{
  "retire-example": {
    "vulnerabilities": [
      {
        "below": "0.0.2",
        "severity": "low",
        "cwe": [
          "CWE-477"
        ],
        "identifiers": {
          "summary": "bug summary",
          "CVE": [
            "CVE-XXXX-XXXX"
          ],
          "bug": "1234"
        },
        "info": [
          "http://github.com/eoftedal/retire.js/"
        ]
      }
    ],
    "extractors": {
      "func": [
        "retire.VERSION"
      ],
      "filename": [
        "retire-example-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!? Retire-example v(§§version§§)"
      ],
      "hashes": {
        "07f8b94c8d601a24a1914a1a92bec0e4fafda964": "0.0.1"
      }
    }
  },
  "jquery": {
    "bowername": [
      "jQuery"
    ],
    "npmname": "jquery",
    "vulnerabilities": [
      {
        "below": "1.6.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS with location.hash",
          "CVE": [
            "CVE-2011-4969"
          ],
          "githubID": "GHSA-579v-mp3v-rrw5"
        },
        "info": [
          "http://research.insecurelabs.org/jquery/test/",
          "https://bugs.jquery.com/ticket/9521",
          "https://nvd.nist.gov/vuln/detail/CVE-2011-4969"
        ]
      },
      {
        "below": "1.9.0b1",
        "cwe": [
          "CWE-64",
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Selector interpreted as HTML",
          "CVE": [
            "CVE-2012-6708"
          ],
          "bug": "11290",
          "githubID": "GHSA-2pqj-h3vj-pqgw"
        },
        "info": [
          "http://bugs.jquery.com/ticket/11290",
          "http://research.insecurelabs.org/jquery/test/",
          "https://nvd.nist.gov/vuln/detail/CVE-2012-6708"
        ]
      },
      {
        "below": "1.9.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove \"<script>\" HTML tags that contain a whitespace character, i.e: \"</script >\", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.\n\n\n## Recommendation\n\nUpgrade to version 1.9.0 or later.",
          "CVE": [
            "CVE-2020-7656"
          ],
          "githubID": "GHSA-q4m3-2j7h-f7xw"
        },
        "info": [
          "https://github.com/advisories/GHSA-q4m3-2j7h-f7xw",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
        ]
      },
      {
        "atOrAbove": "1.4.0",
        "below": "1.12.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "3rd party CORS request may execute",
          "issue": "2432",
          "CVE": [
            "CVE-2015-9251"
          ],
          "githubID": "GHSA-rmxg-73gg-4p98"
        },
        "info": [
          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
          "http://research.insecurelabs.org/jquery/test/",
          "https://bugs.jquery.com/ticket/11974",
          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
          "https://github.com/jquery/jquery/issues/2432",
          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
        ]
      },
      {
        "atOrAbove": "1.8.0",
        "below": "1.12.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "3rd party CORS request may execute",
          "issue": "2432",
          "CVE": [
            "CVE-2015-9251"
          ],
          "githubID": "GHSA-rmxg-73gg-4p98"
        },
        "info": [
          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
          "http://research.insecurelabs.org/jquery/test/",
          "https://bugs.jquery.com/ticket/11974",
          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
          "https://github.com/jquery/jquery/issues/2432",
          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
        ]
      },
      {
        "atOrAbove": "1.12.2",
        "below": "2.2.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "3rd party CORS request may execute",
          "issue": "2432",
          "CVE": [
            "CVE-2015-9251"
          ],
          "githubID": "GHSA-rmxg-73gg-4p98"
        },
        "info": [
          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
          "http://research.insecurelabs.org/jquery/test/",
          "https://bugs.jquery.com/ticket/11974",
          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
          "https://github.com/jquery/jquery/issues/2432",
          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
        ]
      },
      {
        "below": "2.999.999",
        "cwe": [
          "CWE-1104"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates",
          "retid": "73"
        },
        "info": [
          "https://github.com/jquery/jquery.com/issues/162"
        ]
      },
      {
        "atOrAbove": "1.12.3",
        "below": "3.0.0-beta1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "3rd party CORS request may execute",
          "issue": "2432",
          "CVE": [
            "CVE-2015-9251"
          ],
          "githubID": "GHSA-rmxg-73gg-4p98"
        },
        "info": [
          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
          "http://research.insecurelabs.org/jquery/test/",
          "https://bugs.jquery.com/ticket/11974",
          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
          "https://github.com/jquery/jquery/issues/2432",
          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
        ]
      },
      {
        "atOrAbove": "2.2.2",
        "below": "3.0.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "3rd party CORS request may execute",
          "issue": "2432",
          "CVE": [
            "CVE-2015-9251"
          ],
          "githubID": "GHSA-rmxg-73gg-4p98"
        },
        "info": [
          "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/",
          "http://research.insecurelabs.org/jquery/test/",
          "https://bugs.jquery.com/ticket/11974",
          "https://github.com/advisories/GHSA-rmxg-73gg-4p98",
          "https://github.com/jquery/jquery/issues/2432",
          "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
        ]
      },
      {
        "atOrAbove": "3.0.0-rc.1",
        "below": "3.0.0",
        "cwe": [
          "CWE-400",
          "CWE-674"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Denial of Service in jquery",
          "CVE": [
            "CVE-2016-10707"
          ],
          "githubID": "GHSA-mhpp-875w-9cpv"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2016-10707"
        ]
      },
      {
        "atOrAbove": "1.1.4",
        "below": "3.4.0",
        "cwe": [
          "CWE-1321",
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution",
          "CVE": [
            "CVE-2019-11358"
          ],
          "PR": "4333",
          "githubID": "GHSA-6c3j-c64m-qhgq"
        },
        "info": [
          "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
          "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b",
          "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
        ]
      },
      {
        "atOrAbove": "1.0.3",
        "below": "3.5.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.",
          "CVE": [
            "CVE-2020-11023"
          ],
          "issue": "4647",
          "githubID": "GHSA-jpcq-cgw6-v4j6"
        },
        "info": [
          "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
        ]
      },
      {
        "atOrAbove": "1.2.0",
        "below": "3.5.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS",
          "CVE": [
            "CVE-2020-11022"
          ],
          "issue": "4642",
          "githubID": "GHSA-gxr4-xjj5-5px2"
        },
        "info": [
          "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
        ]
      }
    ],
    "extractors": {
      "func": [
        "(window.jQuery || window.$ || window.$jq || window.$j).fn.jquery",
        "require('jquery').fn.jquery"
      ],
      "uri": [
        "/(§§version§§)/jquery(\\.min)?\\.js"
      ],
      "filename": [
        "jquery-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!? jQuery v(§§version§§)",
        "\\* jQuery JavaScript Library v(§§version§§)",
        "\\* jQuery (§§version§§) - New Wave Javascript",
        "/\\*![\\s]+\\* jQuery JavaScript Library v(§§version§§)",
        "// \\$Id: jquery.js,v (§§version§§)",
        "/\\*! jQuery v(§§version§§)",
        "[^a-z]f=\"(§§version§§)\",.*[^a-z]jquery:f,",
        "[^a-z]m=\"(§§version§§)\",.*[^a-z]jquery:m,",
        "[^a-z.]jquery:[ ]?\"(§§version§§)\"",
        "\\$\\.documentElement,Q=e.jQuery,Z=e\\.\\$,ee=\\{\\},te=\\[\\],ne=\"(§§version§§)\"",
        "=\"(§§version§§)\",.{50,300}(.)\\.fn=(\\2)\\.prototype=\\{jquery:"
      ],
      "filecontentreplace": [
        "/var [a-z]=[a-z]\\.document,([a-z])=\"(§§version§§)\",([a-z])=.{130,160};\\3\\.fn=\\3\\.prototype=\\{jquery:\\1/$2/"
      ],
      "hashes": {}
    }
  },
  "jquery-migrate": {
    "vulnerabilities": [
      {
        "below": "1.2.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "cross-site-scripting",
          "issue": "36",
          "release": "jQuery Migrate 1.2.0 Released"
        },
        "info": [
          "http://blog.jquery.com/2013/05/01/jquery-migrate-1-2-0-released/",
          "https://github.com/jquery/jquery-migrate/issues/36"
        ]
      },
      {
        "below": "1.2.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Selector interpreted as HTML",
          "bug": "11290"
        },
        "info": [
          "http://bugs.jquery.com/ticket/11290",
          "http://research.insecurelabs.org/jquery/test/"
        ]
      }
    ],
    "extractors": {
      "filename": [
        "jquery-migrate-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!?(?:\n \\*)? jQuery Migrate(?: -)? v(§§version§§)",
        "\\.migrateVersion ?= ?\"(§§version§§)\"[\\s\\S]{10,150}(migrateDisablePatches|migrateWarnings|JQMIGRATE)",
        "jQuery\\.migrateVersion ?= ?\"(§§version§§)\""
      ],
      "hashes": {}
    }
  },
  "jquery-validation": {
    "bowername": [
      "jquery-validation"
    ],
    "vulnerabilities": [
      {
        "below": "1.19.3",
        "severity": "high",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service vulnerability",
          "CVE": [
            "CVE-2021-21252"
          ],
          "githubID": "GHSA-jxwx-85vp-gvwm"
        },
        "info": [
          "https://github.com/jquery-validation/jquery-validation/blob/master/changelog.md#1193--2021-01-09"
        ]
      },
      {
        "below": "1.19.4",
        "severity": "low",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "ReDoS vulnerability in URL2 validation",
          "CVE": [
            "CVE-2021-43306"
          ],
          "issue": "2428",
          "githubID": "GHSA-j9m2-h2pv-wvph"
        },
        "info": [
          "https://github.com/jquery-validation/jquery-validation/blob/master/changelog.md#1194--2022-05-19"
        ]
      },
      {
        "below": "1.19.5",
        "severity": "high",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "ReDoS vulnerability in url and URL2 validation",
          "CVE": [
            "CVE-2022-31147"
          ],
          "githubID": "GHSA-ffmh-x56j-9rc3"
        },
        "info": [
          "https://github.com/advisories/GHSA-ffmh-x56j-9rc3",
          "https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd"
        ]
      },
      {
        "below": "1.20.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Potential XSS via showLabel",
          "PR": "2462"
        },
        "info": [
          "https://github.com/jquery-validation/jquery-validation/blob/master/changelog.md#1200--2023-10-10"
        ]
      }
    ],
    "extractors": {
      "func": [
        "jQuery.validation.version"
      ],
      "filename": [
        "jquery.validat(?:ion|e)-(§§version§§)(.min)?\\.js"
      ],
      "uri": [
        "/(§§version§§)/jquery.validat(ion|e)(\\.min)?\\.js",
        "/jquery-validation@(§§version§§)/dist/.*\\.js"
      ],
      "filecontent": [
        "/\\*!?(?:\n \\*)?[\\s]*jQuery Validation Plugin -? ?v(§§version§§)",
        "Original file: /npm/jquery-validation@(§§version§§)/dist/jquery.validate.js"
      ],
      "hashes": {}
    }
  },
  "jquery-mobile": {
    "bowername": [
      "jquery-mobile",
      "jquery-mobile-min",
      "jquery-mobile-build",
      "jquery-mobile-dist",
      "jquery-mobile-bower"
    ],
    "vulnerabilities": [
      {
        "below": "1.0.1",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "osvdb": [
            "94317"
          ]
        },
        "info": [
          "http://osvdb.org/show/osvdb/94317"
        ]
      },
      {
        "below": "1.0RC2",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "osvdb": [
            "94563",
            "93562",
            "94316",
            "94561",
            "94560"
          ]
        },
        "info": [
          "http://osvdb.org/show/osvdb/94316",
          "http://osvdb.org/show/osvdb/94560",
          "http://osvdb.org/show/osvdb/94561",
          "http://osvdb.org/show/osvdb/94562",
          "http://osvdb.org/show/osvdb/94563"
        ]
      },
      {
        "below": "1.1.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "location.href cross-site scripting",
          "issue": "4787"
        },
        "info": [
          "http://jquerymobile.com/changelog/1.1.2/",
          "http://jquerymobile.com/changelog/1.2.0/",
          "https://github.com/jquery/jquery-mobile/issues/4787"
        ]
      },
      {
        "below": "1.2.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "location.href cross-site scripting",
          "issue": "4787"
        },
        "info": [
          "http://jquerymobile.com/changelog/1.2.0/",
          "https://github.com/jquery/jquery-mobile/issues/4787"
        ]
      },
      {
        "below": "1.3.0",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Endpoint that reflect user input leads to cross site scripting",
          "gist": "jupenur/e5d0c6f9b58aa81860bf74e010cf1685"
        },
        "info": [
          "https://gist.github.com/jupenur/e5d0c6f9b58aa81860bf74e010cf1685"
        ]
      },
      {
        "below": "100.0.0",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "open redirect leads to cross site scripting",
          "blog": "sirdarckcat/unpatched-0day-jquery-mobile-xss",
          "githubID": "GHSA-fj93-7wm4-8x2g"
        },
        "info": [
          "http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html",
          "https://github.com/jquery/jquery-mobile/issues/8640",
          "https://snyk.io/vuln/SNYK-JS-JQUERYMOBILE-174599"
        ]
      }
    ],
    "extractors": {
      "func": [
        "jQuery.mobile.version"
      ],
      "filename": [
        "jquery.mobile-(§§version§§)(.min)?\\.js"
      ],
      "uri": [
        "/(§§version§§)/jquery.mobile(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!?[\\s*]*jQuery Mobile(?: -)? v?(§§version§§)",
        "// Version of the jQuery Mobile Framework[\\s]+version: *[\"'](§§version§§)[\"'],"
      ],
      "hashes": {}
    }
  },
  "jquery-ui": {
    "bowername": [
      "jquery-ui",
      "jquery.ui"
    ],
    "npmname": "jquery-ui",
    "vulnerabilities": [
      {
        "below": "1.13.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS in the `altField` option of the Datepicker widget",
          "CVE": [
            "CVE-2021-41182"
          ],
          "githubID": "GHSA-9gj3-hwp5-pmwc"
        },
        "info": [
          "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-41182"
        ]
      },
      {
        "below": "1.13.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS in the `of` option of the `.position()` util",
          "CVE": [
            "CVE-2021-41184"
          ],
          "githubID": "GHSA-gpqq-952q-5327"
        },
        "info": [
          "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-41184"
        ]
      },
      {
        "below": "1.13.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS Vulnerability on text options of jQuery UI datepicker",
          "CVE": [
            "CVE-2021-41183"
          ],
          "bug": "15284",
          "githubID": "GHSA-j7qv-pgf6-hvh4"
        },
        "info": [
          "https://bugs.jqueryui.com/ticket/15284",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-41183"
        ]
      },
      {
        "below": "1.13.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS when refreshing a checkboxradio with an HTML-like initial text label ",
          "CVE": [
            "CVE-2022-31160"
          ],
          "issue": "2101",
          "githubID": "GHSA-h6gj-6jjq-h8g9"
        },
        "info": [
          "https://github.com/advisories/GHSA-h6gj-6jjq-h8g9",
          "https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9",
          "https://github.com/jquery/jquery-ui/issues/2101",
          "https://nvd.nist.gov/vuln/detail/CVE-2022-31160"
        ]
      }
    ],
    "extractors": {
      "func": [
        "jQuery.ui.version"
      ],
      "uri": [
        "/(§§version§§)/jquery-ui(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!? jQuery UI - v(§§version§§)",
        "/\\*!?[\n *]+jQuery UI (§§version§§)"
      ],
      "hashes": {}
    }
  },
  "jquery-ui-dialog": {
    "bowername": [
      "jquery-ui",
      "jquery.ui"
    ],
    "npmname": "jquery-ui",
    "vulnerabilities": [
      {
        "atOrAbove": "1.7.0",
        "below": "1.10.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Title cross-site scripting vulnerability",
          "CVE": [
            "CVE-2010-5312"
          ],
          "bug": "6016",
          "githubID": "GHSA-wcm2-9c89-wmfm"
        },
        "info": [
          "http://bugs.jqueryui.com/ticket/6016",
          "https://nvd.nist.gov/vuln/detail/CVE-2010-5312"
        ]
      },
      {
        "below": "1.12.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS Vulnerability on closeText option",
          "CVE": [
            "CVE-2016-7103"
          ],
          "bug": "281",
          "githubID": "GHSA-hpcf-8vf9-q4gj"
        },
        "info": [
          "https://github.com/jquery/api.jqueryui.com/issues/281",
          "https://nvd.nist.gov/vuln/detail/CVE-2016-7103",
          "https://snyk.io/vuln/npm:jquery-ui:20160721"
        ]
      }
    ],
    "extractors": {
      "func": [
        "jQuery.ui.dialog.version"
      ],
      "filecontent": [
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.dialog\\.js",
        "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.dialog",
        "/\\*!?[\n *]+jQuery UI Dialog (§§version§§)",
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}\\* Includes: .* dialog\\.js"
      ],
      "hashes": {}
    }
  },
  "jquery-ui-autocomplete": {
    "bowername": [
      "jquery-ui",
      "jquery.ui"
    ],
    "npmname": "jquery-ui",
    "vulnerabilities": [],
    "extractors": {
      "func": [
        "jQuery.ui.autocomplete.version"
      ],
      "filecontent": [
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.autocomplete\\.js",
        "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.autocomplete",
        "/\\*!?[\n *]+jQuery UI Autocomplete (§§version§§)",
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}\\* Includes: .* autocomplete\\.js"
      ],
      "hashes": {}
    }
  },
  "jquery-ui-tooltip": {
    "bowername": [
      "jquery-ui",
      "jquery.ui"
    ],
    "npmname": "jquery-ui",
    "vulnerabilities": [
      {
        "atOrAbove": "1.9.2",
        "below": "1.10.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip",
          "CVE": [
            "CVE-2012-6662"
          ],
          "bug": "8859",
          "githubID": "GHSA-qqxp-xp9v-vvx6"
        },
        "info": [
          "http://bugs.jqueryui.com/ticket/8859",
          "https://nvd.nist.gov/vuln/detail/CVE-2012-6662"
        ]
      }
    ],
    "extractors": {
      "func": [
        "jQuery.ui.tooltip.version"
      ],
      "filecontent": [
        "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.tooltip\\.js",
        "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.tooltip",
        "/\\*!?[\n *]+jQuery UI Tooltip (§§version§§)"
      ],
      "hashes": {}
    }
  },
  "jquery.prettyPhoto": {
    "bowername": [
      "jquery-prettyPhoto"
    ],
    "basePurl": "pkg:github/scaron/prettyphoto",
    "vulnerabilities": [
      {
        "below": "3.1.5",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-6837"
          ]
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2013-6837"
        ]
      },
      {
        "below": "3.1.6",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "issue": "149"
        },
        "info": [
          "https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto",
          "https://github.com/scaron/prettyphoto/issues/149"
        ]
      }
    ],
    "extractors": {
      "func": [
        "jQuery.prettyPhoto.version"
      ],
      "uri": [
        "/prettyPhoto/(§§version§§)/js/jquery\\.prettyPhoto(\\.min?)\\.js",
        "/prettyphoto@(§§version§§)/js/jquery\\.prettyPhoto\\.js"
      ],
      "filecontent": [
        "/\\*[\r\n -]+Class: prettyPhoto(?:.*\n){1,3}[ ]*Version: (§§version§§)",
        "\\.prettyPhoto[ ]?=[ ]?\\{version:[ ]?(?:'|\")(§§version§§)(?:'|\")\\}"
      ],
      "hashes": {}
    }
  },
  "jquery.terminal": {
    "vulnerabilities": [
      {
        "below": "1.21.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Reflected Cross-Site Scripting in jquery.terminal",
          "githubID": "GHSA-2hwp-g4g7-mwwj"
        },
        "info": [
          "https://github.com/jcubic/jquery.terminal/commit/c8b7727d21960031b62a4ef1ed52f3c634046211",
          "https://www.npmjs.com/advisories/769"
        ]
      },
      {
        "below": "2.31.1",
        "severity": "low",
        "cwe": [
          "CWE-79",
          "CWE-80"
        ],
        "identifiers": {
          "summary": "jquery.terminal self XSS on user input",
          "githubID": "GHSA-x9r5-jxvq-4387",
          "CVE": [
            "CVE-2021-43862"
          ]
        },
        "info": [
          "https://github.com/jcubic/jquery.terminal/security/advisories/GHSA-x9r5-jxvq-4387",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-43862"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/jquery.terminal[@/](§§version§§)/"
      ],
      "filecontent": [
        "version (§§version§§)[\\s]+\\*[\\s]+\\* This file is part of jQuery Terminal.",
        "\\$\\.terminal=\\{version:\"(§§version§§)\""
      ]
    }
  },
  "jquery-deparam": {
    "vulnerabilities": [
      {
        "below": "999",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "githubID": "GHSA-xg68-chx2-253g",
          "CVE": [
            "CVE-2021-20087"
          ]
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2021-20087"
        ]
      }
    ],
    "extractors": {
      "hashes": {
        "61c9d49ae64331402c3bde766c9dc504ed2ca509": "0.5.3",
        "10a68e5048995351a01b0ad7f322bb755a576a02": "0.5.2",
        "b8f063c860fa3aab266df06b290e7da648f9328d": "0.4.2",
        "851bc74dc664aa55130ecc74dd6b1243becc3242": "0.4.1",
        "2aae12841f4d00143ffc1effa59fbd058218c29f": "0.4.0",
        "967942805137f9eb0ae26005d94e8285e2e288a0": "0.3.0",
        "fbf2e115feae7ade26788e38ebf338af11a98bb2": "0.1.0"
      }
    }
  },
  "tableexport.jquery.plugin": {
    "vulnerabilities": [
      {
        "below": "1.25.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "There is a cross-site scripting vulnerability with default `onCellHtmlData`",
          "githubID": "GHSA-j636-crp3-m584",
          "CVE": [
            "CVE-2022-1291"
          ]
        },
        "info": [
          "https://github.com/hhurz/tableexport.jquery.plugin/commit/dcbaee23cf98328397a153e71556f75202988ec9"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/tableexport.jquery.plugin@(§§version§§)/tableExport.min.js",
        "/TableExport/(§§version§§)/js/tableexport.min.js"
      ],
      "filecontent": [
        "/\\*[\\s]+tableExport.jquery.plugin[\\s]+Version (§§version§§)",
        "/\\*![\\s]+\\* TableExport.js v(§§version§§)"
      ]
    }
  },
  "jPlayer": {
    "bowername": [
      "jPlayer"
    ],
    "npmname": "jplayer",
    "vulnerabilities": [
      {
        "below": "2.2.20",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component",
          "CVE": [
            "CVE-2013-1942"
          ],
          "release": "2.2.20"
        },
        "info": [
          "http://jplayer.org/latest/release-notes/",
          "https://nvd.nist.gov/vuln/detail/CVE-2013-1942"
        ]
      },
      {
        "below": "2.3.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component",
          "CVE": [
            "CVE-2013-2022"
          ],
          "githubID": "GHSA-3jcq-cwr7-6332"
        },
        "info": [
          "http://jplayer.org/latest/release-notes/",
          "https://nvd.nist.gov/vuln/detail/CVE-2013-2022"
        ]
      },
      {
        "below": "2.3.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS vulnerability in actionscript/Jplayer.as in the Flash SWF component",
          "CVE": [
            "CVE-2013-2023"
          ],
          "release": "2.3.1"
        },
        "info": [
          "http://jplayer.org/latest/release-notes/",
          "https://nvd.nist.gov/vuln/detail/CVE-2013-2023"
        ]
      }
    ],
    "extractors": {
      "func": [
        "new jQuery.jPlayer().version.script"
      ],
      "filecontent": [
        "/\\*!?[\n *]+jPlayer Plugin for jQuery (?:.*\n){1,10}[ *]+Version: (§§version§§)",
        "/\\*!? jPlayer (§§version§§) for jQuery"
      ],
      "hashes": {}
    }
  },
  "knockout": {
    "vulnerabilities": [
      {
        "below": "3.5.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS injection point in attr name binding for browser IE7 and older",
          "issue": "1244",
          "CVE": [
            "CVE-2019-14862"
          ],
          "githubID": "GHSA-vcjj-xf2r-mwvc"
        },
        "info": [
          "https://github.com/knockout/knockout/issues/1244"
        ]
      }
    ],
    "extractors": {
      "func": [
        "ko.version"
      ],
      "filename": [
        "knockout-(§§version§§)(.min)?\\.js"
      ],
      "uri": [
        "/knockout/(§§version§§)/knockout(-[a-z.]+)?\\.js"
      ],
      "filecontent": [
        "(?:\\*|//) Knockout JavaScript library v(§§version§§)"
      ],
      "hashes": {}
    }
  },
  "sessvars": {
    "vulnerabilities": [
      {
        "below": "1.01",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Unsanitized data passed to eval()",
          "tenable": "98645"
        },
        "info": [
          "http://www.thomasfrank.se/sessionvars.html"
        ]
      }
    ],
    "extractors": {
      "filename": [
        "sessvars-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "sessvars ver (§§version§§)"
      ],
      "hashes": {}
    }
  },
  "swfobject": {
    "bowername": [
      "swfobject",
      "swfobject-bower"
    ],
    "vulnerabilities": [
      {
        "below": "2.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "DOM-based XSS",
          "retid": "1"
        },
        "info": [
          "https://github.com/swfobject/swfobject/wiki/SWFObject-Release-Notes#swfobject-v21-beta7-june-6th-2008"
        ]
      }
    ],
    "extractors": {
      "filename": [
        "swfobject_(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "SWFObject v(§§version§§) "
      ],
      "hashes": {}
    }
  },
  "tinyMCE": {
    "bowername": [
      "tinymce",
      "tinymce-dist"
    ],
    "npmname": "tinymce",
    "vulnerabilities": [
      {
        "below": "1.4.2",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Static code injection vulnerability in inc/function.base.php",
          "CVE": [
            "CVE-2011-4825"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2011-4825/"
        ]
      },
      {
        "below": "4.2.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "FIXED so script elements gets removed by default to prevent possible XSS issues in default config implementations",
          "retid": "62"
        },
        "info": [
          "https://www.tinymce.com/docs/changelog/"
        ]
      },
      {
        "below": "4.2.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "xss issues with media plugin not properly filtering out some script attributes.",
          "retid": "61"
        },
        "info": [
          "https://www.tinymce.com/docs/changelog/"
        ]
      },
      {
        "below": "4.7.12",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "FIXED so links with xlink:href attributes are filtered correctly to prevent XSS.",
          "retid": "63"
        },
        "info": [
          "https://www.tinymce.com/docs/changelog/"
        ]
      },
      {
        "below": "4.9.7",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
          "githubID": "GHSA-27gm-ghr9-4v95",
          "CVE": [
            "CVE-2020-17480",
            "CVE-2020-23066"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-27gm-ghr9-4v95",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95"
        ]
      },
      {
        "below": "4.9.7",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.",
          "githubID": "GHSA-p7j5-4mwm-hv86"
        },
        "info": [
          "https://github.com/advisories/GHSA-p7j5-4mwm-hv86",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-p7j5-4mwm-hv86"
        ]
      },
      {
        "below": "4.9.10",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "cross-site scripting (XSS) vulnerability was discovered in: the core parser and `media` plugin. ",
          "githubID": "GHSA-c78w-2gw7-gjv3",
          "CVE": [
            "CVE-2019-1010091"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-c78w-2gw7-gjv3",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
        ]
      },
      {
        "below": "4.9.11",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site scripting vulnerability in TinyMCE",
          "githubID": "GHSA-vrv8-v4w8-f95h",
          "CVE": [
            "CVE-2020-12648"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-vrv8-v4w8-f95h",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
        ]
      },
      {
        "atOrAbove": "5.0.0",
        "below": "5.1.4",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
          "githubID": "GHSA-27gm-ghr9-4v95",
          "CVE": [
            "CVE-2020-17480",
            "CVE-2020-23066"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-27gm-ghr9-4v95",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95"
        ]
      },
      {
        "atOrAbove": "5.0.0",
        "below": "5.1.4",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.",
          "githubID": "GHSA-p7j5-4mwm-hv86"
        },
        "info": [
          "https://github.com/advisories/GHSA-p7j5-4mwm-hv86",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-p7j5-4mwm-hv86"
        ]
      },
      {
        "below": "5.1.6",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "CDATA parsing and sanitization has been improved to address a cross-site scripting (XSS) vulnerability.",
          "retid": "64"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes516/"
        ]
      },
      {
        "below": "5.2.2",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "media embed content not processing safely in some cases.",
          "retid": "65"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes522/"
        ]
      },
      {
        "atOrAbove": "5.0.0",
        "below": "5.2.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "cross-site scripting (XSS) vulnerability was discovered in: the core parser and `media` plugin. ",
          "githubID": "GHSA-c78w-2gw7-gjv3",
          "CVE": [
            "CVE-2019-1010091"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-c78w-2gw7-gjv3",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
        ]
      },
      {
        "below": "5.4.0",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "content in an iframe element parsing as DOM elements instead of text content.",
          "retid": "66"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes54/"
        ]
      },
      {
        "atOrAbove": "5.0.0",
        "below": "5.4.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site scripting vulnerability in TinyMCE",
          "githubID": "GHSA-vrv8-v4w8-f95h",
          "CVE": [
            "CVE-2020-12648"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-vrv8-v4w8-f95h",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95h"
        ]
      },
      {
        "below": "5.6.0",
        "severity": "low",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Regex denial of service vulnerability in codesample plugin",
          "githubID": "GHSA-h96f-fc7c-9r55"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes"
        ]
      },
      {
        "below": "5.6.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "security issue where URLs in attributes weren’t correctly sanitized. security issue in the codesample plugin",
          "retid": "67",
          "githubID": "GHSA-w7jx-j77m-wp65",
          "CVE": [
            "CVE-2024-21911"
          ]
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes"
        ]
      },
      {
        "below": "5.7.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "URLs are not correctly filtered in some cases.",
          "retid": "68",
          "githubID": "GHSA-5vm8-hhgr-jcjp"
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes571/#securityfixes"
        ]
      },
      {
        "below": "5.9.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Inserting certain HTML content into the editor could result in invalid HTML once parsed. This caused a medium severity Cross Site Scripting (XSS) vulnerability",
          "retid": "69",
          "githubID": "GHSA-5h9g-x5rv-25wg",
          "CVE": [
            "CVE-2024-21908"
          ]
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes"
        ]
      },
      {
        "below": "5.10.0",
        "severity": "medium",
        "cwe": [
          "CWE-64",
          "CWE-79"
        ],
        "identifiers": {
          "summary": "URLs not cleaned correctly in some cases in the link and image plugins",
          "retid": "70",
          "githubID": "GHSA-r8hm-w5f7-wj39",
          "CVE": [
            "CVE-2024-21910"
          ]
        },
        "info": [
          "https://www.tiny.cloud/docs/release-notes/release-notes510/#securityfixes"
        ]
      },
      {
        "below": "5.10.7",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "A cross-site scripting (XSS) vulnerability in TinyMCE alerts which allowed arbitrary JavaScript execution was found and fixed.",
          "CVE": [
            "CVE-2022-23494"
          ],
          "githubID": "GHSA-gg8r-xjwq-4w92"
        },
        "info": [
          "https://github.com/advisories/GHSA-gg8r-xjwq-4w92",
          "https://www.cve.org/CVERecord?id=CVE-2022-23494",
          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06"
        ]
      },
      {
        "below": "5.10.8",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "TinyMCE XSS vulnerability in notificationManager.open API",
          "CVE": [
            "CVE-2023-45819"
          ],
          "githubID": "GHSA-hgqx-r2hp-jr38"
        },
        "info": [
          "https://github.com/advisories/GHSA-hgqx-r2hp-jr38",
          "https://www.cve.org/CVERecord?id=CVE-2022-23494",
          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06"
        ]
      },
      {
        "below": "5.10.8",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin",
          "CVE": [
            "CVE-2023-45818"
          ],
          "githubID": "GHSA-v65r-p3vv-jjfv"
        },
        "info": [
          "https://github.com/advisories/GHSA-v65r-p3vv-jjfv"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "5.10.9",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes",
          "CVE": [
            "CVE-2023-48219"
          ],
          "githubID": "GHSA-v626-r774-j7f8"
        },
        "info": [
          "https://github.com/advisories/GHSA-v626-r774-j7f8",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8",
          "https://nvd.nist.gov/vuln/detail/CVE-2023-48219",
          "https://github.com/tinymce/tinymce",
          "https://github.com/tinymce/tinymce/releases/tag/5.10.9",
          "https://github.com/tinymce/tinymce/releases/tag/6.7.3",
          "https://tiny.cloud/docs/release-notes/release-notes5109/",
          "https://tiny.cloud/docs/tinymce/6/6.7.3-release-notes/"
        ]
      },
      {
        "atOrAbove": "6.0.0",
        "below": "6.3.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "A cross-site scripting (XSS) vulnerability in TinyMCE alerts which allowed arbitrary JavaScript execution was found and fixed.",
          "CVE": [
            "CVE-2022-23494"
          ],
          "githubID": "GHSA-gg8r-xjwq-4w92"
        },
        "info": [
          "https://github.com/advisories/GHSA-gg8r-xjwq-4w92",
          "https://www.cve.org/CVERecord?id=CVE-2022-23494",
          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06"
        ]
      },
      {
        "atOrAbove": "6.0.0",
        "below": "6.7.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "TinyMCE XSS vulnerability in notificationManager.open API",
          "CVE": [
            "CVE-2023-45819"
          ],
          "githubID": "GHSA-hgqx-r2hp-jr38"
        },
        "info": [
          "https://github.com/advisories/GHSA-hgqx-r2hp-jr38",
          "https://www.cve.org/CVERecord?id=CVE-2022-23494",
          "https://www.tiny.cloud/docs/changelog/#5107-2022-12-06"
        ]
      },
      {
        "atOrAbove": "6.0.0",
        "below": "6.7.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin",
          "CVE": [
            "CVE-2023-45818"
          ],
          "githubID": "GHSA-v65r-p3vv-jjfv"
        },
        "info": [
          "https://github.com/advisories/GHSA-v65r-p3vv-jjfv"
        ]
      },
      {
        "atOrAbove": "6.0.0",
        "below": "6.7.3",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes",
          "CVE": [
            "CVE-2023-48219"
          ],
          "githubID": "GHSA-v626-r774-j7f8"
        },
        "info": [
          "https://github.com/advisories/GHSA-v626-r774-j7f8",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8",
          "https://nvd.nist.gov/vuln/detail/CVE-2023-48219",
          "https://github.com/tinymce/tinymce",
          "https://github.com/tinymce/tinymce/releases/tag/5.10.9",
          "https://github.com/tinymce/tinymce/releases/tag/6.7.3",
          "https://tiny.cloud/docs/release-notes/release-notes5109/",
          "https://tiny.cloud/docs/tinymce/6/6.7.3-release-notes/"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "6.8.1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes",
          "CVE": [
            "CVE-2024-29203"
          ],
          "githubID": "GHSA-438c-3975-5x3f"
        },
        "info": [
          "https://github.com/advisories/GHSA-438c-3975-5x3f",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-29203",
          "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1",
          "https://github.com/tinymce/tinymce",
          "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types",
          "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "7.0.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements",
          "CVE": [
            "CVE-2024-29881"
          ],
          "githubID": "GHSA-5359-pvf2-pw78"
        },
        "info": [
          "https://github.com/advisories/GHSA-5359-pvf2-pw78",
          "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-29881",
          "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1",
          "https://github.com/tinymce/tinymce",
          "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types",
          "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/tinymce/(§§version§§)/tinymce(\\.min)?\\.js"
      ],
      "filecontent": [
        "// (§§version§§) \\([0-9\\-]+\\)[\n\r]+.{0,1200}l=.tinymce/geom/Rect.",
        "/\\*\\*[\\s]*\\* TinyMCE version (§§version§§)"
      ],
      "filecontentreplace": [
        "/tinyMCEPreInit.*majorVersion:.([0-9]+).,minorVersion:.([0-9.]+)./$1.$2/",
        "/majorVersion:.([0-9]+).,minorVersion:.([0-9.]+).,.*tinyMCEPreInit/$1.$2/"
      ],
      "func": [
        "tinyMCE.majorVersion + '.'+ tinyMCE.minorVersion"
      ]
    }
  },
  "YUI": {
    "bowername": [
      "yui",
      "yui3"
    ],
    "npmname": "yui",
    "vulnerabilities": [
      {
        "atOrAbove": "2.4.0",
        "below": "2.8.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2010-4207"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2010-4207/"
        ]
      },
      {
        "atOrAbove": "2.5.0",
        "below": "2.8.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2010-4208"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2010-4208/"
        ]
      },
      {
        "atOrAbove": "2.8.0",
        "below": "2.8.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2010-4209"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2010-4209/"
        ]
      },
      {
        "below": "2.9.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2010-4710"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2010-4710/"
        ]
      },
      {
        "atOrAbove": "2.4.0",
        "below": "2.9.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2012-5881"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2012-5881/"
        ]
      },
      {
        "atOrAbove": "2.5.0",
        "below": "2.9.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2012-5882"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2012-5882/"
        ]
      },
      {
        "atOrAbove": "2.8.0",
        "below": "2.9.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2012-5883"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2012-5883/"
        ]
      },
      {
        "atOrAbove": "3.2.0",
        "below": "3.9.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4941"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2013-4941/"
        ]
      },
      {
        "atOrAbove": "3.5.0",
        "below": "3.9.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4942"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2013-4942/"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.10.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4939"
          ],
          "githubID": "GHSA-mj87-8xf8-fp4w"
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2013-4939/",
          "https://clarle.github.io/yui3/support/20130515-vulnerability/"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.10.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4940"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2013-4940/"
        ]
      }
    ],
    "extractors": {
      "func": [
        "YUI.Version",
        "YAHOO.VERSION"
      ],
      "filename": [
        "yui-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "/*\nYUI (§§version§§)",
        "/yui/license.(?:html|txt)\nversion: (§§version§§)"
      ],
      "hashes": {}
    }
  },
  "prototypejs": {
    "bowername": [
      "prototypejs",
      "prototype.js",
      "prototypejs-bower"
    ],
    "vulnerabilities": [
      {
        "below": "1.5.1.2",
        "severity": "high",
        "cwe": [
          "CWE-942"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2008-7220"
          ]
        },
        "info": [
          "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/",
          "http://www.cvedetails.com/cve/CVE-2008-7220/"
        ]
      },
      {
        "atOrAbove": "1.6.0",
        "below": "1.6.0.2",
        "severity": "high",
        "cwe": [
          "CWE-942"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2008-7220"
          ]
        },
        "info": [
          "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/",
          "http://www.cvedetails.com/cve/CVE-2008-7220/"
        ]
      }
    ],
    "extractors": {
      "func": [
        "Prototype.Version"
      ],
      "uri": [
        "/(§§version§§)/prototype(\\.min)?\\.js"
      ],
      "filename": [
        "prototype-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "Prototype JavaScript framework, version (§§version§§)",
        "Prototype[ ]?=[ ]?\\{[ \r\n\t]*Version:[ ]?(?:'|\")(§§version§§)(?:'|\")"
      ],
      "hashes": {}
    }
  },
  "ember": {
    "vulnerabilities": [
      {
        "below": "0.9.7",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Bound attributes aren't escaped properly",
          "bug": "699"
        },
        "info": [
          "https://github.com/emberjs/ember.js/issues/699"
        ]
      },
      {
        "below": "0.9.7.1",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "More rigorous XSS escaping from bindAttr",
          "retid": "60"
        },
        "info": [
          "https://github.com/emberjs/ember.js/blob/master/CHANGELOG.md"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.1",
        "below": "1.0.0-rc.1.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4170"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.2",
        "below": "1.0.0-rc.2.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4170"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.3",
        "below": "1.0.0-rc.3.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4170"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.4",
        "below": "1.0.0-rc.4.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4170"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.5",
        "below": "1.0.0-rc.5.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4170"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0-rc.6",
        "below": "1.0.0-rc.6.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-4170"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"
        ]
      },
      {
        "atOrAbove": "1.0.0",
        "below": "1.0.1",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-0013",
            "CVE-2014-0014"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "atOrAbove": "1.1.0",
        "below": "1.1.3",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-0013",
            "CVE-2014-0014"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "atOrAbove": "1.2.0",
        "below": "1.2.1",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-0013",
            "CVE-2014-0014"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "atOrAbove": "1.2.0",
        "below": "1.2.2",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "ember-routing-auto-location can be forced to redirect to another domain",
          "CVE": [
            "CVE-2014-0046"
          ]
        },
        "info": [
          "https://github.com/emberjs/ember.js/blob/v1.5.0/CHANGELOG.md",
          "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
        ]
      },
      {
        "atOrAbove": "1.3.0",
        "below": "1.3.1",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-0013",
            "CVE-2014-0014"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "atOrAbove": "1.3.0",
        "below": "1.3.2",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "ember-routing-auto-location can be forced to redirect to another domain",
          "CVE": [
            "CVE-2014-0046"
          ]
        },
        "info": [
          "https://github.com/emberjs/ember.js/blob/v1.5.0/CHANGELOG.md",
          "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
        ]
      },
      {
        "atOrAbove": "1.4.0",
        "below": "1.4.0-beta.2",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-0013",
            "CVE-2014-0014"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4",
          "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"
        ]
      },
      {
        "below": "1.5.0",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "ember-routing-auto-location can be forced to redirect to another domain",
          "CVE": [
            "CVE-2014-0046"
          ]
        },
        "info": [
          "https://github.com/emberjs/ember.js/blob/v1.5.0/CHANGELOG.md",
          "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
        ]
      },
      {
        "atOrAbove": "1.8.0",
        "below": "1.11.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2015-7565"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "1.12.0",
        "below": "1.12.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2015-7565"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "1.13.0",
        "below": "1.13.12",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2015-7565"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "2.0.0",
        "below": "2.0.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2015-7565"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "2.1.0",
        "below": "2.1.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2015-7565"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "atOrAbove": "2.2.0",
        "below": "2.2.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2015-7565"
          ]
        },
        "info": [
          "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
        ]
      },
      {
        "below": "3.24.7",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "59"
        },
        "info": [
          "https://blog.emberjs.com/ember-4-8-1-released/"
        ]
      },
      {
        "atOrAbove": "3.25.0",
        "below": "3.28.10",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "58"
        },
        "info": [
          "https://blog.emberjs.com/ember-4-8-1-released/"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.4.4",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "57"
        },
        "info": [
          "https://blog.emberjs.com/ember-4-8-1-released/"
        ]
      },
      {
        "atOrAbove": "4.5.0",
        "below": "4.8.1",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "56"
        },
        "info": [
          "https://blog.emberjs.com/ember-4-8-1-released/"
        ]
      },
      {
        "atOrAbove": "4.9.0-alpha.1",
        "below": "4.9.0-beta.3",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "55"
        },
        "info": [
          "https://blog.emberjs.com/ember-4-8-1-released/"
        ]
      }
    ],
    "extractors": {
      "func": [
        "Ember.VERSION"
      ],
      "uri": [
        "/(?:v)?(§§version§§)/ember(\\.min)?\\.js",
        "/ember\\.?js/(§§version§§)/ember((\\.|-)[a-z\\-.]+)?\\.js"
      ],
      "filename": [
        "ember-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "Project:   Ember -(?:.*\n){9,11}// Version: v(§§version§§)",
        "// Version: v(§§version§§)(.*\n){10,15}(Ember Debug|@module ember|@class ember)",
        "Ember.VERSION[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\")",
        "meta\\.revision=\"Ember@(§§version§§)\"",
        "e\\(\"ember/version\",\\[\"exports\"\\],function\\(e\\)\\{\"use strict\";?[\\s]*e(?:\\.|\\[\")default(?:\"\\])?=\"(§§version§§)\"",
        "\\(\"ember/version\",\\[\"exports\"\\],function\\(e\\)\\{\"use strict\";.{1,70}\\.default=\"(§§version§§)\"",
        "/\\*![\\s]+\\* @overview  Ember - JavaScript Application Framework[\\s\\S]{0,400}\\* @version   (§§version§§)",
        "// Version: (§§version§§)[\\s]+\\(function\\(\\) *\\{[\\s]*/\\*\\*[\\s]+@module ember[\\s]"
      ],
      "hashes": {}
    }
  },
  "dojo": {
    "vulnerabilities": [
      {
        "atOrAbove": "0.4",
        "below": "0.4.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "atOrAbove": "1.0",
        "below": "1.0.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "below": "1.1.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Affected versions of dojo are susceptible to a cross-site scripting vulnerability in the dijit.Editor and textarea components, which execute their contents as Javascript, even when sanitized.",
          "CVE": [
            "CVE-2008-6681"
          ],
          "githubID": "GHSA-39cx-xcwj-3rc4"
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2008-6681/"
        ]
      },
      {
        "atOrAbove": "1.1",
        "below": "1.1.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "atOrAbove": "1.2",
        "below": "1.2.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "atOrAbove": "1.3",
        "below": "1.3.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "below": "1.4.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html",
          "CVE": [
            "CVE-2010-2275"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2010-2275/"
        ]
      },
      {
        "atOrAbove": "1.4",
        "below": "1.4.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "below": "1.9.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.2.0 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize HTML code in user-controlled input, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "CVE": [
            "CVE-2015-5654"
          ],
          "githubID": "GHSA-p82g-2xpp-m5r3"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2015-5654"
        ]
      },
      {
        "atOrAbove": "1.10.0",
        "below": "1.10.10",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "atOrAbove": "1.11.0",
        "below": "1.11.6",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "below": "1.11.10",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74",
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Prototype pollution in dojo",
          "CVE": [
            "CVE-2020-5258"
          ],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "atOrAbove": "1.12.0",
        "below": "1.12.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "atOrAbove": "1.12.0",
        "below": "1.12.8",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74",
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Prototype pollution in dojo",
          "CVE": [
            "CVE-2020-5258"
          ],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "atOrAbove": "1.13.0",
        "below": "1.13.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting (XSS). The package does not sanitize URL parameters in the _testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser.",
          "PR": "307",
          "CVE": [
            "CVE-2010-2273"
          ],
          "githubID": "GHSA-536q-8gxx-m782"
        },
        "info": [
          "http://dojotoolkit.org/blog/dojo-security-advisory",
          "http://www.cvedetails.com/cve/CVE-2010-2272/",
          "http://www.cvedetails.com/cve/CVE-2010-2273/",
          "http://www.cvedetails.com/cve/CVE-2010-2274/",
          "http://www.cvedetails.com/cve/CVE-2010-2276/",
          "https://dojotoolkit.org/blog/dojo-1-14-released",
          "https://github.com/advisories/GHSA-536q-8gxx-m782",
          "https://github.com/dojo/dojo/pull/307"
        ]
      },
      {
        "atOrAbove": "1.13.0",
        "below": "1.13.7",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74",
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Prototype pollution in dojo",
          "CVE": [
            "CVE-2020-5258"
          ],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "below": "1.14",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "In Dojo Toolkit before 1.14.0, there is unescaped string injection in dojox/Grid/DataGrid.",
          "CVE": [
            "CVE-2018-15494"
          ],
          "githubID": "GHSA-84cm-x2q5-8225"
        },
        "info": [
          "https://dojotoolkit.org/blog/dojo-1-14-released"
        ]
      },
      {
        "atOrAbove": "1.14.0",
        "below": "1.14.6",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74",
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Prototype pollution in dojo",
          "CVE": [
            "CVE-2020-5258"
          ],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "atOrAbove": "1.15.0",
        "below": "1.15.3",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74",
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Prototype pollution in dojo",
          "CVE": [
            "CVE-2020-5258"
          ],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "atOrAbove": "1.16.0",
        "below": "1.16.2",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74",
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Prototype pollution in dojo",
          "CVE": [
            "CVE-2020-5258"
          ],
          "githubID": "GHSA-jxfh-8wgv-vfr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-jxfh-8wgv-vfr2",
          "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2"
        ]
      },
      {
        "below": "1.17.0",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "CVE": [
            "CVE-2021-23450"
          ],
          "githubID": "GHSA-m8gw-hjpr-rjv7"
        },
        "info": [
          "https://github.com/dojo/dojo/pull/418"
        ]
      }
    ],
    "extractors": {
      "func": [
        "dojo.version.toString()"
      ],
      "uri": [
        "/(?:dojo-)?(§§version§§)(?:/dojo)?/dojo(\\.min)?\\.js"
      ],
      "filename": [
        "dojo-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontentreplace": [
        "/dojo.version=\\{major:([0-9]+),minor:([0-9]+),patch:([0-9]+)/$1.$2.$3/",
        "/\"dojox\"[\\s\\S]{1,350}\\.version=\\{major:([0-9]+),minor:([0-9]+),patch:([0-9]+)/$1.$2.$3/"
      ],
      "hashes": {
        "73cdd262799aab850abbe694cd3bfb709ea23627": "1.4.1",
        "c8c84eddc732c3cbf370764836a7712f3f873326": "1.4.0",
        "d569ce9efb7edaedaec8ca9491aab0c656f7c8f0": "1.0.0",
        "ad44e1770895b7fa84aff5a56a0f99b855a83769": "1.3.2",
        "8fc10142a06966a8709cd9b8732f7b6db88d0c34": "1.3.1",
        "a09b5851a0a3e9d81353745a4663741238ee1b84": "1.3.0",
        "2ab48d45abe2f54cdda6ca32193b5ceb2b1bc25d": "1.2.3",
        "12208a1e649402e362f528f6aae2c614fc697f8f": "1.2.0",
        "72a6a9fbef9fa5a73cd47e49942199147f905206": "1.1.1"
      }
    }
  },
  "angularjs": {
    "bowername": [
      "angularjs",
      "angular.js"
    ],
    "npmname": "angular",
    "vulnerabilities": [
      {
        "atOrAbove": "1.0.0",
        "below": "1.2.30",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "The attribute usemap can be used as a security exploit",
          "retid": "50"
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21"
        ]
      },
      {
        "below": "1.5.0-beta.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS through xlink:href attributes",
          "CVE": [
            "CVE-2019-14863"
          ],
          "githubID": "GHSA-r5fx-8r73-v86c"
        },
        "info": [
          "https://github.com/advisories/GHSA-r5fx-8r73-v86c",
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#150-beta1-dense-dispersion-2015-09-29"
        ]
      },
      {
        "atOrAbove": "1.3.0",
        "below": "1.5.0-rc2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "The attribute usemap can be used as a security exploit",
          "retid": "49"
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21"
        ]
      },
      {
        "below": "1.6.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-Site Scripting via JSONP",
          "githubID": "GHSA-28hp-fgcr-2r4h"
        },
        "info": [
          "https://github.com/advisories/GHSA-28hp-fgcr-2r4h"
        ]
      },
      {
        "below": "1.6.3",
        "severity": "medium",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "DOS in $sanitize",
          "retid": "52"
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md",
          "https://github.com/angular/angular.js/pull/15699"
        ]
      },
      {
        "below": "1.6.3",
        "severity": "medium",
        "cwe": [
          "CWE-942"
        ],
        "identifiers": {
          "summary": "Universal CSP bypass via add-on in Firefox",
          "retid": "51"
        },
        "info": [
          "http://pastebin.com/raw/kGrdaypP",
          "https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435"
        ]
      },
      {
        "below": "1.6.5",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS in $sanitize in Safari/Firefox",
          "retid": "53"
        },
        "info": [
          "https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94"
        ]
      },
      {
        "atOrAbove": "1.5.0",
        "below": "1.6.9",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS through SVG if enableSvg is set",
          "retid": "48"
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02",
          "https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html"
        ]
      },
      {
        "below": "1.7.9",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-20",
          "CWE-915"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "47",
          "githubID": "GHSA-89mq-4x47-5v83",
          "CVE": [
            "CVE-2019-10768"
          ]
        },
        "info": [
          "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19",
          "https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a"
        ]
      },
      {
        "below": "1.8.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS via JQLite DOM manipulation functions in AngularJS",
          "githubID": "GHSA-5cp4-xmrw-59wf"
        },
        "info": [
          "https://github.com/advisories/GHSA-5cp4-xmrw-59wf"
        ]
      },
      {
        "below": "1.8.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element.",
          "CVE": [
            "CVE-2020-7676"
          ],
          "githubID": "GHSA-mhp6-pxh8-r675"
        },
        "info": [
          "https://github.com/advisories/GHSA-5cp4-xmrw-59wf",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-7676"
        ]
      },
      {
        "below": "1.999",
        "severity": "low",
        "cwe": [
          "CWE-1104"
        ],
        "identifiers": {
          "summary": "End-of-Life: Long term support for AngularJS has been discontinued as of December 31, 2021",
          "retid": "54"
        },
        "info": [
          "https://blog.angular.io/discontinued-long-term-support-for-angularjs-cc066b82e65a?gi=9d3103b5445c"
        ]
      },
      {
        "below": "999",
        "severity": "medium",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "angular vulnerable to regular expression denial of service via the $resource service",
          "CVE": [
            "CVE-2023-26117"
          ],
          "githubID": "GHSA-2qqx-w9hr-q5gx"
        },
        "info": [
          "https://github.com/advisories/GHSA-2qqx-w9hr-q5gx"
        ]
      },
      {
        "below": "999",
        "severity": "medium",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "angular vulnerable to regular expression denial of service via the angular.copy() utility",
          "CVE": [
            "CVE-2023-26116"
          ],
          "githubID": "GHSA-2vrf-hf26-jrp5"
        },
        "info": [
          "https://github.com/advisories/GHSA-2vrf-hf26-jrp5"
        ]
      },
      {
        "below": "999",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Angular (deprecated package) Cross-site Scripting",
          "CVE": [
            "CVE-2022-25869"
          ],
          "githubID": "GHSA-prc3-vjfx-vhm9"
        },
        "info": [
          "https://github.com/advisories/GHSA-prc3-vjfx-vhm9"
        ]
      },
      {
        "below": "999",
        "severity": "medium",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "angular vulnerable to regular expression denial of service via the <input type=\"url\"> element",
          "githubID": "GHSA-qwqh-hm9m-p5hr",
          "CVE": [
            "CVE-2023-26118"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-qwqh-hm9m-p5hr"
        ]
      },
      {
        "atOrAbove": "1.3.0",
        "below": "999",
        "cwe": [
          "CWE-1333"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "angular vulnerable to super-linear runtime due to backtracking",
          "CVE": [
            "CVE-2024-21490"
          ],
          "githubID": "GHSA-4w4v-5hc9-xrr2"
        },
        "info": [
          "https://github.com/advisories/GHSA-4w4v-5hc9-xrr2",
          "https://nvd.nist.gov/vuln/detail/CVE-2024-21490",
          "https://github.com/angular/angular.js",
          "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746",
          "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747",
          "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113",
          "https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos"
        ]
      },
      {
        "atOrAbove": "1.7.0",
        "below": "999",
        "severity": "medium",
        "cwe": [
          "CWE-1333",
          "CWE-770"
        ],
        "identifiers": {
          "summary": "angular vulnerable to regular expression denial of service (ReDoS)",
          "CVE": [
            "CVE-2022-25844"
          ],
          "githubID": "GHSA-m2h2-264f-f486"
        },
        "info": [
          "https://github.com/advisories/GHSA-m2h2-264f-f486"
        ]
      }
    ],
    "extractors": {
      "func": [
        "angular.version.full"
      ],
      "uri": [
        "/(§§version§§)/angular(\\.min)?\\.js"
      ],
      "filename": [
        "angular(?:js)?-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "/\\*[\\*\\s]+(?:@license )?AngularJS v(§§version§§)",
        "http://errors\\.angularjs\\.org/(§§version§§)/"
      ],
      "hashes": {}
    }
  },
  "@angular/core": {
    "vulnerabilities": [
      {
        "atOrAbove": "0",
        "below": "10.2.5",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Cross site scripting in Angular",
          "CVE": [
            "CVE-2021-4231"
          ],
          "githubID": "GHSA-c75v-2vq8-878f"
        },
        "info": [
          "https://github.com/advisories/GHSA-c75v-2vq8-878f",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-4231",
          "https://github.com/angular/angular/issues/40136",
          "https://github.com/angular/angular/commit/0aa220bc0000fc4d1651ec388975bbf5baa1da36",
          "https://github.com/angular/angular/commit/47d9b6d72dab9d60c96bc1c3604219f6385649ea",
          "https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09",
          "https://github.com/angular/angular",
          "https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902",
          "https://vuldb.com/?id.181356"
        ]
      },
      {
        "atOrAbove": "11.0.0",
        "below": "11.0.5",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Cross site scripting in Angular",
          "CVE": [
            "CVE-2021-4231"
          ],
          "githubID": "GHSA-c75v-2vq8-878f"
        },
        "info": [
          "https://github.com/advisories/GHSA-c75v-2vq8-878f",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-4231",
          "https://github.com/angular/angular/issues/40136",
          "https://github.com/angular/angular/commit/0aa220bc0000fc4d1651ec388975bbf5baa1da36",
          "https://github.com/angular/angular/commit/47d9b6d72dab9d60c96bc1c3604219f6385649ea",
          "https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09",
          "https://github.com/angular/angular",
          "https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902",
          "https://vuldb.com/?id.181356"
        ]
      },
      {
        "atOrAbove": "11.1.0-next.0",
        "below": "11.1.0-next.3",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Cross site scripting in Angular",
          "CVE": [
            "CVE-2021-4231"
          ],
          "githubID": "GHSA-c75v-2vq8-878f"
        },
        "info": [
          "https://github.com/advisories/GHSA-c75v-2vq8-878f",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-4231",
          "https://github.com/angular/angular/issues/40136",
          "https://github.com/angular/angular/commit/0aa220bc0000fc4d1651ec388975bbf5baa1da36",
          "https://github.com/angular/angular/commit/47d9b6d72dab9d60c96bc1c3604219f6385649ea",
          "https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09",
          "https://github.com/angular/angular",
          "https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902",
          "https://vuldb.com/?id.181356"
        ]
      }
    ],
    "extractors": {
      "func": [
        "document.querySelector('[ng-version]').getAttribute('ng-version')"
      ]
    }
  },
  "backbone.js": {
    "bowername": [
      "backbonejs",
      "backbone"
    ],
    "npmname": "backbone",
    "basePurl": "pkg:npm/backbone",
    "vulnerabilities": [
      {
        "below": "0.5.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "cross-site scripting vulnerability",
          "release": "0.5.0",
          "retid": "46",
          "githubID": "GHSA-j6p2-cx3w-6jcp",
          "CVE": [
            "CVE-2016-10537"
          ]
        },
        "info": [
          "http://backbonejs.org/#changelog"
        ]
      }
    ],
    "extractors": {
      "func": [
        "Backbone.VERSION"
      ],
      "uri": [
        "/(§§version§§)/backbone(\\.min)?\\.js"
      ],
      "filename": [
        "backbone(?:js)?-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "//[ ]+Backbone.js (§§version§§)",
        "a=t.Backbone=\\{\\}\\}a.VERSION=\"(§§version§§)\"",
        "Backbone\\.VERSION *= *[\"'](§§version§§)[\"']"
      ],
      "hashes": {}
    }
  },
  "mustache.js": {
    "bowername": [
      "mustache.js",
      "mustache"
    ],
    "npmname": "mustache",
    "basePurl": "pkg:npm/mustache",
    "vulnerabilities": [
      {
        "below": "0.3.1",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "execution of arbitrary javascript",
          "bug": "112"
        },
        "info": [
          "https://github.com/janl/mustache.js/issues/112"
        ]
      },
      {
        "below": "2.2.1",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "weakness in HTML escaping",
          "PR": "530",
          "githubID": "GHSA-w3w8-37jv-2c58",
          "CVE": [
            "CVE-2015-8862"
          ]
        },
        "info": [
          "https://github.com/janl/mustache.js/pull/530",
          "https://github.com/janl/mustache.js/releases/tag/v2.2.1"
        ]
      }
    ],
    "extractors": {
      "func": [
        "Mustache.version"
      ],
      "uri": [
        "/(§§version§§)/mustache(\\.min)?\\.js"
      ],
      "filename": [
        "mustache(?:js)?-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "name:\"mustache.js\",version:\"(§§version§§)\"",
        "name=\"mustache.js\"[;,].\\.version=\"(§§version§§)\"",
        "[^a-z]mustache.version[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\")",
        "exports.name[ ]?=[ ]?\"mustache.js\";[\n ]*exports.version[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\");"
      ],
      "hashes": {}
    }
  },
  "handlebars": {
    "bowername": [
      "handlebars",
      "handlebars.js"
    ],
    "vulnerabilities": [
      {
        "below": "1.0.0.beta.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "poorly sanitized input passed to eval()",
          "issue": "68"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/pull/68"
        ]
      },
      {
        "below": "3.0.7",
        "severity": "high",
        "cwe": [
          "CWE-471"
        ],
        "identifiers": {
          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
          "issue": "1495",
          "githubID": "GHSA-q42p-pg8m-cqh6"
        },
        "info": [
          "https://github.com/advisories/GHSA-q42p-pg8m-cqh6",
          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e",
          "https://github.com/wycats/handlebars.js/issues/1495",
          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183"
        ]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).\n\nThe following template can be used to demonstrate the vulnerability:  \n```{{#with \"constructor\"}}\n\t{{#with split as |a|}}\n\t\t{{pop (push \"alert('Vulnerable Handlebars JS');\")}}\n\t\t{{#with (concat (lookup join (slice 0 1)))}}\n\t\t\t{{#each (slice 2 3)}}\n\t\t\t\t{{#with (apply 0 a)}}\n\t\t\t\t\t{{.}}\n\t\t\t\t{{/with}}\n\t\t\t{{/each}}\n\t\t{{/with}}\n\t{{/with}}\n{{/with}}```\n\n\n## Recommendation\n\nUpgrade to version 3.0.8, 4.5.2 or later.",
          "githubID": "GHSA-2cf5-4w76-r9qv"
        },
        "info": [
          "https://github.com/advisories/GHSA-2cf5-4w76-r9qv",
          "https://www.npmjs.com/advisories/1316"
        ]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).",
          "githubID": "GHSA-3cqr-58rm-57f8",
          "CVE": [
            "CVE-2019-20920"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-3cqr-58rm-57f8",
          "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
        ]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "45",
          "githubID": "GHSA-g9r4-xpmj-mj65"
        },
        "info": [
          "https://github.com/advisories/GHSA-g9r4-xpmj-mj65",
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
        ]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting)",
          "githubID": "GHSA-q2c6-c6pm-g3gh"
        },
        "info": [
          "https://github.com/advisories/GHSA-q2c6-c6pm-g3gh",
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
        ]
      },
      {
        "below": "3.0.8",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74"
        ],
        "identifiers": {
          "summary": "Disallow calling helperMissing and blockHelperMissing directly",
          "retid": "44",
          "CVE": [
            "CVE-2019-19919"
          ],
          "githubID": "GHSA-w457-6q6x-cgp9"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v430---september-24th-2019"
        ]
      },
      {
        "below": "4.0.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Quoteless attributes in templates can lead to XSS",
          "issue": "1083",
          "CVE": [
            "CVE-2015-8861"
          ],
          "githubID": "GHSA-9prh-257w-9277"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/pull/1083"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.0.13",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
          "retid": "43"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86",
          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.0.14",
        "severity": "high",
        "cwe": [
          "CWE-471"
        ],
        "identifiers": {
          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
          "issue": "1495",
          "githubID": "GHSA-q42p-pg8m-cqh6"
        },
        "info": [
          "https://github.com/advisories/GHSA-q42p-pg8m-cqh6",
          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e",
          "https://github.com/wycats/handlebars.js/issues/1495",
          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183"
        ]
      },
      {
        "atOrAbove": "4.1.0",
        "below": "4.1.2",
        "severity": "high",
        "cwe": [
          "CWE-471"
        ],
        "identifiers": {
          "summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template",
          "issue": "1495",
          "githubID": "GHSA-q42p-pg8m-cqh6"
        },
        "info": [
          "https://github.com/advisories/GHSA-q42p-pg8m-cqh6",
          "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e",
          "https://github.com/wycats/handlebars.js/issues/1495",
          "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.3.0",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-74"
        ],
        "identifiers": {
          "summary": "Disallow calling helperMissing and blockHelperMissing directly",
          "retid": "44",
          "CVE": [
            "CVE-2019-19919"
          ],
          "githubID": "GHSA-w457-6q6x-cgp9"
        },
        "info": [
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v430---september-24th-2019"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.4.5",
        "severity": "high",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service in Handlebars",
          "githubID": "GHSA-62gr-4qp9-h98f",
          "CVE": [
            "CVE-2019-20922"
          ]
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2019-20922"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.4.5",
        "severity": "medium",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to version 4.4.5 or later.",
          "retid": "75",
          "githubID": "GHSA-f52g-6jhx-586p"
        },
        "info": [
          "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.5.2",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).\n\nThe following template can be used to demonstrate the vulnerability:  \n```{{#with \"constructor\"}}\n\t{{#with split as |a|}}\n\t\t{{pop (push \"alert('Vulnerable Handlebars JS');\")}}\n\t\t{{#with (concat (lookup join (slice 0 1)))}}\n\t\t\t{{#each (slice 2 3)}}\n\t\t\t\t{{#with (apply 0 a)}}\n\t\t\t\t\t{{.}}\n\t\t\t\t{{/with}}\n\t\t\t{{/each}}\n\t\t{{/with}}\n\t{{/with}}\n{{/with}}```\n\n\n## Recommendation\n\nUpgrade to version 3.0.8, 4.5.2 or later.",
          "githubID": "GHSA-2cf5-4w76-r9qv"
        },
        "info": [
          "https://github.com/advisories/GHSA-2cf5-4w76-r9qv",
          "https://www.npmjs.com/advisories/1316"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.5.3",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).",
          "githubID": "GHSA-3cqr-58rm-57f8",
          "CVE": [
            "CVE-2019-20920"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-3cqr-58rm-57f8",
          "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.5.3",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype pollution",
          "retid": "45",
          "githubID": "GHSA-g9r4-xpmj-mj65"
        },
        "info": [
          "https://github.com/advisories/GHSA-g9r4-xpmj-mj65",
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.5.3",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting)",
          "githubID": "GHSA-q2c6-c6pm-g3gh"
        },
        "info": [
          "https://github.com/advisories/GHSA-q2c6-c6pm-g3gh",
          "https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
        ]
      },
      {
        "below": "4.6.0",
        "severity": "medium",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Denial of service",
          "issue": "1633"
        },
        "info": [
          "https://github.com/handlebars-lang/handlebars.js/pull/1633"
        ]
      },
      {
        "below": "4.7.7",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype Pollution in handlebars",
          "retid": "71",
          "CVE": [
            "CVE-2021-23383"
          ],
          "githubID": "GHSA-765h-qjxv-5f44"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23383"
        ]
      },
      {
        "below": "4.7.7",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Remote code execution in handlebars when compiling templates",
          "CVE": [
            "CVE-2021-23369"
          ],
          "githubID": "GHSA-f2jv-r9rf-7988"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23369"
        ]
      }
    ],
    "extractors": {
      "func": [
        "Handlebars.VERSION"
      ],
      "uri": [
        "/(§§version§§)/handlebars(\\.min)?\\.js"
      ],
      "filename": [
        "handlebars(?:js)?-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "Handlebars.VERSION = \"(§§version§§)\";",
        "Handlebars=\\{VERSION:(?:'|\")(§§version§§)(?:'|\")",
        "this.Handlebars=\\{\\};[\n\r \t]+\\(function\\([a-z]\\)\\{[a-z].VERSION=(?:'|\")(§§version§§)(?:'|\")",
        "exports.HandlebarsEnvironment=[\\s\\S]{70,120}exports.VERSION=(?:'|\")(§§version§§)(?:'|\")",
        "/\\*+![\\s]+(?:@license)?[\\s]+handlebars v+(§§version§§)",
        "window\\.Handlebars=.,.\\.VERSION=\"(§§version§§)\"",
        ".\\.HandlebarsEnvironment=.;var .=.\\(.\\),.=.\\(.\\),.=\"(§§version§§)\";.\\.VERSION="
      ],
      "hashes": {}
    }
  },
  "easyXDM": {
    "npmname": "easyxdm",
    "vulnerabilities": [
      {
        "below": "2.4.18",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-5212"
          ]
        },
        "info": [
          "http://blog.kotowicz.net/2013/09/exploiting-easyxdm-part-1-not-usual.html",
          "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5212"
        ]
      },
      {
        "below": "2.4.19",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-1403"
          ]
        },
        "info": [
          "http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html",
          "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1403"
        ]
      },
      {
        "below": "2.4.20",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "This release fixes a potential XSS for IE running in compatibility mode.",
          "retid": "39"
        },
        "info": [
          "https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.20"
        ]
      },
      {
        "below": "2.5.0",
        "severity": "medium",
        "cwe": [
          "CWE-942"
        ],
        "identifiers": {
          "summary": "This tightens down the default origin whitelist in the CORS example.",
          "retid": "40"
        },
        "info": [
          "https://github.com/oyvindkinsey/easyXDM/releases/tag/2.5.0"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(?:easyXDM-)?(§§version§§)/easyXDM(\\.min)?\\.js"
      ],
      "filename": [
        "easyXDM-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        " \\* easyXDM\n \\* http://easyxdm.net/(?:\r|\n|.)+version:\"(§§version§§)\"",
        "@class easyXDM(?:.|\r|\n)+@version (§§version§§)(\r|\n)"
      ],
      "hashes": {
        "cf266e3bc2da372c4f0d6b2bd87bcbaa24d5a643": "2.4.6"
      }
    }
  },
  "plupload": {
    "bowername": [
      "Plupload",
      "plupload"
    ],
    "vulnerabilities": [
      {
        "below": "1.5.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2012-2401"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2012-2401/"
        ]
      },
      {
        "below": "1.5.5",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2013-0237"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2013-0237/"
        ]
      },
      {
        "below": "2.1.9",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2016-4566"
          ]
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases"
        ]
      },
      {
        "below": "2.3.7",
        "severity": "medium",
        "cwe": [
          "CWE-434"
        ],
        "identifiers": {
          "summary": "Fixed security vulnerability by adding die calls to all php files to prevent them from being executed unless modified.",
          "retid": "35"
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases/tag/v2.3.7"
        ]
      },
      {
        "below": "2.3.8",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed a potential security issue with not entity encoding the file names in the html in the queue/ui widgets.",
          "retid": "38"
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases/tag/v2.3.8"
        ]
      },
      {
        "below": "2.3.9",
        "severity": "medium",
        "cwe": [
          "CWE-434",
          "CWE-75"
        ],
        "identifiers": {
          "summary": "Fixed another case of html entities not being encoded that could be exploded by uploading a file name with html in it.",
          "retid": "42",
          "CVE": [
            "CVE-2021-23562"
          ],
          "githubID": "GHSA-rp2c-jrgp-cvr8"
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases/tag/v2.3.9"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.1.3",
        "severity": "medium",
        "cwe": [
          "CWE-434"
        ],
        "identifiers": {
          "summary": "Fixed security vulnerability by adding die calls to all php files to prevent them from being executed unless modified.",
          "retid": "36"
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases/tag/v3.1.3"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.1.4",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed a potential security issue with not entity encoding the file names in the html in the queue/ui widgets.",
          "retid": "37"
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases/tag/v3.1.4"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.1.5",
        "severity": "medium",
        "cwe": [
          "CWE-434"
        ],
        "identifiers": {
          "summary": "Fixed another case of html entities not being encoded that could be exploded by uploading a file name with html in it.",
          "retid": "41"
        },
        "info": [
          "https://github.com/moxiecode/plupload/releases/tag/v3.1.5"
        ]
      }
    ],
    "extractors": {
      "func": [
        "plupload.VERSION"
      ],
      "uri": [
        "/(§§version§§)/plupload(\\.min)?\\.js"
      ],
      "filename": [
        "plupload-(§§version§§)(.min)?\\.js"
      ],
      "filecontent": [
        "\\* Plupload - multi-runtime File Uploader(?:\r|\n)+ \\* v(§§version§§)",
        "var g=\\{VERSION:\"(§§version§§)\",.*;window.plupload=g\\}"
      ],
      "hashes": {}
    }
  },
  "DOMPurify": {
    "bowername": [
      "dompurify",
      "DOMPurify"
    ],
    "npmname": "dompurify",
    "vulnerabilities": [
      {
        "below": "0.6.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "retid": "24"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases/tag/0.6.1"
        ]
      },
      {
        "below": "0.8.6",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "retid": "25"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases/tag/0.8.6"
        ]
      },
      {
        "below": "0.8.9",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "safari UXSS",
          "retid": "26"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases/tag/0.8.9",
          "https://lists.ruhr-uni-bochum.de/pipermail/dompurify-security/2017-May/000006.html"
        ]
      },
      {
        "below": "0.9.0",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "safari UXSS",
          "retid": "27"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases/tag/0.9.0"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "1.0.11",
        "cwe": [
          "CWE-601"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "DOMPurify Open Redirect vulnerability",
          "CVE": [
            "CVE-2019-25155"
          ],
          "githubID": "GHSA-8hgg-xxm5-3873"
        },
        "info": [
          "https://github.com/advisories/GHSA-8hgg-xxm5-3873",
          "https://nvd.nist.gov/vuln/detail/CVE-2019-25155",
          "https://github.com/cure53/DOMPurify/pull/337",
          "https://github.com/cure53/DOMPurify/commit/7601c33a57e029cce51d910eda5179a3f1b51c83",
          "https://github.com/cure53/DOMPurify",
          "https://github.com/cure53/DOMPurify/compare/1.0.10...1.0.11"
        ]
      },
      {
        "below": "2.0.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed an mXSS-based bypass caused by nested forms inside MathML",
          "githubID": "GHSA-chqj-j4fh-rw7m",
          "CVE": [
            "CVE-2019-16728"
          ]
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.0.7",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "possible to bypass the package sanitization through Mutation XSS",
          "githubID": "GHSA-mjjq-c88q-qhr6"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.0.16",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed an mXSS-based bypass caused by nested forms inside MathML",
          "retid": "28"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.0.17",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed another bypass causing mXSS by using MathML",
          "retid": "29",
          "githubID": "GHSA-63q7-h895-m982",
          "CVE": [
            "CVE-2020-26870"
          ]
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.1.1",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed several possible mXSS patterns, thanks @hackvertor",
          "retid": "30"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.2.0",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fix a possible XSS in Chrome that is hidden behind #enable-experimental-web-platform-features",
          "retid": "31"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.2.2",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed an mXSS bypass dropped on us publicly via",
          "retid": "32"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.2.3",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed an mXSS issue reported",
          "retid": "33"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      },
      {
        "below": "2.2.4",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Fixed a new MathML-based bypass submitted by PewGrand. Fixed a new SVG-related bypass submitted by SecurityMB",
          "retid": "34"
        },
        "info": [
          "https://github.com/cure53/DOMPurify/releases"
        ]
      }
    ],
    "extractors": {
      "func": [
        "DOMPurify.version"
      ],
      "filecontent": [
        "DOMPurify.version = '(§§version§§)';",
        "DOMPurify.version=\"(§§version§§)\"",
        "DOMPurify=.[^\\r\\n]{10,850}?\\.version=\"(§§version§§)\"",
        "/\\*! @license DOMPurify (§§version§§)",
        "var .=\"dompurify\"+.{10,550}?\\.version=\"(§§version§§)\""
      ],
      "hashes": {}
    }
  },
  "react": {
    "vulnerabilities": [
      {
        "atOrAbove": "0.4.0",
        "below": "0.4.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability can arise when using user data as a key",
          "CVE": [
            "CVE-2013-7035"
          ],
          "githubID": "GHSA-g53w-52xc-2j85"
        },
        "info": [
          "https://facebook.github.io/react/blog/2013/12/18/react-v0.5.2-v0.4.2.html",
          "https://github.com/advisories/GHSA-g53w-52xc-2j85"
        ]
      },
      {
        "atOrAbove": "0.5.0",
        "below": "0.5.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability can arise when using user data as a key",
          "CVE": [
            "CVE-2013-7035"
          ],
          "githubID": "GHSA-g53w-52xc-2j85"
        },
        "info": [
          "https://facebook.github.io/react/blog/2013/12/18/react-v0.5.2-v0.4.2.html",
          "https://github.com/advisories/GHSA-g53w-52xc-2j85"
        ]
      },
      {
        "atOrAbove": "0.0.1",
        "below": "0.14.0",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": " including untrusted objects as React children can result in an XSS security vulnerability",
          "retid": "23",
          "githubID": "GHSA-hg79-j56m-fxgv"
        },
        "info": [
          "http://danlec.com/blog/xss-via-a-spoofed-react-element",
          "https://facebook.github.io/react/blog/2015/10/07/react-v0.14.html"
        ]
      },
      {
        "atOrAbove": "16.0.0",
        "below": "16.0.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
          "CVE": [
            "CVE-2018-6341"
          ]
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.1.0",
        "below": "16.1.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
          "CVE": [
            "CVE-2018-6341"
          ]
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.2.0",
        "below": "16.2.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
          "CVE": [
            "CVE-2018-6341"
          ]
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.3.0",
        "below": "16.3.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
          "CVE": [
            "CVE-2018-6341"
          ]
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.4.0",
        "below": "16.4.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential XSS vulnerability when the attacker controls an attribute name",
          "CVE": [
            "CVE-2018-6341"
          ]
        },
        "info": [
          "https://github.com/facebook/react/blob/master/CHANGELOG.md",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      }
    ],
    "extractors": {
      "func": [
        "react.version",
        "require('react').version"
      ],
      "filecontent": [
        "/\\*\\*\n +\\* React \\(with addons\\) ?v(§§version§§)",
        "/\\*\\*\n +\\* React v(§§version§§)",
        "/\\*\\* @license React v(§§version§§)[\\s]*\\* react(-jsx-runtime)?\\.",
        "\"\\./ReactReconciler\":[0-9]+,\"\\./Transaction\":[0-9]+,\"fbjs/lib/invariant\":[0-9]+\\}\\],[0-9]+:\\[function\\(require,module,exports\\)\\{\"use strict\";module\\.exports=\"(§§version§§)\"\\}",
        "ReactVersion\\.js[\\*! \\\\/\n\r]{0,100}function\\(e,t\\)\\{\"use strict\";e\\.exports=\"(§§version§§)\"",
        "expected a ReactNode.[\\s\\S]{0,1800}?function\\(e,t\\)\\{\"use strict\";e\\.exports=\"(§§version§§)\""
      ]
    }
  },
  "react-dom": {
    "vulnerabilities": [
      {
        "atOrAbove": "16.0.0",
        "below": "16.0.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
          "CVE": [
            "CVE-2018-6341"
          ],
          "githubID": "GHSA-mvjj-gqq2-p4hw"
        },
        "info": [
          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.1.0",
        "below": "16.1.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
          "CVE": [
            "CVE-2018-6341"
          ],
          "githubID": "GHSA-mvjj-gqq2-p4hw"
        },
        "info": [
          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.2.0",
        "below": "16.2.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
          "CVE": [
            "CVE-2018-6341"
          ],
          "githubID": "GHSA-mvjj-gqq2-p4hw"
        },
        "info": [
          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.3.0",
        "below": "16.3.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
          "CVE": [
            "CVE-2018-6341"
          ],
          "githubID": "GHSA-mvjj-gqq2-p4hw"
        },
        "info": [
          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      },
      {
        "atOrAbove": "16.4.0",
        "below": "16.4.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Affected versions of `react-dom` are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios",
          "CVE": [
            "CVE-2018-6341"
          ],
          "githubID": "GHSA-mvjj-gqq2-p4hw"
        },
        "info": [
          "https://github.com/advisories/GHSA-mvjj-gqq2-p4hw",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-6341",
          "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/react-dom@(§§version§§)/"
      ],
      "filecontent": [
        "version:\"(§§version§§)[a-z0-9\\-]*\"[\\s,]*rendererPackageName:\"react-dom\"",
        "/\\*\\* @license React v(§§version§§)[\\s]*\\* react-dom\\."
      ]
    }
  },
  "react-is": {
    "vulnerabilities": [],
    "extractors": {
      "filecontent": [
        "/\\*\\* @license React v(§§version§§)[\\s]*\\* react-is\\."
      ]
    }
  },
  "scheduler": {
    "vulnerabilities": [],
    "extractors": {
      "filecontent": [
        "/\\*\\* @license React v(§§version§§)[\\s]*\\* scheduler\\."
      ]
    }
  },
  "flowplayer": {
    "vulnerabilities": [
      {
        "below": "5.4.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS vulnerability in Flash fallback",
          "issue": "381"
        },
        "info": [
          "https://github.com/flowplayer/flowplayer/issues/381"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "flowplayer-(§§version§§)(\\.min)?\\.js"
      ],
      "filename": [
        "flowplayer-(§§version§§)(\\.min)?\\.js"
      ]
    }
  },
  "DWR": {
    "npmname": "dwr",
    "vulnerabilities": [
      {
        "below": "1.1.4",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2007-01-09"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2014-5326/",
          "http://www.cvedetails.com/cve/CVE-2014-5326/"
        ]
      },
      {
        "below": "2.0.11",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-5326",
            "CVE-2014-5325"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2014-5326/"
        ]
      },
      {
        "atOrAbove": "3",
        "below": "3.0.RC3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "CVE": [
            "CVE-2014-5326",
            "CVE-2014-5325"
          ]
        },
        "info": [
          "http://www.cvedetails.com/cve/CVE-2014-5326/"
        ]
      }
    ],
    "extractors": {
      "func": [
        "dwr.version"
      ],
      "filecontent": [
        " dwr-(§§version§§).jar"
      ]
    }
  },
  "moment.js": {
    "bowername": [
      "moment",
      "momentjs"
    ],
    "npmname": "moment",
    "basePurl": "pkg:npm/moment",
    "vulnerabilities": [
      {
        "below": "2.11.2",
        "severity": "medium",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "reDOS - regular expression denial of service",
          "issue": "2936",
          "githubID": "GHSA-87vv-r9j6-g5qv",
          "CVE": [
            "CVE-2016-4055"
          ]
        },
        "info": [
          "https://github.com/moment/moment/issues/2936"
        ]
      },
      {
        "below": "2.15.2",
        "severity": "medium",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS)",
          "retid": "22"
        },
        "info": [
          "https://security.snyk.io/vuln/npm:moment:20161019"
        ]
      },
      {
        "below": "2.19.3",
        "severity": "high",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS)",
          "CVE": [
            "CVE-2017-18214"
          ],
          "githubID": "GHSA-446m-mv8f-q348"
        },
        "info": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18214",
          "https://github.com/moment/moment/issues/4163",
          "https://security.snyk.io/vuln/npm:moment:20170905"
        ]
      },
      {
        "below": "2.29.2",
        "severity": "high",
        "cwe": [
          "CWE-22",
          "CWE-27"
        ],
        "identifiers": {
          "summary": "This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale.",
          "CVE": [
            "CVE-2022-24785"
          ],
          "githubID": "GHSA-8hfj-j24r-96c4"
        },
        "info": [
          "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
        ]
      },
      {
        "atOrAbove": "2.18.0",
        "below": "2.29.4",
        "severity": "high",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4",
          "CVE": [
            "CVE-2022-31129",
            "CVE-2023-22467"
          ],
          "githubID": "GHSA-wc69-rhjr-hc9g"
        },
        "info": [
          "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
          "https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/moment\\.js/(§§version§§)/moment(.min)?\\.js"
      ],
      "filename": [
        "moment(?:-|\\.)(§§version§§)(?:-min)?\\.js"
      ],
      "func": [
        "moment.version"
      ],
      "filecontent": [
        "//!? moment.js(?:[\n\r]+)//!? version : (§§version§§)",
        "/\\* Moment.js +\\| +version : (§§version§§) \\|",
        "\\.version=\"(§§version§§)\".{20,60}\"isBefore\".{20,60}\"isAfter\".{200,500}\\.isMoment=",
        "\\.version=\"(§§version§§)\".{20,300}duration.{2,100}\\.isMoment=",
        "\\.isMoment\\(.{50,400}_isUTC.{50,400}=\"(§§version§§)\"",
        "=\"(§§version§§)\".{300,1000}Years:31536e6.{60,80}\\.isMoment",
        "// Moment.js is freely distributable under the terms of the MIT license.[\\s]+//[\\s]+// Version (§§version§§)"
      ]
    }
  },
  "underscore.js": {
    "bowername": [
      "Underscore",
      "underscore"
    ],
    "npmname": "underscore",
    "vulnerabilities": [
      {
        "atOrAbove": "1.3.2",
        "below": "1.12.1",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": " vulnerable to Arbitrary Code Injection via the template function",
          "CVE": [
            "CVE-2021-23358"
          ],
          "githubID": "GHSA-cf4h-3jhx-xvhq"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23358"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/underscore\\.js/(§§version§§)/underscore(-min)?\\.js"
      ],
      "func": [
        "underscore.version"
      ],
      "filecontent": [
        "//[\\s]*Underscore.js (§§version§§)",
        "// *Underscore\\.js[\\s\\S]{1,2500}_\\.VERSION *= *['\"](§§version§§)['\"]"
      ]
    }
  },
  "bootstrap": {
    "vulnerabilities": [
      {
        "below": "2.1.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "cross-site scripting vulnerability",
          "issue": "3421"
        },
        "info": [
          "https://github.com/twbs/bootstrap/pull/3421"
        ]
      },
      {
        "below": "3.4.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.",
          "issue": "27044",
          "CVE": [
            "CVE-2018-20676"
          ],
          "githubID": "GHSA-3mgp-fx93-9xv5"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2018-20676"
        ]
      },
      {
        "below": "3.4.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in data-container property of tooltip",
          "issue": "20184",
          "CVE": [
            "CVE-2018-14042"
          ],
          "githubID": "GHSA-7mvr-5x2g-wfc8"
        },
        "info": [
          "https://github.com/twbs/bootstrap/issues/20184"
        ]
      },
      {
        "below": "3.4.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.",
          "CVE": [
            "CVE-2018-20677"
          ],
          "githubID": "GHSA-ph58-4vrj-w6hr"
        },
        "info": [
          "https://github.com/advisories/GHSA-ph58-4vrj-w6hr"
        ]
      },
      {
        "below": "3.4.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in data-target property of scrollspy",
          "issue": "20184",
          "CVE": [
            "CVE-2018-14041"
          ],
          "githubID": "GHSA-pj7m-g53m-7638"
        },
        "info": [
          "https://github.com/advisories/GHSA-pj7m-g53m-7638",
          "https://github.com/twbs/bootstrap/issues/20184"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.4.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS is possible in the data-target attribute.",
          "CVE": [
            "CVE-2016-10735"
          ],
          "githubID": "GHSA-4p24-vmcr-4gqj"
        },
        "info": [
          "https://github.com/advisories/GHSA-4p24-vmcr-4gqj"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.4.1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in data-template, data-content and data-title properties of tooltip/popover",
          "issue": "28236",
          "CVE": [
            "CVE-2019-8331"
          ],
          "githubID": "GHSA-9v3m-8fp8-mj99"
        },
        "info": [
          "https://github.com/advisories/GHSA-9v3m-8fp8-mj99",
          "https://github.com/twbs/bootstrap/issues/28236"
        ]
      },
      {
        "below": "3.999.999",
        "severity": "low",
        "cwe": [
          "CWE-1104"
        ],
        "identifiers": {
          "summary": "Bootstrap before 4.0.0 is end-of-life and no longer maintained.",
          "retid": "72"
        },
        "info": [
          "https://github.com/twbs/bootstrap/issues/20631"
        ]
      },
      {
        "atOrAbove": "4.0.0-beta",
        "below": "4.0.0-beta.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS is possible in the data-target attribute.",
          "CVE": [
            "CVE-2016-10735"
          ],
          "githubID": "GHSA-4p24-vmcr-4gqj"
        },
        "info": [
          "https://github.com/advisories/GHSA-4p24-vmcr-4gqj"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.1.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in collapse data-parent attribute",
          "issue": "20184",
          "CVE": [
            "CVE-2018-14040"
          ],
          "githubID": "GHSA-3wqf-4x89-9g79"
        },
        "info": [
          "https://github.com/twbs/bootstrap/issues/20184"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.1.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in data-container property of tooltip",
          "issue": "20184",
          "CVE": [
            "CVE-2018-14042"
          ],
          "githubID": "GHSA-7mvr-5x2g-wfc8"
        },
        "info": [
          "https://github.com/twbs/bootstrap/issues/20184"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.1.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in data-target property of scrollspy",
          "issue": "20184",
          "CVE": [
            "CVE-2018-14041"
          ],
          "githubID": "GHSA-pj7m-g53m-7638"
        },
        "info": [
          "https://github.com/advisories/GHSA-pj7m-g53m-7638",
          "https://github.com/twbs/bootstrap/issues/20184"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.3.1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS in data-template, data-content and data-title properties of tooltip/popover",
          "issue": "28236",
          "CVE": [
            "CVE-2019-8331"
          ],
          "githubID": "GHSA-9v3m-8fp8-mj99"
        },
        "info": [
          "https://github.com/advisories/GHSA-9v3m-8fp8-mj99",
          "https://github.com/twbs/bootstrap/issues/28236"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(§§version§§)/bootstrap(\\.min)?\\.js",
        "/(§§version§§)/js/bootstrap(\\.min)?\\.js"
      ],
      "filename": [
        "bootstrap-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!? Bootstrap v(§§version§§)",
        "\\* Bootstrap v(§§version§§)",
        "/\\*! Bootstrap v(§§version§§)",
        "this\\.close\\)\\};.\\.VERSION=\"(§§version§§)\"(?:,.\\.TRANSITION_DURATION=150)?,.\\.prototype\\.close"
      ],
      "hashes": {}
    }
  },
  "bootstrap-select": {
    "vulnerabilities": [
      {
        "below": "1.13.6",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS) via title and data-content",
          "CVE": [
            "CVE-2019-20921"
          ],
          "githubID": "GHSA-7c82-mp33-r854"
        },
        "info": [
          "https://github.com/snapappointments/bootstrap-select/issues/2199#issuecomment-701806876"
        ]
      },
      {
        "below": "1.13.6",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-Site Scripting in bootstrap-select",
          "githubID": "GHSA-9r7h-6639-v5mw",
          "CVE": [
            "CVE-2019-20921"
          ]
        },
        "info": [
          "https://github.com/snapappointments/bootstrap-select/issues/2199"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/bootstrap-select/(§§version§§)/"
      ],
      "filecontent": [
        "/\\*![\\s]+\\*[\\s]+Bootstrap-select[\\s]+v(§§version§§)",
        ".\\.data\\(\"selectpicker\",.=new .\\(this,.\\)\\)\\}\"string\"==typeof .&&\\(.=.\\[.\\]instanceof Function\\?.\\[.\\]\\.apply\\(.,.\\):.\\.options\\[.\\]\\)\\}\\}\\);return void 0!==.\\?.:.\\}.\\.VERSION=\"(§§version§§)\","
      ]
    }
  },
  "ckeditor": {
    "vulnerabilities": [
      {
        "below": "4.4.3",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS",
          "retid": "13"
        },
        "info": [
          "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-443"
        ]
      },
      {
        "below": "4.4.6",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS",
          "retid": "14"
        },
        "info": [
          "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-446"
        ]
      },
      {
        "below": "4.4.8",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS",
          "retid": "15"
        },
        "info": [
          "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-448"
        ]
      },
      {
        "below": "4.5.11",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS",
          "retid": "16"
        },
        "info": [
          "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-4511"
        ]
      },
      {
        "atOrAbove": "4.5.11",
        "below": "4.9.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS if the enhanced image plugin is installed",
          "retid": "17"
        },
        "info": [
          "https://ckeditor.com/blog/CKEditor-4.9.2-with-a-security-patch-released/",
          "https://ckeditor.com/cke4/release-notes"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.11.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS vulnerability in the HTML parser",
          "retid": "18",
          "CVE": [
            "CVE-2018-17960"
          ],
          "githubID": "GHSA-g68x-vvqq-pvw3"
        },
        "info": [
          "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/",
          "https://snyk.io/vuln/SNYK-JS-CKEDITOR-72618"
        ]
      },
      {
        "below": "4.14.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "XSS",
          "retid": "20"
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-414"
        ]
      },
      {
        "below": "4.15.1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted HTML code into the Color Button dialog",
          "retid": "19"
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-4151"
        ]
      },
      {
        "below": "4.16.0",
        "cwe": [
          "CWE-1333"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "ReDoS vulnerability in Autolink plugin and Advanced Tab for Dialogs plugin",
          "retid": "21"
        },
        "info": [
          "https://ckeditor.com/cke4/release/CKEditor-4.16.0"
        ]
      },
      {
        "below": "4.16.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "XSS vulnerability in the Widget plugin",
          "CVE": [
            "CVE-2021-32808"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c"
        ]
      },
      {
        "below": "4.16.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "XSS vulnerability in the Clipboard plugin",
          "CVE": [
            "CVE-2021-32809"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg"
        ]
      },
      {
        "below": "4.16.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS vulnerability in the Fake Objects plugin",
          "CVE": [
            "CVE-2021-37695"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc"
        ]
      },
      {
        "below": "4.17.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "XSS vulnerabilities in the core module",
          "CVE": [
            "CVE-2021-41164",
            "CVE-2021-41165"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2",
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj"
        ]
      },
      {
        "below": "4.18.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "Inject malformed URL to bypass content sanitization for XSS",
          "CVE": [
            "CVE-2022-24728"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh"
        ]
      },
      {
        "below": "4.21.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code",
          "CVE": [
            "CVE-2023-28439"
          ]
        },
        "info": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439",
          "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g",
          "https://nvd.nist.gov/vuln/detail/CVE-2023-28439"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(§§version§§)/ckeditor(\\.min)?\\.js"
      ],
      "filename": [
        "ckeditor-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "ckeditor..js.{4,30}=\\{timestamp:\"[^\"]+\",version:\"(§§version§§)",
        "window\\.CKEDITOR=function\\(\\)\\{var [a-z]=\\{timestamp:\"[^\"]+\",version:\"(§§version§§)"
      ],
      "hashes": {},
      "func": [
        "CKEDITOR.version"
      ]
    }
  },
  "ckeditor5": {
    "vulnerabilities": [
      {
        "below": "10.0.1",
        "cwe": [
          "CWE-79"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "XSS in the link package",
          "CVE": [
            "CVE-2018-11093"
          ]
        },
        "info": [
          "https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/"
        ]
      },
      {
        "below": "25.0.0",
        "cwe": [
          "CWE-1333"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "ReDos in several packages",
          "CVE": [
            "CVE-2021-21254"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-hgmg-hhc8-g5wr"
        ]
      },
      {
        "below": "27.0.0",
        "cwe": [
          "CWE-1333"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "ReDos in several packages",
          "CVE": [
            "CVE-2021-21391"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj"
        ]
      },
      {
        "below": "35.0.0",
        "cwe": [
          "CWE-79"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "security fix for the Markdown GFM, HTML support and HTML embed packages",
          "CVE": [
            "CVE-2022-31175"
          ]
        },
        "info": [
          "https://github.com/ckeditor/ckeditor5/compare/v34.2.0...v35.0.0",
          "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-42wq-rch8-6f6j"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(§§version§§)/ckeditor5(\\.min)?\\.js"
      ],
      "filename": [
        "ckeditor5-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "const .=\"(§§version§§)\";.{0,140}?\\.CKEDITOR_VERSION=.;",
        "CKEDITOR_VERSION=\"(§§version§§)\""
      ],
      "hashes": {},
      "func": [
        "CKEDITOR_VERSION"
      ]
    }
  },
  "vue": {
    "vulnerabilities": [
      {
        "below": "2.4.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "possible xss vector",
          "retid": "12"
        },
        "info": [
          "https://github.com/vuejs/vue/releases/tag/v2.4.3"
        ]
      },
      {
        "below": "2.5.17",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "potential xss in ssr when using v-bind",
          "retid": "11"
        },
        "info": [
          "https://github.com/vuejs/vue/releases/tag/v2.5.17"
        ]
      },
      {
        "below": "2.6.11",
        "severity": "medium",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "Bump vue-server-renderer's dependency of serialize-javascript to 2.1.2",
          "retid": "10"
        },
        "info": [
          "https://github.com/vuejs/vue/releases/tag/v2.6.11"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/vue@(§§version§§)/dist/vue\\.js",
        "/vue/(§§version§§)/vue\\..*\\.js",
        "/npm/vue@(§§version§§)"
      ],
      "filename": [
        "vue-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!\\n \\* Vue.js v(§§version§§)",
        "Vue.version = '(§§version§§)';",
        "'(§§version§§)'[^\\n]{0,8000}Vue compiler",
        "\\* Original file: /npm/vue@(§§version§§)/dist/vue.(global|common).js",
        "const version[ ]*=[ ]*\"(§§version§§)\";[\\s]*/\\*\\*[\\s]*\\* SSR utils for \\\\@vue/server-renderer",
        "\\.__vue_app__=.{0,8000}?const [a-z]+=\"(§§version§§)\","
      ],
      "func": [
        "Vue.version"
      ]
    }
  },
  "ExtJS": {
    "vulnerabilities": [
      {
        "atOrAbove": "3.0.0",
        "below": "4.0.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS vulnerability in ExtJS charts.swf",
          "CVE": [
            "CVE-2010-4207",
            "CVE-2012-5881"
          ]
        },
        "info": [
          "https://typo3.org/security/advisory/typo3-core-sa-2014-001/",
          "https://www.acunetix.com/vulnerabilities/web/extjs-charts-swf-cross-site-scripting",
          "https://www.akawebdesign.com/2018/08/14/should-js-frameworks-prevent-xss/"
        ]
      },
      {
        "below": "6.0.0",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Directory traversal and arbitrary file read",
          "CVE": [
            "CVE-2007-2285"
          ]
        },
        "info": [
          "https://packetstormsecurity.com/files/132052/extjs-Arbitrary-File-Read.html",
          "https://www.akawebdesign.com/2018/08/14/should-js-frameworks-prevent-xss/",
          "https://www.cvedetails.com/cve/CVE-2007-2285/"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "6.6.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS in Sencha Ext JS 4 to 6 via getTip() method of Action Columns",
          "CVE": [
            "CVE-2018-8046"
          ]
        },
        "info": [
          "http://seclists.org/fulldisclosure/2018/Jul/8",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-8046"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/extjs/(§§version§§)/.*\\.js"
      ],
      "filename": [
        "/ext-all-(§§version§§)(\\.min)?\\.js",
        "/ext-all-debug-(§§version§§)(\\.min)?\\.js",
        "/ext-base-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/*!\n * Ext JS Library (§§version§§)",
        "Ext = \\{[\\s]*/\\*[^/]+/[\\s]*version *: *['\"](§§version§§)['\"]",
        "var version *= *['\"](§§version§§)['\"], *Version;[\\s]*Ext.Version *= *Version *= *Ext.extend"
      ],
      "func": [
        "Ext && Ext.versions && Ext.versions.extjs.version",
        "Ext && Ext.version"
      ]
    }
  },
  "svelte": {
    "vulnerabilities": [
      {
        "below": "2.9.8",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS",
          "retid": "9"
        },
        "info": [
          "https://github.com/sveltejs/svelte/pull/1623"
        ]
      },
      {
        "below": "3.46.5",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS",
          "retid": "8"
        },
        "info": [
          "https://github.com/sveltejs/svelte/pull/7333"
        ]
      },
      {
        "below": "3.49.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS",
          "issue": "7530",
          "githubID": "GHSA-wv8q-r932-8hc7",
          "CVE": [
            "CVE-2022-25875"
          ]
        },
        "info": [
          "https://github.com/sveltejs/svelte/pull/7530"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/svelte@(§§version§§)/"
      ],
      "filename": [
        "svelte[@\\-](§§version§§)(.min)?\\.m?js"
      ],
      "filecontent": [
        "generated by Svelte v\\$\\{['\"](§§version§§)['\"]\\}",
        "version: '(§§version§§)' [\\s\\S]{80,200}'SvelteDOMInsert'",
        "VERSION = '(§§version§§)'[\\s\\S]{21,200}parse\\$[0-9][\\s\\S]{10,80}preprocess",
        "var version\\$[0-9] = \"(§§version§§)\";[\\s\\S]{10,30}normalizeOptions\\(options\\)[\\s\\S]{80,200}'SvelteComponent.html'"
      ],
      "func": [
        "svelte.VERSION"
      ]
    }
  },
  "axios": {
    "vulnerabilities": [
      {
        "below": "0.18.1",
        "severity": "high",
        "cwe": [
          "CWE-20",
          "CWE-755"
        ],
        "identifiers": {
          "summary": "Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded",
          "CVE": [
            "CVE-2019-10742"
          ],
          "githubID": "GHSA-42xw-2xvc-qx8m"
        },
        "info": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10742",
          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-174505"
        ]
      },
      {
        "below": "0.21.1",
        "severity": "medium",
        "cwe": [
          "CWE-918"
        ],
        "identifiers": {
          "summary": "Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability",
          "CVE": [
            "CVE-2020-28168"
          ],
          "githubID": "GHSA-4w2v-q235-vp99"
        },
        "info": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168",
          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-1038255"
        ]
      },
      {
        "below": "0.21.3",
        "severity": "high",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Axios is vulnerable to Inefficient Regular Expression Complexity",
          "CVE": [
            "CVE-2021-3749"
          ],
          "githubID": "GHSA-cph5-m8f7-6c5x"
        },
        "info": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3749",
          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-1579269"
        ]
      },
      {
        "atOrAbove": "0.8.1",
        "below": "0.28.0",
        "cwe": [
          "CWE-352"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Axios Cross-Site Request Forgery Vulnerability",
          "CVE": [
            "CVE-2023-45857"
          ],
          "githubID": "GHSA-wf5p-g6vw-rhxx"
        },
        "info": [
          "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
          "https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
          "https://github.com/axios/axios/issues/6006",
          "https://github.com/axios/axios/issues/6022",
          "https://github.com/axios/axios/pull/6028",
          "https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0",
          "https://github.com/axios/axios/releases/tag/v1.6.0",
          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459"
        ]
      },
      {
        "atOrAbove": "1.0.0",
        "below": "1.6.0",
        "cwe": [
          "CWE-352"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Axios Cross-Site Request Forgery Vulnerability",
          "CVE": [
            "CVE-2023-45857"
          ],
          "githubID": "GHSA-wf5p-g6vw-rhxx"
        },
        "info": [
          "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
          "https://nvd.nist.gov/vuln/detail/CVE-2023-45857",
          "https://github.com/axios/axios/issues/6006",
          "https://github.com/axios/axios/issues/6022",
          "https://github.com/axios/axios/pull/6028",
          "https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0",
          "https://github.com/axios/axios/releases/tag/v1.6.0",
          "https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459"
        ]
      },
      {
        "below": "1.6.8",
        "severity": "medium",
        "cwe": [
          "CWE-200"
        ],
        "identifiers": {
          "summary": "Versions before 1.6.8 depends on follow-redirects before 1.15.6 which could leak the proxy authentication credentials",
          "PR": "6300"
        },
        "info": [
          "https://github.com/axios/axios/pull/6300"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/axios/(§§version§§)/.*\\.js"
      ],
      "filename": [
        "axios-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\* *axios v(§§version§§) ",
        "// Axios v(§§version§§) C",
        "return\"\\[Axios v(§§version§§)\\] Transitional",
        "\\\"axios\\\",\\\"version\\\":\\\"(§§version§§)\\\""
      ],
      "func": [
        "axios && axios.VERSION"
      ]
    }
  },
  "markdown-it": {
    "vulnerabilities": [
      {
        "below": "3.0.0",
        "severity": "high",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS)",
          "CVE": [
            "CVE-2015-10005"
          ],
          "githubID": "GHSA-j5p7-jf4q-742q"
        },
        "info": [
          "https://nvd.nist.gov/vuln/detail/CVE-2015-10005"
        ]
      },
      {
        "below": "4.1.0",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS)",
          "CVE": [
            "CVE-2015-3295"
          ]
        },
        "info": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3295",
          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
          "https://security.snyk.io/vuln/npm:markdown-it:20160912"
        ]
      },
      {
        "atOrAbove": "4.0.0",
        "below": "4.3.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS)",
          "retid": "7"
        },
        "info": [
          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
          "https://security.snyk.io/vuln/npm:markdown-it:20150702"
        ]
      },
      {
        "below": "10.0.0",
        "severity": "medium",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS)",
          "retid": "6"
        },
        "info": [
          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
          "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438"
        ]
      },
      {
        "below": "12.3.2",
        "severity": "medium",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS)",
          "CVE": [
            "CVE-2022-21670"
          ],
          "githubID": "GHSA-6vfc-qv3f-vr6c"
        },
        "info": [
          "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md",
          "https://nvd.nist.gov/vuln/detail/CVE-2022-21670",
          "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-2331914"
        ]
      },
      {
        "below": "13.0.2",
        "severity": "medium",
        "cwe": [
          "CWE-400"
        ],
        "identifiers": {
          "summary": "Fixed crash/infinite loop caused by linkify inline rule",
          "issue": "957"
        },
        "info": [
          "https://github.com/markdown-it/markdown-it/issues/957",
          "https://github.com/markdown-it/markdown-it/compare/13.0.1...13.0.2"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/markdown-it[/@](§§version§§)/?.*\\.js"
      ],
      "filename": [
        "markdown-it-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*! markdown-it(?:-ins)? (§§version§§)"
      ],
      "func": []
    }
  },
  "jszip": {
    "vulnerabilities": [
      {
        "below": "2.7.0",
        "severity": "medium",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype Pollution",
          "CVE": [
            "CVE-2021-23413"
          ],
          "githubID": "GHSA-jg8v-48h5-wgxg"
        },
        "info": [
          "https://github.com/advisories/GHSA-jg8v-48h5-wgxg",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23413",
          "https://security.snyk.io/vuln/SNYK-JS-JSZIP-1251497"
        ]
      },
      {
        "atOrAbove": "3.0.0",
        "below": "3.7.0",
        "severity": "medium",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "Prototype Pollution",
          "CVE": [
            "CVE-2021-23413"
          ],
          "githubID": "GHSA-jg8v-48h5-wgxg"
        },
        "info": [
          "https://github.com/advisories/GHSA-jg8v-48h5-wgxg",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23413",
          "https://security.snyk.io/vuln/SNYK-JS-JSZIP-1251497"
        ]
      },
      {
        "below": "3.8.0",
        "severity": "high",
        "cwe": [
          "CWE-22"
        ],
        "identifiers": {
          "summary": "Santize filenames when files are loaded with loadAsync, to avoid “zip slip” attacks.",
          "retid": "5",
          "CVE": [
            "CVE-2022-48285"
          ],
          "githubID": "GHSA-36fh-84j7-cv5h"
        },
        "info": [
          "https://stuk.github.io/jszip/CHANGES.html"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/jszip[/@](§§version§§)/.*\\.js"
      ],
      "filename": [
        "jszip-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*![\\s]+JSZip v(§§version§§) "
      ],
      "func": [
        "JSZip && JSZip.version"
      ]
    }
  },
  "AlaSQL": {
    "npmname": "alasql",
    "vulnerabilities": [
      {
        "below": "0.7.0",
        "severity": "high",
        "cwe": [
          "CWE-94"
        ],
        "identifiers": {
          "summary": "An arbitrary code execution exists as AlaSQL doesn't sanitize input when characters are placed between square brackets [] or preceded with a backtik (accent grave) ` character. Versions older that 0.7.0 were deprecated in March of 2021 and should no longer be used.",
          "bug": "SNYK-JS-ALASQL-1082932"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-ALASQL-1082932"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/alasql[/@](§§version§§)/.*\\.js"
      ],
      "filename": [
        "alasql-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "/\\*!?[ \n]*AlaSQL v(§§version§§)"
      ],
      "func": [
        "alasql && alasql.version"
      ]
    }
  },
  "jquery.datatables": {
    "npmname": "datatables.net",
    "vulnerabilities": [
      {
        "below": "1.10.10",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS",
          "CVE": [
            "CVE-2015-6584"
          ]
        },
        "info": [
          "https://github.com/DataTables/DataTablesSrc/commit/ccf86dc5982bd8e16d",
          "https://github.com/advisories/GHSA-4mv4-gmmf-q382",
          "https://www.invicti.com/web-applications-advisories/cve-2015-6384-xss-vulnerability-identified-in-datatables/"
        ]
      },
      {
        "below": "1.10.22",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "datatables.net vulnerable to Prototype Pollution due to incomplete fix",
          "CVE": [
            "CVE-2020-28458"
          ],
          "githubID": "GHSA-m7j4-fhg6-xf5v"
        },
        "info": [
          "https://github.com/advisories/GHSA-m7j4-fhg6-xf5v"
        ]
      },
      {
        "below": "1.10.22",
        "severity": "medium",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "prototype pollution",
          "retid": "4"
        },
        "info": [
          "https://cdn.datatables.net/1.10.22/"
        ]
      },
      {
        "below": "1.10.23",
        "severity": "high",
        "cwe": [
          "CWE-1321"
        ],
        "identifiers": {
          "summary": "prototype pollution",
          "retid": "3"
        },
        "info": [
          "https://cdn.datatables.net/1.10.23/",
          "https://github.com/DataTables/DataTablesSrc/commit/a51cbe99fd3d02aa5582f97d4af1615d11a1ea03"
        ]
      },
      {
        "below": "1.11.3",
        "severity": "low",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "possible XSS",
          "retid": "2"
        },
        "info": [
          "https://cdn.datatables.net/1.11.3/",
          "https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b"
        ]
      },
      {
        "below": "1.11.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross site scripting in datatables.net",
          "CVE": [
            "CVE-2021-23445"
          ],
          "githubID": "GHSA-h73q-5wmj-q8pj"
        },
        "info": [
          "https://github.com/advisories/GHSA-h73q-5wmj-q8pj"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(§§version§§)/(js/)?jquery.dataTables(.min)?.js"
      ],
      "filename": [
        "jquery.dataTables-(§§version§§)(\\.min)?\\.js"
      ],
      "filecontent": [
        "http://www.datatables.net\n +DataTables (§§version§§)",
        "/\\*! DataTables (§§version§§)",
        ".\\.version=\"(§§version§§)\";[\\s]*.\\.settings=\\[\\];[\\s]*.\\.models=\\{[\\s]*\\};[\\s]*.\\.models.oSearch"
      ],
      "func": [
        "DataTable && DataTable.version"
      ]
    }
  },
  "nextjs": {
    "npmname": "next",
    "vulnerabilities": [
      {
        "atOrAbove": "1.0.0",
        "below": "2.4.1",
        "severity": "high",
        "cwe": [
          "CWE-22"
        ],
        "identifiers": {
          "summary": "Next.js Directory Traversal Vulnerability",
          "CVE": [
            "CVE-2017-16877"
          ],
          "githubID": "GHSA-3f5c-4qxj-vmpf"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-3f5c-4qxj-vmpf"
        ]
      },
      {
        "atOrAbove": "1.0.0",
        "below": "4.2.3",
        "cwe": [
          "CWE-22"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Directory traversal vulnerability in Next.js",
          "CVE": [
            "CVE-2018-6184"
          ],
          "githubID": "GHSA-m34x-wgrh-g897"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-m34x-wgrh-g897"
        ]
      },
      {
        "atOrAbove": "0.9.9",
        "below": "5.1.0",
        "cwe": [
          "CWE-20"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Remote Code Execution in next",
          "githubID": "GHSA-5vj8-3v2h-h38v"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-5vj8-3v2h-h38v"
        ]
      },
      {
        "atOrAbove": "7.0.0",
        "below": "7.0.2",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page",
          "CVE": [
            "CVE-2018-18282"
          ],
          "githubID": "GHSA-qw96-mm2g-c8m7"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-qw96-mm2g-c8m7"
        ]
      },
      {
        "below": "9.3.2",
        "severity": "medium",
        "cwe": [
          "CWE-23"
        ],
        "identifiers": {
          "summary": "Directory Traversal in Next.js",
          "CVE": [
            "CVE-2020-5284"
          ],
          "githubID": "GHSA-fq77-7p7r-83rj"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-fq77-7p7r-83rj"
        ]
      },
      {
        "atOrAbove": "9.5.0",
        "below": "9.5.4",
        "severity": "medium",
        "cwe": [
          "CWE-601"
        ],
        "identifiers": {
          "summary": "Open Redirect in Next.js",
          "CVE": [
            "CVE-2020-15242"
          ],
          "githubID": "GHSA-x56p-c8cg-q435"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435"
        ]
      },
      {
        "atOrAbove": "0.9.9",
        "below": "11.1.0",
        "severity": "medium",
        "cwe": [
          "CWE-601"
        ],
        "identifiers": {
          "summary": "Open Redirect in Next.js",
          "CVE": [
            "CVE-2021-37699"
          ],
          "githubID": "GHSA-vxf5-wxwp-m7g9"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-vxf5-wxwp-m7g9"
        ]
      },
      {
        "atOrAbove": "10.0.0",
        "below": "11.1.1",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS in Image Optimization API",
          "CVE": [
            "CVE-2021-39178"
          ],
          "githubID": "GHSA-9gr3-7897-pp7m"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-9gr3-7897-pp7m"
        ]
      },
      {
        "atOrAbove": "0.9.9",
        "below": "11.1.3",
        "severity": "high",
        "cwe": [
          "CWE-20"
        ],
        "identifiers": {
          "summary": "Unexpected server crash in Next.js versions",
          "CVE": [
            "CVE-2021-43803"
          ],
          "githubID": "GHSA-25mp-g6fv-mqxx"
        },
        "info": [
          "https://github.com/advisories/GHSA-25mp-g6fv-mqxx",
          "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx"
        ]
      },
      {
        "atOrAbove": "12.0.0",
        "below": "12.0.5",
        "severity": "high",
        "cwe": [
          "CWE-20"
        ],
        "identifiers": {
          "summary": "Unexpected server crash in Next.js versions",
          "CVE": [
            "CVE-2021-43803"
          ],
          "githubID": "GHSA-25mp-g6fv-mqxx"
        },
        "info": [
          "https://github.com/advisories/GHSA-25mp-g6fv-mqxx",
          "https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx"
        ]
      },
      {
        "atOrAbove": "12.0.0",
        "below": "12.0.9",
        "severity": "medium",
        "cwe": [
          "CWE-20",
          "CWE-400"
        ],
        "identifiers": {
          "summary": "DOS Vulnerability for self-hosted next.js apps",
          "CVE": [
            "CVE-2022-21721"
          ],
          "githubID": "GHSA-wr66-vrwm-5g5x"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-wr66-vrwm-5g5x"
        ]
      },
      {
        "atOrAbove": "10.0.0",
        "below": "12.1.0",
        "severity": "medium",
        "cwe": [
          "CWE-451"
        ],
        "identifiers": {
          "summary": "Improper CSP in Image Optimization API",
          "CVE": [
            "CVE-2022-23646"
          ],
          "githubID": "GHSA-fmvm-x8mv-47mj"
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj"
        ]
      },
      {
        "atOrAbove": "12.2.3",
        "below": "12.2.4",
        "cwe": [
          "CWE-248",
          "CWE-754"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Unexpected server crash in Next.js",
          "githubID": "GHSA-wff4-fpwg-qqv3",
          "CVE": [
            "CVE-2022-36046"
          ]
        },
        "info": [
          "https://github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3"
        ]
      },
      {
        "atOrAbove": "0.9.9",
        "below": "13.4.20-canary.13",
        "cwe": [
          "CWE-525"
        ],
        "severity": "low",
        "identifiers": {
          "summary": "Next.js missing cache-control header may lead to CDN caching empty reply",
          "CVE": [
            "CVE-2023-46298"
          ],
          "githubID": "GHSA-c59h-r6p8-q9wc"
        },
        "info": [
          "https://github.com/advisories/GHSA-c59h-r6p8-q9wc"
        ]
      }
    ],
    "extractors": {
      "filecontent": [
        "version=\"(§§version§§)\".{1,1500}document\\.getElementById\\(\"__NEXT_DATA__\"\\)\\.textContent",
        "document\\.getElementById\\(\"__NEXT_DATA__\"\\)\\.textContent\\);window\\.__NEXT_DATA__=.;.\\.version=\"(§§version§§)\""
      ],
      "func": [
        "next && next.version"
      ]
    }
  },
  "chart.js": {
    "vulnerabilities": [
      {
        "below": "2.9.4",
        "severity": "high",
        "cwe": [
          "CWE-1321",
          "CWE-915"
        ],
        "identifiers": {
          "summary": "Prototype pollution in chart.js",
          "CVE": [
            "CVE-2020-7746"
          ],
          "githubID": "GHSA-h68q-55jf-x68w"
        },
        "info": [
          "https://github.com/advisories/GHSA-h68q-55jf-x68w"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/Chart.js/(§§version§§)/chart(\\.min)?\\.js",
        "/Chart.js/(§§version§§)/Chart.bundle(\\.min)?\\.js"
      ],
      "filecontent": [
        "var version=\"(§§version§§)\";const KNOWN_POSITIONS=\\[\"top\",\"bottom\",\"left\",\"right\",\"chartArea\"\\]",
        "/\\*![\\s]+\\* Chart.js v(§§version§§)",
        "/\\*![\\s]+\\* Chart.js[\\s]+\\* http://chartjs.org/[\\s]+\\* Version: (§§version§§)"
      ]
    }
  },
  "froala": {
    "npmname": "froala-editor",
    "vulnerabilities": [
      {
        "below": "3.2.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Security issue: XSS via pasted content",
          "issue": "3880"
        },
        "info": [
          "https://froala.com/wysiwyg-editor/changelog/#3.2.2"
        ]
      },
      {
        "below": "3.2.2",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS Issue In Link Insertion",
          "issue": "3270"
        },
        "info": [
          "https://github.com/froala/wysiwyg-editor/issues/3270"
        ]
      },
      {
        "below": "3.2.3",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "DOM-based cross-site scripting in Froala Editor",
          "githubID": "GHSA-h236-g5gh-vq6c",
          "CVE": [
            "CVE-2019-19935"
          ]
        },
        "info": [
          "https://github.com/advisories/GHSA-h236-g5gh-vq6c"
        ]
      },
      {
        "below": "3.2.7",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.",
          "CVE": [
            "CVE-2021-28114"
          ]
        },
        "info": [
          "https://bishopfox.com/blog/froala-editor-v3-2-6-advisory"
        ]
      },
      {
        "below": "3.2.7",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Froala WYSIWYG Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent XSS.",
          "CVE": [
            "CVE-2021-30109"
          ],
          "githubID": "GHSA-cq6w-w5rj-p9x8"
        },
        "info": [
          "https://github.com/froala/wysiwyg-editor/releases/tag/v4.0.11"
        ]
      },
      {
        "below": "4.0.11",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "XSS vulnerability in [insert video]",
          "issue": "3880",
          "githubID": "GHSA-97x5-cc53-cv4v",
          "CVE": [
            "CVE-2020-22864"
          ]
        },
        "info": [
          "https://github.com/froala/wysiwyg-editor/releases/tag/v4.0.11"
        ]
      },
      {
        "below": "4.1.4",
        "atOrAbove": "4.0.1",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.",
          "CVE": [
            "CVE-2023-41592"
          ],
          "githubID": "GHSA-hvpq-7vcc-5hj5"
        },
        "info": [
          "https://froala.com/wysiwyg-editor/changelog/#4.1.4",
          "https://github.com/advisories/GHSA-hvpq-7vcc-5hj5"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/froala-editor/(§§version§§)/",
        "/froala-editor@(§§version§§)/"
      ],
      "filecontent": [
        "/\\*![\\s]+\\* froala_editor v(§§version§§)",
        "VERSION:\"(§§version§§)\",INSTANCES:\\[\\],OPTS_MAPPING:\\{\\}"
      ],
      "func": [
        "FroalaEditor.VERSION"
      ]
    }
  },
  "pendo": {
    "vulnerabilities": [
      {
        "below": "2.15.18",
        "severity": "medium",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Patched XSS vulnerability around script loading",
          "retid": "74"
        },
        "info": [
          "https://developers.pendo.io/agent-version-2-15-18/"
        ]
      }
    ],
    "extractors": {
      "filecontent": [
        "// Pendo Agent Wrapper\n//[\\s]+Environment:[\\s]+[^\n]+\n// Agent Version:[\\s]+(§§version§§)"
      ],
      "func": [
        "pendo.VERSION.split('_')[0]"
      ]
    }
  },
  "highcharts": {
    "vulnerabilities": [
      {
        "below": "6.1.0",
        "severity": "high",
        "cwe": [
          "CWE-1333"
        ],
        "identifiers": {
          "summary": "Regular Expression Denial of Service in highcharts",
          "CVE": [
            "CVE-2018-20801"
          ],
          "githubID": "GHSA-xmc8-cjfr-phx3"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-HIGHCHARTS-1290057"
        ]
      },
      {
        "below": "7.2.2",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of `highcharts` prior to 7.2.2 or 8.1.1 are vulnerable to Cross-Site Scripting (XSS)",
          "githubID": "GHSA-gr4j-r575-g665"
        },
        "info": [
          "https://github.com/advisories/GHSA-gr4j-r575-g665",
          "https://github.com/highcharts/highcharts/issues/13559"
        ]
      },
      {
        "atOrAbove": "8.0.0",
        "below": "8.1.1",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Versions of `highcharts` prior to 7.2.2 or 8.1.1 are vulnerable to Cross-Site Scripting (XSS)",
          "githubID": "GHSA-gr4j-r575-g665"
        },
        "info": [
          "https://github.com/advisories/GHSA-gr4j-r575-g665",
          "https://github.com/highcharts/highcharts/issues/13559"
        ]
      },
      {
        "below": "9.0.0",
        "severity": "high",
        "cwe": [
          "CWE-79"
        ],
        "identifiers": {
          "summary": "Cross-site Scripting (XSS) and Prototype Pollution in Highcharts < 9.0.0",
          "CVE": [
            "CVE-2021-29489"
          ],
          "githubID": "GHSA-8j65-4pcq-xq95"
        },
        "info": [
          "https://security.snyk.io/vuln/SNYK-JS-HIGHCHARTS-1290057"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "highcharts/(§§version§§)/highcharts(\\.min)?\\.js"
      ],
      "filecontent": [
        "product:\"Highcharts\",version:\"(§§version§§)\"",
        "product=\"Highcharts\"[,;].\\.version=\"(§§version§§)\""
      ]
    }
  },
  "select2": {
    "vulnerabilities": [
      {
        "atOrAbove": "0",
        "below": "4.0.6",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Improper Neutralization of Input During Web Page Generation in Select2",
          "CVE": [
            "CVE-2016-10744"
          ],
          "githubID": "GHSA-rf66-hmqf-q3fc"
        },
        "info": [
          "https://github.com/advisories/GHSA-rf66-hmqf-q3fc",
          "https://nvd.nist.gov/vuln/detail/CVE-2016-10744",
          "https://github.com/select2/select2/issues/4587",
          "https://github.com/snipe/snipe-it/pull/6831",
          "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a",
          "https://github.com/select2/select2"
        ]
      }
    ],
    "extractors": {
      "filecontent": [
        "/\\*!(?:[\\s]+\\*)? Select2 (§§version§§)",
        "/\\*[\\s]+Copyright 20[0-9]{2} [I]gor V[a]ynberg[\\s]+Version: (§§version§§)[\\s\\S]{1,5000}(\\.attr\\(\"class\",\"select2-sizer\"|\\.data\\(document, *\"select2-lastpos\"|document\\)\\.data\\(\"select2-lastpos\"|SingleSelect2, *MultiSelect2|window.Select2 *!== *undefined)"
      ],
      "uri": [
        "(§§version§§)/(js/)?select2(.min)?\\.js"
      ]
    }
  },
  "blueimp-file-upload": {
    "vulnerabilities": [
      {
        "below": "9.22.1",
        "cwe": [
          "CWE-434"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Unrestricted Upload of File with Dangerous Type in blueimp-file-upload",
          "CVE": [
            "CVE-2018-9206"
          ],
          "githubID": "GHSA-4cj8-g9cp-v5wr"
        },
        "info": [
          "https://github.com/advisories/GHSA-4cj8-g9cp-v5wr",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-9206",
          "https://github.com/advisories/GHSA-4cj8-g9cp-v5wr",
          "https://wpvulndb.com/vulnerabilities/9136",
          "https://www.exploit-db.com/exploits/45790/",
          "https://www.exploit-db.com/exploits/46182/",
          "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
          "http://www.securityfocus.com/bid/105679",
          "http://www.securityfocus.com/bid/106629",
          "http://www.vapidlabs.com/advisory.php?v=204"
        ]
      }
    ],
    "extractors": {
      "filecontent": [
        "/\\*[\\s*]+jQuery File Upload User Interface Plugin (§§version§§)[\\s*]+https://github.com/blueimp"
      ],
      "uri": [
        "/blueimp-file-upload/(§§version§§)/jquery.fileupload(-ui)?(\\.min)?\\.js"
      ]
    }
  },
  "c3": {
    "vulnerabilities": [
      {
        "below": "0.4.11",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Cross-Site Scripting in c3",
          "CVE": [
            "CVE-2016-1000240"
          ],
          "githubID": "GHSA-gvg7-pp82-cff3"
        },
        "info": [
          "https://github.com/advisories/GHSA-gvg7-pp82-cff3",
          "https://nvd.nist.gov/vuln/detail/CVE-2016-1000240",
          "https://github.com/c3js/c3/issues/1536",
          "https://github.com/c3js/c3/pull/1675",
          "https://github.com/c3js/c3/commit/de3864650300488a63d0541620e9828b00e94b42",
          "https://github.com/c3js/c3",
          "https://www.npmjs.com/advisories/138"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(§§version§§)/c3(\\.min)?\\.js"
      ],
      "filecontent": [
        "[\\s]+var c3 ?= ?\\{ ?version: ?['\"](§§version§§)['\"] ?\\};[\\s]+var c3_chart_fn,"
      ]
    }
  },
  "lodash": {
    "vulnerabilities": [
      {
        "below": "4.17.5",
        "cwe": [
          "CWE-471",
          "CWE-1321"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Prototype Pollution in lodash",
          "CVE": [
            "CVE-2018-3721"
          ],
          "githubID": "GHSA-fvqr-27wr-82fm"
        },
        "info": [
          "https://github.com/advisories/GHSA-fvqr-27wr-82fm",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-3721",
          "https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a",
          "https://hackerone.com/reports/310443",
          "https://github.com/advisories/GHSA-fvqr-27wr-82fm",
          "https://security.netapp.com/advisory/ntap-20190919-0004/",
          "https://www.npmjs.com/advisories/577"
        ]
      },
      {
        "below": "4.17.11",
        "cwe": [
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Prototype Pollution in lodash",
          "CVE": [
            "CVE-2018-16487"
          ],
          "githubID": "GHSA-4xc9-xhrj-v574"
        },
        "info": [
          "https://github.com/advisories/GHSA-4xc9-xhrj-v574",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-16487",
          "https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad",
          "https://hackerone.com/reports/380873",
          "https://github.com/advisories/GHSA-4xc9-xhrj-v574",
          "https://security.netapp.com/advisory/ntap-20190919-0004/",
          "https://www.npmjs.com/advisories/782"
        ]
      },
      {
        "below": "4.17.11",
        "cwe": [
          "CWE-400"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS) in lodash",
          "CVE": [
            "CVE-2019-1010266"
          ],
          "githubID": "GHSA-x5rq-j2xg-h7qm"
        },
        "info": [
          "https://github.com/advisories/GHSA-x5rq-j2xg-h7qm",
          "https://nvd.nist.gov/vuln/detail/CVE-2019-1010266",
          "https://github.com/lodash/lodash/issues/3359",
          "https://github.com/lodash/lodash/commit/5c08f18d365b64063bfbfa686cbb97cdd6267347",
          "https://github.com/lodash/lodash/wiki/Changelog",
          "https://security.netapp.com/advisory/ntap-20190919-0004/",
          "https://snyk.io/vuln/SNYK-JS-LODASH-73639"
        ]
      },
      {
        "below": "4.17.12",
        "cwe": [
          "CWE-1321",
          "CWE-20"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Prototype Pollution in lodash",
          "CVE": [
            "CVE-2019-10744"
          ],
          "githubID": "GHSA-jf85-cpcp-j695"
        },
        "info": [
          "https://github.com/advisories/GHSA-jf85-cpcp-j695",
          "https://nvd.nist.gov/vuln/detail/CVE-2019-10744",
          "https://github.com/lodash/lodash/pull/4336",
          "https://access.redhat.com/errata/RHSA-2019:3024",
          "https://security.netapp.com/advisory/ntap-20191004-0005/",
          "https://snyk.io/vuln/SNYK-JS-LODASH-450202",
          "https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp;utm_medium=RSS",
          "https://www.npmjs.com/advisories/1065",
          "https://www.oracle.com/security-alerts/cpujan2021.html",
          "https://www.oracle.com/security-alerts/cpuoct2020.html"
        ]
      },
      {
        "atOrAbove": "3.7.0",
        "below": "4.17.19",
        "cwe": [
          "CWE-1321",
          "CWE-770"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Prototype Pollution in lodash",
          "CVE": [
            "CVE-2020-8203"
          ],
          "githubID": "GHSA-p6mc-m468-83gw"
        },
        "info": [
          "https://github.com/advisories/GHSA-p6mc-m468-83gw",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-8203",
          "https://github.com/lodash/lodash/issues/4744",
          "https://github.com/lodash/lodash/issues/4874",
          "https://github.com/github/advisory-database/pull/2884",
          "https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12",
          "https://hackerone.com/reports/712065",
          "https://hackerone.com/reports/864701",
          "https://github.com/lodash/lodash",
          "https://github.com/lodash/lodash/wiki/Changelog#v41719",
          "https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744"
        ]
      },
      {
        "below": "4.17.21",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS) in lodash",
          "CVE": [
            "CVE-2020-28500"
          ],
          "githubID": "GHSA-29mw-wpgm-hmr9"
        },
        "info": [
          "https://github.com/advisories/GHSA-29mw-wpgm-hmr9",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
          "https://github.com/lodash/lodash/pull/5065",
          "https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7",
          "https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a",
          "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
          "https://github.com/lodash/lodash",
          "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8",
          "https://security.netapp.com/advisory/ntap-20210312-0006/",
          "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893",
          "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
          "https://www.oracle.com//security-alerts/cpujul2021.html",
          "https://www.oracle.com/security-alerts/cpujan2022.html",
          "https://www.oracle.com/security-alerts/cpujul2022.html",
          "https://www.oracle.com/security-alerts/cpuoct2021.html"
        ]
      },
      {
        "below": "4.17.21",
        "cwe": [
          "CWE-77",
          "CWE-94"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Command Injection in lodash",
          "CVE": [
            "CVE-2021-23337"
          ],
          "githubID": "GHSA-35jh-r3h4-6jhm"
        },
        "info": [
          "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
          "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c",
          "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
          "https://github.com/lodash/lodash",
          "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851",
          "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851",
          "https://security.netapp.com/advisory/ntap-20210312-0006/",
          "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929",
          "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
          "https://www.oracle.com//security-alerts/cpujul2021.html",
          "https://www.oracle.com/security-alerts/cpujan2022.html",
          "https://www.oracle.com/security-alerts/cpujul2022.html",
          "https://www.oracle.com/security-alerts/cpuoct2021.html"
        ]
      }
    ],
    "extractors": {
      "filecontent": [
        "/\\*[\\s*!]+(?:@license)?[\\s*]+(?:Lo-Dash|lodash|Lodash) v?(§§version§§)[\\s\\S]{1,200}Build: `lodash modern -o",
        "/\\*[\\s*!]+(?:@license)?[\\s*]+(?:Lo-Dash|lodash|Lodash) v?(§§version§§) <",
        "/\\*[\\s*!]+(?:@license)?[\\s*]+(?:Lo-Dash|lodash|Lodash) v?(§§version§§) lodash.com/license",
        "=\"(§§version§§)\"[\\s\\S]{1,300}__lodash_hash_undefined__",
        "/\\*[\\s*]+@license[\\s*]+(?:Lo-Dash|lodhash|Lodash)[\\s\\S]{1,500}var VERSION *= *['\"](§§version§§)['\"]",
        "var VERSION=\"(§§version§§)\";var BIND_FLAG=1,BIND_KEY_FLAG=2,CURRY_BOUND_FLAG=4,CURRY_FLAG=8"
      ],
      "uri": [
        "/(§§version§§)/lodash(\\.min)?\\.js"
      ]
    }
  },
  "ua-parser-js": {
    "vulnerabilities": [
      {
        "atOrAbove": "0",
        "below": "0.7.22",
        "cwe": [
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Regular Expression Denial of Service in ua-parser-js",
          "CVE": [
            "CVE-2020-7733"
          ],
          "githubID": "GHSA-662x-fhqg-9p8v"
        },
        "info": [
          "https://github.com/advisories/GHSA-662x-fhqg-9p8v",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-7733",
          "https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665",
          "https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226",
          "https://www.oracle.com//security-alerts/cpujul2021.html"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "0.7.22",
        "cwe": [
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Regular Expression Denial of Service in ua-parser-js",
          "CVE": [
            "CVE-2020-7733"
          ],
          "githubID": "GHSA-662x-fhqg-9p8v"
        },
        "info": [
          "https://github.com/advisories/GHSA-662x-fhqg-9p8v",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-7733",
          "https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665",
          "https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226",
          "https://www.oracle.com//security-alerts/cpujul2021.html"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "0.7.23",
        "cwe": [
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "ua-parser-js Regular Expression Denial of Service vulnerability",
          "CVE": [
            "CVE-2020-7793"
          ],
          "githubID": "GHSA-394c-5j6w-4xmx"
        },
        "info": [
          "https://github.com/advisories/GHSA-394c-5j6w-4xmx",
          "https://nvd.nist.gov/vuln/detail/CVE-2020-7793",
          "https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18",
          "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-1050388",
          "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050387",
          "https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599"
        ]
      },
      {
        "atOrAbove": "0.7.14",
        "below": "0.7.24",
        "cwe": [
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Regular Expression Denial of Service (ReDoS) in ua-parser-js",
          "CVE": [
            "CVE-2021-27292"
          ],
          "githubID": "GHSA-78cj-fxph-m83p"
        },
        "info": [
          "https://github.com/advisories/GHSA-78cj-fxph-m83p",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-27292",
          "https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566",
          "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14",
          "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76"
        ]
      },
      {
        "atOrAbove": "0.7.29",
        "below": "0.7.30",
        "cwe": [
          "CWE-829",
          "CWE-912"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Embedded malware in ua-parser-js",
          "CVE": [],
          "githubID": "GHSA-pjwm-rvh2-c87w"
        },
        "info": [
          "https://github.com/advisories/GHSA-pjwm-rvh2-c87w",
          "https://github.com/faisalman/ua-parser-js/issues/536",
          "https://github.com/faisalman/ua-parser-js/issues/536#issuecomment-949772496",
          "https://github.com/faisalman/ua-parser-js",
          "https://www.npmjs.com/package/ua-parser-js"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "0.7.33",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "ReDoS Vulnerability in ua-parser-js version",
          "CVE": [
            "CVE-2022-25927"
          ],
          "githubID": "GHSA-fhg7-m89q-25r3"
        },
        "info": [
          "https://github.com/advisories/GHSA-fhg7-m89q-25r3",
          "https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3",
          "https://nvd.nist.gov/vuln/detail/CVE-2022-25927",
          "https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411",
          "https://github.com/faisalman/ua-parser-js",
          "https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450"
        ]
      },
      {
        "atOrAbove": "0.8.0",
        "below": "0.8.1",
        "cwe": [
          "CWE-829",
          "CWE-912"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Embedded malware in ua-parser-js",
          "CVE": [],
          "githubID": "GHSA-pjwm-rvh2-c87w"
        },
        "info": [
          "https://github.com/advisories/GHSA-pjwm-rvh2-c87w",
          "https://github.com/faisalman/ua-parser-js/issues/536",
          "https://github.com/faisalman/ua-parser-js/issues/536#issuecomment-949772496",
          "https://github.com/faisalman/ua-parser-js",
          "https://www.npmjs.com/package/ua-parser-js"
        ]
      },
      {
        "atOrAbove": "1.0.0",
        "below": "1.0.1",
        "cwe": [
          "CWE-829",
          "CWE-912"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "Embedded malware in ua-parser-js",
          "CVE": [],
          "githubID": "GHSA-pjwm-rvh2-c87w"
        },
        "info": [
          "https://github.com/advisories/GHSA-pjwm-rvh2-c87w",
          "https://github.com/faisalman/ua-parser-js/issues/536",
          "https://github.com/faisalman/ua-parser-js/issues/536#issuecomment-949772496",
          "https://github.com/faisalman/ua-parser-js",
          "https://www.npmjs.com/package/ua-parser-js"
        ]
      },
      {
        "atOrAbove": "0.8.0",
        "below": "1.0.33",
        "cwe": [
          "CWE-1333",
          "CWE-400"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "ReDoS Vulnerability in ua-parser-js version",
          "CVE": [
            "CVE-2022-25927"
          ],
          "githubID": "GHSA-fhg7-m89q-25r3"
        },
        "info": [
          "https://github.com/advisories/GHSA-fhg7-m89q-25r3",
          "https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3",
          "https://nvd.nist.gov/vuln/detail/CVE-2022-25927",
          "https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411",
          "https://github.com/faisalman/ua-parser-js",
          "https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/(§§version§§)/ua-parser(.min)?.js"
      ],
      "filecontent": [
        "/\\* UAParser.js v(§§version§§)",
        "/\\*[*!](?:@license)?[\\s]+\\* UAParser.js v(§§version§§)",
        "// UAParser.js v(§§version§§)",
        ".\\.VERSION=\"(§§version§§)\",.\\.BROWSER=\\{NAME:.,MAJOR:\"major\",VERSION:.\\},.\\.CPU=\\{ARCHITECTURE:",
        ".\\.VERSION=\"(§§version§§)\",.\\.BROWSER=.\\(\\[[^\\]]{1,20}\\]\\),.\\.CPU=",
        "LIBVERSION=\"(§§version§§)\",EMPTY=\"\",UNKNOWN=\"\\?\",FUNC_TYPE=\"function\",UNDEF_TYPE=\"undefined\"",
        ".=\"(§§version§§)\",.=\"\",.=\"\\?\",.=\"function\",.=\"undefined\",.=\"object\",(.=\"string\",)?.=\"major\",.=\"model\",.=\"name\",.=\"type\",.=\"vendor\""
      ],
      "func": [
        "UAParser.VERSION",
        "$.ua.version"
      ]
    }
  },
  "mathjax": {
    "vulnerabilities": [
      {
        "atOrAbove": "0",
        "below": "2.7.4",
        "cwe": [
          "CWE-79"
        ],
        "severity": "medium",
        "identifiers": {
          "summary": "Macro in MathJax running untrusted Javascript within a web browser",
          "CVE": [
            "CVE-2018-1999024"
          ],
          "githubID": "GHSA-3c48-6pcv-88rm"
        },
        "info": [
          "https://github.com/advisories/GHSA-3c48-6pcv-88rm",
          "https://nvd.nist.gov/vuln/detail/CVE-2018-1999024",
          "https://github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1",
          "https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html",
          "https://github.com/advisories/GHSA-3c48-6pcv-88rm",
          "https://github.com/mathjax/MathJax"
        ]
      },
      {
        "atOrAbove": "0",
        "below": "999",
        "cwe": [
          "CWE-1333"
        ],
        "severity": "high",
        "identifiers": {
          "summary": "MathJax Regular expression Denial of Service (ReDoS)",
          "CVE": [
            "CVE-2023-39663"
          ],
          "githubID": "GHSA-v638-q856-grg8"
        },
        "info": [
          "https://github.com/advisories/GHSA-v638-q856-grg8",
          "https://nvd.nist.gov/vuln/detail/CVE-2023-39663",
          "https://github.com/mathjax/MathJax/issues/3074"
        ]
      }
    ],
    "extractors": {
      "uri": [
        "/mathjax@(§§version§§)/",
        "/mathjax/(§§version§§)/"
      ],
      "filecontent": [
        "\\.MathJax\\.config\\.startup;{10,100}.\\.VERSION=\"(§§version§§)\"",
        "\\.MathJax=\\{version:\"(§§version§§)\"",
        "MathJax.{0,100}.\\.VERSION=void 0,.\\.VERSION=\"(§§version§§)\"",
        "MathJax\\.version=\"(§§version§§)\";"
      ],
      "func": [
        "MathJax.version"
      ]
    }
  },
  "dont check": {
    "vulnerabilities": [],
    "extractors": {
      "uri": [
        "^http[s]?://(ssl|www).google-analytics.com/ga.js",
        "^http[s]?://apis.google.com/js/plusone.js",
        "^http[s]?://cdn.cxense.com/cx.js"
      ]
    }
  }
}