Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Testing

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
@angular/animations:^15.0.2pkg:npm/%40angular%2Fanimations@%5E15.0.2 03
@angular/cdk:^15.0.1pkg:npm/%40angular%2Fcdk@%5E15.0.1 03
@angular/common:^15.0.2pkg:npm/%40angular%2Fcommon@%5E15.0.2 03
@angular/compiler:^15.0.2pkg:npm/%40angular%2Fcompiler@%5E15.0.2 03
@angular/core:^15.0.2pkg:npm/%40angular%2Fcore@%5E15.0.2 03
@angular/forms:^15.0.2pkg:npm/%40angular%2Fforms@%5E15.0.2 03
@angular/material:^15.0.1pkg:npm/%40angular%2Fmaterial@%5E15.0.1 03
@angular/platform-browser-dynamic:^15.0.2pkg:npm/%40angular%2Fplatform-browser-dynamic@%5E15.0.2 03
@angular/platform-browser:^15.0.2pkg:npm/%40angular%2Fplatform-browser@%5E15.0.2 03
@angular/router:^15.0.2pkg:npm/%40angular%2Frouter@%5E15.0.2 03
@lottiefiles/lottie-player:^1.4.0pkg:npm/%40lottiefiles%2Flottie-player@%5E1.4.0 03
@types/node-forge:^1.3.11pkg:npm/%40types%2Fnode-forge@%5E1.3.11 03
Newtonsoft.Json.dllcpe:2.3:a:newtonsoft:json.net:13.0.3:*:*:*:*:*:*:*pkg:generic/Newtonsoft.Json@13.0.3 0Low15
SonarScanner.MSBuild.Common.dllpkg:generic/SonarScanner.MSBuild.Common@6.1.0.83647 017
SonarScanner.MSBuild.Tasks.dllcpe:2.3:a:tasks:tasks:6.1.0.83647:*:*:*:*:*:*:*pkg:generic/SonarScanner.MSBuild.Tasks@6.1.0.83647MEDIUM2Low15
axios:^1.4.0cpe:2.3:a:axios:axios:1.4.0:*:*:*:*:*:*:*pkg:npm/axios@%5E1.4.0HIGH1Highest3
create_branch.js 00
dayjs:^1.11.9pkg:npm/dayjs@%5E1.11.9 03
delete_branches.js 00
dom-to-image:^2.6.0pkg:npm/dom-to-image@%5E2.6.0 03
is-online:^10.0.0pkg:npm/is-online@%5E10.0.0 03
jsencrypt:^3.3.1pkg:npm/jsencrypt@%5E3.3.1 03
jspdf:^2.4.0pkg:npm/jspdf@%5E2.4.0 03
karma.conf.js 00
ngx-countdown:^13.0.0pkg:npm/ngx-countdown@%5E13.0.0 03
ngx-currency:^2.5.3pkg:npm/ngx-currency@%5E2.5.3 03
ngx-lottie:^7.0.3pkg:npm/ngx-lottie@%5E7.0.3 03
ngx-mask:^12.0.0pkg:npm/ngx-mask@%5E12.0.0 03
package.json 00
rxjs:~6.6.0pkg:npm/rxjs@~6.6.0 03
simple-s3-deploy:^1.1.0pkg:npm/simple-s3-deploy@%5E1.1.0 03
timezone:^1.0.23pkg:npm/timezone@%5E1.0.23 03
tslib:^2.2.0pkg:npm/tslib@%5E2.2.0 03
typingsInstaller.js 00
utc:^0.1.0pkg:npm/utc@%5E0.1.0 03
watchGuard.js 00
zone.js:~0.11.4pkg:npm/zone.js@~0.11.4 03

Dependencies (vulnerable)

@angular/animations:^15.0.2

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\@angular\animations:^15.0.2

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

@angular/cdk:^15.0.1

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\@angular\cdk:^15.0.1

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

@angular/common:^15.0.2

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\@angular\common:^15.0.2

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

@angular/compiler:^15.0.2

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\@angular\compiler:^15.0.2

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

@angular/core:^15.0.2

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\@angular\core:^15.0.2

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

@angular/forms:^15.0.2

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\@angular\forms:^15.0.2

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

@angular/material:^15.0.1

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\@angular\material:^15.0.1

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

@angular/platform-browser-dynamic:^15.0.2

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\@angular\platform-browser-dynamic:^15.0.2

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

@angular/platform-browser:^15.0.2

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\@angular\platform-browser:^15.0.2

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

@angular/router:^15.0.2

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\@angular\router:^15.0.2

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

@lottiefiles/lottie-player:^1.4.0

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\@lottiefiles\lottie-player:^1.4.0

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

@types/node-forge:^1.3.11

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\@types\node-forge:^1.3.11

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

Newtonsoft.Json.dll

Description:

Json.NET .NET Standard 2.0

Json.NET is a popular high-performance JSON framework for .NET

File Path: D:\Auropayrepos\AngularPaymentForm\.sonarqube\bin\Newtonsoft.Json.dll
MD5: bbe7bab7d62fff428929222396154324
SHA1: 142b1f67c392c48bc36d664cdaead35cf00ef209
SHA256:8c1dd5c184b4e2e7ead06971ff3ebcb46783be972292d1deb1061744369b4d80

Identifiers

SonarScanner.MSBuild.Common.dll

Description:

SonarScanner.MSBuild.Common

File Path: D:\Auropayrepos\AngularPaymentForm\.sonarqube\bin\SonarScanner.MSBuild.Common.dll
MD5: 638176ed2b26d5dc9bb235369e64ee47
SHA1: fdfa15ce9bc7db4e31fbae1110dd3e93748ba081
SHA256:59411967838149b3ef121cb6f51faf2cb59ac58e6d1a3fd4061d7cfcddade25b

Identifiers

SonarScanner.MSBuild.Tasks.dll

Description:

SonarScanner.MSBuild.Tasks

File Path: D:\Auropayrepos\AngularPaymentForm\.sonarqube\bin\SonarScanner.MSBuild.Tasks.dll
MD5: a1e7ea5f4cee21609b26391b88408ee0
SHA1: 3b5b7c413b9086a1c8fcdba384642da437b96600
SHA256:2024b5c55140da0bb83378fc218e4f48f48e26b49000eb26435e7cf4e2cdd919

Identifiers

CVE-2020-22475  

"Tasks" application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions.
CWE-276 Incorrect Default Permissions

CVSSv3:
  • Base Score: MEDIUM (6.8)
  • Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:0.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2022-39349  

The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachments, in which case the files pointed by those paths are copied in the app's external storage directory. Prior to versions 12.7.1 and 13.0.1, those paths were not validated, allowing a malicious or compromised application in the same device to force Tasks.org to copy files from its internal storage to its external storage directory, where they became accessible to any component with permission to read the external storage. This vulnerability can lead to sensitive information disclosure. All information in the user's notes and the app's preferences, including the encrypted credentials of CalDav integrations if enabled, could be accessed by third party applications installed on the same device. This issue was fixed in versions 12.7.1 and 13.0.1. There are no known workarounds.
CWE-668 Exposure of Resource to Wrong Sphere, CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

axios:^1.4.0

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\axios:^1.4.0

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

CVE-2024-39338  

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
CWE-918 Server-Side Request Forgery (SSRF)

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

create_branch.js

File Path: D:\Auropayrepos\AngularPaymentForm\scripts\create_branch.js
MD5: ece4a4abebf8e460141e819f4f133d3e
SHA1: 94e6f438d94dd18caa708e30348fa9f988263f4e
SHA256:5d1adf2e9b455c539425504d48da51618c4ce962dacd962ee3fbb86b58c574ab

Identifiers

  • None

dayjs:^1.11.9

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\dayjs:^1.11.9

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

delete_branches.js

File Path: D:\Auropayrepos\AngularPaymentForm\scripts\delete_branches.js
MD5: 658203a3380f9691415089f4af5ca5da
SHA1: 0d0b9436d8f13358d98ed6ec710c441391b197fc
SHA256:44bc1411974056fd904b6f35362cd3fb2646a2296c6715e4ad32d109876d0683

Identifiers

  • None

dom-to-image:^2.6.0

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\dom-to-image:^2.6.0

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

is-online:^10.0.0

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\is-online:^10.0.0

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

jsencrypt:^3.3.1

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\jsencrypt:^3.3.1

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

jspdf:^2.4.0

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\jspdf:^2.4.0

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

karma.conf.js

File Path: D:\Auropayrepos\AngularPaymentForm\karma.conf.js
MD5: 30f1d935f818d6a856f9bae88275340e
SHA1: 8125d391ae717863f0a47b30b8e108899feb5308
SHA256:639d3bffc68b9d3b45f52f3dfc7231200091051efeea0f8c9a653536f9dc507f

Identifiers

  • None

ngx-countdown:^13.0.0

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\ngx-countdown:^13.0.0

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

ngx-currency:^2.5.3

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\ngx-currency:^2.5.3

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

ngx-lottie:^7.0.3

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\ngx-lottie:^7.0.3

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

ngx-mask:^12.0.0

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\ngx-mask:^12.0.0

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

package.json

File Path: D:\Auropayrepos\AngularPaymentForm\package.json
MD5: a1128b8ebaaf44eb6af745793aae3c09
SHA1: e812ac27f142ef0bcf4ed2a89535dfcab3e2ca11
SHA256:663b3fafe9db6b9ae4ce055930a41bdeb4167d4d2c421d8df85153926970c43c

Identifiers

  • None

rxjs:~6.6.0

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\rxjs:~6.6.0

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

simple-s3-deploy:^1.1.0

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\simple-s3-deploy:^1.1.0

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

timezone:^1.0.23

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\timezone:^1.0.23

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

tslib:^2.2.0

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\tslib:^2.2.0

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

typingsInstaller.js

File Path: D:\Auropayrepos\AngularPaymentForm\node_modules\.staging\typescript-08886b46\lib\typingsInstaller.js
MD5: e6b2477a06b69f430ff710ed6ff03ba7
SHA1: eaad5eb131d959e295c52c7d7e5c70315d216f8f
SHA256:b3b8e676c8b6ecebfd52b9070db228964a1af14fd63ffd9015846d55c3ce0057

Identifiers

  • None

utc:^0.1.0

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\utc:^0.1.0

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers

watchGuard.js

File Path: D:\Auropayrepos\AngularPaymentForm\node_modules\.staging\typescript-08886b46\lib\watchGuard.js
MD5: ad2d713140ccf42dca8dea6c9fcce483
SHA1: 289ff4c23a5fd3bcd2e03f48ef9d0e35f78d0e02
SHA256:b6c3f1afc4a48a25b50fd0b8792a0a9bba8db3d0fc831dc485b8f5899d150400

Identifiers

  • None

zone.js:~0.11.4

File Path: D:\Auropayrepos\AngularPaymentForm\package.json?\zone.js:~0.11.4

Referenced In Project/Scope: angular-paymentform:0.0.0

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.