Security
Vulnerabilities
1 High
2 Medium
3 Low
high
CVE-2021-23337
Prototype pollution vulnerability in lodash before 4.17.21 allows attackers to modify object properties via the set, setWith, and update functions.
lodash 4.17.15 → 4.17.21
medium
CVE-2022-24999
The express package before 4.17.3 for Node.js has a Regular Expression Denial of Service vulnerability via the req.fresh property.
express 4.17.1 → 4.17.3
Security Policies
Security policy
Enabled
Dependabot alerts
Enabled
Code scanning
Disabled
Secret scanning
Enabled
Security Score
78Grade B
Dependency Analysis
lodash4.17.15
1 issues
65/100
express4.17.1
1 issues
72/100
Security Recommendations
Based on the repository's security profile, here are some recommendations:
- Update lodash to version 4.17.21 to fix a high severity vulnerability
- Update express to version 4.17.3 to fix a medium severity vulnerability
- Enable code scanning to detect security vulnerabilities in your code