├─ fast-xml-parser
│ ├─ ID: 1116957
│ ├─ Issue: fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters
│ ├─ URL: https://github.com/advisories/GHSA-gh4j-gqv2-49f6
│ ├─ Severity: moderate
│ ├─ Vulnerable Versions: <5.7.0
│ │
│ ├─ Tree Versions
│ │ └─ 5.5.7
│ │
│ └─ Dependents
│ └─ @metamask/snaps-utils@npm:12.2.0
│
├─ uuid
│ ├─ ID: 1116970
│ ├─ Issue: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided
│ ├─ URL: https://github.com/advisories/GHSA-w5hq-g745-h8pq
│ ├─ Severity: moderate
│ ├─ Vulnerable Versions: <14.0.0
│ │
│ ├─ Tree Versions
│ │ ├─ 3.2.1
│ │ ├─ 3.4.0
│ │ ├─ 8.3.2
│ │ └─ 9.0.1
│ │
│ └─ Dependents
│ ├─ @metamask/account-api@npm:1.0.0
│ ├─ istanbul-lib-processinfo@npm:2.0.2
│ ├─ metamask-crx@workspace:.
│ └─ socketcluster-client@npm:14.3.2
│
2 new advisories detected on push to
main(2 release-blocking).CI run: https://github.com/MetaMask/metamask-extension/actions/runs/24799641903
Release-blocking (production, moderate+)
GHSA-w5hq-g745-h8pq
GHSA-gh4j-gqv2-49f6
Native audit tree