Update dependency underscore to v1.12.1 by dev-mend-for-github-com[bot] · Pull Request #19 · MuhammadAEws/VulnerableJs

Security Report

You have successfully remediated 1 vulnerabilities, but introduced 3 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability	Severity	CVSS Score	Vulnerable Library	Direct Library	Suggested Fix	Issue
CVE-398484-724968 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> core-7.23.2.tgz (Root Library) -> debug-4.4.3.tgz -> ❌ ms-2.1.3.tgz (Vulnerable Library)	Critical	9.8	`Transitive` ms-2.1.3.tgz	core-7.23.2.tgz		None
CVE-2026-41239 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ dompurify-2.5.9.tgz (Vulnerable Library)	Medium	6.8	`Direct` dompurify-2.5.9.tgz	dompurify-2.5.9.tgz	3.4.0	None
CVE-2026-41240 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ dompurify-2.5.9.tgz (Vulnerable Library)	Medium	6.5	`Direct` dompurify-2.5.9.tgz	dompurify-2.5.9.tgz	3.4.0	None

✔️ Remediated vulnerabilities:

Vulnerability	Vulnerable Library
CVE-2021-23358	underscore-1.9.1.tgz

Base branch total remaining vulnerabilities: 84
Base branch commit: 716fe17b8d26ad794de274101da05107a712797c

Total libraries scanned: 420

Scan token: 9c768d81c32745a29d69652b820d7ade

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency underscore to v1.12.1#19

Update dependency underscore to v1.12.1#19
dev-mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/underscore-1.x-lockfile

Uh oh!

Security Report

Re-running checks...