-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "/\\*[\\*\\s]+(?:@license )?AngularJS v(§§version§§)",
        "http://errors\\.angularjs\\.org/(§§version§§)/"
      ],
      "hashes": {}
    }
  },
  "@angular/core": {
    "vulnerabilities": [
      {
        "atOrAbove": "0",
        "below": "10.2.5",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Cross site scripting in Angular",
          "CVE": [
            "CVE-2021-4231"
          ],
          "githubID": "GHSA-c75v-2vq8-878f"
        },
        "info": [
          "https://github.com/advisories/GHSA-c75v-2vq8-878f",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-4231",
          "https://github.com/angular/angular/issues/40136",
          "https://github.com/angular/angular/commit/0aa220bc0000fc4d1651ec388975bbf5baa1da36",
          "https://github.com/angular/angular/commit/47d9b6d72dab9d60c96bc1c3604219f6385649ea",
          "https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09",
          "https://github.com/angular/angular",
          "https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902",
          "https://vuldb.com/?id.181356"
        ]
      },
      {
        "atOrAbove": "11.0.0",
        "below": "11.0.5",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Cross site scripting in Angular",
          "CVE": [
            "CVE-2021-4231"
          ],
          "githubID": "GHSA-c75v-2vq8-878f"
        },
        "info": [
          "https://github.com/advisories/GHSA-c75v-2vq8-878f",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-4231",
          "https://github.com/angular/angular/issues/40136",
          "https://github.com/angular/angular/commit/0aa220bc0000fc4d1651ec388975bbf5baa1da36",
          "https://github.com/angular/angular/commit/47d9b6d72dab9d60c96bc1c3604219f6385649ea",
          "https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09",
          "https://github.com/angular/angular",
          "https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902",
          "https://vuldb.com/?id.181356"
        ]
      },
      {
        "atOrAbove": "11.1.0-next.0",
        "below": "11.1.0-next.3",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Cross site scripting in Angular",
          "CVE": [
            "CVE-2021-4231"
          ],
          "githubID": "GHSA-c75v-2vq8-878f"
        },
        "info": [
          "https://github.com/advisories/GHSA-c75v-2vq8-878f",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-4231",
          "https://github.com/angular/angular/issues/40136",
          "https://github.com/angular/angular/commit/0aa220bc0000fc4d1651ec388975bbf5baa1da36",
          "https://github.com/angular/angular/commit/47d9b6d72dab9d60c96bc1c3604219f6385649ea",
          "https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09",
          "https://github.com/angular/angular",
          "https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902",
          "https://vuldb.com/?id.181356"
        ]
      }
    ],
    "extractors": {
      "func": [
        "document.querySelector('[ng-version]').getAttribute('ng-version')",
        "window.getAllAngularRootElements()[0].getAttribute(['ng-version'])"
      ]
    }
  },
  "backbone.js": {
    "bowername": [
      "backbonejs",
      "backbone"
    ],
    "npmname": "backbone",
    "basePurl": "pkg:npm/backbone",
    "vulnerabilities": [
      {
        "below": "0.5.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "cross-site scripting vulnerability",
          "release": "0.5.0",
          "retid": "46",
          "githubID": "GHSA-j6p2-cx3w-6jcp",
          "CVE": [
            "CVE-2016-10537"
          ]
        },
        "info": [
          "http://backbonejs.org/#changelog"
        ]
      }
    ],
    "extractors": {
      "func": [
        "Backbone.VERSION"
      ],
      "uri": [
        "/(§§version§§)/backbone(\\.min)?\\.js"
      ],
      "filename": [
        "backbone(?:js)?-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "//[ ]+Backbone.js (§§version§§)",
        "a=t.Backbone=\\{\\}\\}a.VERSION=\"(§§version§§)\"",
        "Backbone\\.VERSION *= *[\"'](§§version§§)[\"']"
      ],
      "hashes": {}
    }
  },
  "mustache.js": {
    "bowername": [
      "mustache.js",
      "mustache"
    ],
    "npmname": "mustache",
    "basePurl": "pkg:npm/mustache",
    "vulnerabilities": [
      {
        "below": "0.3.1",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "execution of arbitrary javascript",
          "bug": "112"
        },
        "info": [
          "https://github.com/janl/mustache.js/issues/112"
        ]
      },
      {
        "below": "2.2.1",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "weakness in HTML escaping",
          "PR": "530",
          "githubID": "GHSA-w3w8-37jv-2c58",
          "CVE": [
            "CVE-2015-8862"
          ]
        },
        "info": [
          "https://github.com/janl/mustache.js/pull/530",
          "https://github.com/janl/mustache.js/releases/tag/v2.2.1"
        ]
      }
    ],
    "extractors": {
      "func": [
        "Mustache.version"
      ],
      "uri": [
        "/(§§version§§)/mustache(\\.min)?\\.js"
      ],
      "filename": [
        "mustache(?:js)?-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "name:\"mustache.js\",version:\"(§§version§§)\"",
        "name=\"mustache.js\"[;,].\\.version=\"(§§version§§)\"",
        "[^a-z]mustache.version[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\")",
        "exports.name[ ]?=[ ]?\"mustache.js\";[\n ]*exports.version[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\");"
      ],
      "hashes": {}
    }
  },
  "handlebars": {
    "bowername": [
      "handlebars",
      "handlebars.js"
    ],
    "vulnerabilities": [
      {
        "below": "1.0.0.beta.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "poorly sanitized input passed to eval()",
          "issue": "68"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/pull/68"
        ]
      },
      {
        "below": "3.0.7",
        "severity": "high",
        "cwe": [
          "CWE-471"
        ],
        "identifiers": {
          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
          "issue": "1495",
          "githubID": "GHSA-q42p-pg8m-cqh6"
        },
        "info": [
          "https://github.com/advisories/GHSA-q42p-pg8m-cqh6",
          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e",
          "https://github.com/wycats/handlebars.js/issues/1495",
          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183"
        ]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).\n\nThe following template can be used to demonstrate the vulnerability:  \n```{{#with \"constructor\"}}\n\t{{#with split as |a|}}\n\t\t{{pop (push \"alert('Vulnerable Handlebars JS');\")}}\n\t\t{{#with (concat (lookup join (slice 0 1)))}}\n\t\t\t{{#each (slice 2 3)}}\n\t\t\t\t{{#with (apply 0 a)}}\n\t\t\t\t\t{{.}}\n\t\t\t\t{{/with}}\n\t\t\t{{/each}}\n\t\t{{/with}}\n\t{{/with}}\n{{/with}}```\n\n\n## Recommendation\n\nUpgrade to version 3.0.8, 4.5.2 or later.",
          "githubID": "GHSA-2cf5-4w76-r9qv"
        },
        "info": [
          "https://github.com/advisories/GHSA-2cf5-4w76-r9qv",
          "https://www.npmjs.com/advisories/1316"
        ]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).",
          "githubID": "GHSA-3cqr-58rm-57f8",
          "CVE": [
            "CVE-2019-20920"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-3cqr-58rm-57f8",
          "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
        ]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "45",
          "githubID": "GHSA-g9r4-xpmj-mj65"
        },
        "info": [
          "https://github.com/advisories/GHSA-g9r4-xpmj-mj65",
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
        ]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting)",
          "githubID": "GHSA-q2c6-c6pm-g3gh"
        },
        "info": [
          "https://github.com/advisories/GHSA-q2c6-c6pm-g3gh",
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
        ]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74"
        ],
        "identifiers": {
          "summary": "Disallow calling helperMissing and blockHelperMissing directly",
          "retid": "44",
          "CVE": [
            "CVE-2019-19919"
          ],
          "githubID": "GHSA-w457-6q6x-cgp9"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v430---september-24th-2019"
        ]
      },
      {
        "below": "4.0.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Quoteless attributes in templates can lead to XSS",
          "issue": "1083",
          "CVE": [
            "CVE-2015-8861"
          ],
          "githubID": "GHSA-9prh-257w-9277"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/pull/1083"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.0.13",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
          "retid": "43"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86",
          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.0.14",
        "severity": "high",
        "cwe": [
          "CWE-471"
        ],
        "identifiers": {
          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
          "issue": "1495",
          "githubID": "GHSA-q42p-pg8m-cqh6"
        },
        "info": [
          "https://github.com/advisories/GHSA-q42p-pg8m-cqh6",
          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e",
          "https://github.com/wycats/handlebars.js/issues/1495",
          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183"
        ]
      },
      {
        "atOrAbove": "4.1.0",
        "below": "4.1.2",
        "severity": "high",
        "cwe": [
          "CWE-471"
        ],
        "identifiers": {
          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
          "issue": "1495",
          "githubID": "GHSA-q42p-pg8m-cqh6"
        },
        "info": [
          "https://github.com/advisories/GHSA-q42p-pg8m-cqh6",
          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e",
          "https://github.com/wycats/handlebars.js/issues/1495",
          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.3.0",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74"
        ],
        "identifiers": {
          "summary": "Disallow calling helperMissing and blockHelperMissing directly",
          "retid": "44",
          "CVE": [
            "CVE-2019-19919"
          ],
          "githubID": "GHSA-w457-6q6x-cgp9"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v430---september-24th-2019"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.4.5",
        "severity": "high",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service in Handlebars",
          "githubID": "GHSA-62gr-4qp9-h98f",
          "CVE": [
            "CVE-2019-20922"
          ]
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2019-20922"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.4.5",
        "severity": "medium",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to version 4.4.5 or later.",
          "retid": "75",
          "githubID": "GHSA-f52g-6jhx-586p"
        },
        "info": [
          "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.5.2",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).\n\nThe following template can be used to demonstrate the vulnerability:  \n```{{#with \"constructor\"}}\n\t{{#with split as |a|}}\n\t\t{{pop (push \"alert('Vulnerable Handlebars JS');\")}}\n\t\t{{#with (concat (lookup join (slice 0 1)))}}\n\t\t\t{{#each (slice 2 3)}}\n\t\t\t\t{{#with (apply 0 a)}}\n\t\t\t\t\t{{.}}\n\t\t\t\t{{/with}}\n\t\t\t{{/each}}\n\t\t{{/with}}\n\t{{/with}}\n{{/with}}```\n\n\n## Recommendation\n\nUpgrade to version 3.0.8, 4.5.2 or later.",
          "githubID": "GHSA-2cf5-4w76-r9qv"
        },
        "info": [
          "https://github.com/advisories/GHSA-2cf5-4w76-r9qv",
          "https://www.npmjs.com/advisories/1316"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.5.3",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).",
          "githubID": "GHSA-3cqr-58rm-57f8",
          "CVE": [
            "CVE-2019-20920"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-3cqr-58rm-57f8",
          "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.5.3",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "45",
          "githubID": "GHSA-g9r4-xpmj-mj65"
        },
        "info": [
          "https://github.com/advisories/GHSA-g9r4-xpmj-mj65",
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.5.3",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting)",
          "githubID": "GHSA-q2c6-c6pm-g3gh"
        },
        "info": [
          "https://github.com/advisories/GHSA-q2c6-c6pm-g3gh",
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
        ]
      },
      {
        "below": "4.6.0",
        "severity": "medium",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Denial of service",
          "issue": "1633"
        },
        "info": [
          "https://github.com/handlebars-lang/handlebars.js/pull/1633"
        ]
      },
      {
        "below": "4.7.7",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype Pollution in handlebars",
          "retid": "71",
          "CVE": [
            "CVE-2021-23383"
          ],
          "githubID": "GHSA-765h-qjxv-5f44"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23383"
        ]
      },
      {
        "below": "4.7.7",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Remote code execution in handlebars when compiling templates",
          "CVE": [
            "CVE-2021-23369"
          ],
          "githubID": "GHSA-f2jv-r9rf-7988"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23369"
        ]
      }
    ],
    "extractors": {
      "func": [
        "Handlebars.VERSION"
      ],
      "uri": [
        "/(§§version§§)/handlebars(\\.min)?\\.js"
      ],
      "filename": [
        "handlebars(?:js)?-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "Handlebars.VERSION = \"(§§version§§)\";",
        "Handlebars=\\{VERSION:(?:'|\")(§§version§§)(?:'|\")",
        "this.Handlebars=\\{\\};[\n\r \t]+\\(function\\([a-z]\\)\\{[a-z].VERSION=(?:'|\")(§§version§§)(?:'|\")",
        "exports.HandlebarsEnvironment=[\\s\\S]{70,120}exports.VERSION=(?:'|\")(§§version§§)(?:'|\")",
        "/\\*+![\\s]+(?:@license)?[\\s]+handlebars v+(§§version§§)",
        "window\\.Handlebars=.,.\\.VERSION=\"(§§version§§)\"",
        ".\\.HandlebarsEnvironment=.;var .=.\\(.\\),.=.\\(.\\),.=\"(§§version§§)\";.\\.VERSION="
      ],
      "hashes": {}
    }
  },
  "easyXDM": {
    "npmname": "easyxdm",
    "vulnerabilities": [
      {
        "below": "2.4.18",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-5212"
          ]
        },
        "info": [
          "http://blog.kotowicz.net/2013/09/exploiting-easyxdm-part-1-not-usual.html",
          "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5212"
        ]
      },
      {
        "below": "2.4.19",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-1403"
          ]
        },
        "info": [
          "http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html",
          "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1403"
        ]
      },
      {
        "below": "2.4.20",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "This release fixes a potential XSS for IE running in compatibility mode.",
          "retid": "39"
        },
        "info": [
          "https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.20"
        ]
      },
      {
        "below": "2.5.0",
        "severity": "medium",
        "cwe": [
          "CWE-942"
        ],
        "identifiers": {
          "summary": "This tightens down the default origin whitelist in the CORS example.",
          "retid": "40"
        },
        "info": [
          "https://github.com/oyvindkinsey/easyXDM/releases/tag/2.5.0"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(?:easyXDM-)?(§§version§§)/easyXDM(\\.min)?\\.js"
      ],
      "filename": [
        "easyXDM-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        " \\* easyXDM\n \\* http://easyxdm.net/(?:\r|\n|.)+version:\"(§§version§§)\"",
        "@class easyXDM(?:.|\r|\n)+@version (§§version§§)(\r|\n)"
      ],
      "hashes": {
        "cf266e3bc2da372c4f0d6b2bd87bcbaa24d5a643": "2.4.6"
      }
    }
  },
  "plupload": {
    "bowername": [
      "Plupload",
      "plupload"
    ],
    "vulnerabilities": [
      {
        "below": "1.5.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2012-2401"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2012-2401/"
        ]
      },
      {
        "below": "1.5.5",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-0237"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2013-0237/"
        ]
      },
      {
        "below": "2.1.9",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2016-4566"
          ]
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases"
        ]
      },
      {
        "below": "2.3.7",
        "severity": "medium",
        "cwe": [
          "CWE-434"
        ],
        "identifiers": {
          "summary": "Fixed security vulnerability by adding die calls to all php files to prevent them from being executed unless modified.",
          "retid": "35"
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases/tag/v2.3.7"
        ]
      },
      {
        "below": "2.3.8",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed a potential security issue with not entity encoding the file names in the html in the queue/ui widgets.",
          "retid": "38"
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases/tag/v2.3.8"
        ]
      },
      {
        "below": "2.3.9",
        "severity": "medium",
        "cwe": [
          "CWE-434",
          "CWE-75"
        ],
        "identifiers": {
          "summary": "Fixed another case of html entities not being encoded that could be exploded by uploading a file name with html in it.",
          "retid": "42",
          "CVE": [
            "CVE-2021-23562"
          ],
          "githubID": "GHSA-rp2c-jrgp-cvr8"
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases/tag/v2.3.9"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.1.3",
        "severity": "medium",
        "cwe": [
          "CWE-434"
        ],
        "identifiers": {
          "summary": "Fixed security vulnerability by adding die calls to all php files to prevent them from being executed unless modified.",
          "retid": "36"
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases/tag/v3.1.3"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.1.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed a potential security issue with not entity encoding the file names in the html in the queue/ui widgets.",
          "retid": "37"
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases/tag/v3.1.4"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.1.5",
        "severity": "medium",
        "cwe": [
          "CWE-434"
        ],
        "identifiers": {
          "summary": "Fixed another case of html entities not being encoded that could be exploded by uploading a file name with html in it.",
          "retid": "41"
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases/tag/v3.1.5"
        ]
      }
    ],
    "extractors": {
      "func": [
        "plupload.VERSION"
      ],
      "uri": [
        "/(§§version§§)/plupload(\\.min)?\\.js"
      ],
      "filename": [
        "plupload-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "\\* Plupload - multi-runtime File Uploader(?:\r|\n)+ \\* v(§§version§§)",
        "var g=\\{VERSION:\"(§§version§§)\",.*;window.plupload=g\\}"
      ],
      "hashes": {}
    }
  },
  "DOMPurify": {
    "bowername": [
      "dompurify",
      "DOMPurify"
    ],
    "npmname": "dompurify",
    "vulnerabilities": [
      {
        "below": "0.6.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "retid": "24"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases/tag/0.6.1"
        ]
      },
      {
        "below": "0.8.6",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "retid": "25"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases/tag/0.8.6"
        ]
      },
      {
        "below": "0.8.9",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "safari UXSS",
          "retid": "26"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases/tag/0.8.9",
          "https://lists.ruhr-uni-bochum.de/pipermail/dompurify-security/2017-May/000006.html"
        ]
      },
      {
        "below": "0.9.0",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "safari UXSS",
          "retid": "27"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases/tag/0.9.0"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "1.0.11",
        "cwe": [
          "CWE-601"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "DOMPurify Open Redirect vulnerability",
          "CVE": [
            "CVE-2019-25155"
          ],
          "githubID": "GHSA-8hgg-xxm5-3873"
        },
        "info": [
          "https://github.com/advisories/GHSA-8hgg-xxm5-3873",
          "https://nvd.nist.gov/vuln/detail/CVE-2019-25155",
          "https://github.com/cure53/DOMPurify/pull/337",
          "https://github.com/cure53/DOMPurify/commit/7601c33a57e029cce51d910eda5179a3f1b51c83",
          "https://github.com/cure53/DOMPurify",
          "https://github.com/cure53/DOMPurify/compare/1.0.10...1.0.11"
        ]
      },
      {
        "below": "2.0.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed an mXSS-based bypass caused by nested forms inside MathML",
          "githubID": "GHSA-chqj-j4fh-rw7m",
          "CVE": [
            "CVE-2019-16728"
          ]
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.0.7",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "possible to bypass the package sanitization through Mutation XSS",
          "githubID": "GHSA-mjjq-c88q-qhr6"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.0.16",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed an mXSS-based bypass caused by nested forms inside MathML",
          "retid": "28"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.0.17",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed another bypass causing mXSS by using MathML",
          "retid": "29",
          "githubID": "GHSA-63q7-h895-m982",
          "CVE": [
            "CVE-2020-26870"
          ]
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.1.1",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed several possible mXSS patterns, thanks @hackvertor",
          "retid": "30"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.2.0",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fix a possible XSS in Chrome that is hidden behind #enable-experimental-web-platform-features",
          "retid": "31"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.2.2",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed an mXSS bypass dropped on us publicly via",
          "retid": "32"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.2.3",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed an mXSS issue reported",
          "retid": "33"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.2.4",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed a new MathML-based bypass submitted by PewGrand. Fixed a new SVG-related bypass submitted by SecurityMB",
          "retid": "34"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "2.4.2",
        "cwe": [
          "CWE-1321"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "DOMPurify vulnerable to tampering by prototype polution",
          "CVE": [
            "CVE-2024-48910"
          ],
          "githubID": "GHSA-p3vf-v8qc-cwcr"
        },
        "info": [
          "https://github.com/advisories/GHSA-p3vf-v8qc-cwcr",
          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-48910",
          "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc",
          "https://github.com/cure53/DOMPurify"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "2.5.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "DOMpurify has a nesting-based mXSS",
          "CVE": [
            "CVE-2024-47875"
          ],
          "githubID": "GHSA-gx9m-whjm-85jf"
        },
        "info": [
          "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
          "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
          "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
          "https://github.com/cure53/DOMPurify",
          "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "2.5.4",
        "cwe": [
          "CWE-1321",
          "CWE-1333"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "DOMPurify allows tampering by prototype pollution",
          "CVE": [
            "CVE-2024-45801"
          ],
          "githubID": "GHSA-mmhx-hmjr-r674"
        },
        "info": [
          "https://github.com/advisories/GHSA-mmhx-hmjr-r674",
          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
          "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
          "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
          "https://github.com/cure53/DOMPurify"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.1.3",
        "cwe": [
          "CWE-79"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "DOMpurify has a nesting-based mXSS",
          "CVE": [
            "CVE-2024-47875"
          ],
          "githubID": "GHSA-gx9m-whjm-85jf"
        },
        "info": [
          "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
          "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
          "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
          "https://github.com/cure53/DOMPurify",
          "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.1.3",
        "cwe": [
          "CWE-1321",
          "CWE-1333"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "DOMPurify allows tampering by prototype pollution",
          "CVE": [
            "CVE-2024-45801"
          ],
          "githubID": "GHSA-mmhx-hmjr-r674"
        },
        "info": [
          "https://github.com/advisories/GHSA-mmhx-hmjr-r674",
          "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
          "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
          "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
          "https://github.com/cure53/DOMPurify"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "3.2.4",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "DOMPurify allows Cross-site Scripting (XSS)",
          "CVE": [
            "CVE-2025-26791"
          ],
          "githubID": "GHSA-vhxf-7vqr-mrjg"
        },
        "info": [
          "https://github.com/advisories/GHSA-vhxf-7vqr-mrjg",
          "https://nvd.nist.gov/vuln/detail/CVE-2025-26791",
          "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02",
          "https://ensy.zip/posts/dompurify-323-bypass",
          "https://github.com/cure53/DOMPurify",
          "https://github.com/cure53/DOMPurify/releases/tag/3.2.4",
          "https://nsysean.github.io/posts/dompurify-323-bypass"
        ]
      }
    ],
    "extractors": {
      "func": [
        "DOMPurify.version"
      ],
      "filecontent": [
        "DOMPurify.version = '(§§version§§)';",
        "DOMPurify.version=\"(§§version§§)\"",
        "DOMPurify=.[^\\r\\n]{10,850}?\\.version=\"(§§version§§)\"",
        "/\\*! @license DOMPurify (§§version§§)",
        "var .=\"dompurify\"+.{10,550}?\\.version=\"(§§version§§)\""
      ],
      "hashes": {}
    }
  },
  "react": {
    "vulnerabilities": [
      {
        "atOrAbove": "0.4.0",
        "below": "0.4.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability can arise when using user data as a key",
          "CVE": [
            "CVE-2013-7035"
          ],
          "githubID": "GHSA-g53w-52xc-2j85"
        },
        "info": [
          "https://facebook.github.io/react/blog/2013/12/18/react-v0.5.2-v0.4.2.html",
          "https://github.com/advisories/GHSA-g53w-52xc-2j85"
        ]
      },
      {
        "atOrAbove": "0.5.0",
        "below": "0.5.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability can arise when using user data as a key",
          "CVE": [
            "CVE-2013-7035"
          ],
          "githubID": "GHSA-g53w-52xc-2j85"
        },
        "info": [
          "https://facebook.github.io/react/blog/2013/12/18/react-v0.5.2-v0.4.2.html",
          "https://github.com/advisories/GHSA-g53w-52xc-2j85"
        ]
      },
      {
        "atOrAbove": "0.0.1",
        "below": "0.14.0",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": " including untrusted objects as React children can result in an XSS security vulnerability",
          "retid": "23",
          "githubID": "GHSA-hg79-j56m-fxgv"
        },
        "info": [
          "http://danlec.com/blog/xss-via-a-spoofed-react-element",
          "https://facebook.github.io/react/blog/2015/10/07/react-v0.14.html"
        ]
      },
      {
        "atOrAbove": "16.0.0",
        "below": "16.0.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
          "CVE": [
            "CVE-2018-6341"
          ]
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.1.0",
        "below": "16.1.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
          "CVE": [
            "CVE-2018-6341"
          ]
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.2.0",
        "below": "16.2.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
          "CVE": [
            "CVE-2018-6341"
          ]
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.3.0",
        "below": "16.3.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
          "CVE": [
            "CVE-2018-6341"
          ]
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.4.0",
        "below": "16.4.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
          "CVE": [
            "CVE-2018-6341"
          ]
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      }
    ],
    "extractors": {
      "func": [
        "react.version",
        "require('react').version"
      ],
      "filecontent": [
        "/\\*\\*\n +\\* React \\(with addons\\) ?v(§§version§§)",
        "/\\*\\*\n +\\* React v(§§version§§)",
        "/\\*\\* @license React v(§§version§§)[\\s]*\\* react(-jsx-runtime)?\\.",
        "\"\\./ReactReconciler\":[0-9]+,\"\\./Transaction\":[0-9]+,\"fbjs/lib/invariant\":[0-9]+\\}\\],[0-9]+:\\[function\\(require,module,exports\\)\\{\"use strict\";module\\.exports=\"(§§version§§)\"\\}",
        "ReactVersion\\.js[\\*! \\\\/\n\r]{0,100}function\\(e,t\\)\\{\"use strict\";e\\.exports=\"(§§version§§)\"",
        "expected a ReactNode.[\\s\\S]{0,1800}?function\\(e,t\\)\\{\"use strict\";e\\.exports=\"(§§version§§)\""
      ]
    }
  },
  "react-dom": {
    "vulnerabilities": [
      {
        "atOrAbove": "16.0.0",
        "below": "16.0.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
          "CVE": [
            "CVE-2018-6341"
          ],
          "githubID": "GHSA-mvjj-gqq2-p4hw"
        },
        "info": [
          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.1.0",
        "below": "16.1.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
          "CVE": [
            "CVE-2018-6341"
          ],
          "githubID": "GHSA-mvjj-gqq2-p4hw"
        },
        "info": [
          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.2.0",
        "below": "16.2.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
          "CVE": [
            "CVE-2018-6341"
          ],
          "githubID": "GHSA-mvjj-gqq2-p4hw"
        },
        "info": [
          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.3.0",
        "below": "16.3.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
          "CVE": [
            "CVE-2018-6341"
          ],
          "githubID": "GHSA-mvjj-gqq2-p4hw"
        },
        "info": [
          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.4.0",
        "below": "16.4.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
          "CVE": [
            "CVE-2018-6341"
          ],
          "githubID": "GHSA-mvjj-gqq2-p4hw"
        },
        "info": [
          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/react-dom@(§§version§§)/"
      ],
      "filecontent": [
        "version:\"(§§version§§)[a-z0-9\\-]*\"[\\s,]*rendererPackageName:\"react-dom\"",
        "/\\*\\* @license React v(§§version§§)[\\s]*\\* react-dom\\."
      ]
    }
  },
  "react-is": {
    "vulnerabilities": [],
    "extractors": {
      "filecontent": [
        "/\\*\\* @license React v(§§version§§)[\\s]*\\* react-is\\."
      ]
    }
  },
  "scheduler": {
    "vulnerabilities": [],
    "extractors": {
      "filecontent": [
        "/\\*\\* @license React v(§§version§§)[\\s]*\\* scheduler\\."
      ]
    }
  },
  "flowplayer": {
    "vulnerabilities": [
      {
        "below": "5.4.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS vulnerability in Flash fallback",
          "issue": "381"
        },
        "info": [
          "https://github.com/flowplayer/flowplayer/issues/381"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "flowplayer-(§§version§§)(\\.min)?\\.js"
      ],
      "filename": [
        "flowplayer-(§§version§§)(\\.min)?\\.js"
      ]
    }
  },
  "DWR": {
    "npmname": "dwr",
    "vulnerabilities": [
      {
        "below": "1.1.4",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2007-01-09"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2014-5326/",
          "http://www.cvedetails.com/cve/CVE-2014-5326/"
        ]
      },
      {
        "below": "2.0.11",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-5326",
            "CVE-2014-5325"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2014-5326/"
        ]
      },
      {
        "atOrAbove": "3",
        "below": "3.0.RC3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-5326",
            "CVE-2014-5325"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2014-5326/"
        ]
      }
    ],
    "extractors": {
      "func": [
        "dwr.version"
      ],
      "filecontent": [
        " dwr-(§§version§§).jar"
      ]
    }
  },
  "moment.js": {
    "bowername": [
      "moment",
      "momentjs"
    ],
    "npmname": "moment",
    "basePurl": "pkg:npm/moment",
    "vulnerabilities": [
      {
        "below": "2.11.2",
        "severity": "medium",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "reDOS - regular expression denial of service",
          "issue": "2936",
          "githubID": "GHSA-87vv-r9j6-g5qv",
          "CVE": [
            "CVE-2016-4055"
          ]
        },
        "info": [
          "https://github.com/moment/moment/issues/2936"
        ]
      },
      {
        "below": "2.15.2",
        "severity": "medium",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS)",
          "retid": "22"
        },
        "info": [
          "https://security.snyk.io/vuln/npm:moment:20161019"
        ]
      },
      {
        "below": "2.19.3",
        "severity": "high",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS)",
          "CVE": [
            "CVE-2017-18214"
          ],
          "githubID": "GHSA-446m-mv8f-q348"
        },
        "info": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18214",
          "https://github.com/moment/moment/issues/4163",
          "https://security.snyk.io/vuln/npm:moment:20170905"
        ]
      },
      {
        "below": "2.29.2",
        "severity": "high",
        "cwe": [
          "CWE-22",
          "CWE-27"
        ],
        "identifiers": {
          "summary": "This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale.",
          "CVE": [
            "CVE-2022-24785"
          ],
          "githubID": "GHSA-8hfj-j24r-96c4"
        },
        "info": [
          "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
        ]
      },
      {
        "atOrAbove": "2.18.0",
        "below": "2.29.4",
        "severity": "high",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4",
          "CVE": [
            "CVE-2022-31129"
          ],
          "githubID": "GHSA-wc69-rhjr-hc9g"
        },
        "info": [
          "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
          "https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/moment\\.js/(§§version§§)/moment(.min)?\\.js"
      ],
      "filename": [
        "moment(?:-|\\.)(§§version§§)(?:-min)?\\.js"
      ],
      "func": [
        "moment.version"
      ],
      "filecontent": [
        "//!? moment.js(?:[\n\r]+)//!? version : (§§version§§)",
        "/\\* Moment.js +\\| +version : (§§version§§) \\|",
        "\\.version=\"(§§version§§)\".{20,60}\"isBefore\".{20,60}\"isAfter\".{200,500}\\.isMoment=",
        "\\.version=\"(§§version§§)\".{20,300}duration.{2,100}\\.isMoment=",
        "\\.isMoment\\(.{50,400}_isUTC.{50,400}=\"(§§version§§)\"",
        "=\"(§§version§§)\".{300,1000}Years:31536e6.{60,80}\\.isMoment",
        "// Moment.js is freely distributable under the terms of the MIT license.[\\s]+//[\\s]+// Version (§§version§§)"
      ]
    }
  },
  "underscore.js": {
    "bowername": [
      "Underscore",
      "underscore"
    ],
    "npmname": "underscore",
    "vulnerabilities": [
      {
        "atOrAbove": "1.3.2",
        "below": "1.12.1",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": " vulnerable to Arbitrary Code Injection via the template function",
          "CVE": [
            "CVE-2021-23358"
          ],
          "githubID": "GHSA-cf4h-3jhx-xvhq"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23358"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/underscore\\.js/(§§version§§)/underscore(-min)?\\.js"
      ],
      "func": [
        "underscore.version"
      ],
      "filecontent": [
        "//[\\s]*Underscore.js (§§version§§)",
        "// *Underscore\\.js[\\s\\S]{1,2500}_\\.VERSION *= *['\"](§§version§§)['\"]"
      ]
    }
  },
  "bootstrap": {
    "vulnerabilities": [
      {
        "below": "2.1.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "cross-site scripting vulnerability",
          "issue": "3421"
        },
        "info": [
          "https://github.com/twbs/bootstrap/pull/3421"
        ]
      },
      {
        "below": "3.4.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.",
          "issue": "27044",
          "CVE": [
            "CVE-2018-20676"
          ],
          "githubID": "GHSA-3mgp-fx93-9xv5"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2018-20676"
        ]
      },
      {
        "below": "3.4.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in data-container property of tooltip",
          "issue": "20184",
          "CVE": [
            "CVE-2018-14042"
          ],
          "githubID": "GHSA-7mvr-5x2g-wfc8"
        },
        "info": [
          "https://github.com/twbs/bootstrap/issues/20184"
        ]
      },
      {
        "below": "3.4.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.",
          "CVE": [
            "CVE-2018-20677"
          ],
          "githubID": "GHSA-ph58-4vrj-w6hr"
        },
        "info": [
          "https://github.com/advisories/GHSA-ph58-4vrj-w6hr"
        ]
      },
      {
        "below": "3.4.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in data-target property of scrollspy",
          "issue": "20184",
          "CVE": [
            "CVE-2018-14041"
          ],
          "githubID": "GHSA-pj7m-g53m-7638"
        },
        "info": [
          "https://github.com/advisories/GHSA-pj7m-g53m-7638",
          "https://github.com/twbs/bootstrap/issues/20184"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.4.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS is possible in the data-target attribute.",
          "CVE": [
            "CVE-2016-10735"
          ],
          "githubID": "GHSA-4p24-vmcr-4gqj"
        },
        "info": [
          "https://github.com/advisories/GHSA-4p24-vmcr-4gqj"
        ]
      },
      {
        "atOrAbove": "1.4.0",
        "below": "3.4.1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes",
          "CVE": [
            "CVE-2024-6485"
          ],
          "githubID": "GHSA-vxmc-5x29-h64v"
        },
        "info": [
          "https://github.com/advisories/GHSA-vxmc-5x29-h64v",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-6485",
          "https://github.com/twbs/bootstrap",
          "https://www.herodevs.com/vulnerability-directory/cve-2024-6485"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.4.1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in data-template, data-content and data-title properties of tooltip/popover",
          "issue": "28236",
          "CVE": [
            "CVE-2019-8331"
          ],
          "githubID": "GHSA-9v3m-8fp8-mj99"
        },
        "info": [
          "https://github.com/advisories/GHSA-9v3m-8fp8-mj99",
          "https://github.com/twbs/bootstrap/issues/28236"
        ]
      },
      {
        "atOrAbove": "2.0.0",
        "below": "3.4.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Bootstrap Cross-Site Scripting (XSS) vulnerability",
          "CVE": [
            "CVE-2024-6484"
          ],
          "githubID": "GHSA-9mvj-f7w8-pvh2"
        },
        "info": [
          "https://github.com/advisories/GHSA-9mvj-f7w8-pvh2",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-6484",
          "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2024-6484.yml",
          "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6484.yml",
          "https://github.com/twbs/bootstrap",
          "https://www.herodevs.com/vulnerability-directory/cve-2024-6484"
        ]
      },
      {
        "below": "3.999.999",
        "severity": "low",
        "cwe": [
          "CWE-1104"
        ],
        "identifiers": {
          "summary": "Bootstrap before 4.0.0 is end-of-life and no longer maintained.",
          "retid": "72"
        },
        "info": [
          "https://github.com/twbs/bootstrap/issues/20631"
        ]
      },
      {
        "atOrAbove": "4.0.0-beta",
        "below": "4.0.0-beta.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS is possible in the data-target attribute.",
          "CVE": [
            "CVE-2016-10735"
          ],
          "githubID": "GHSA-4p24-vmcr-4gqj"
        },
        "info": [
          "https://github.com/advisories/GHSA-4p24-vmcr-4gqj"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.1.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in collapse data-parent attribute",
          "issue": "20184",
          "CVE": [
            "CVE-2018-14040"
          ],
          "githubID": "GHSA-3wqf-4x89-9g79"
        },
        "info": [
          "https://github.com/twbs/bootstrap/issues/20184"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.1.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in data-container property of tooltip",
          "issue": "20184",
          "CVE": [
            "CVE-2018-14042"
          ],
          "githubID": "GHSA-7mvr-5x2g-wfc8"
        },
        "info": [
          "https://github.com/twbs/bootstrap/issues/20184"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.1.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in data-target property of scrollspy",
          "issue": "20184",
          "CVE": [
            "CVE-2018-14041"
          ],
          "githubID": "GHSA-pj7m-g53m-7638"
        },
        "info": [
          "https://github.com/advisories/GHSA-pj7m-g53m-7638",
          "https://github.com/twbs/bootstrap/issues/20184"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.3.1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in data-template, data-content and data-title properties of tooltip/popover",
          "issue": "28236",
          "CVE": [
            "CVE-2019-8331"
          ],
          "githubID": "GHSA-9v3m-8fp8-mj99"
        },
        "info": [
          "https://github.com/advisories/GHSA-9v3m-8fp8-mj99",
          "https://github.com/twbs/bootstrap/issues/28236"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "5.0.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Bootstrap Cross-Site Scripting (XSS) vulnerability",
          "CVE": [
            "CVE-2024-6531"
          ],
          "githubID": "GHSA-vc8w-jr9v-vj7f"
        },
        "info": [
          "https://github.com/advisories/GHSA-vc8w-jr9v-vj7f",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-6531",
          "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6531.yml",
          "https://github.com/twbs/bootstrap",
          "https://www.herodevs.com/vulnerability-directory/cve-2024-6531"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(§§version§§)/bootstrap(\\.min)?\\.js",
        "/(§§version§§)/js/bootstrap(\\.min)?\\.js"
      ],
      "filename": [
        "bootstrap-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!? Bootstrap v(§§version§§)",
        "\\* Bootstrap v(§§version§§)",
        "/\\*! Bootstrap v(§§version§§)",
        "this\\.close\\)\\};.\\.VERSION=\"(§§version§§)\"(?:,.\\.TRANSITION_DURATION=150)?,.\\.prototype\\.close"
      ],
      "hashes": {}
    }
  },
  "bootstrap-select": {
    "vulnerabilities": [
      {
        "below": "1.13.6",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS) via title and data-content",
          "CVE": [
            "CVE-2019-20921"
          ],
          "githubID": "GHSA-7c82-mp33-r854"
        },
        "info": [
          "https://github.com/snapappointments/bootstrap-select/issues/2199#issuecomment-701806876"
        ]
      },
      {
        "below": "1.13.6",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-Site Scripting in bootstrap-select",
          "githubID": "GHSA-9r7h-6639-v5mw",
          "CVE": [
            "CVE-2019-20921"
          ]
        },
        "info": [
          "https://github.com/snapappointments/bootstrap-select/issues/2199"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/bootstrap-select/(§§version§§)/"
      ],
      "filecontent": [
        "/\\*![\\s]+\\*[\\s]+Bootstrap-select[\\s]+v(§§version§§)",
        ".\\.data\\(\"selectpicker\",.=new .\\(this,.\\)\\)\\}\"string\"==typeof .&&\\(.=.\\[.\\]instanceof Function\\?.\\[.\\]\\.apply\\(.,.\\):.\\.options\\[.\\]\\)\\}\\}\\);return void 0!==.\\?.:.\\}.\\.VERSION=\"(§§version§§)\","
      ]
    }
  },
  "ckeditor": {
    "vulnerabilities": [
      {
        "below": "4.4.3",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS",
          "retid": "13"
        },
        "info": [
          "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-443"
        ]
      },
      {
        "below": "4.4.6",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS",
          "retid": "14"
        },
        "info": [
          "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-446"
        ]
      },
      {
        "below": "4.4.8",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS",
          "retid": "15"
        },
        "info": [
          "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-448"
        ]
      },
      {
        "below": "4.5.11",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS",
          "retid": "16"
        },
        "info": [
          "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-4511"
        ]
      },
      {
        "atOrAbove": "4.5.11",
        "below": "4.9.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS if the enhanced image plugin is installed",
          "retid": "17"
        },
        "info": [
          "https://ckeditor.com/blog/CKEditor-4.9.2-with-a-security-patch-released/",
          "https://ckeditor.com/cke4/release-notes"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.11.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS vulnerability in the HTML parser",
          "retid": "18",
          "CVE": [
            "CVE-2018-17960"
          ],
          "githubID": "GHSA-g68x-vvqq-pvw3"
        },
        "info": [
          "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/",
          "https://snyk.io/vuln/SNYK-JS-CKEDITOR-72618"
        ]
      },
      {
        "below": "4.14.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "XSS",
          "retid": "20"
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-414"
        ]
      },
      {
        "below": "4.15.1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted HTML code into the Color Button dialog",
          "retid": "19"
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-4151"
        ]
      },
      {
        "below": "4.16.0",
        "cwe": [
          "CWE-1333"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "ReDoS vulnerability in Autolink plugin and Advanced Tab for Dialogs plugin",
          "retid": "21"
        },
        "info": [
          "https://ckeditor.com/cke4/release/CKEditor-4.16.0"
        ]
      },
      {
        "below": "4.16.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "XSS vulnerability in the Widget plugin",
          "CVE": [
            "CVE-2021-32808"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c"
        ]
      },
      {
        "below": "4.16.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "XSS vulnerability in the Clipboard plugin",
          "CVE": [
            "CVE-2021-32809"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg"
        ]
      },
      {
        "below": "4.16.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS vulnerability in the Fake Objects plugin",
          "CVE": [
            "CVE-2021-37695"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc"
        ]
      },
      {
        "below": "4.17.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS vulnerabilities in the core module",
          "CVE": [
            "CVE-2021-41164",
            "CVE-2021-41165"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2",
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj"
        ]
      },
      {
        "below": "4.18.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "Inject malformed URL to bypass content sanitization for XSS",
          "CVE": [
            "CVE-2022-24728"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh"
        ]
      },
      {
        "below": "4.21.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code",
          "CVE": [
            "CVE-2023-28439"
          ]
        },
        "info": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439",
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g",
          "https://nvd.nist.gov/vuln/detail/CVE-2023-28439"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(§§version§§)/ckeditor(\\.min)?\\.js"
      ],
      "filename": [
        "ckeditor-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "ckeditor..js.{4,30}=\\{timestamp:\"[^\"]+\",version:\"(§§version§§)",
        "window\\.CKEDITOR=function\\(\\)\\{var [a-z]=\\{timestamp:\"[^\"]+\",version:\"(§§version§§)"
      ],
      "hashes": {},
      "func": [
        "CKEDITOR.version"
      ]
    }
  },
  "ckeditor5": {
    "vulnerabilities": [
      {
        "below": "10.0.1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "XSS in the link package",
          "CVE": [
            "CVE-2018-11093"
          ]
        },
        "info": [
          "https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/"
        ]
      },
      {
        "below": "25.0.0",
        "cwe": [
          "CWE-1333"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "ReDos in several packages",
          "CVE": [
            "CVE-2021-21254"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-hgmg-hhc8-g5wr"
        ]
      },
      {
        "below": "27.0.0",
        "cwe": [
          "CWE-1333"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "ReDos in several packages",
          "CVE": [
            "CVE-2021-21391"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj"
        ]
      },
      {
        "below": "35.0.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "security fix for the Markdown GFM, HTML support and HTML embed packages",
          "CVE": [
            "CVE-2022-31175"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor5/compare/v34.2.0...v35.0.0",
          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j"
        ]
      },
      {
        "atOrAbove": "40.0.0",
        "below": "43.1.1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Cross-site scripting (XSS) in the clipboard package",
          "CVE": [
            "CVE-2024-45613"
          ],
          "githubID": "GHSA-rgg8-g5x8-wr9v"
        },
        "info": [
          "https://github.com/advisories/GHSA-rgg8-g5x8-wr9v",
          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-45613",
          "https://github.com/ckeditor/ckeditor5",
          "https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(§§version§§)/ckeditor5(\\.min)?\\.js"
      ],
      "filename": [
        "ckeditor5-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "const .=\"(§§version§§)\";.{0,140}?\\.CKEDITOR_VERSION=.;",
        "CKEDITOR_VERSION=\"(§§version§§)\""
      ],
      "hashes": {},
      "func": [
        "CKEDITOR_VERSION"
      ]
    }
  },
  "vue": {
    "vulnerabilities": [
      {
        "below": "2.4.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "possible xss vector",
          "retid": "12"
        },
        "info": [
          "https://github.com/vuejs/vue/releases/tag/v2.4.3"
        ]
      },
      {
        "below": "2.5.17",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential xss in ssr when using v-bind",
          "retid": "11"
        },
        "info": [
          "https://github.com/vuejs/vue/releases/tag/v2.5.17"
        ]
      },
      {
        "below": "2.6.11",
        "severity": "medium",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Bump vue-server-renderer's dependency of serialize-javascript to 2.1.2",
          "retid": "10"
        },
        "info": [
          "https://github.com/vuejs/vue/releases/tag/v2.6.11"
        ]
      },
      {
        "atOrAbove": "2.0.0-alpha.1",
        "below": "3.0.0-alpha.0",
        "cwe": [
          "CWE-1333"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function",
          "CVE": [
            "CVE-2024-9506"
          ],
          "githubID": "GHSA-5j4c-8p2g-v4jx"
        },
        "info": [
          "https://github.com/advisories/GHSA-5j4c-8p2g-v4jx",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-9506",
          "https://github.com/vuejs/core",
          "https://www.herodevs.com/vulnerability-directory/cve-2024-9506"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/vue@(§§version§§)/dist/vue\\.js",
        "/vue/(§§version§§)/vue\\..*\\.js",
        "/npm/vue@(§§version§§)"
      ],
      "filename": [
        "vue-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!\\n \\* Vue.js v(§§version§§)",
        "/\\*\\*?!?\\n ?\\* vue v(§§version§§)",
        "Vue.version = '(§§version§§)';",
        "'(§§version§§)'[^\\n]{0,8000}Vue compiler",
        "\\* Original file: /npm/vue@(§§version§§)/dist/vue.(global|common).js",
        "const version[ ]*=[ ]*\"(§§version§§)\";[\\s]*/\\*\\*[\\s]*\\* SSR utils for \\\\@vue/server-renderer",
        "\\.__vue_app__=.{0,8000}?const [a-z]+=\"(§§version§§)\",",
        "let [A-Za-z]+=\"(§§version§§)\",..=\"undefined\"!=typeof window&&window.trustedTypes;if\\(..\\)try\\{.=..\\.createPolicy\\(\"vue\",",
        "isCustomElement.{1,5}?compilerOptions.{0,500}exposeProxy.{0,700}\"(§§version§§)\"",
        "\"(§§version§§)\"[\\s\\S]{0,150}\\.createPolicy\\(\"vue\"",
        "devtoolsFormatters[\\s\\S]{50,180}\"(§§version§§)\"[\\s\\S]{50,180}\\.createElement\\(\"template\"\\)"
      ],
      "func": [
        "Vue.version"
      ]
    }
  },
  "ExtJS": {
    "vulnerabilities": [
      {
        "atOrAbove": "3.0.0",
        "below": "4.0.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS vulnerability in ExtJS charts.swf",
          "CVE": [
            "CVE-2010-4207",
            "CVE-2012-5881"
          ]
        },
        "info": [
          "https://typo3.org/security/advisory/typo3-core-sa-2014-001/",
          "https://www.acunetix.com/vulnerabilities/web/extjs-charts-swf-cross-site-scripting",
          "https://www.akawebdesign.com/2018/08/14/should-js-frameworks-prevent-xss/"
        ]
      },
      {
        "below": "6.0.0",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Directory traversal and arbitrary file read",
          "CVE": [
            "CVE-2007-2285"
          ]
        },
        "info": [
          "https://packetstormsecurity.com/files/132052/extjs-Arbitrary-File-Read.html",
          "https://www.akawebdesign.com/2018/08/14/should-js-frameworks-prevent-xss/",
          "https://www.cvedetails.com/cve/CVE-2007-2285/"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "6.6.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS in Sencha Ext JS 4 to 6 via getTip() method of Action Columns",
          "CVE": [
            "CVE-2018-8046"
          ]
        },
        "info": [
          "http://seclists.org/fulldisclosure/2018/Jul/8",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-8046"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/extjs/(§§version§§)/.*\\.js"
      ],
      "filename": [
        "/ext-all-(§§version§§)(\\.min)?\\.js",
        "/ext-all-debug-(§§version§§)(\\.min)?\\.js",
        "/ext-base-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/*!\n * Ext JS Library (§§version§§)",
        "Ext = \\{[\\s]*/\\*[^/]+/[\\s]*version *: *['\"](§§version§§)['\"]",
        "var version *= *['\"](§§version§§)['\"], *Version;[\\s]*Ext.Version *= *Version *= *Ext.extend"
      ],
      "func": [
        "Ext && Ext.versions && Ext.versions.extjs.version",
        "Ext && Ext.version"
      ]
    }
  },
  "svelte": {
    "vulnerabilities": [
      {
        "below": "2.9.8",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS",
          "retid": "9"
        },
        "info": [
          "https://github.com/sveltejs/svelte/pull/1623"
        ]
      },
      {
        "below": "3.46.5",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS",
          "retid": "8"
        },
        "info": [
          "https://github.com/sveltejs/svelte/pull/7333"
        ]
      },
      {
        "below": "3.49.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS",
          "issue": "7530",
          "githubID": "GHSA-wv8q-r932-8hc7",
          "CVE": [
            "CVE-2022-25875"
          ]
        },
        "info": [
          "https://github.com/sveltejs/svelte/pull/7530"
        ]
      },
      {
        "below": "4.2.19",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Svelte has a potential mXSS vulnerability due to improper HTML escaping",
          "CVE": [
            "CVE-2024-45047"
          ],
          "githubID": "GHSA-8266-84wp-wv5c"
        },
        "info": [
          "https://github.com/advisories/GHSA-8266-84wp-wv5c",
          "https://github.com/sveltejs/svelte/security/advisories/GHSA-8266-84wp-wv5c",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-45047",
          "https://github.com/sveltejs/svelte/commit/83e96e044deb5ecbae2af361ae9e31d3e1ac43a3",
          "https://github.com/sveltejs/svelte"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/svelte@(§§version§§)/"
      ],
      "filename": [
        "svelte[@\\-](§§version§§)(.min)?\\.m?js"
      ],
      "filecontent": [
        "generated by Svelte v\\$\\{['\"](§§version§§)['\"]\\}",
        "generated by Svelte v(§§version§§) \\*/",
        "version: '(§§version§§)' [\\s\\S]{80,200}'SvelteDOMInsert'",
        "VERSION = '(§§version§§)'[\\s\\S]{21,200}parse\\$[0-9][\\s\\S]{10,80}preprocess",
        "var version\\$[0-9] = \"(§§version§§)\";[\\s\\S]{10,30}normalizeOptions\\(options\\)[\\s\\S]{80,200}'SvelteComponent.html'"
      ],
      "func": [
        "svelte.VERSION"
      ]
    }
  },
  "axios": {
    "vulnerabilities": [
      {
        "below": "0.18.1",
        "severity": "high",
        "cwe": [
          "CWE-20",
          "CWE-755"
        ],
        "identifiers": {
          "summary": "Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded",
          "CVE": [
            "CVE-2019-10742"
          ],
          "githubID": "GHSA-42xw-2xvc-qx8m"
        },
        "info": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10742",
          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-174505"
        ]
      },
      {
        "below": "0.21.1",
        "severity": "medium",
        "cwe": [
          "CWE-918"
        ],
        "identifiers": {
          "summary": "Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability",
          "CVE": [
            "CVE-2020-28168"
          ],
          "githubID": "GHSA-4w2v-q235-vp99"
        },
        "info": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168",
          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-1038255"
        ]
      },
      {
        "below": "0.21.3",
        "severity": "high",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Axios is vulnerable to Inefficient Regular Expression Complexity",
          "CVE": [
            "CVE-2021-3749"
          ],
          "githubID": "GHSA-cph5-m8f7-6c5x"
        },
        "info": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3749",
          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-1579269"
        ]
      },
      {
        "atOrAbove": "0.8.1",
        "below": "0.28.0",
        "cwe": [
          "CWE-352"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Axios Cross-Site Request Forgery Vulnerability",
          "CVE": [
            "CVE-2023-45857"
          ],
          "githubID": "GHSA-wf5p-g6vw-rhxx"
        },
        "info": [
          "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
          "https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
          "https://github.com/axios/axios/issues/6006",
          "https://github.com/axios/axios/issues/6022",
          "https://github.com/axios/axios/pull/6028",
          "https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0",
          "https://github.com/axios/axios/releases/tag/v1.6.0",
          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459"
        ]
      },
      {
        "atOrAbove": "1.0.0",
        "below": "1.6.0",
        "cwe": [
          "CWE-352"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Axios Cross-Site Request Forgery Vulnerability",
          "CVE": [
            "CVE-2023-45857"
          ],
          "githubID": "GHSA-wf5p-g6vw-rhxx"
        },
        "info": [
          "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
          "https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
          "https://github.com/axios/axios/issues/6006",
          "https://github.com/axios/axios/issues/6022",
          "https://github.com/axios/axios/pull/6028",
          "https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0",
          "https://github.com/axios/axios/releases/tag/v1.6.0",
          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459"
        ]
      },
      {
        "below": "1.6.8",
        "severity": "medium",
        "cwe": [
          "CWE-200"
        ],
        "identifiers": {
          "summary": "Versions before 1.6.8 depends on follow-redirects before 1.15.6 which could leak the proxy authentication credentials",
          "PR": "6300"
        },
        "info": [
          "https://github.com/axios/axios/pull/6300"
        ]
      },
      {
        "atOrAbove": "1.3.2",
        "below": "1.7.4",
        "cwe": [
          "CWE-918"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Server-Side Request Forgery in axios",
          "CVE": [
            "CVE-2024-39338"
          ],
          "githubID": "GHSA-8hc4-vh64-cxmj"
        },
        "info": [
          "https://github.com/advisories/GHSA-8hc4-vh64-cxmj",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
          "https://github.com/axios/axios/issues/6463",
          "https://github.com/axios/axios/pull/6539",
          "https://github.com/axios/axios/pull/6543",
          "https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a",
          "https://github.com/axios/axios",
          "https://github.com/axios/axios/releases",
          "https://github.com/axios/axios/releases/tag/v1.7.4",
          "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "1.8.2",
        "cwe": [
          "CWE-918"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
          "CVE": [
            "CVE-2025-27152"
          ],
          "githubID": "GHSA-jr5f-v2jv-69x6"
        },
        "info": [
          "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
          "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6",
          "https://nvd.nist.gov/vuln/detail/CVE-2025-27152",
          "https://github.com/axios/axios/issues/6463",
          "https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f",
          "https://github.com/axios/axios",
          "https://github.com/axios/axios/releases/tag/v1.8.2"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/axios/(§§version§§)/.*\\.js"
      ],
      "filename": [
        "axios-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\* *axios v(§§version§§) ",
        "// Axios v(§§version§§) C",
        "return\"\\[Axios v(§§version§§)\\] Transitional",
        "\\\"axios\\\",\\\"version\\\":\\\"(§§version§§)\\\""
      ],
      "func": [
        "axios && axios.VERSION"
      ]
    }
  },
  "markdown-it": {
    "vulnerabilities": [
      {
        "below": "3.0.0",
        "severity": "high",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS)",
          "CVE": [
            "CVE-2015-10005"
          ],
          "githubID": "GHSA-j5p7-jf4q-742q"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2015-10005"
        ]
      },
      {
        "below": "4.1.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS)",
          "CVE": [
            "CVE-2015-3295"
          ]
        },
        "info": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3295",
          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
          "https://security.snyk.io/vuln/npm:markdown-it:20160912"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.3.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS)",
          "retid": "7"
        },
        "info": [
          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
          "https://security.snyk.io/vuln/npm:markdown-it:20150702"
        ]
      },
      {
        "below": "10.0.0",
        "severity": "medium",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS)",
          "retid": "6"
        },
        "info": [
          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
          "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438"
        ]
      },
      {
        "below": "12.3.2",
        "severity": "medium",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS)",
          "CVE": [
            "CVE-2022-21670"
          ],
          "githubID": "GHSA-6vfc-qv3f-vr6c"
        },
        "info": [
          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
          "https://nvd.nist.gov/vuln/detail/CVE-2022-21670",
          "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-2331914"
        ]
      },
      {
        "below": "13.0.2",
        "severity": "medium",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Fixed crash/infinite loop caused by linkify inline rule",
          "issue": "957"
        },
        "info": [
          "https://github.com/markdown-it/markdown-it/issues/957",
          "https://github.com/markdown-it/markdown-it/compare/13.0.1...13.0.2"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/markdown-it[/@](§§version§§)/?.*\\.js"
      ],
      "filename": [
        "markdown-it-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*! markdown-it(?:-ins)? (§§version§§)"
      ],
      "func": []
    }
  },
  "jszip": {
    "vulnerabilities": [
      {
        "below": "2.7.0",
        "severity": "medium",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype Pollution",
          "CVE": [
            "CVE-2021-23413"
          ],
          "githubID": "GHSA-jg8v-48h5-wgxg"
        },
        "info": [
          "https://github.com/advisories/GHSA-jg8v-48h5-wgxg",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23413",
          "https://security.snyk.io/vuln/SNYK-JS-JSZIP-1251497"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.7.0",
        "severity": "medium",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype Pollution",
          "CVE": [
            "CVE-2021-23413"
          ],
          "githubID": "GHSA-jg8v-48h5-wgxg"
        },
        "info": [
          "https://github.com/advisories/GHSA-jg8v-48h5-wgxg",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23413",
          "https://security.snyk.io/vuln/SNYK-JS-JSZIP-1251497"
        ]
      },
      {
        "below": "3.8.0",
        "severity": "medium",
        "cwe": [
          "CWE-22"
        ],
        "identifiers": {
          "summary": "Santize filenames when files are loaded with loadAsync, to avoid “zip slip” attacks.",
          "retid": "5",
          "CVE": [
            "CVE-2022-48285"
          ],
          "githubID": "GHSA-36fh-84j7-cv5h"
        },
        "info": [
          "https://stuk.github.io/jszip/CHANGES.html"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/jszip[/@](§§version§§)/.*\\.js"
      ],
      "filename": [
        "jszip-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*![\\s]+JSZip v(§§version§§) "
      ],
      "func": [
        "JSZip && JSZip.version"
      ]
    }
  },
  "AlaSQL": {
    "npmname": "alasql",
    "vulnerabilities": [
      {
        "below": "0.7.0",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "An arbitrary code execution exists as AlaSQL doesn't sanitize input when characters are placed between square brackets [] or preceded with a backtik (accent grave) ` character. Versions older that 0.7.0 were deprecated in March of 2021 and should no longer be used.",
          "bug": "SNYK-JS-ALASQL-1082932"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-ALASQL-1082932"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/alasql[/@](§§version§§)/.*\\.js"
      ],
      "filename": [
        "alasql-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!?[ \n]*AlaSQL v(§§version§§)"
      ],
      "func": [
        "alasql && alasql.version"
      ]
    }
  },
  "jquery.datatables": {
    "npmname": "datatables.net",
    "vulnerabilities": [
      {
        "below": "1.10.10",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS",
          "CVE": [
            "CVE-2015-6584"
          ]
        },
        "info": [
          "https://github.com/DataTables/DataTablesSrc/commit/ccf86dc5982bd8e16d",
          "https://github.com/advisories/GHSA-4mv4-gmmf-q382",
          "https://www.invicti.com/web-applications-advisories/cve-2015-6384-xss-vulnerability-identified-in-datatables/"
        ]
      },
      {
        "below": "1.10.22",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "datatables.net vulnerable to Prototype Pollution due to incomplete fix",
          "CVE": [
            "CVE-2020-28458"
          ],
          "githubID": "GHSA-m7j4-fhg6-xf5v"
        },
        "info": [
          "https://github.com/advisories/GHSA-m7j4-fhg6-xf5v"
        ]
      },
      {
        "below": "1.10.22",
        "severity": "medium",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "prototype pollution",
          "retid": "4"
        },
        "info": [
          "https://cdn.datatables.net/1.10.22/"
        ]
      },
      {
        "below": "1.10.23",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "prototype pollution",
          "retid": "3"
        },
        "info": [
          "https://cdn.datatables.net/1.10.23/",
          "https://github.com/DataTables/DataTablesSrc/commit/a51cbe99fd3d02aa5582f97d4af1615d11a1ea03"
        ]
      },
      {
        "below": "1.11.3",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "possible XSS",
          "retid": "2"
        },
        "info": [
          "https://cdn.datatables.net/1.11.3/",
          "https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b"
        ]
      },
      {
        "below": "1.11.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross site scripting in datatables.net",
          "CVE": [
            "CVE-2021-23445"
          ],
          "githubID": "GHSA-h73q-5wmj-q8pj"
        },
        "info": [
          "https://github.com/advisories/GHSA-h73q-5wmj-q8pj"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(§§version§§)/(js/)?jquery.dataTables(.min)?.js"
      ],
      "filename": [
        "jquery.dataTables-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "http://www.datatables.net\n +DataTables (§§version§§)",
        "/\\*! DataTables (§§version§§)",
        ".\\.version=\"(§§version§§)\";[\\s]*.\\.settings=\\[\\];[\\s]*.\\.models=\\{[\\s]*\\};[\\s]*.\\.models.oSearch"
      ],
      "func": [
        "DataTable && DataTable.version"
      ]
    }
  },
  "nextjs": {
    "npmname": "next",
    "vulnerabilities": [
      {
        "atOrAbove": "1.0.0",
        "below": "2.4.1",
        "severity": "high",
        "cwe": [
          "CWE-22"
        ],
        "identifiers": {
          "summary": "Next.js Directory Traversal Vulnerability",
          "CVE": [
            "CVE-2017-16877"
          ],
          "githubID": "GHSA-3f5c-4qxj-vmpf"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-3f5c-4qxj-vmpf"
        ]
      },
      {
        "atOrAbove": "1.0.0",
        "below": "4.2.3",
        "cwe": [
          "CWE-22"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Directory traversal vulnerability in Next.js",
          "CVE": [
            "CVE-2018-6184"
          ],
          "githubID": "GHSA-m34x-wgrh-g897"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-m34x-wgrh-g897"
        ]
      },
      {
        "atOrAbove": "0.9.9",
        "below": "5.1.0",
        "cwe": [
          "CWE-20"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Remote Code Execution in next",
          "githubID": "GHSA-5vj8-3v2h-h38v"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-5vj8-3v2h-h38v"
        ]
      },
      {
        "atOrAbove": "7.0.0",
        "below": "7.0.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page",
          "CVE": [
            "CVE-2018-18282"
          ],
          "githubID": "GHSA-qw96-mm2g-c8m7"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-qw96-mm2g-c8m7"
        ]
      },
      {
        "below": "9.3.2",
        "severity": "medium",
        "cwe": [
          "CWE-23"
        ],
        "identifiers": {
          "summary": "Directory Traversal in Next.js",
          "CVE": [
            "CVE-2020-5284"
          ],
          "githubID": "GHSA-fq77-7p7r-83rj"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-fq77-7p7r-83rj"
        ]
      },
      {
        "atOrAbove": "9.5.0",
        "below": "9.5.4",
        "severity": "medium",
        "cwe": [
          "CWE-601"
        ],
        "identifiers": {
          "summary": "Open Redirect in Next.js",
          "CVE": [
            "CVE-2020-15242"
          ],
          "githubID": "GHSA-x56p-c8cg-q435"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435"
        ]
      },
      {
        "atOrAbove": "0.9.9",
        "below": "11.1.0",
        "severity": "medium",
        "cwe": [
          "CWE-601"
        ],
        "identifiers": {
          "summary": "Open Redirect in Next.js",
          "CVE": [
            "CVE-2021-37699"
          ],
          "githubID": "GHSA-vxf5-wxwp-m7g9"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-vxf5-wxwp-m7g9"
        ]
      },
      {
        "atOrAbove": "10.0.0",
        "below": "11.1.1",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS in Image Optimization API",
          "CVE": [
            "CVE-2021-39178"
          ],
          "githubID": "GHSA-9gr3-7897-pp7m"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3-7897-pp7m"
        ]
      },
      {
        "atOrAbove": "0.9.9",
        "below": "11.1.3",
        "severity": "high",
        "cwe": [
          "CWE-20"
        ],
        "identifiers": {
          "summary": "Unexpected server crash in Next.js versions",
          "CVE": [
            "CVE-2021-43803"
          ],
          "githubID": "GHSA-25mp-g6fv-mqxx"
        },
        "info": [
          "https://github.com/advisories/GHSA-25mp-g6fv-mqxx",
          "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx"
        ]
      },
      {
        "atOrAbove": "12.0.0",
        "below": "12.0.5",
        "severity": "high",
        "cwe": [
          "CWE-20"
        ],
        "identifiers": {
          "summary": "Unexpected server crash in Next.js versions",
          "CVE": [
            "CVE-2021-43803"
          ],
          "githubID": "GHSA-25mp-g6fv-mqxx"
        },
        "info": [
          "https://github.com/advisories/GHSA-25mp-g6fv-mqxx",
          "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx"
        ]
      },
      {
        "atOrAbove": "12.0.0",
        "below": "12.0.9",
        "severity": "medium",
        "cwe": [
          "CWE-20",
          "CWE-400"
        ],
        "identifiers": {
          "summary": "DOS Vulnerability for self-hosted next.js apps",
          "CVE": [
            "CVE-2022-21721"
          ],
          "githubID": "GHSA-wr66-vrwm-5g5x"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-wr66-vrwm-5g5x"
        ]
      },
      {
        "atOrAbove": "10.0.0",
        "below": "12.1.0",
        "severity": "medium",
        "cwe": [
          "CWE-451"
        ],
        "identifiers": {
          "summary": "Improper CSP in Image Optimization API",
          "CVE": [
            "CVE-2022-23646"
          ],
          "githubID": "GHSA-fmvm-x8mv-47mj"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj"
        ]
      },
      {
        "atOrAbove": "12.2.3",
        "below": "12.2.4",
        "cwe": [
          "CWE-248",
          "CWE-754"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Unexpected server crash in Next.js",
          "githubID": "GHSA-wff4-fpwg-qqv3",
          "CVE": [
            "CVE-2022-36046"
          ]
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3"
        ]
      },
      {
        "atOrAbove": "0.9.9",
        "below": "13.4.20-canary.13",
        "cwe": [
          "CWE-525"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "Next.js missing cache-control header may lead to CDN caching empty reply",
          "CVE": [
            "CVE-2023-46298"
          ],
          "githubID": "GHSA-c59h-r6p8-q9wc"
        },
        "info": [
          "https://github.com/advisories/GHSA-c59h-r6p8-q9wc"
        ]
      },
      {
        "atOrAbove": "13.3.1",
        "below": "13.5.0",
        "cwe": [
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Next.js Denial of Service (DoS) condition",
          "CVE": [
            "CVE-2024-39693"
          ],
          "githubID": "GHSA-fq54-2j52-jc42"
        },
        "info": [
          "https://github.com/advisories/GHSA-fq54-2j52-jc42",
          "https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-39693",
          "https://github.com/vercel/next.js"
        ]
      },
      {
        "atOrAbove": "13.4.0",
        "below": "13.5.1",
        "cwe": [
          "CWE-444"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Next.js Vulnerable to HTTP Request Smuggling",
          "CVE": [
            "CVE-2024-34350"
          ],
          "githubID": "GHSA-77r5-gw3j-2mpf"
        },
        "info": [
          "https://github.com/advisories/GHSA-77r5-gw3j-2mpf",
          "https://github.com/vercel/next.js/security/advisories/GHSA-77r5-gw3j-2mpf",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-34350",
          "https://github.com/vercel/next.js/commit/44eba020c615f0d9efe431f84ada67b81576f3f5",
          "https://github.com/vercel/next.js",
          "https://github.com/vercel/next.js/compare/v13.5.0...v13.5.1"
        ]
      },
      {
        "atOrAbove": "13.5.1",
        "below": "13.5.7",
        "cwe": [
          "CWE-349",
          "CWE-639"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Next.js Cache Poisoning",
          "CVE": [
            "CVE-2024-46982"
          ],
          "githubID": "GHSA-gp8f-8m3g-qvj9"
        },
        "info": [
          "https://github.com/advisories/GHSA-gp8f-8m3g-qvj9",
          "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
          "https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
          "https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
          "https://github.com/vercel/next.js"
        ]
      },
      {
        "atOrAbove": "13.0.0",
        "below": "13.5.8",
        "cwe": [
          "CWE-770"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
          "CVE": [
            "CVE-2024-56332"
          ],
          "githubID": "GHSA-7m27-7ghc-44w9"
        },
        "info": [
          "https://github.com/advisories/GHSA-7m27-7ghc-44w9",
          "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
          "https://github.com/vercel/next.js"
        ]
      },
      {
        "atOrAbove": "13.4.0",
        "below": "14.1.1",
        "cwe": [
          "CWE-918"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Next.js Server-Side Request Forgery in Server Actions",
          "CVE": [
            "CVE-2024-34351"
          ],
          "githubID": "GHSA-fr5h-rqp8-mj6g"
        },
        "info": [
          "https://github.com/advisories/GHSA-fr5h-rqp8-mj6g",
          "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-34351",
          "https://github.com/vercel/next.js/pull/62561",
          "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
          "https://github.com/vercel/next.js"
        ]
      },
      {
        "atOrAbove": "10.0.0",
        "below": "14.2.7",
        "cwe": [
          "CWE-674"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Denial of Service condition in Next.js image optimization",
          "CVE": [
            "CVE-2024-47831"
          ],
          "githubID": "GHSA-g77x-44xx-532m"
        },
        "info": [
          "https://github.com/advisories/GHSA-g77x-44xx-532m",
          "https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-47831",
          "https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a",
          "https://github.com/vercel/next.js"
        ]
      },
      {
        "atOrAbove": "14.0.0",
        "below": "14.2.10",
        "cwe": [
          "CWE-349",
          "CWE-639"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Next.js Cache Poisoning",
          "CVE": [
            "CVE-2024-46982"
          ],
          "githubID": "GHSA-gp8f-8m3g-qvj9"
        },
        "info": [
          "https://github.com/advisories/GHSA-gp8f-8m3g-qvj9",
          "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
          "https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
          "https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
          "https://github.com/vercel/next.js"
        ]
      },
      {
        "atOrAbove": "9.5.5",
        "below": "14.2.15",
        "cwe": [
          "CWE-285"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Next.js authorization bypass vulnerability",
          "CVE": [
            "CVE-2024-51479"
          ],
          "githubID": "GHSA-7gfc-8cq8-jh5f"
        },
        "info": [
          "https://github.com/advisories/GHSA-7gfc-8cq8-jh5f",
          "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
          "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
          "https://github.com/vercel/next.js",
          "https://github.com/vercel/next.js/releases/tag/v14.2.15"
        ]
      },
      {
        "atOrAbove": "14.0.0",
        "below": "14.2.21",
        "cwe": [
          "CWE-770"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
          "CVE": [
            "CVE-2024-56332"
          ],
          "githubID": "GHSA-7m27-7ghc-44w9"
        },
        "info": [
          "https://github.com/advisories/GHSA-7m27-7ghc-44w9",
          "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
          "https://github.com/vercel/next.js"
        ]
      },
      {
        "atOrAbove": "15.0.0",
        "below": "15.1.2",
        "cwe": [
          "CWE-770"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
          "CVE": [
            "CVE-2024-56332"
          ],
          "githubID": "GHSA-7m27-7ghc-44w9"
        },
        "info": [
          "https://github.com/advisories/GHSA-7m27-7ghc-44w9",
          "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
          "https://github.com/vercel/next.js"
        ]
      }
    ],
    "extractors": {
      "filecontent": [
        "version=\"(§§version§§)\".{1,1500}document\\.getElementById\\(\"__NEXT_DATA__\"\\)\\.textContent",
        "document\\.getElementById\\(\"__NEXT_DATA__\"\\)\\.textContent\\);window\\.__NEXT_DATA__=.;.\\.version=\"(§§version§§)\"",
        "=\"(§§version§§)\"[\\s\\S]{10,100}Component[\\s\\S]{1,10}componentDidCatch[\\s\\S]{10,30}componentDidMount"
      ],
      "func": [
        "next && next.version"
      ]
    }
  },
  "chart.js": {
    "vulnerabilities": [
      {
        "below": "2.9.4",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-915"
        ],
        "identifiers": {
          "summary": "Prototype pollution in chart.js",
          "CVE": [
            "CVE-2020-7746"
          ],
          "githubID": "GHSA-h68q-55jf-x68w"
        },
        "info": [
          "https://github.com/advisories/GHSA-h68q-55jf-x68w"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/Chart.js/(§§version§§)/chart(\\.min)?\\.js",
        "/Chart.js/(§§version§§)/Chart.bundle(\\.min)?\\.js"
      ],
      "filecontent": [
        "var version=\"(§§version§§)\";const KNOWN_POSITIONS=\\[\"top\",\"bottom\",\"left\",\"right\",\"chartArea\"\\]",
        "/\\*![\\s]+\\* Chart.js v(§§version§§)",
        "/\\*![\\s]+\\* Chart.js[\\s]+\\* http://chartjs.org/[\\s]+\\* Version: (§§version§§)"
      ]
    }
  },
  "froala": {
    "npmname": "froala-editor",
    "vulnerabilities": [
      {
        "below": "3.2.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Security issue: XSS via pasted content",
          "issue": "3880"
        },
        "info": [
          "https://froala.com/wysiwyg-editor/changelog/#3.2.2"
        ]
      },
      {
        "below": "3.2.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS Issue In Link Insertion",
          "issue": "3270"
        },
        "info": [
          "https://github.com/froala/wysiwyg-editor/issues/3270"
        ]
      },
      {
        "below": "3.2.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "DOM-based cross-site scripting in Froala Editor",
          "githubID": "GHSA-h236-g5gh-vq6c",
          "CVE": [
            "CVE-2019-19935"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-h236-g5gh-vq6c"
        ]
      },
      {
        "below": "3.2.7",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.",
          "CVE": [
            "CVE-2021-28114"
          ]
        },
        "info": [
          "https://bishopfox.com/blog/froala-editor-v3-2-6-advisory"
        ]
      },
      {
        "below": "3.2.7",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Froala WYSIWYG Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent XSS.",
          "CVE": [
            "CVE-2021-30109"
          ],
          "githubID": "GHSA-cq6w-w5rj-p9x8"
        },
        "info": [
          "https://github.com/froala/wysiwyg-editor/releases/tag/v4.0.11"
        ]
      },
      {
        "below": "4.0.11",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS vulnerability in [insert video]",
          "issue": "3880",
          "githubID": "GHSA-97x5-cc53-cv4v",
          "CVE": [
            "CVE-2020-22864"
          ]
        },
        "info": [
          "https://github.com/froala/wysiwyg-editor/releases/tag/v4.0.11"
        ]
      },
      {
        "below": "4.1.4",
        "atOrAbove": "4.0.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.",
          "CVE": [
            "CVE-2023-41592"
          ],
          "githubID": "GHSA-hvpq-7vcc-5hj5"
        },
        "info": [
          "https://froala.com/wysiwyg-editor/changelog/#4.1.4",
          "https://github.com/advisories/GHSA-hvpq-7vcc-5hj5"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "4.3.1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Froala WYSIWYG editor allows cross-site scripting (XSS)",
          "CVE": [
            "CVE-2024-51434"
          ],
          "githubID": "GHSA-549p-5c7f-c5p4"
        },
        "info": [
          "https://github.com/advisories/GHSA-549p-5c7f-c5p4",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-51434",
          "https://georgyg.com/home/froala-wysiwyg-editor---xss-cve-2024-51434",
          "https://github.com/froala/wysiwyg-editor"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/froala-editor/(§§version§§)/",
        "/froala-editor@(§§version§§)/"
      ],
      "filecontent": [
        "/\\*![\\s]+\\* froala_editor v(§§version§§)",
        "VERSION:\"(§§version§§)\",INSTANCES:\\[\\],OPTS_MAPPING:\\{\\}"
      ],
      "func": [
        "FroalaEditor.VERSION"
      ]
    }
  },
  "pendo": {
    "vulnerabilities": [
      {
        "below": "2.15.18",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Patched XSS vulnerability around script loading",
          "retid": "74"
        },
        "info": [
          "https://developers.pendo.io/agent-version-2-15-18/"
        ]
      }
    ],
    "extractors": {
      "filecontent": [
        "// Pendo Agent Wrapper\n//[\\s]+Environment:[\\s]+[^\n]+\n// Agent Version:[\\s]+(§§version§§)"
      ],
      "func": [
        "pendo.VERSION.split('_')[0]"
      ]
    }
  },
  "highcharts": {
    "vulnerabilities": [
      {
        "below": "6.1.0",
        "severity": "high",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service in highcharts",
          "CVE": [
            "CVE-2018-20801"
          ],
          "githubID": "GHSA-xmc8-cjfr-phx3"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-HIGHCHARTS-1290057"
        ]
      },
      {
        "below": "7.2.2",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of `highcharts` prior to 7.2.2 or 8.1.1 are vulnerable to Cross-Site Scripting (XSS)",
          "githubID": "GHSA-gr4j-r575-g665"
        },
        "info": [
          "https://github.com/advisories/GHSA-gr4j-r575-g665",
          "https://github.com/highcharts/highcharts/issues/13559"
        ]
      },
      {
        "atOrAbove": "8.0.0",
        "below": "8.1.1",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of `highcharts` prior to 7.2.2 or 8.1.1 are vulnerable to Cross-Site Scripting (XSS)",
          "githubID": "GHSA-gr4j-r575-g665"
        },
        "info": [
          "https://github.com/advisories/GHSA-gr4j-r575-g665",
          "https://github.com/highcharts/highcharts/issues/13559"
        ]
      },
      {
        "below": "9.0.0",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS) and Prototype Pollution in Highcharts < 9.0.0",
          "CVE": [
            "CVE-2021-29489"
          ],
          "githubID": "GHSA-8j65-4pcq-xq95"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-HIGHCHARTS-1290057"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "highcharts/(§§version§§)/highcharts(\\.min)?\\.js"
      ],
      "filecontent": [
        "product:\"Highcharts\",version:\"(§§version§§)\"",
        "product=\"Highcharts\"[,;].\\.version=\"(§§version§§)\""
      ]
    }
  },
  "select2": {
    "vulnerabilities": [
      {
        "atOrAbove": "0",
        "below": "4.0.6",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Improper Neutralization of Input During Web Page Generation in Select2",
          "CVE": [
            "CVE-2016-10744"
          ],
          "githubID": "GHSA-rf66-hmqf-q3fc"
        },
        "info": [
          "https://github.com/advisories/GHSA-rf66-hmqf-q3fc",
          "https://nvd.nist.gov/vuln/detail/CVE-2016-10744",
          "https://github.com/select2/select2/issues/4587",
          "https://github.com/snipe/snipe-it/pull/6831",
          "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a",
          "https://github.com/select2/select2"
        ]
      }
    ],
    "extractors": {
      "filecontent": [
        "/\\*!(?:[\\s]+\\*)? Select2 (§§version§§)",
        "/\\*[\\s]+Copyright 20[0-9]{2} [I]gor V[a]ynberg[\\s]+Version: (§§version§§)[\\s\\S]{1,5000}(\\.attr\\(\"class\",\"select2-sizer\"|\\.data\\(document, *\"select2-lastpos\"|document\\)\\.data\\(\"select2-lastpos\"|SingleSelect2, *MultiSelect2|window.Select2 *!== *undefined)"
      ],
      "uri": [
        "(§§version§§)/(js/)?select2(.min)?\\.js"
      ]
    }
  },
  "blueimp-file-upload": {
    "vulnerabilities": [
      {
        "below": "9.22.1",
        "cwe": [
          "CWE-434"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Unrestricted Upload of File with Dangerous Type in blueimp-file-upload",
          "CVE": [
            "CVE-2018-9206"
          ],
          "githubID": "GHSA-4cj8-g9cp-v5wr"
        },
        "info": [
          "https://github.com/advisories/GHSA-4cj8-g9cp-v5wr",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-9206",
          "https://github.com/advisories/GHSA-4cj8-g9cp-v5wr",
          "https://wpvulndb.com/vulnerabilities/9136",
          "https://www.exploit-db.com/exploits/45790/",
          "https://www.exploit-db.com/exploits/46182/",
          "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
          "http://www.securityfocus.com/bid/105679",
          "http://www.securityfocus.com/bid/106629",
          "http://www.vapidlabs.com/advisory.php?v=204"
        ]
      }
    ],
    "extractors": {
      "filecontent": [
        "/\\*[\\s*]+jQuery File Upload User Interface Plugin (§§version§§)[\\s*]+https://github.com/blueimp"
      ],
      "uri": [
        "/blueimp-file-upload/(§§version§§)/jquery.fileupload(-ui)?(\\.min)?\\.js"
      ]
    }
  },
  "c3": {
    "vulnerabilities": [
      {
        "below": "0.4.11",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Cross-Site Scripting in c3",
          "CVE": [
            "CVE-2016-1000240"
          ],
          "githubID": "GHSA-gvg7-pp82-cff3"
        },
        "info": [
          "https://github.com/advisories/GHSA-gvg7-pp82-cff3",
          "https://nvd.nist.gov/vuln/detail/CVE-2016-1000240",
          "https://github.com/c3js/c3/issues/1536",
          "https://github.com/c3js/c3/pull/1675",
          "https://github.com/c3js/c3/commit/de3864650300488a63d0541620e9828b00e94b42",
          "https://github.com/c3js/c3",
          "https://www.npmjs.com/advisories/138"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(§§version§§)/c3(\\.min)?\\.js"
      ],
      "filecontent": [
        "[\\s]+var c3 ?= ?\\{ ?version: ?['\"](§§version§§)['\"] ?\\};[\\s]+var c3_chart_fn,"
      ]
    }
  },
  "lodash": {
    "vulnerabilities": [
      {
        "below": "4.17.5",
        "cwe": [
          "CWE-471",
          "CWE-1321"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Prototype Pollution in lodash",
          "CVE": [
            "CVE-2018-3721"
          ],
          "githubID": "GHSA-fvqr-27wr-82fm"
        },
        "info": [
          "https://github.com/advisories/GHSA-fvqr-27wr-82fm",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-3721",
          "https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a",
          "https://hackerone.com/reports/310443",
          "https://github.com/advisories/GHSA-fvqr-27wr-82fm",
          "https://security.netapp.com/advisory/ntap-20190919-0004/",
          "https://www.npmjs.com/advisories/577"
        ]
      },
      {
        "below": "4.17.11",
        "cwe": [
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Prototype Pollution in lodash",
          "CVE": [
            "CVE-2018-16487"
          ],
          "githubID": "GHSA-4xc9-xhrj-v574"
        },
        "info": [
          "https://github.com/advisories/GHSA-4xc9-xhrj-v574",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-16487",
          "https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad",
          "https://hackerone.com/reports/380873",
          "https://github.com/advisories/GHSA-4xc9-xhrj-v574",
          "https://security.netapp.com/advisory/ntap-20190919-0004/",
          "https://www.npmjs.com/advisories/782"
        ]
      },
      {
        "below": "4.17.11",
        "cwe": [
          "CWE-400"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS) in lodash",
          "CVE": [
            "CVE-2019-1010266"
          ],
          "githubID": "GHSA-x5rq-j2xg-h7qm"
        },
        "info": [
          "https://github.com/advisories/GHSA-x5rq-j2xg-h7qm",
          "https://nvd.nist.gov/vuln/detail/CVE-2019-1010266",
          "https://github.com/lodash/lodash/issues/3359",
          "https://github.com/lodash/lodash/commit/5c08f18d365b64063bfbfa686cbb97cdd6267347",
          "https://github.com/lodash/lodash/wiki/Changelog",
          "https://security.netapp.com/advisory/ntap-20190919-0004/",
          "https://snyk.io/vuln/SNYK-JS-LODASH-73639"
        ]
      },
      {
        "below": "4.17.12",
        "cwe": [
          "CWE-1321",
          "CWE-20"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Prototype Pollution in lodash",
          "CVE": [
            "CVE-2019-10744"
          ],
          "githubID": "GHSA-jf85-cpcp-j695"
        },
        "info": [
          "https://github.com/advisories/GHSA-jf85-cpcp-j695",
          "https://nvd.nist.gov/vuln/detail/CVE-2019-10744",
          "https://github.com/lodash/lodash/pull/4336",
          "https://access.redhat.com/errata/RHSA-2019:3024",
          "https://security.netapp.com/advisory/ntap-20191004-0005/",
          "https://snyk.io/vuln/SNYK-JS-LODASH-450202",
          "https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp;utm_medium=RSS",
          "https://www.npmjs.com/advisories/1065",
          "https://www.oracle.com/security-alerts/cpujan2021.html",
          "https://www.oracle.com/security-alerts/cpuoct2020.html"
        ]
      },
      {
        "atOrAbove": "3.7.0",
        "below": "4.17.19",
        "cwe": [
          "CWE-1321",
          "CWE-770"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Prototype Pollution in lodash",
          "CVE": [
            "CVE-2020-8203"
          ],
          "githubID": "GHSA-p6mc-m468-83gw"
        },
        "info": [
          "https://github.com/advisories/GHSA-p6mc-m468-83gw",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-8203",
          "https://github.com/lodash/lodash/issues/4744",
          "https://github.com/lodash/lodash/issues/4874",
          "https://github.com/github/advisory-database/pull/2884",
          "https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12",
          "https://hackerone.com/reports/712065",
          "https://hackerone.com/reports/864701",
          "https://github.com/lodash/lodash",
          "https://github.com/lodash/lodash/wiki/Changelog#v41719",
          "https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744"
        ]
      },
      {
        "below": "4.17.21",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS) in lodash",
          "CVE": [
            "CVE-2020-28500"
          ],
          "githubID": "GHSA-29mw-wpgm-hmr9"
        },
        "info": [
          "https://github.com/advisories/GHSA-29mw-wpgm-hmr9",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
          "https://github.com/lodash/lodash/pull/5065",
          "https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7",
          "https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a",
          "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
          "https://github.com/lodash/lodash",
          "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8",
          "https://security.netapp.com/advisory/ntap-20210312-0006/",
          "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893",
          "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
          "https://www.oracle.com//security-alerts/cpujul2021.html",
          "https://www.oracle.com/security-alerts/cpujan2022.html",
          "https://www.oracle.com/security-alerts/cpujul2022.html",
          "https://www.oracle.com/security-alerts/cpuoct2021.html"
        ]
      },
      {
        "below": "4.17.21",
        "cwe": [
          "CWE-77",
          "CWE-94"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Command Injection in lodash",
          "CVE": [
            "CVE-2021-23337"
          ],
          "githubID": "GHSA-35jh-r3h4-6jhm"
        },
        "info": [
          "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
          "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c",
          "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
          "https://github.com/lodash/lodash",
          "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851",
          "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851",
          "https://security.netapp.com/advisory/ntap-20210312-0006/",
          "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929",
          "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
          "https://www.oracle.com//security-alerts/cpujul2021.html",
          "https://www.oracle.com/security-alerts/cpujan2022.html",
          "https://www.oracle.com/security-alerts/cpujul2022.html",
          "https://www.oracle.com/security-alerts/cpuoct2021.html"
        ]
      }
    ],
    "extractors": {
      "filecontent": [
        "/\\*[\\s*!]+(?:@license)?[\\s*]+(?:Lo-Dash|lodash|Lodash) v?(§§version§§)[\\s\\S]{1,200}Build: `lodash modern -o",
        "/\\*[\\s*!]+(?:@license)?[\\s*]+(?:Lo-Dash|lodash|Lodash) v?(§§version§§) <",
        "/\\*[\\s*!]+(?:@license)?[\\s*]+(?:Lo-Dash|lodash|Lodash) v?(§§version§§) lodash.com/license",
        "=\"(§§version§§)\"[\\s\\S]{1,300}__lodash_hash_undefined__",
        "/\\*[\\s*]+@license[\\s*]+(?:Lo-Dash|lodhash|Lodash)[\\s\\S]{1,500}var VERSION *= *['\"](§§version§§)['\"]",
        "var VERSION=\"(§§version§§)\";var BIND_FLAG=1,BIND_KEY_FLAG=2,CURRY_BOUND_FLAG=4,CURRY_FLAG=8"
      ],
      "uri": [
        "/(§§version§§)/lodash(\\.min)?\\.js"
      ]
    }
  },
  "ua-parser-js": {
    "vulnerabilities": [
      {
        "atOrAbove": "0",
        "below": "0.7.22",
        "cwe": [
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Regular Expression Denial of Service in ua-parser-js",
          "CVE": [
            "CVE-2020-7733"
          ],
          "githubID": "GHSA-662x-fhqg-9p8v"
        },
        "info": [
          "https://github.com/advisories/GHSA-662x-fhqg-9p8v",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-7733",
          "https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665",
          "https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226",
          "https://www.oracle.com//security-alerts/cpujul2021.html"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "0.7.22",
        "cwe": [
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Regular Expression Denial of Service in ua-parser-js",
          "CVE": [
            "CVE-2020-7733"
          ],
          "githubID": "GHSA-662x-fhqg-9p8v"
        },
        "info": [
          "https://github.com/advisories/GHSA-662x-fhqg-9p8v",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-7733",
          "https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665",
          "https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226",
          "https://www.oracle.com//security-alerts/cpujul2021.html"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "0.7.23",
        "cwe": [
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "ua-parser-js Regular Expression Denial of Service vulnerability",
          "CVE": [
            "CVE-2020-7793"
          ],
          "githubID": "GHSA-394c-5j6w-4xmx"
        },
        "info": [
          "https://github.com/advisories/GHSA-394c-5j6w-4xmx",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-7793",
          "https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18",
          "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-1050388",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050387",
          "https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599"
        ]
      },
      {
        "atOrAbove": "0.7.14",
        "below": "0.7.24",
        "cwe": [
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS) in ua-parser-js",
          "CVE": [
            "CVE-2021-27292"
          ],
          "githubID": "GHSA-78cj-fxph-m83p"
        },
        "info": [
          "https://github.com/advisories/GHSA-78cj-fxph-m83p",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-27292",
          "https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566",
          "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14",
          "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76"
        ]
      },
      {
        "atOrAbove": "0.7.29",
        "below": "0.7.30",
        "cwe": [
          "CWE-829",
          "CWE-912"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Embedded malware in ua-parser-js",
          "CVE": [],
          "githubID": "GHSA-pjwm-rvh2-c87w"
        },
        "info": [
          "https://github.com/advisories/GHSA-pjwm-rvh2-c87w",
          "https://github.com/faisalman/ua-parser-js/issues/536",
          "https://github.com/faisalman/ua-parser-js/issues/536#issuecomment-949772496",
          "https://github.com/faisalman/ua-parser-js",
          "https://www.npmjs.com/package/ua-parser-js"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "0.7.33",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "ReDoS Vulnerability in ua-parser-js version",
          "CVE": [
            "CVE-2022-25927"
          ],
          "githubID": "GHSA-fhg7-m89q-25r3"
        },
        "info": [
          "https://github.com/advisories/GHSA-fhg7-m89q-25r3",
          "https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3",
          "https://nvd.nist.gov/vuln/detail/CVE-2022-25927",
          "https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411",
          "https://github.com/faisalman/ua-parser-js",
          "https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450"
        ]
      },
      {
        "atOrAbove": "0.8.0",
        "below": "0.8.1",
        "cwe": [
          "CWE-829",
          "CWE-912"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Embedded malware in ua-parser-js",
          "CVE": [],
          "githubID": "GHSA-pjwm-rvh2-c87w"
        },
        "info": [
          "https://github.com/advisories/GHSA-pjwm-rvh2-c87w",
          "https://github.com/faisalman/ua-parser-js/issues/536",
          "https://github.com/faisalman/ua-parser-js/issues/536#issuecomment-949772496",
          "https://github.com/faisalman/ua-parser-js",
          "https://www.npmjs.com/package/ua-parser-js"
        ]
      },
      {
        "atOrAbove": "1.0.0",
        "below": "1.0.1",
        "cwe": [
          "CWE-829",
          "CWE-912"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Embedded malware in ua-parser-js",
          "CVE": [],
          "githubID": "GHSA-pjwm-rvh2-c87w"
        },
        "info": [
          "https://github.com/advisories/GHSA-pjwm-rvh2-c87w",
          "https://github.com/faisalman/ua-parser-js/issues/536",
          "https://github.com/faisalman/ua-parser-js/issues/536#issuecomment-949772496",
          "https://github.com/faisalman/ua-parser-js",
          "https://www.npmjs.com/package/ua-parser-js"
        ]
      },
      {
        "atOrAbove": "0.8.0",
        "below": "1.0.33",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "ReDoS Vulnerability in ua-parser-js version",
          "CVE": [
            "CVE-2022-25927"
          ],
          "githubID": "GHSA-fhg7-m89q-25r3"
        },
        "info": [
          "https://github.com/advisories/GHSA-fhg7-m89q-25r3",
          "https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3",
          "https://nvd.nist.gov/vuln/detail/CVE-2022-25927",
          "https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411",
          "https://github.com/faisalman/ua-parser-js",
          "https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(§§version§§)/ua-parser(.min)?.js"
      ],
      "filecontent": [
        "/\\* UAParser.js v(§§version§§)",
        "/\\*[*!](?:@license)?[\\s]+\\* UAParser.js v(§§version§§)",
        "// UAParser.js v(§§version§§)",
        ".\\.VERSION=\"(§§version§§)\",.\\.BROWSER=\\{NAME:.,MAJOR:\"major\",VERSION:.\\},.\\.CPU=\\{ARCHITECTURE:",
        ".\\.VERSION=\"(§§version§§)\",.\\.BROWSER=.\\(\\[[^\\]]{1,20}\\]\\),.\\.CPU=",
        "LIBVERSION=\"(§§version§§)\",EMPTY=\"\",UNKNOWN=\"\\?\",FUNC_TYPE=\"function\",UNDEF_TYPE=\"undefined\"",
        ".=\"(§§version§§)\",.=\"\",.=\"\\?\",.=\"function\",.=\"undefined\",.=\"object\",(.=\"string\",)?.=\"major\",.=\"model\",.=\"name\",.=\"type\",.=\"vendor\""
      ],
      "func": [
        "UAParser.VERSION",
        "$.ua.version"
      ]
    }
  },
  "mathjax": {
    "vulnerabilities": [
      {
        "atOrAbove": "0",
        "below": "2.7.4",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Macro in MathJax running untrusted Javascript within a web browser",
          "CVE": [
            "CVE-2018-1999024"
          ],
          "githubID": "GHSA-3c48-6pcv-88rm"
        },
        "info": [
          "https://github.com/advisories/GHSA-3c48-6pcv-88rm",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-1999024",
          "https://github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1",
          "https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html",
          "https://github.com/advisories/GHSA-3c48-6pcv-88rm",
          "https://github.com/mathjax/MathJax"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "2.7.10",
        "cwe": [
          "CWE-1333"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "MathJax Regular expression Denial of Service (ReDoS)",
          "CVE": [
            "CVE-2023-39663"
          ],
          "githubID": "GHSA-v638-q856-grg8"
        },
        "info": [
          "https://github.com/advisories/GHSA-v638-q856-grg8",
          "https://nvd.nist.gov/vuln/detail/CVE-2023-39663",
          "https://github.com/mathjax/MathJax/issues/3074"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/mathjax@(§§version§§)/",
        "/mathjax/(§§version§§)/"
      ],
      "filecontent": [
        "\\.MathJax\\.config\\.startup;{10,100}.\\.VERSION=\"(§§version§§)\"",
        "\\.MathJax=\\{version:\"(§§version§§)\"",
        "MathJax.{0,100}.\\.VERSION=void 0,.\\.VERSION=\"(§§version§§)\"",
        "MathJax\\.version=\"(§§version§§)\";"
      ],
      "func": [
        "MathJax.version"
      ]
    }
  },
  "pdf.js": {
    "bowername": [
      "pdfjs-dist"
    ],
    "npmname": "pdfjs-dist",
    "vulnerabilities": [
      {
        "atOrAbove": "0",
        "below": "1.10.100",
        "cwe": [
          "CWE-94"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Malicious PDF can inject JavaScript into PDF Viewer",
          "CVE": [
            "CVE-2018-5158"
          ],
          "githubID": "GHSA-7jg2-jgv3-fmr4"
        },
        "info": [
          "https://github.com/advisories/GHSA-7jg2-jgv3-fmr4",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-5158",
          "https://github.com/mozilla/pdf.js/pull/9659",
          "https://github.com/mozilla/pdf.js/commit/2dc4af525d1612c98afcd1e6bee57d4788f78f97",
          "https://access.redhat.com/errata/RHSA-2018:1414",
          "https://access.redhat.com/errata/RHSA-2018:1415",
          "https://bugzilla.mozilla.org/show_bug.cgi?id=1452075",
          "https://github.com/mozilla/pdf.js",
          "https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html",
          "https://security.gentoo.org/glsa/201810-01",
          "https://usn.ubuntu.com/3645-1",
          "https://www.debian.org/security/2018/dsa-4199",
          "https://www.mozilla.org/security/advisories/mfsa2018-11",
          "https://www.mozilla.org/security/advisories/mfsa2018-12",
          "http://www.securityfocus.com/bid/104136",
          "http://www.securitytracker.com/id/1040896"
        ]
      },
      {
        "atOrAbove": "2.0.0",
        "below": "2.0.550",
        "cwe": [
          "CWE-94"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Malicious PDF can inject JavaScript into PDF Viewer",
          "CVE": [
            "CVE-2018-5158"
          ],
          "githubID": "GHSA-7jg2-jgv3-fmr4"
        },
        "info": [
          "https://github.com/advisories/GHSA-7jg2-jgv3-fmr4",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-5158",
          "https://github.com/mozilla/pdf.js/pull/9659",
          "https://github.com/mozilla/pdf.js/commit/2dc4af525d1612c98afcd1e6bee57d4788f78f97",
          "https://access.redhat.com/errata/RHSA-2018:1414",
          "https://access.redhat.com/errata/RHSA-2018:1415",
          "https://bugzilla.mozilla.org/show_bug.cgi?id=1452075",
          "https://github.com/mozilla/pdf.js",
          "https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html",
          "https://security.gentoo.org/glsa/201810-01",
          "https://usn.ubuntu.com/3645-1",
          "https://www.debian.org/security/2018/dsa-4199",
          "https://www.mozilla.org/security/advisories/mfsa2018-11",
          "https://www.mozilla.org/security/advisories/mfsa2018-12",
          "http://www.securityfocus.com/bid/104136",
          "http://www.securitytracker.com/id/1040896"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "4.2.67",
        "cwe": [
          "CWE-79"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF",
          "CVE": [
            "CVE-2024-4367"
          ],
          "githubID": "GHSA-wgrm-67xf-hhpq"
        },
        "info": [
          "https://github.com/advisories/GHSA-wgrm-67xf-hhpq",
          "https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq",
          "https://github.com/mozilla/pdf.js/pull/18015",
          "https://github.com/mozilla/pdf.js/commit/85e64b5c16c9aaef738f421733c12911a441cec6",
          "https://bugzilla.mozilla.org/show_bug.cgi?id=1893645",
          "https://github.com/mozilla/pdf.js"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/pdf\\.js/(§§version§§)/",
        "/pdfjs-dist@(§§version§§)/"
      ],
      "filecontent": [
        "(?:const|var) pdfjsVersion = ['\"](§§version§§)['\"];",
        "PDFJS.version ?= ?['\"](§§version§§)['\"]",
        "apiVersion: ?['\"](§§version§§)['\"][\\s\\S]*,data(:[a-zA-Z.]{1,6})?,[\\s\\S]*password(:[a-zA-Z.]{1,10})?,[\\s\\S]*disableAutoFetch(:[a-zA-Z.]{1,22})?,[\\s\\S]*rangeChunkSize",
        "messageHandler\\.sendWithPromise\\(\"GetDocRequest\",\\{docId:[a-zA-Z],apiVersion:\"(§§version§§)\""
      ]
    }
  },
  "pdfobject": {
    "vulnerabilities": [],
    "extractors": {
      "uri": [
        "/pdfobject@(§§version§§)/",
        "/pdfobject/(§§version§§)/pdfobject(\\.min)?\\.js"
      ],
      "filecontent": [
        "\\* +PDFObject v(§§version§§)",
        "/*[\\s]+PDFObject v(§§version§§)",
        "let pdfobjectversion = \"(§§version§§)\";",
        "pdfobjectversion:\"(§§version§§)\""
      ]
    }
  },
  "dont check": {
    "vulnerabilities": [],
    "extractors": {
      "uri": [
        "^http[s]?://(ssl|www).google-analytics.com/ga.js",
        "^http[s]?://apis.google.com/js/plusone.js",
        "^http[s]?://cdn.cxense.com/cx.js"
      ]
    }
  }
}