Update dependency turbo-rails to v2#17
Security Report
The Security Check found 45 vulnerabilities.
| Vulnerability | Severity | Exploit Maturity | EPSS | Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability | |
|---|---|---|---|---|---|---|---|---|---|
CVE-2025-6545Path to dependency file: /package.json Path to vulnerable library: /node_modules/pbkdf2/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.0.tgz -> ❌ pbkdf2-3.1.2.tgz (Vulnerable Library) |
9.3 | Not Defined | 0.2% | Transitive pbkdf2-3.1.2.tgz |
webpack-4.46.0.tgz | Transitive 3.1.3 |
#8 | ||
CVE-2025-9288Path to dependency file: /package.json Path to vulnerable library: /node_modules/sha.js/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.2.1.tgz -> create-hmac-1.1.7.tgz -> ❌ sha.js-2.4.11.tgz (Vulnerable Library) |
9.1 | Not Defined | 0.0% | Transitive sha.js-2.4.11.tgz |
webpack-4.46.0.tgz | Transitive 2.4.12 |
#8 | ||
CVE-2025-9287Path to dependency file: /package.json Path to vulnerable library: /node_modules/cipher-base/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.2.1.tgz -> create-hmac-1.1.7.tgz -> ❌ cipher-base-1.0.4.tgz (Vulnerable Library) |
9.1 | Not Defined | 0.2% | Transitive cipher-base-1.0.4.tgz |
webpack-4.46.0.tgz | Transitive cipher-base - 1.0.4 |
#8 | ||
CVE-2024-48949Path to dependency file: /package.json Path to vulnerable library: /node_modules/elliptic/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.2.1.tgz -> ❌ elliptic-6.5.4.tgz (Vulnerable Library) |
9.1 | Not Defined | 0.1% | Transitive elliptic-6.5.4.tgz |
webpack-4.46.0.tgz | Transitive 6.5.6 |
#8 | ||
CVE-2024-49761Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/rexml-3.2.6.gem Dependency Hierarchy: -> ❌ rexml-3.2.6.gem (Vulnerable Library) |
7.5 | Not Defined | 1.2% | Direct rexml-3.2.6.gem |
rexml-3.2.6.gem | 3.3.9 | #21 | ||
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /node_modules/watchpack/node_modules/braces/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> watchpack-1.7.5.tgz -> chokidar-3.5.3.tgz -> ❌ braces-3.0.2.tgz (Vulnerable Library) |
7.5 | Not Defined | 0.2% | Transitive braces-3.0.2.tgz |
webpack-4.46.0.tgz | Transitive braces - 3.0.3 |
#8 | ||
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /node_modules/braces/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> micromatch-3.1.10.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library) |
7.5 | Not Defined | 0.2% | Transitive braces-2.3.2.tgz |
webpack-4.46.0.tgz | Transitive braces - 3.0.3 |
#8 | ||
CVE-2022-29970Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-2.6.0.gem (Root Library) -> ❌ sinatra-1.0.gem (Vulnerable Library) |
7.5 | Not Defined | 0.5% | Transitive sinatra-1.0.gem |
resque-2.6.0.gem | Transitive 2.2.0 |
None | ||
CVE-2022-29970Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-scheduler-4.10.2.gem (Root Library) -> resque-2.6.0.gem -> ❌ sinatra-1.0.gem (Vulnerable Library) |
7.5 | Not Defined | 0.5% | Transitive sinatra-1.0.gem |
resque-scheduler-4.10.2.gem | Transitive 2.2.0 |
#6 | ||
CVE-2015-5147Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/redcarpet-3.2.3.gem Dependency Hierarchy: -> ❌ redcarpet-3.2.3.gem (Vulnerable Library) |
7.3 | Not Defined | 1.2% | Direct redcarpet-3.2.3.gem |
redcarpet-3.2.3.gem | 3.3.2 | #5 | ||
CVE-2020-11023Path to dependency file: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html Path to vulnerable library: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html Dependency Hierarchy: -> ❌ jquery-1.9.1.min.js (Vulnerable Library) |
6.9 | Proof of concept | 27.7% | Direct jquery-1.9.1.min.js |
jquery-1.9.1.min.js | Replace or update the following files: offset.js, data.js, attributes.js, deprecated.js, selector.js, traversing.js, css.js, testinit.js, localfile.html, core.js, event.js, effects.js, wrap.js, ajax.js, manipulation.js, manipulation.js, dimensions.js, basic.js | None | ||
CVE-2020-11022Path to dependency file: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html Path to vulnerable library: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html Dependency Hierarchy: -> ❌ jquery-1.9.1.min.js (Vulnerable Library) |
6.9 | Proof of concept | 22.5% | Direct jquery-1.9.1.min.js |
jquery-1.9.1.min.js | Replace or update the following files: offset.js, data.js, attributes.js, deprecated.js, selector.js, traversing.js, css.js, testinit.js, localfile.html, core.js, event.js, effects.js, wrap.js, ajax.js, manipulation.js, manipulation.js, dimensions.js, basic.js | None | ||
CVE-2025-6547Path to dependency file: /package.json Path to vulnerable library: /node_modules/pbkdf2/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.0.tgz -> ❌ pbkdf2-3.1.2.tgz (Vulnerable Library) |
6.8 | Not Defined | 0.2% | Transitive pbkdf2-3.1.2.tgz |
webpack-4.46.0.tgz | Transitive 3.1.3 |
#8 | ||
CVE-2020-26298Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/redcarpet-3.2.3.gem Dependency Hierarchy: -> ❌ redcarpet-3.2.3.gem (Vulnerable Library) |
6.8 | Not Defined | 0.3% | Direct redcarpet-3.2.3.gem |
redcarpet-3.2.3.gem | 3.5.1 | #5 | ||
CVE-2023-46234Path to dependency file: /package.json Path to vulnerable library: /node_modules/browserify-sign/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.0.tgz -> ❌ browserify-sign-4.2.1.tgz (Vulnerable Library) |
6.5 | Not Defined | 0.3% | Transitive browserify-sign-4.2.1.tgz |
webpack-4.46.0.tgz | Transitive 4.2.2 |
#8 | ||
CVE-2024-43788Path to dependency file: /package.json Path to vulnerable library: /node_modules/webpack/package.json Dependency Hierarchy: -> ❌ webpack-4.46.0.tgz (Vulnerable Library) |
6.4 | Not Defined | 0.6% | Direct webpack-4.46.0.tgz |
webpack-4.46.0.tgz | 5.94.0 | #8 | ||
CVE-2019-11358Path to dependency file: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html Path to vulnerable library: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html Dependency Hierarchy: -> ❌ jquery-1.9.1.min.js (Vulnerable Library) |
6.1 | Proof of concept | 2.8999999% | Direct jquery-1.9.1.min.js |
jquery-1.9.1.min.js | Replace or update the following files: core.js, core.js | None | ||
CVE-2015-9251Path to dependency file: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html Path to vulnerable library: /vendor/cache/websocket-client-simple-e161305f1a46/sample/webbrowser/index.html Dependency Hierarchy: -> ❌ jquery-1.9.1.min.js (Vulnerable Library) |
6.1 | High | 12.8% | Direct jquery-1.9.1.min.js |
jquery-1.9.1.min.js | Replace or update the following files: script.js, ajax.js, ajax.js | None | ||
CVE-2024-43398Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/rexml-3.2.6.gem Dependency Hierarchy: -> ❌ rexml-3.2.6.gem (Vulnerable Library) |
5.9 | Not Defined | 2.6000001% | Direct rexml-3.2.6.gem |
rexml-3.2.6.gem | 3.3.6 | #21 | ||
CVE-2024-21647Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/puma-6.4.0.gem Dependency Hierarchy: -> ❌ puma-6.4.0.gem (Vulnerable Library) |
5.9 | Not Defined | 1.5% | Direct puma-6.4.0.gem |
puma-6.4.0.gem | 6.4.2 | #9 | ||
CVE-2018-1000119Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-2.6.0.gem (Root Library) -> ❌ sinatra-1.0.gem (Vulnerable Library) |
5.9 | Not Defined | 0.4% | Transitive sinatra-1.0.gem |
resque-2.6.0.gem | Transitive Replace or update the following files: authenticity_token.rb, base.rb |
None | ||
CVE-2018-1000119Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-scheduler-4.10.2.gem (Root Library) -> resque-2.6.0.gem -> ❌ sinatra-1.0.gem (Vulnerable Library) |
5.9 | Not Defined | 0.4% | Transitive sinatra-1.0.gem |
resque-scheduler-4.10.2.gem | Transitive Replace or update the following files: authenticity_token.rb, base.rb |
#6 | ||
CVE-2025-27219Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/cgi-0.4.1.gem Dependency Hierarchy: -> ❌ cgi-0.4.1.gem (Vulnerable Library) |
5.8 | Not Defined | 0.5% | Direct cgi-0.4.1.gem |
cgi-0.4.1.gem | 0.4.2 | None | ||
CVE-2024-32887Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/sidekiq-7.2.0.gem Dependency Hierarchy: -> ❌ sidekiq-7.2.0.gem (Vulnerable Library) |
5.5 | Not Defined | 0.3% | Direct sidekiq-7.2.0.gem |
sidekiq-7.2.0.gem | #20 | |||
CVE-2024-45614Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/puma-6.4.0.gem Dependency Hierarchy: -> ❌ puma-6.4.0.gem (Vulnerable Library) |
5.4 | Not Defined | 0.5% | Direct puma-6.4.0.gem |
puma-6.4.0.gem | 6.4.3 | #9 | ||
CVE-2024-21510Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-2.6.0.gem (Root Library) -> ❌ sinatra-1.0.gem (Vulnerable Library) |
5.4 | Proof of concept | 0.2% | Transitive sinatra-1.0.gem |
resque-2.6.0.gem | Transitive 4.1.0 |
None | ||
CVE-2024-21510Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-scheduler-4.10.2.gem (Root Library) -> resque-2.6.0.gem -> ❌ sinatra-1.0.gem (Vulnerable Library) |
5.4 | Proof of concept | 0.2% | Transitive sinatra-1.0.gem |
resque-scheduler-4.10.2.gem | Transitive 4.1.0 |
#6 | ||
CVE-2024-11831Path to dependency file: /package.json Path to vulnerable library: /node_modules/serialize-javascript/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> terser-webpack-plugin-1.4.5.tgz -> ❌ serialize-javascript-4.0.0.tgz (Vulnerable Library) |
5.4 | Not Defined | 0.70000005% | Transitive serialize-javascript-4.0.0.tgz |
webpack-4.46.0.tgz | Transitive serialize-javascript - 6.0.2 |
#8 | ||
CVE-2025-61921Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-2.6.0.gem (Root Library) -> ❌ sinatra-1.0.gem (Vulnerable Library) |
5.3 | Not Defined | 0.1% | Transitive sinatra-1.0.gem |
resque-2.6.0.gem | Transitive 4.2.0 |
None | ||
CVE-2025-61921Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-scheduler-4.10.2.gem (Root Library) -> resque-2.6.0.gem -> ❌ sinatra-1.0.gem (Vulnerable Library) |
5.3 | Not Defined | 0.1% | Transitive sinatra-1.0.gem |
resque-scheduler-4.10.2.gem | Transitive 4.2.0 |
#6 | ||
CVE-2024-43380Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/fugit-1.9.0.gem Dependency Hierarchy: -> resque-scheduler-4.10.2.gem (Root Library) -> rufus-scheduler-3.9.1.gem -> ❌ fugit-1.9.0.gem (Vulnerable Library) |
5.3 | Not Defined | 0.2% | Transitive fugit-1.9.0.gem |
resque-scheduler-4.10.2.gem | Transitive 1.11.1 |
#6 | ||
CVE-2024-42460Path to dependency file: /package.json Path to vulnerable library: /node_modules/elliptic/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.2.1.tgz -> ❌ elliptic-6.5.4.tgz (Vulnerable Library) |
5.3 | Not Defined | 0.1% | Transitive elliptic-6.5.4.tgz |
webpack-4.46.0.tgz | #8 | |||
CVE-2024-42459Path to dependency file: /package.json Path to vulnerable library: /node_modules/elliptic/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.2.1.tgz -> ❌ elliptic-6.5.4.tgz (Vulnerable Library) |
5.3 | Not Defined | 0.1% | Transitive elliptic-6.5.4.tgz |
webpack-4.46.0.tgz | #8 | |||
CVE-2024-41946Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/rexml-3.2.6.gem Dependency Hierarchy: -> ❌ rexml-3.2.6.gem (Vulnerable Library) |
5.3 | Not Defined | 0.8% | Direct rexml-3.2.6.gem |
rexml-3.2.6.gem | 3.3.2 | #21 | ||
CVE-2024-41123Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/rexml-3.2.6.gem Dependency Hierarchy: -> ❌ rexml-3.2.6.gem (Vulnerable Library) |
5.3 | Not Defined | 0.3% | Direct rexml-3.2.6.gem |
rexml-3.2.6.gem | 3.3.2 | #21 | ||
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/micromatch/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> ❌ micromatch-3.1.10.tgz (Vulnerable Library) |
5.3 | Not Defined | 0.1% | Transitive micromatch-3.1.10.tgz |
webpack-4.46.0.tgz | Transitive 4.0.8 |
#8 | ||
CVE-2024-35176Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/rexml-3.2.6.gem Dependency Hierarchy: -> ❌ rexml-3.2.6.gem (Vulnerable Library) |
5.3 | Not Defined | 6.5% | Direct rexml-3.2.6.gem |
rexml-3.2.6.gem | 3.2.7 | #21 | ||
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /node_modules/semver/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> terser-webpack-plugin-1.4.5.tgz -> find-cache-dir-2.1.0.tgz -> make-dir-2.1.0.tgz -> ❌ semver-5.7.1.tgz (Vulnerable Library) |
5.3 | Proof of concept | 0.3% | Transitive semver-5.7.1.tgz |
webpack-4.46.0.tgz | Transitive 5.7.2 |
#8 | ||
CVE-2020-28469Path to dependency file: /package.json Path to vulnerable library: /node_modules/glob-parent/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> watchpack-1.7.5.tgz -> watchpack-chokidar2-2.0.1.tgz -> chokidar-2.1.8.tgz -> ❌ glob-parent-3.1.0.tgz (Vulnerable Library) |
5.3 | Not Defined | 0.9% | Transitive glob-parent-3.1.0.tgz |
webpack-4.46.0.tgz | Transitive 5.1.2 |
#8 | ||
CVE-2018-7212Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-2.6.0.gem (Root Library) -> ❌ sinatra-1.0.gem (Vulnerable Library) |
5.3 | Not Defined | 0.3% | Transitive sinatra-1.0.gem |
resque-2.6.0.gem | Transitive 2.0.1 |
None | ||
CVE-2018-7212Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/sinatra-1.0.gem Dependency Hierarchy: -> resque-scheduler-4.10.2.gem (Root Library) -> resque-2.6.0.gem -> ❌ sinatra-1.0.gem (Vulnerable Library) |
5.3 | Not Defined | 0.3% | Transitive sinatra-1.0.gem |
resque-scheduler-4.10.2.gem | Transitive 2.0.1 |
#6 | ||
CVE-2024-48948Path to dependency file: /package.json Path to vulnerable library: /node_modules/elliptic/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.0.tgz -> browserify-sign-4.2.1.tgz -> ❌ elliptic-6.5.4.tgz (Vulnerable Library) |
4.8 | Not Defined | 0.1% | Transitive elliptic-6.5.4.tgz |
webpack-4.46.0.tgz | Transitive elliptic - 6.6.0 |
#8 | ||
CVE-2024-39908Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/rexml-3.2.6.gem Dependency Hierarchy: -> ❌ rexml-3.2.6.gem (Vulnerable Library) |
4.3 | Not Defined | 6.3% | Direct rexml-3.2.6.gem |
rexml-3.2.6.gem | 3.3.2 | #21 | ||
CVE-2025-27220Path to dependency file: /Gemfile.lock Path to vulnerable library: /vendor/cache/cgi-0.4.1.gem Dependency Hierarchy: -> ❌ cgi-0.4.1.gem (Vulnerable Library) |
4.0 | Not Defined | 0.3% | Direct cgi-0.4.1.gem |
cgi-0.4.1.gem | 0.4.2 | None | ||
CVE-2025-5889Path to dependency file: /package.json Path to vulnerable library: /node_modules/brace-expansion/package.json Dependency Hierarchy: -> webpack-4.46.0.tgz (Root Library) -> terser-webpack-plugin-1.4.5.tgz -> cacache-12.0.4.tgz -> glob-7.2.3.tgz -> minimatch-3.1.2.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library) |
3.1 | Proof of concept | 0.0% | Transitive brace-expansion-1.1.11.tgz |
webpack-4.46.0.tgz | Transitive 1.1.12 |
#8 |
Total libraries scanned: 518
Scan token: d44952da37204e3ba11c8e3f8aac27e7