Update dependency express-session to v1.18.2 by dev-mend-for-github-com[bot] · Pull Request #40 · MuhammadAEws/VulnerableJs

Security Report

You have successfully remediated 1 vulnerabilities, but introduced 4 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability	Severity	CVSS Score	Vulnerable Library	Direct Library	Suggested Fix	Issue
CVE-616547-419802 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> express-session-1.18.2.tgz (Root Library) -> ❌ parseurl-1.3.3.tgz (Vulnerable Library)	Critical	9.8	`Transitive` parseurl-1.3.3.tgz	express-session-1.18.2.tgz		None
CVE-398484-724968 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> core-7.23.2.tgz (Root Library) -> debug-4.4.3.tgz -> ❌ ms-2.1.3.tgz (Vulnerable Library)	Critical	9.8	`Transitive` ms-2.1.3.tgz	core-7.23.2.tgz		None
CVE-2026-41239 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ dompurify-2.5.9.tgz (Vulnerable Library)	Medium	6.8	`Direct` dompurify-2.5.9.tgz	dompurify-2.5.9.tgz	3.4.0	None
CVE-2026-41240 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ dompurify-2.5.9.tgz (Vulnerable Library)	Medium	6.5	`Direct` dompurify-2.5.9.tgz	dompurify-2.5.9.tgz	3.4.0	None

✔️ Remediated vulnerabilities:

Vulnerability	Vulnerable Library
CVE-2025-7339	on-headers-1.0.1.tgz

Base branch total remaining vulnerabilities: 84
Base branch commit: 716fe17b8d26ad794de274101da05107a712797c

Total libraries scanned: 423

Scan token: db9c71955a7249ea869506ed17efe935

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency express-session to v1.18.2#40

Update dependency express-session to v1.18.2#40
dev-mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/express-session-1.x-lockfile

Uh oh!

Security Report

Re-running checks...