An automation triggered a pipeline warning
Found 32 vulnerabilities. An additional 0 vulnerabilities have been marked as unaffected.
Output from Automations
4 rules were checked:
If a new dependency is added where the license risk is at least medium
then notify all users in the group admins by email
✔️ The rule did not trigger. Manage rule
If a dependency contains a vulnerability which has not been marked as unaffected and which has not triggered this rule for this dependency before
then notify all users in the group admins by email
✔️ The rule did not trigger. Manage rule
If there is a dependency where the license risk is at least high
then send a pipeline warning
✔️ The rule did not trigger. Manage rule
If a dependency contains a vulnerability which has not been marked as unaffected
then send a pipeline warning
⚠️ The rule triggered for the following vulnerabilities, causing a pipeline warning. Manage rule
Vulnerability |
CVSS2 |
CVSS3 |
Dependency |
Dependency Licenses |
CVE-2023-28102 |
N/A |
9.6 |
discordrb-webhooks (RubyGems) |
MIT |
CVE-2022-46175 |
N/A |
8.8 |
json5 (npm) |
Debricked Unknown License, MIT |
CVE-2020-7660 |
6.8 |
8.1 |
serialize-javascript (npm) |
BSD-3-Clause |
CVE-2023-24807 |
N/A |
7.5 |
undici (npm) |
MIT |
CVE-2023-26115 |
N/A |
7.5 |
word-wrap (npm) |
MIT |
CVE-2021-33194 |
5 |
7.5 |
golang.org/x/net (Go) |
BSD-3-Clause, Debricked Unknown License |
CVE-2018-17143 |
5 |
7.5 |
golang.org/x/net (Go) |
BSD-3-Clause, Debricked Unknown License |
CVE-2020-7753 |
5 |
7.5 |
trim (npm) |
MIT |
CVE-2021-33623 |
5 |
7.5 |
trim-newlines (npm) |
MIT |
CVE-2021-22146 |
5 |
7.5 |
elasticsearch (RubyGems) |
Apache-2.0 |
CVE-2022-38900 |
N/A |
7.5 |
decode-uri-component (npm) |
MIT |
CVE-2020-28469 |
5 |
7.5 |
glob-parent (npm) |
ISC |
CVE-2022-44571 |
N/A |
7.5 |
rack (RubyGems) |
MIT |
CVE-2022-25883 |
N/A |
7.5 |
semver (npm) |
BSD-2-Clause, Debricked Unknown License, ISC, MIT |
CVE-2022-44570 |
N/A |
7.5 |
rack (RubyGems) |
MIT |
CVE-2022-44572 |
N/A |
7.5 |
rack (RubyGems) |
MIT |
CVE-2023-27530 |
N/A |
7.5 |
rack (RubyGems) |
MIT |
CVE-2023-2251 |
N/A |
7.5 |
yaml (npm) |
Debricked Unknown License, ISC, MIT |
CVE-2021-22146 |
5 |
7.5 |
elasticsearch-transport (RubyGems) |
Apache-2.0 |
CVE-2021-22146 |
5 |
7.5 |
elasticsearch-api (RubyGems) |
Apache-2.0 |
CVE-2020-8203 |
5.8 |
7.4 |
lodash.values (npm) |
MIT |
CVE-2023-29408 |
N/A |
6.5 |
golang.org/x/image (Go) |
BSD-3-Clause, Debricked Unknown License |
CVE-2021-23386 |
4 |
6.5 |
dns-packet (npm) |
MIT |
CVE-2022-38778 |
N/A |
6.5 |
decode-uri-component (npm) |
MIT |
CVE-2023-29407 |
N/A |
6.5 |
golang.org/x/image (Go) |
BSD-3-Clause, Debricked Unknown License |
CVE-2023-3978 |
N/A |
6.1 |
golang.org/x/net (Go) |
BSD-3-Clause, Debricked Unknown License |
CVE-2021-31525 |
2.6 |
5.9 |
golang.org/x/net (Go) |
BSD-3-Clause, Debricked Unknown License |
CVE-2023-36308 |
N/A |
5.5 |
github.com/disintegration/imaging (Go) |
MIT |
CVE-2023-23936 |
N/A |
5.4 |
undici (npm) |
MIT |
CVE-2023-36617 |
N/A |
5.3 |
uri (RubyGems) |
BSD-2-Clause, Ruby |
CVE-2023-27539 |
N/A |
N/A |
rack (RubyGems) |
MIT |
CVE-2023-28362 |
N/A |
N/A |
actionpack (RubyGems) |
MIT |
debricked-199296 |
N/A |
N/A |
d3-color (npm) |
BSD-3-Clause, ISC |
CVE-2023-38037 |
N/A |
N/A |
activesupport (RubyGems) |
MIT |