matomo
Public

Empowering People Ethically with the leading open source alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. Liberating Web Analytics. Star us on Github? +1. And we love Pull Requests!

Security

Vulnerabilities
1 High
2 Medium
3 Low
high

CVE-2021-23337

Prototype pollution vulnerability in lodash before 4.17.21 allows attackers to modify object properties via the set, setWith, and update functions.

lodash 4.17.154.17.21
medium

CVE-2022-24999

The express package before 4.17.3 for Node.js has a Regular Expression Denial of Service vulnerability via the req.fresh property.

express 4.17.14.17.3
Security Policies
Security policy
Enabled
Dependabot alerts
Enabled
Code scanning
Disabled
Secret scanning
Enabled
Security Score
78Grade B

Dependency Analysis

lodash4.17.15
1 issues
65/100
express4.17.1
1 issues
72/100
Security Recommendations

Based on the repository's security profile, here are some recommendations:

  • Update lodash to version 4.17.21 to fix a high severity vulnerability
  • Update express to version 4.17.3 to fix a medium severity vulnerability
  • Enable code scanning to detect security vulnerabilities in your code