GitHub detected a vulnerability in the nanoid dependency #509
Assignees
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is a vulnerability ticket opened internally on pytorch/kineto, related to Tensorboard. Could someone please help take a look? @guotuofeng, @guyang3532 - are you guys the maintainers for tb_plugin? I couldn't find you internal.
GitHub has detected that a package defined in the tb_plugin/fe/yarn.lock file of the pytorch/kineto repository contains a security vulnerability.
Package name: nanoid
Affected versions: < 3.1.31
Fixed in version: 3.1.31
Severity: MODERATE
Identifier(s):
GHSA-qrpm-p2h7-hrv2
CVE-2021-23566
Reference(s):
https://nvd.nist.gov/vuln/detail/CVE-2021-23566
ai/nanoid#328
https://github.com/…/2b7bd9332bc49b6330c7ddb08e5c661833db25…
https://gist.github.com/ar…/bc6d1eb9a3477d15d2772e876169a444
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
https://snyk.io/vuln/SNYK-JS-NANOID-2332193
GHSA-qrpm-p2h7-hrv2
This task should automatically close when the alert is cleared on GitHub.
The text was updated successfully, but these errors were encountered: