npm - @openrewrite/recipes-nodejs - Versions diffs - 0.36.0-20251214-170412 → 0.36.0-20251215-110739 - Mend

@openrewrite/recipes-nodejs 0.36.0-20251214-170412 → 0.36.0-20251215-110739

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/resources/advisories-npm.csv +93 -14
package/package.json +1 -1

package/dist/resources/advisories-npm.csv CHANGED Viewed

@@ -3625,17 +3625,21 @@ CVE-2025-11953,2025-11-03T18:31:52Z,"@react-native-community/cli has arbitrary O
 CVE-2025-11953,2025-11-03T18:31:52Z,"@react-native-community/cli has arbitrary OS command injection","@react-native-community/cli-server-api",20.0.0-alpha.0,20.0.0,,CRITICAL,CWE-78
 CVE-2025-12613,2025-11-10T06:30:26Z,"Cloudinary Node SDK is vulnerable to Arbitrary Argument Injection through parameters that include an ampersand",cloudinary,0,2.7.0,,HIGH,CWE-88
 CVE-2025-12735,2025-11-05T03:30:23Z,"expr-eval does not restrict functions passed to the evaluate function",expr-eval,0,,2.0.2,HIGH,CWE-94
-CVE-2025-12735,2025-11-05T03:30:23Z,"expr-eval does not restrict functions passed to the evaluate function",expr-eval-fork,0,,3.0.0,HIGH,CWE-94
+CVE-2025-12735,2025-11-05T03:30:23Z,"expr-eval does not restrict functions passed to the evaluate function",expr-eval-fork,0,3.0.1,,HIGH,CWE-94
 CVE-2025-12758,2025-11-27T06:31:25Z,"Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements",validator,0,13.15.22,,HIGH,CWE-792
 CVE-2025-12816,2025-11-26T22:07:19Z,"node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization",node-forge,0,1.3.2,,HIGH,CWE-436
-CVE-2025-12919,2025-11-09T21:30:16Z,"EverShop is vulnerable to Unauthorized Order Information Access (IDOR)",@evershop/evershop,0,,2.1.0,LOW,CWE-99
+CVE-2025-12919,2025-11-09T21:30:16Z,"EverShop is vulnerable to Unauthorized Order Information Access (IDOR)",@evershop/evershop,0,,2.1.0,LOW,CWE-639;CWE-99
 CVE-2025-1302,2025-02-15T06:30:51Z,"JSONPath Plus allows Remote Code Execution",jsonpath-plus,0,10.3.0,,HIGH,CWE-94
 CVE-2025-13033,2025-10-07T13:42:02Z,"Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict",nodemailer,0,7.0.7,,MODERATE,CWE-20;CWE-436
 CVE-2025-13204,2025-11-14T18:31:39Z,"expr-eval vulnerable to Prototype Pollution",expr-eval,0,,2.0.2,HIGH,CWE-1321
 CVE-2025-13204,2025-11-14T18:31:39Z,"expr-eval vulnerable to Prototype Pollution",expr-eval-fork,0,2.0.2,,HIGH,CWE-1321
 CVE-2025-13437,2025-11-20T18:31:01Z,"zx Uses Incorrectly-Resolved Name or Reference",zx,0,8.8.5,,MODERATE,CWE-706
 CVE-2025-13466,2025-11-25T14:20:21Z,"body-parser is vulnerable to denial of service when url encoding is used",body-parser,2.2.0,2.2.1,,MODERATE,CWE-400
+CVE-2025-13877,2025-12-09T17:42:53Z,"Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments",@nocobase/auth,0,1.9.0-beta.18,,MODERATE,CWE-1320;CWE-321
+CVE-2025-13877,2025-12-09T17:42:53Z,"Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments",@nocobase/auth,1.9.0,1.9.23,,MODERATE,CWE-1320;CWE-321
+CVE-2025-13877,2025-12-09T17:42:53Z,"Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments",@nocobase/auth,2.0.0-alpha.1,2.0.0-alpha.52,,MODERATE,CWE-1320;CWE-321
 CVE-2025-1398,2025-03-17T15:31:50Z,"Mattermost Desktop App allows the bypass of Transparency, Consent, and Control (TCC) via code injection",mattermost-desktop,0,5.11.0,,LOW,CWE-426
+CVE-2025-14284,2025-12-09T18:30:35Z,"@tiptap/extension-link vulnerable to Cross-site Scripting (XSS)",@tiptap/extension-link,0,2.10.4,,LOW,CWE-79
 CVE-2025-1467,2025-02-23T18:30:24Z,"tarteaucitron Cross-site Scripting (XSS)",tarteaucitronjs,0,1.17.0,,LOW,CWE-79
 CVE-2025-1520,2025-04-23T18:30:58Z,"PostHog Plugin Server SQL Injection Vulnerability",@posthog/plugin-server,0,,1.10.7,HIGH,CWE-89
 CVE-2025-1691,2025-02-27T15:31:51Z,"MongoDB Shell may be susceptible to Control Character Injection via autocomplete",mongosh,0,2.3.9,,HIGH,CWE-74
@@ -4031,9 +4035,27 @@ CVE-2025-55182,2025-12-03T19:07:39Z,"React Server Components are Vulnerable to R
 CVE-2025-55182,2025-12-03T19:07:39Z,"React Server Components are Vulnerable to RCE",react-server-dom-parcel,19.0.0,19.0.1,,CRITICAL,CWE-502
 CVE-2025-55182,2025-12-03T19:07:39Z,"React Server Components are Vulnerable to RCE",react-server-dom-parcel,19.1.0,19.1.2,,CRITICAL,CWE-502
 CVE-2025-55182,2025-12-03T19:07:39Z,"React Server Components are Vulnerable to RCE",react-server-dom-parcel,19.2.0,19.2.1,,CRITICAL,CWE-502
-CVE-2025-55182,2025-12-03T19:07:39Z,"React Server Components are Vulnerable to RCE",react-server-dom-webpack,19.0,19.0.1,,CRITICAL,CWE-502
+CVE-2025-55182,2025-12-03T19:07:39Z,"React Server Components are Vulnerable to RCE",react-server-dom-webpack,19.0.0,19.0.1,,CRITICAL,CWE-502
 CVE-2025-55182,2025-12-03T19:07:39Z,"React Server Components are Vulnerable to RCE",react-server-dom-webpack,19.1.0,19.1.2,,CRITICAL,CWE-502
 CVE-2025-55182,2025-12-03T19:07:39Z,"React Server Components are Vulnerable to RCE",react-server-dom-webpack,19.2.0,19.2.1,,CRITICAL,CWE-502
+CVE-2025-55183,2025-12-11T22:36:08Z,"Source Code Exposure Vulnerability in React Server Components","react-server-dom-turbopack",19.0.0,19.0.2,,MODERATE,CWE-497;CWE-502
+CVE-2025-55183,2025-12-11T22:36:08Z,"Source Code Exposure Vulnerability in React Server Components","react-server-dom-turbopack",19.1.0,19.1.3,,MODERATE,CWE-497;CWE-502
+CVE-2025-55183,2025-12-11T22:36:08Z,"Source Code Exposure Vulnerability in React Server Components","react-server-dom-turbopack",19.2.0,19.2.2,,MODERATE,CWE-497;CWE-502
+CVE-2025-55183,2025-12-11T22:36:08Z,"Source Code Exposure Vulnerability in React Server Components",react-server-dom-parcel,19.0.0,19.0.2,,MODERATE,CWE-497;CWE-502
+CVE-2025-55183,2025-12-11T22:36:08Z,"Source Code Exposure Vulnerability in React Server Components",react-server-dom-parcel,19.1.0,19.1.3,,MODERATE,CWE-497;CWE-502
+CVE-2025-55183,2025-12-11T22:36:08Z,"Source Code Exposure Vulnerability in React Server Components",react-server-dom-parcel,19.2.0,19.2.2,,MODERATE,CWE-497;CWE-502
+CVE-2025-55183,2025-12-11T22:36:08Z,"Source Code Exposure Vulnerability in React Server Components",react-server-dom-webpack,19.0.0,19.0.2,,MODERATE,CWE-497;CWE-502
+CVE-2025-55183,2025-12-11T22:36:08Z,"Source Code Exposure Vulnerability in React Server Components",react-server-dom-webpack,19.1.0,19.1.3,,MODERATE,CWE-497;CWE-502
+CVE-2025-55183,2025-12-11T22:36:08Z,"Source Code Exposure Vulnerability in React Server Components",react-server-dom-webpack,19.2.0,19.2.2,,MODERATE,CWE-497;CWE-502
+CVE-2025-55184,2025-12-11T22:36:44Z,"Denial of Service Vulnerability in React Server Components","react-server-dom-turbopack",19.0.0,19.0.2,,HIGH,CWE-400;CWE-502
+CVE-2025-55184,2025-12-11T22:36:44Z,"Denial of Service Vulnerability in React Server Components","react-server-dom-turbopack",19.1.0,19.1.3,,HIGH,CWE-400;CWE-502
+CVE-2025-55184,2025-12-11T22:36:44Z,"Denial of Service Vulnerability in React Server Components","react-server-dom-turbopack",19.2.0,19.2.2,,HIGH,CWE-400;CWE-502
+CVE-2025-55184,2025-12-11T22:36:44Z,"Denial of Service Vulnerability in React Server Components",react-server-dom-parcel,19.0.0,19.0.2,,HIGH,CWE-400;CWE-502
+CVE-2025-55184,2025-12-11T22:36:44Z,"Denial of Service Vulnerability in React Server Components",react-server-dom-parcel,19.1.0,19.1.3,,HIGH,CWE-400;CWE-502
+CVE-2025-55184,2025-12-11T22:36:44Z,"Denial of Service Vulnerability in React Server Components",react-server-dom-parcel,19.2.0,19.2.2,,HIGH,CWE-400;CWE-502
+CVE-2025-55184,2025-12-11T22:36:44Z,"Denial of Service Vulnerability in React Server Components",react-server-dom-webpack,19.0.0,19.0.2,,HIGH,CWE-400;CWE-502
+CVE-2025-55184,2025-12-11T22:36:44Z,"Denial of Service Vulnerability in React Server Components",react-server-dom-webpack,19.1.0,19.1.3,,HIGH,CWE-400;CWE-502
+CVE-2025-55184,2025-12-11T22:36:44Z,"Denial of Service Vulnerability in React Server Components",react-server-dom-webpack,19.2.0,19.2.2,,HIGH,CWE-400;CWE-502
 CVE-2025-55207,2025-08-15T16:52:48Z,"@astrojs/node's trailing slash handling causes open redirect issue",@astrojs/node,0,9.4.1,,MODERATE,CWE-601
 CVE-2025-55284,2025-08-18T18:46:52Z,"Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code","@anthropic-ai/claude-code",0,1.0.4,,HIGH,CWE-78
 CVE-2025-55285,2025-08-15T18:43:16Z,"Template Secret leakage in logs in Scaffolder when using `fetch:template`","@backstage/plugin-scaffolder-backend",0,2.1.1,,LOW,CWE-532
@@ -4052,7 +4074,7 @@ CVE-2025-56200,2025-09-30T18:30:25Z,"validator.js has a URL validation bypass vu
 CVE-2025-56265,2025-09-08T18:31:42Z,"N8N's Chat Trigger component is vulnerable to XSS",@n8n/n8n-nodes-langchain,0,1.107.0,,HIGH,CWE-434;CWE-79
 CVE-2025-56571,2025-09-30T18:30:24Z,"Finance.js vulnerable to DoS via the IRR function’s depth parameter",financejs,0,,4.1.0,HIGH,CWE-400;CWE-770;CWE-834
 CVE-2025-56572,2025-09-30T18:30:24Z,"Finance.js vulnerable to DoS via the seekZero() parameter",financejs,0,,4.1.0,HIGH,CWE-400;CWE-770
-CVE-2025-56648,2025-09-17T21:30:42Z,"Parcel has an Origin Validation Error vulnerability","@parcel/reporter-dev-server",1.6.1,,2.16.0,MODERATE,CWE-346
+CVE-2025-56648,2025-09-17T21:30:42Z,"Parcel has an Origin Validation Error vulnerability","@parcel/reporter-dev-server",1.6.1,,2.16.3,MODERATE,CWE-346
 CVE-2025-57164,2025-09-15T19:51:08Z,"FlowiseAI Pre-Auth Arbitrary Code Execution",flowise,3.0.5,3.0.6,,CRITICAL,CWE-94
 CVE-2025-57285,2025-09-08T18:31:42Z,"CodeceptJS's incomprehensive sanitation can lead to Command Injection",codeceptjs,3.5.0,3.7.5,,CRITICAL,CWE-77
 CVE-2025-57317,2025-09-25T15:30:24Z,"apidoc-core is vulnerable to prototype pollution",apidoc-core,0,,0.15.0,HIGH,CWE-400
@@ -4202,7 +4224,7 @@ CVE-2025-61913,2025-10-09T15:21:39Z,"Flowise is vulnerable to arbitrary file wri
 CVE-2025-61913,2025-10-09T15:21:39Z,"Flowise is vulnerable to arbitrary file write through its WriteFileTool ",flowise-components,0,3.0.8,,CRITICAL,CWE-22
 CVE-2025-61925,2025-10-10T23:41:29Z,"Astro's `X-Forwarded-Host` is reflected without validation",astro,0,5.14.3,,MODERATE,CWE-20;CWE-470
 CVE-2025-61927,2025-10-10T23:46:42Z,"Happy DOM: VM Context Escape can lead to Remote Code Execution",happy-dom,0,20.0.0,,CRITICAL,CWE-94
-CVE-2025-61928,2025-10-09T15:40:50Z,"Better Auth: Unauthenticated API key creation through api-key plugin",better-auth,0,1.3.26,,CRITICAL,CWE-285;CWE-306
+CVE-2025-61928,2025-10-09T15:40:50Z,"Better Auth: Unauthenticated API key creation through api-key plugin",better-auth,0,1.3.26,,HIGH,CWE-285;CWE-306
 CVE-2025-62366,2025-10-14T19:49:56Z,"Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails",mailgen,0,2.0.31,,LOW,CWE-79
 CVE-2025-62374,2025-10-14T22:24:10Z,"Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs",parse,0,7.0.0,,MODERATE,CWE-1321
 CVE-2025-62378,2025-10-13T17:43:51Z,"CommandKit has incorrect command name exposure in context object for message command aliases",commandkit,1.2.0-rc.1,1.2.0-rc.12,,MODERATE,CWE-706
@@ -4263,6 +4285,8 @@ CVE-2025-65108,2025-11-20T17:48:11Z,"md-to-pdf vulnerable to arbitrary JavaScrip
 CVE-2025-6514,2025-07-09T15:30:44Z,"mcp-remote exposed to OS command injection via untrusted MCP server connections",mcp-remote,0.0.5,0.1.16,,CRITICAL,CWE-78
 CVE-2025-6545,2025-06-23T22:41:50Z,"pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos",pbkdf2,3.0.10,3.1.3,,CRITICAL,CWE-20
 CVE-2025-6547,2025-06-23T22:42:00Z,"pbkdf2 silently disregards Uint8Array input, returning static keys",pbkdf2,0,3.1.3,,CRITICAL,CWE-20
+CVE-2025-65513,2025-12-10T00:30:22Z,"Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability",mcp-fetch-server,0,,1.0.2,MODERATE,CWE-918
+CVE-2025-65849,2025-12-08T21:30:22Z,"Altcha Proof-of-Work obfuscation mode cryptanalytic break",altcha,0.8.0,,2.2.4,MODERATE,CWE-327
 CVE-2025-65944,2025-11-24T21:52:45Z,"Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true`","@sentry/google-cloud-serverless",10.11.0,10.27.0,,MODERATE,CWE-201
 CVE-2025-65944,2025-11-24T21:52:45Z,"Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true`",@sentry/astro,10.11.0,10.27.0,,MODERATE,CWE-201
 CVE-2025-65944,2025-11-24T21:52:45Z,"Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true`",@sentry/aws-serverless,10.11.0,10.27.0,,MODERATE,CWE-201
@@ -4278,6 +4302,7 @@ CVE-2025-65944,2025-11-24T21:52:45Z,"Sentry's sensitive headers are leaked when
 CVE-2025-65945,2025-12-04T16:54:15Z,"auth0/node-jws Improperly Verifies HMAC Signature",jws,0,3.2.3,,HIGH,CWE-347
 CVE-2025-65945,2025-12-04T16:54:15Z,"auth0/node-jws Improperly Verifies HMAC Signature",jws,4.0.0,4.0.1,,HIGH,CWE-347
 CVE-2025-65959,2025-12-04T22:03:24Z,"Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF'",open-webui,0,0.6.37,,HIGH,CWE-116;CWE-79
+CVE-2025-65964,2025-12-08T21:30:07Z,"n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook",n8n,0.123.1,1.119.2,,CRITICAL,CWE-829
 CVE-2025-65966,2025-11-26T19:33:08Z,"OneUptime Unauthorized User Creation via API",@oneuptime/common,0,9.1.0,,HIGH,CWE-285
 CVE-2025-66020,2025-11-26T19:33:34Z,"Valibot has a ReDoS vulnerability in `EMOJI_REGEX`",valibot,0.31.0,1.2.0,,HIGH,CWE-1333
 CVE-2025-66028,2025-11-25T22:55:50Z,"OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation ",@oneuptime/common,0,8.0.5567,,MODERATE,CWE-284;CWE-863
@@ -4287,6 +4312,7 @@ CVE-2025-66032,2025-12-03T16:27:19Z,"Claude Code Command Validation Bypass Allow
 CVE-2025-66035,2025-11-26T23:18:50Z,"Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client",@angular/common,0,19.2.16,,HIGH,CWE-201;CWE-359
 CVE-2025-66035,2025-11-26T23:18:50Z,"Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client",@angular/common,20.0.0-next.0,20.3.14,,HIGH,CWE-201;CWE-359
 CVE-2025-66035,2025-11-26T23:18:50Z,"Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client",@angular/common,21.0.0-next.0,21.0.1,,HIGH,CWE-201;CWE-359
+CVE-2025-66202,2025-12-08T16:26:43Z,"Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765",astro,0,5.15.8,,MODERATE,CWE-647
 CVE-2025-66219,2025-11-26T22:09:27Z,"willitmerge has a Command Injection vulnerability",willitmerge,0,,0.2.1,MODERATE,CWE-77
 CVE-2025-6624,2025-06-26T06:31:04Z,"Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode",snyk,0,1.1297.3,,LOW,CWE-532
 CVE-2025-66400,2025-12-02T01:25:46Z,"mdast-util-to-hast has unsanitized class attribute",mdast-util-to-hast,13.0.0,13.2.1,,MODERATE,CWE-20;CWE-915
@@ -4307,14 +4333,26 @@ CVE-2025-66421,2025-11-30T03:30:26Z,"Tryton sao allows XSS because it does not e
 CVE-2025-66421,2025-11-30T03:30:26Z,"Tryton sao allows XSS because it does not escape completion values",tryton-sao,7.0.0,7.0.40,,MODERATE,CWE-79
 CVE-2025-66421,2025-11-30T03:30:26Z,"Tryton sao allows XSS because it does not escape completion values",tryton-sao,7.1.0,7.4.21,,MODERATE,CWE-79
 CVE-2025-66421,2025-11-30T03:30:26Z,"Tryton sao allows XSS because it does not escape completion values",tryton-sao,7.5.0,7.6.11,,MODERATE,CWE-79
-CVE-2025-66478,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,14.3.0-canary.77,15.0.5,,CRITICAL,CWE-502
-CVE-2025-66478,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,15.1.0-canary.0,15.1.9,,CRITICAL,CWE-502
-CVE-2025-66478,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,15.2.0-canary.0,15.2.6,,CRITICAL,CWE-502
-CVE-2025-66478,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,15.3.0-canary.0,15.3.6,,CRITICAL,CWE-502
-CVE-2025-66478,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,15.4.0-canary.0,15.4.8,,CRITICAL,CWE-502
-CVE-2025-66478,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,15.5.0-canary.0,15.5.7,,CRITICAL,CWE-502
-CVE-2025-66478,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,16.0.0-canary.0,16.0.7,,CRITICAL,CWE-502
+CVE-2025-66456,2025-12-09T17:11:53Z,"Elysia vulnerable to prototype pollution with multiple standalone schema validation",elysia,1.4.0,1.4.17,,CRITICAL,CWE-1321
+CVE-2025-66457,2025-12-09T17:12:05Z,"Elysia affected by arbitrary code injection through cookie config",elysia,0,1.4.18,,HIGH,CWE-94
 CVE-2025-66479,2025-12-04T16:55:06Z,"Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing ","@anthropic-ai/sandbox-runtime",0,0.0.16,,LOW,CWE-693
+CVE-2025-67489,2025-12-08T22:16:31Z,"@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server",@vitejs/plugin-rsc,0,0.5.6,,CRITICAL,CWE-94
+CVE-2025-67490,2025-12-10T21:31:24Z,"Improper Request Caching Lookup in the Auth0 Next.js SDK",@auth0/nextjs-auth0,4.11.0,4.11.2,,MODERATE,CWE-863
+CVE-2025-67490,2025-12-10T21:31:24Z,"Improper Request Caching Lookup in the Auth0 Next.js SDK",@auth0/nextjs-auth0,4.12.0,4.12.1,,MODERATE,CWE-863
+CVE-2025-67716,2025-12-10T21:35:58Z,"Improper Validation of Query Parameters in Auth0 Next.js SDK",@auth0/nextjs-auth0,4.9.0,4.13.0,,LOW,CWE-184
+CVE-2025-67718,2025-12-10T20:11:40Z,"Formio improperly authorized permission elevation through specially crafted request path",formio,0,3.5.7,,HIGH,CWE-178
+CVE-2025-67718,2025-12-10T20:11:40Z,"Formio improperly authorized permission elevation through specially crafted request path",formio,4.0.0-rc.1,4.4.3,,HIGH,CWE-178
+CVE-2025-67731,2025-12-11T18:36:54Z,"Servify-express rate limit issue",servify-express,0,1.2,,HIGH,CWE-770
+CVE-2025-67750,2025-12-12T20:20:34Z,"Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule",lightning-flow-scanner,0,6.10.6,,HIGH,CWE-94
+CVE-2025-67779,2025-12-12T16:32:43Z,"Denial of Service Vulnerability in React Server Components","react-server-dom-turbopack",19.0.2,19.0.3,,HIGH,CWE-400;CWE-502
+CVE-2025-67779,2025-12-12T16:32:43Z,"Denial of Service Vulnerability in React Server Components","react-server-dom-turbopack",19.1.3,19.1.4,,HIGH,CWE-400;CWE-502
+CVE-2025-67779,2025-12-12T16:32:43Z,"Denial of Service Vulnerability in React Server Components","react-server-dom-turbopack",19.2.2,19.2.3,,HIGH,CWE-400;CWE-502
+CVE-2025-67779,2025-12-12T16:32:43Z,"Denial of Service Vulnerability in React Server Components",react-server-dom-parcel,19.0.2,19.0.3,,HIGH,CWE-400;CWE-502
+CVE-2025-67779,2025-12-12T16:32:43Z,"Denial of Service Vulnerability in React Server Components",react-server-dom-parcel,19.1.3,19.1.4,,HIGH,CWE-400;CWE-502
+CVE-2025-67779,2025-12-12T16:32:43Z,"Denial of Service Vulnerability in React Server Components",react-server-dom-parcel,19.2.2,19.2.3,,HIGH,CWE-400;CWE-502
+CVE-2025-67779,2025-12-12T16:32:43Z,"Denial of Service Vulnerability in React Server Components",react-server-dom-webpack,19.0.2,19.0.3,,HIGH,CWE-400;CWE-502
+CVE-2025-67779,2025-12-12T16:32:43Z,"Denial of Service Vulnerability in React Server Components",react-server-dom-webpack,19.1.3,19.1.4,,HIGH,CWE-400;CWE-502
+CVE-2025-67779,2025-12-12T16:32:43Z,"Denial of Service Vulnerability in React Server Components",react-server-dom-webpack,19.2.2,19.2.3,,HIGH,CWE-400;CWE-502
 CVE-2025-7338,2025-07-17T21:01:54Z,"Multer vulnerable to Denial of Service via unhandled exception from malformed request",multer,1.4.4-lts.1,2.0.2,,HIGH,CWE-248
 CVE-2025-7339,2025-07-17T21:17:19Z,"on-headers is vulnerable to http response header manipulation",on-headers,0,1.1.0,,LOW,CWE-241
 CVE-2025-7783,2025-07-21T19:04:54Z,"form-data uses unsafe random function in form-data for choosing boundary",form-data,0,2.5.4,,CRITICAL,CWE-330
@@ -4322,6 +4360,8 @@ CVE-2025-7783,2025-07-21T19:04:54Z,"form-data uses unsafe random function in for
 CVE-2025-7783,2025-07-21T19:04:54Z,"form-data uses unsafe random function in form-data for choosing boundary",form-data,4.0.0,4.0.4,,CRITICAL,CWE-330
 CVE-2025-8020,2025-07-23T06:33:50Z,"private-ip vulnerable to Server-Side Request Forgery",private-ip,0,,3.0.2,HIGH,CWE-918
 CVE-2025-8021,2025-07-23T06:33:50Z,"files-bucket-server vulnerable to Directory Traversal",files-bucket-server,0,,1.2.6,HIGH,CWE-22
+CVE-2025-8082,2025-12-12T21:31:38Z,"Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component",vuetify,2.0.0,3.0.0,,MODERATE,CWE-79
+CVE-2025-8083,2025-12-12T21:31:38Z,"Vuetify has a Prototype Pollution vulnerability",vuetify,2.2.0-beta.2,3.0.0-alpha.10,,HIGH,CWE-1321
 CVE-2025-8101,2025-07-26T00:30:32Z,"Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS)",linkifyjs,0,4.3.2,,HIGH,CWE-1321
 CVE-2025-8129,2025-07-29T19:11:25Z,"Koa Open Redirect via Referrer Header (User-Controlled)",koa,2.0.0,2.16.2,,LOW,CWE-601
 CVE-2025-8129,2025-07-29T19:11:25Z,"Koa Open Redirect via Referrer Header (User-Controlled)",koa,3.0.0-alpha.0,3.0.1,,LOW,CWE-601
@@ -4508,6 +4548,16 @@ GHSA-5g6j-8hv4-vfgj,2020-09-11T21:21:19Z,"Cross-Site Scripting in node-red",node
 GHSA-5ggx-g294-qj3q,2020-09-03T21:47:29Z,"Malicious Package in buffeb-xor",buffeb-xor,0.0.0,,,CRITICAL,CWE-506
 GHSA-5hx7-77g4-wqx3,2021-02-23T21:30:56Z,"Incorrect Authorization",aedes,0.1.0,0.35.1,,MODERATE,
 GHSA-5j4m-89xf-mf5p,2020-08-27T22:58:46Z,"Missing Origin Validation in parcel-bundler",parcel-bundler,0,1.10.0,,MODERATE,
+GHSA-5j59-xgg2-r9c4,2025-12-12T17:21:57Z,"Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",next,13.3.1-canary.0,14.2.35,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-5j59-xgg2-r9c4,2025-12-12T17:21:57Z,"Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",next,15.0.6,15.0.7,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-5j59-xgg2-r9c4,2025-12-12T17:21:57Z,"Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",next,15.1.10,15.1.11,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-5j59-xgg2-r9c4,2025-12-12T17:21:57Z,"Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",next,15.2.7,15.2.8,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-5j59-xgg2-r9c4,2025-12-12T17:21:57Z,"Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",next,15.3.7,15.3.8,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-5j59-xgg2-r9c4,2025-12-12T17:21:57Z,"Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",next,15.4.9,15.4.10,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-5j59-xgg2-r9c4,2025-12-12T17:21:57Z,"Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",next,15.5.8,15.5.9,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-5j59-xgg2-r9c4,2025-12-12T17:21:57Z,"Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",next,15.6.0-canary.59,15.6.0-canary.60,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-5j59-xgg2-r9c4,2025-12-12T17:21:57Z,"Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",next,16.0.9,16.0.10,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-5j59-xgg2-r9c4,2025-12-12T17:21:57Z,"Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",next,16.1.0-canary.17,16.1.0-canary.19,,HIGH,CWE-1395;CWE-400;CWE-502
 GHSA-5jgp-pg4f-q8vj,2020-09-03T19:55:42Z,"Malicious Package in node-ftp",node-ftp,0.0.0,,,CRITICAL,CWE-506
 GHSA-5jpx-9hw9-2fx4,2025-10-29T10:43:57Z,"NextAuthjs Email misdelivery Vulnerability",next-auth,0,4.24.12,,MODERATE,CWE-200
 GHSA-5jpx-9hw9-2fx4,2025-10-29T10:43:57Z,"NextAuthjs Email misdelivery Vulnerability",next-auth,5.0.0-beta.0,5.0.0-beta.30,,MODERATE,CWE-200
@@ -4531,6 +4581,7 @@ GHSA-5x8q-gj67-rhf2,2020-09-02T21:18:33Z,"Malicious Package in discord_debug_log
 GHSA-629c-j867-3v45,2020-09-04T16:41:04Z,"Malicious Package in bitcoisnj-lib",bitcoisnj-lib,0.0.0,,,CRITICAL,CWE-506
 GHSA-6343-m2qr-66gf,2020-09-03T23:10:41Z,"Malicious Package in js-sja3",js-sja3,0.0.0,,,CRITICAL,CWE-506
 GHSA-6394-6h9h-cfjg,2019-06-07T21:12:35Z,"Regular Expression Denial of Service",nwmatcher,0,1.4.4,,MODERATE,CWE-400
+GHSA-644f-hrff-mf96,2025-12-02T18:30:35Z,"Duplicate Advisory: Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments",@nocobase/auth,0,1.9.23,,LOW,
 GHSA-6495-8jvh-f28x,2020-10-02T15:39:54Z,"File restriction bypass in socket.io-file",socket.io-file,0,,2.0.31,HIGH,CWE-20
 GHSA-64g7-mvw6-v9qj,2022-01-14T21:09:50Z,"Improper Privilege Management in shelljs",shelljs,0,0.8.5,,MODERATE,CWE-269
 GHSA-657v-jjf8-83gh,2020-09-03T23:14:55Z,"Malicious Package in jsmsha3",jsmsha3,0.0.0,,,CRITICAL,CWE-506
@@ -4739,6 +4790,13 @@ GHSA-9q64-mpxx-87fg,2020-04-01T16:35:08Z,"Open Redirect in ecstatic",ecstatic,3.
 GHSA-9q64-mpxx-87fg,2020-04-01T16:35:08Z,"Open Redirect in ecstatic",ecstatic,4.0.0,4.1.2,,HIGH,CWE-601
 GHSA-9q9m-m2f6-jr5q,2020-09-02T20:22:34Z,"Malicious Package in chak",chak,0,,,CRITICAL,CWE-506
 GHSA-9qgh-7pgp-hp7r,2020-09-03T17:10:31Z,"Cross-Site Scripting in graylog-web-interface",graylog-web-interface,0.0.0,,,HIGH,CWE-79
+GHSA-9qr9-h5gf-34mp,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,14.3.0-canary.77,15.0.5,,CRITICAL,CWE-502
+GHSA-9qr9-h5gf-34mp,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,15.1.0-canary.0,15.1.9,,CRITICAL,CWE-502
+GHSA-9qr9-h5gf-34mp,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,15.2.0-canary.0,15.2.6,,CRITICAL,CWE-502
+GHSA-9qr9-h5gf-34mp,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,15.3.0-canary.0,15.3.6,,CRITICAL,CWE-502
+GHSA-9qr9-h5gf-34mp,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,15.4.0-canary.0,15.4.8,,CRITICAL,CWE-502
+GHSA-9qr9-h5gf-34mp,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,15.5.0-canary.0,15.5.7,,CRITICAL,CWE-502
+GHSA-9qr9-h5gf-34mp,2025-12-03T19:07:11Z,"Next.js is vulnerable to RCE in React flight protocol",next,16.0.0-canary.0,16.0.7,,CRITICAL,CWE-502
 GHSA-9qrg-h9g8-c65q,2020-09-04T15:14:26Z,"Prototype Pollution in deep-setter",deep-setter,0.0.0,,,HIGH,CWE-1321
 GHSA-9qrm-48qf-r2rw,2025-01-23T22:36:50Z,"Directus has a DOM-Based cross-site scripting (XSS) via layout_options",directus,0,11.3.3,,LOW,
 GHSA-9r27-994c-4xch,2020-02-24T17:34:02Z,"discord-html not escaping HTML code blocks when lacking a language identifier",discord-markdown,0,2.3.1,,HIGH,
@@ -4752,7 +4810,7 @@ GHSA-9vrw-m88g-w75q,2020-09-03T15:45:53Z,"Denial of Service in @hapi/accept",@ha
 GHSA-9w87-4j72-gcv7,2020-09-02T18:27:54Z,"Insecure Default Configuration in graphql-code-generator",graphql-code-generator,0,0.18.2,,HIGH,
 GHSA-9wjh-jr2j-6r4x,2020-09-02T15:55:58Z,"Remote Code Execution in pi_video_recording",pi_video_recording,0,,,HIGH,CWE-20
 GHSA-9wx7-jrvc-28mm,2021-11-08T21:51:18Z,"Signature verification vulnerability in Stark Bank ecdsa libraries",starkbank-ecdsa,1.1.2,1.1.3,,HIGH,CWE-347
-GHSA-9x4v-xfq5-m8x5,2025-02-05T21:49:39Z,"Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)",better-auth,0.0.2,1.1.16,,CRITICAL,CWE-79
+GHSA-9x4v-xfq5-m8x5,2025-02-05T21:49:39Z,"Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)",better-auth,0.0.2,1.1.16,,MODERATE,CWE-79
 GHSA-9xgp-hfw7-73rq,2020-08-19T21:30:04Z,"Authentication Weakness in keystone",keystone,0,0.3.16,,MODERATE,
 GHSA-9xr8-8hmc-389f,2019-11-22T13:45:33Z,"Cross-Site Scripting in vant",vant,0,2.1.8,,HIGH,CWE-79
 GHSA-9xww-fwh9-95c5,2020-09-02T21:43:59Z,"Malicious Package in uglyfi-js",uglyfi-js,0,,,CRITICAL,CWE-506
@@ -4770,6 +4828,7 @@ GHSA-c5j4-vw9m-xc95,2020-08-27T22:44:08Z,"Open Redirect in hekto",hekto,0,0.2.4,
 GHSA-c5xm-m64m-f2vq,2020-09-04T15:23:47Z,"Malicious Package in cxct",cxct,0.0.0,,,CRITICAL,CWE-506
 GHSA-c6f3-3c98-2j2f,2020-09-02T21:39:46Z,"Malicious Package in jquerz",jquerz,0,,,CRITICAL,CWE-506
 GHSA-c6h2-mpc6-232h,2020-08-27T22:26:15Z,"Command Injection in dns-sync",dns-sync,0,0.1.3,,MODERATE,
+GHSA-c6m7-q6pr-c64r,2025-12-12T16:41:58Z,"Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components",@vitejs/plugin-rsc,0,0.5.7,,MODERATE,CWE-1395;CWE-497;CWE-502
 GHSA-c7pp-x73h-4m2v,2020-09-02T15:53:46Z,"Cross-Site Scripting in bootstrap-vue",bootstrap-vue,0,2.0.0-rc.12,,HIGH,CWE-79
 GHSA-ccq6-3qx5-vmqx,2018-07-31T22:54:14Z,"Moderate severity vulnerability that affects is-my-json-valid",is-my-json-valid,0,2.12.4,,MODERATE,
 GHSA-ccrp-c664-8p4j,2020-09-03T21:17:36Z,"Cross-Site Scripting in markdown-to-jsx",markdown-to-jsx,0,6.11.4,,HIGH,CWE-79
@@ -4788,6 +4847,7 @@ GHSA-chh2-rvhg-wqwr,2020-09-03T21:02:10Z,"Malicious Package in json-serializer",
 GHSA-cp47-r258-q626,2023-03-02T23:36:22Z," Vega vulnerable to arbitrary code execution when clicking href links",vega,0,4.5.1,,MODERATE,
 GHSA-cp47-r258-q626,2023-03-02T23:36:22Z," Vega vulnerable to arbitrary code execution when clicking href links",vega,5.0.0,5.4.1,,MODERATE,
 GHSA-cpgr-wmr9-qxv4,2020-09-11T21:20:14Z,"Cross-Site Scripting in serve",serve,0,10.0.2,,MODERATE,CWE-79
+GHSA-cpqf-f22c-r95x,2025-12-12T16:41:08Z,"Vite Plugin React has a Denial of Service Vulnerability in React Server Components",@vitejs/plugin-rsc,0,0.5.7,,HIGH,CWE-1395;CWE-400;CWE-502
 GHSA-cr4x-w2v7-4mmf,2020-09-03T22:26:13Z,"Malicious Package in bufver-xor",bufver-xor,0.0.0,,,CRITICAL,CWE-506
 GHSA-cr56-66mx-293v,2020-09-03T15:53:50Z,"Cross-Site Scripting in @toast-ui/editor",@toast-ui/editor,0,2.2.0,,HIGH,CWE-79
 GHSA-cr5w-6rv4-r2qg,2020-09-03T02:37:45Z,"Malicious Package in maleficent",maleficent,0,,,CRITICAL,CWE-506
@@ -5045,6 +5105,16 @@ GHSA-mvch-rh6h-2m47,2020-09-11T21:10:29Z,"Malicious Package in equest",equest,0,
 GHSA-mvrp-3cvx-c325,2023-10-04T14:46:06Z,"Zod denial of service vulnerability during email validation",express-zod-api,0,10.0.0-beta1,,HIGH,CWE-1333
 GHSA-mvw6-62qv-vmqf,2025-07-25T06:30:30Z,"Duplicate Advisory: Koa Open Redirect via Referrer Header (User-Controlled)",koa,0,3.0.1,,LOW,CWE-601
 GHSA-mwp6-j9wf-968c,2019-09-13T21:33:25Z,"Critical severity vulnerability that affects generator-jhipster",generator-jhipster,0,6.3.0,,CRITICAL,CWE-338
+GHSA-mwv6-3258-q52c,2025-12-11T22:49:27Z,"Next Vulnerable to Denial of Service with Server Components",next,13.3.0,14.2.34,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-mwv6-3258-q52c,2025-12-11T22:49:27Z,"Next Vulnerable to Denial of Service with Server Components",next,15.0.0-canary.0,15.0.6,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-mwv6-3258-q52c,2025-12-11T22:49:27Z,"Next Vulnerable to Denial of Service with Server Components",next,15.1.1-canary.0,15.1.10,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-mwv6-3258-q52c,2025-12-11T22:49:27Z,"Next Vulnerable to Denial of Service with Server Components",next,15.2.0-canary.0,15.2.7,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-mwv6-3258-q52c,2025-12-11T22:49:27Z,"Next Vulnerable to Denial of Service with Server Components",next,15.3.0-canary.0,15.3.7,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-mwv6-3258-q52c,2025-12-11T22:49:27Z,"Next Vulnerable to Denial of Service with Server Components",next,15.4.0-canary.0,15.4.9,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-mwv6-3258-q52c,2025-12-11T22:49:27Z,"Next Vulnerable to Denial of Service with Server Components",next,15.5.1-canary.0,15.5.8,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-mwv6-3258-q52c,2025-12-11T22:49:27Z,"Next Vulnerable to Denial of Service with Server Components",next,15.6.0-canary.0,15.6.0-canary.59,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-mwv6-3258-q52c,2025-12-11T22:49:27Z,"Next Vulnerable to Denial of Service with Server Components",next,16.0.0-beta.0,16.0.9,,HIGH,CWE-1395;CWE-400;CWE-502
+GHSA-mwv6-3258-q52c,2025-12-11T22:49:27Z,"Next Vulnerable to Denial of Service with Server Components",next,16.1.0-canary.0,16.1.0-canary.17,,HIGH,CWE-1395;CWE-400;CWE-502
 GHSA-mxjr-xmcg-fg7w,2019-06-27T17:25:21Z,"Arbitrary Code Injection in mobile-icon-resizer",mobile-icon-resizer,0.2.0,0.4.3,,MODERATE,CWE-94
 GHSA-mxmj-84q8-34r7,2020-09-03T02:39:49Z,"Command Injection in expressfs",expressfs,0,,,HIGH,CWE-77
 GHSA-mxq6-vrrr-ppmg,2022-05-24T17:04:00Z,"Duplicate Advisory: tree-kill vulnerable to remote code execution",tree-kill,0,,1.2.1,CRITICAL,CWE-94
@@ -5222,7 +5292,7 @@ GHSA-vm6v-w6q2-mrrq,2020-09-03T19:20:05Z,"Malicious Package in bb-builder",bb-bu
 GHSA-vm7j-4rj6-mw2p,2020-09-03T21:08:42Z,"Malicious Package in ember_cli_babe",ember_cli_babe,0.0.0,,,CRITICAL,CWE-506
 GHSA-vmh4-322v-cfpc,2020-09-03T18:18:06Z,"Cross-Site Scripting in cmmn-js-properties-panel",cmmn-js-properties-panel,0,0.8.0,,HIGH,CWE-79
 GHSA-vmhw-fhj6-m3g5,2019-05-31T23:46:33Z,"Path Traversal in angular-http-server",angular-http-server,0,1.4.4,,HIGH,CWE-22
-GHSA-vp58-j275-797x,2025-02-24T20:49:50Z,"Better Auth allows bypassing the trustedOrigins Protection which leads to ATO",better-auth,0,1.1.21,,CRITICAL,CWE-601
+GHSA-vp58-j275-797x,2025-02-24T20:49:50Z,"Better Auth allows bypassing the trustedOrigins Protection which leads to ATO",better-auth,0,1.1.21,,HIGH,CWE-601
 GHSA-vp93-gcx5-4w52,2020-09-11T21:21:19Z,"Cross-Site Scripting in swagger-ui",swagger-ui,0,2.2.1,,MODERATE,CWE-79
 GHSA-vpgc-7h78-gx8f,2020-09-04T18:05:14Z,"personnummer/js vulnerable to Improper Input Validation",personnummer,0,3.1.0,,LOW,
 GHSA-vpj4-89q8-rh38,2020-09-03T18:16:59Z,"Cross-Site Scripting in bpmn-js-properties-panel",bpmn-js-properties-panel,0,0.31.0,,HIGH,CWE-79
@@ -5241,6 +5311,15 @@ GHSA-vxp4-25qp-86qh,2017-10-24T18:33:36Z,"Moderate severity vulnerability that a
 GHSA-vxp4-25qp-86qh,2017-10-24T18:33:36Z,"Moderate severity vulnerability that affects ember",ember,2.1.0,2.1.2,,MODERATE,
 GHSA-vxp4-25qp-86qh,2017-10-24T18:33:36Z,"Moderate severity vulnerability that affects ember",ember,2.2.0,2.2.1,,MODERATE,
 GHSA-w32g-5hqp-gg6q,2020-09-02T15:41:41Z,"Cross-Site Scripting in mermaid",mermaid,0,8.2.3,,HIGH,CWE-79
+GHSA-w37m-7fhw-fmv9,2025-12-11T22:49:56Z,"Next Server Actions Source Code Exposure ",next,15.0.0-canary.0,15.0.6,,MODERATE,CWE-1395;CWE-497;CWE-502
+GHSA-w37m-7fhw-fmv9,2025-12-11T22:49:56Z,"Next Server Actions Source Code Exposure ",next,15.1.1-canary.0,15.1.10,,MODERATE,CWE-1395;CWE-497;CWE-502
+GHSA-w37m-7fhw-fmv9,2025-12-11T22:49:56Z,"Next Server Actions Source Code Exposure ",next,15.2.0-canary.0,15.2.7,,MODERATE,CWE-1395;CWE-497;CWE-502
+GHSA-w37m-7fhw-fmv9,2025-12-11T22:49:56Z,"Next Server Actions Source Code Exposure ",next,15.3.0-canary.0,15.3.7,,MODERATE,CWE-1395;CWE-497;CWE-502
+GHSA-w37m-7fhw-fmv9,2025-12-11T22:49:56Z,"Next Server Actions Source Code Exposure ",next,15.4.0-canary.0,15.4.9,,MODERATE,CWE-1395;CWE-497;CWE-502
+GHSA-w37m-7fhw-fmv9,2025-12-11T22:49:56Z,"Next Server Actions Source Code Exposure ",next,15.5.1-canary.0,15.5.8,,MODERATE,CWE-1395;CWE-497;CWE-502
+GHSA-w37m-7fhw-fmv9,2025-12-11T22:49:56Z,"Next Server Actions Source Code Exposure ",next,15.6.0-canary.0,15.6.0-canary.59,,MODERATE,CWE-1395;CWE-497;CWE-502
+GHSA-w37m-7fhw-fmv9,2025-12-11T22:49:56Z,"Next Server Actions Source Code Exposure ",next,16.0.0-beta.0,16.0.9,,MODERATE,CWE-1395;CWE-497;CWE-502
+GHSA-w37m-7fhw-fmv9,2025-12-11T22:49:56Z,"Next Server Actions Source Code Exposure ",next,16.1.0-canary.0,16.1.0-canary.17,,MODERATE,CWE-1395;CWE-497;CWE-502
 GHSA-w3f3-4j22-2v3p,2020-09-02T21:27:02Z,"Malicious Package in destroyer-of-worlds",destroyer-of-worlds,0,,,CRITICAL,CWE-506
 GHSA-w3pp-wp5v-fjvp,2020-09-03T19:51:18Z,"Malicious Package in mogodb",mogodb,0.0.0,,,CRITICAL,CWE-506
 GHSA-w42g-7vfc-xf37,2020-06-05T19:38:14Z,"Introspection in schema validation in Apollo Server","apollo-server-azure-functions",0,2.14.2,,MODERATE,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@openrewrite/recipes-nodejs",
-  "version": "0.36.0-20251214-170412",
+  "version": "0.36.0-20251215-110739",
   "license": "Moderne Source Available License",
   "description": "OpenRewrite recipes for Node.js library migrations.",
   "homepage": "https://github.com/moderneinc/rewrite-node",