https
GET
api.github.com
None
/orgs/BeaverSoftware/dependabot/alerts
{'Authorization': 'Basic login_and_password_removed', 'User-Agent': 'PyGithub/Python'}
None
200
[('Server', 'GitHub.com'), ('Date', 'Sun, 21 Jan 2024 02:20:14 GMT'), ('Content-Type', 'application/json; charset=utf-8'), ('Transfer-Encoding', 'chunked'), ('Cache-Control', 'private, max-age=60, s-maxage=60'), ('Vary', 'Accept, Authorization, Cookie, X-GitHub-OTP, Accept-Encoding, Accept, X-Requested-With'), ('ETag', 'W/"74ba6d05fb05fb4f70f9ad25bca9c224fe842693d02a6337fee2a3edf75e3ea5"'), ('Last-Modified', 'Sun, 21 Jan 2024 01:41:18 GMT'), ('X-OAuth-Scopes', 'admin:repo_hook, repo, workflow, write:packages'), ('X-Accepted-OAuth-Scopes', 'public_repo, repo, security_events'), ('github-authentication-token-expiration', '2024-04-19 16:30:08 UTC'), ('X-GitHub-Media-Type', 'github.v3; format=json'), ('x-github-api-version-selected', '2022-11-28'), ('X-RateLimit-Limit', '5000'), ('X-RateLimit-Remaining', '4963'), ('X-RateLimit-Reset', '1705804700'), ('X-RateLimit-Used', '37'), ('X-RateLimit-Resource', 'core'), ('Access-Control-Expose-Headers', 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset'), ('Access-Control-Allow-Origin', '*'), ('Strict-Transport-Security', 'max-age=31536000; includeSubdomains; preload'), ('X-Frame-Options', 'deny'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '0'), ('Referrer-Policy', 'origin-when-cross-origin, strict-origin-when-cross-origin'), ('Content-Security-Policy', "default-src 'none'"), ('Content-Encoding', 'gzip'), ('X-GitHub-Request-Id', '91C4:8C58:9B0B6C1:14060D4E:65AC7F5D')]
[{"number":1,"state":"open","dependency":{"package":{"ecosystem":"pip","name":"jinja2"},"manifest_path":"requirements/docs.txt","scope":"runtime"},"security_advisory":{"ghsa_id":"GHSA-h5c8-rqwp-cp95","cve_id":"CVE-2024-22195","summary":"Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter","description":"The `xmlattr` filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. Note that accepting keys as user input is not common or a particularly intended use case of the `xmlattr` filter, and an application doing so should already be verifying what keys are provided regardless of this fix.","severity":"medium","identifiers":[{"value":"GHSA-h5c8-rqwp-cp95","type":"GHSA"},{"value":"CVE-2024-22195","type":"CVE"}],"references":[{"url":"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22195"},{"url":"https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7"},{"url":"https://github.com/pallets/jinja/releases/tag/3.1.3"},{"url":"https://github.com/advisories/GHSA-h5c8-rqwp-cp95"}],"published_at":"2024-01-11T15:20:48Z","updated_at":"2024-01-11T15:20:50Z","withdrawn_at":null,"vulnerabilities":[{"package":{"ecosystem":"pip","name":"jinja2"},"severity":"medium","vulnerable_version_range":"< 3.1.3","first_patched_version":{"identifier":"3.1.3"}}],"cvss":{"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","score":5.4},"cwes":[{"cwe_id":"CWE-79","name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]},"security_vulnerability":{"package":{"ecosystem":"pip","name":"jinja2"},"severity":"medium","vulnerable_version_range":"< 3.1.3","first_patched_version":{"identifier":"3.1.3"}},"url":"https://api.github.com/repos/BeaverSoftware/PyGithub/dependabot/alerts/1","html_url":"https://github.com/BeaverSoftware/PyGithub/security/dependabot/1","created_at":"2024-01-21T01:41:18Z","updated_at":"2024-01-21T01:41:18Z","dismissed_at":null,"dismissed_by":null,"dismissed_reason":null,"dismissed_comment":null,"fixed_at":null,"auto_dismissed_at":null,"repository":{"id":746080753,"node_id":"R_kgDOLHhJ8Q","name":"PyGithub","full_name":"BeaverSoftware/PyGithub","private":false,"owner":{"login":"BeaverSoftware","id":138729970,"node_id":"O_kgDOCETZ8g","avatar_url":"https://avatars.githubusercontent.com/u/138729970?v=4","gravatar_id":"","url":"https://api.github.com/users/BeaverSoftware","html_url":"https://github.com/BeaverSoftware","followers_url":"https://api.github.com/users/BeaverSoftware/followers","following_url":"https://api.github.com/users/BeaverSoftware/following{/other_user}","gists_url":"https://api.github.com/users/BeaverSoftware/gists{/gist_id}","starred_url":"https://api.github.com/users/BeaverSoftware/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/BeaverSoftware/subscriptions","organizations_url":"https://api.github.com/users/BeaverSoftware/orgs","repos_url":"https://api.github.com/users/BeaverSoftware/repos","events_url":"https://api.github.com/users/BeaverSoftware/events{/privacy}","received_events_url":"https://api.github.com/users/BeaverSoftware/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/BeaverSoftware/PyGithub","description":"Typed interactions with the GitHub API v3","fork":true,"url":"https://api.github.com/repos/BeaverSoftware/PyGithub","forks_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/forks","keys_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/keys{/key_id}","collaborators_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/teams","hooks_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/hooks","issue_events_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/issues/events{/number}","events_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/events","assignees_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/assignees{/user}","branches_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/branches{/branch}","tags_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/tags","blobs_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/git/refs{/sha}","trees_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/git/trees{/sha}","statuses_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/statuses/{sha}","languages_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/languages","stargazers_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/stargazers","contributors_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/contributors","subscribers_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/subscribers","subscription_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/subscription","commits_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/commits{/sha}","git_commits_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/git/commits{/sha}","comments_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/comments{/number}","issue_comment_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/issues/comments{/number}","contents_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/contents/{+path}","compare_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/compare/{base}...{head}","merges_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/merges","archive_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/downloads","issues_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/issues{/number}","pulls_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/pulls{/number}","milestones_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/milestones{/number}","notifications_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/labels{/name}","releases_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/releases{/id}","deployments_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/deployments"}},{"number":7,"state":"open","dependency":{"package":{"ecosystem":"npm","name":"follow-redirects"},"manifest_path":"package-lock.json","scope":"runtime"},"security_advisory":{"ghsa_id":"GHSA-jchw-25xp-jwwc","cve_id":"CVE-2023-26159","summary":"Follow Redirects improperly handles URLs in the url.parse() function","description":"Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.","severity":"medium","identifiers":[{"value":"GHSA-jchw-25xp-jwwc","type":"GHSA"},{"value":"CVE-2023-26159","type":"CVE"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26159"},{"url":"https://github.com/follow-redirects/follow-redirects/issues/235"},{"url":"https://github.com/follow-redirects/follow-redirects/pull/236"},{"url":"https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137"},{"url":"https://github.com/follow-redirects/follow-redirects/commit/7a6567e16dfa9ad18a70bfe91784c28653fbf19d"},{"url":"https://github.com/advisories/GHSA-jchw-25xp-jwwc"}],"published_at":"2024-01-02T06:30:30Z","updated_at":"2024-01-09T19:03:25Z","withdrawn_at":null,"vulnerabilities":[{"package":{"ecosystem":"npm","name":"follow-redirects"},"severity":"medium","vulnerable_version_range":"< 1.15.4","first_patched_version":{"identifier":"1.15.4"}}],"cvss":{"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","score":6.1},"cwes":[{"cwe_id":"CWE-20","name":"Improper Input Validation"},{"cwe_id":"CWE-601","name":"URL Redirection to Untrusted Site ('Open Redirect')"}]},"security_vulnerability":{"package":{"ecosystem":"npm","name":"follow-redirects"},"severity":"medium","vulnerable_version_range":"< 1.15.4","first_patched_version":{"identifier":"1.15.4"}},"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/dependabot/alerts/7","html_url":"https://github.com/BeaverSoftware/opensource-management-portal/security/dependabot/7","created_at":"2024-01-21T01:29:52Z","updated_at":"2024-01-21T01:29:52Z","dismissed_at":null,"dismissed_by":null,"dismissed_reason":null,"dismissed_comment":null,"fixed_at":null,"auto_dismissed_at":null,"repository":{"id":682315953,"node_id":"R_kgDOKKtQsQ","name":"opensource-management-portal","full_name":"BeaverSoftware/opensource-management-portal","private":false,"owner":{"login":"BeaverSoftware","id":138729970,"node_id":"O_kgDOCETZ8g","avatar_url":"https://avatars.githubusercontent.com/u/138729970?v=4","gravatar_id":"","url":"https://api.github.com/users/BeaverSoftware","html_url":"https://github.com/BeaverSoftware","followers_url":"https://api.github.com/users/BeaverSoftware/followers","following_url":"https://api.github.com/users/BeaverSoftware/following{/other_user}","gists_url":"https://api.github.com/users/BeaverSoftware/gists{/gist_id}","starred_url":"https://api.github.com/users/BeaverSoftware/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/BeaverSoftware/subscriptions","organizations_url":"https://api.github.com/users/BeaverSoftware/orgs","repos_url":"https://api.github.com/users/BeaverSoftware/repos","events_url":"https://api.github.com/users/BeaverSoftware/events{/privacy}","received_events_url":"https://api.github.com/users/BeaverSoftware/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/BeaverSoftware/opensource-management-portal","description":"Microsoft's monolithic, opinionated Open Source Management Portal enabling enterprise scale self-service powered by the GitHub API 🏔🧑‍💻🧰","fork":true,"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal","forks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/forks","keys_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/keys{/key_id}","collaborators_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/teams","hooks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/hooks","issue_events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/events{/number}","events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/events","assignees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/assignees{/user}","branches_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/branches{/branch}","tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/tags","blobs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/refs{/sha}","trees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/trees{/sha}","statuses_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/statuses/{sha}","languages_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/languages","stargazers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/stargazers","contributors_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contributors","subscribers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscribers","subscription_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscription","commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/commits{/sha}","git_commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/commits{/sha}","comments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/comments{/number}","issue_comment_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/comments{/number}","contents_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contents/{+path}","compare_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/compare/{base}...{head}","merges_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/merges","archive_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/downloads","issues_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues{/number}","pulls_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/pulls{/number}","milestones_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/milestones{/number}","notifications_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/labels{/name}","releases_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/releases{/id}","deployments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/deployments"}},{"number":6,"state":"open","dependency":{"package":{"ecosystem":"npm","name":"axios"},"manifest_path":"package-lock.json","scope":"runtime"},"security_advisory":{"ghsa_id":"GHSA-wf5p-g6vw-rhxx","cve_id":"CVE-2023-45857","summary":"Axios Cross-Site Request Forgery Vulnerability","description":"An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.","severity":"medium","identifiers":[{"value":"GHSA-wf5p-g6vw-rhxx","type":"GHSA"},{"value":"CVE-2023-45857","type":"CVE"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45857"},{"url":"https://github.com/axios/axios/issues/6006"},{"url":"https://github.com/axios/axios/issues/6022"},{"url":"https://github.com/axios/axios/pull/6028"},{"url":"https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0"},{"url":"https://github.com/axios/axios/releases/tag/v1.6.0"},{"url":"https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459"},{"url":"https://github.com/advisories/GHSA-wf5p-g6vw-rhxx"}],"published_at":"2023-11-08T21:30:37Z","updated_at":"2023-11-16T19:59:09Z","withdrawn_at":null,"vulnerabilities":[{"package":{"ecosystem":"npm","name":"axios"},"severity":"medium","vulnerable_version_range":">= 0.8.1, < 1.6.0","first_patched_version":{"identifier":"1.6.0"}}],"cvss":{"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","score":6.5},"cwes":[{"cwe_id":"CWE-352","name":"Cross-Site Request Forgery (CSRF)"}]},"security_vulnerability":{"package":{"ecosystem":"npm","name":"axios"},"severity":"medium","vulnerable_version_range":">= 0.8.1, < 1.6.0","first_patched_version":{"identifier":"1.6.0"}},"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/dependabot/alerts/6","html_url":"https://github.com/BeaverSoftware/opensource-management-portal/security/dependabot/6","created_at":"2024-01-21T01:29:52Z","updated_at":"2024-01-21T01:29:52Z","dismissed_at":null,"dismissed_by":null,"dismissed_reason":null,"dismissed_comment":null,"fixed_at":null,"auto_dismissed_at":null,"repository":{"id":682315953,"node_id":"R_kgDOKKtQsQ","name":"opensource-management-portal","full_name":"BeaverSoftware/opensource-management-portal","private":false,"owner":{"login":"BeaverSoftware","id":138729970,"node_id":"O_kgDOCETZ8g","avatar_url":"https://avatars.githubusercontent.com/u/138729970?v=4","gravatar_id":"","url":"https://api.github.com/users/BeaverSoftware","html_url":"https://github.com/BeaverSoftware","followers_url":"https://api.github.com/users/BeaverSoftware/followers","following_url":"https://api.github.com/users/BeaverSoftware/following{/other_user}","gists_url":"https://api.github.com/users/BeaverSoftware/gists{/gist_id}","starred_url":"https://api.github.com/users/BeaverSoftware/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/BeaverSoftware/subscriptions","organizations_url":"https://api.github.com/users/BeaverSoftware/orgs","repos_url":"https://api.github.com/users/BeaverSoftware/repos","events_url":"https://api.github.com/users/BeaverSoftware/events{/privacy}","received_events_url":"https://api.github.com/users/BeaverSoftware/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/BeaverSoftware/opensource-management-portal","description":"Microsoft's monolithic, opinionated Open Source Management Portal enabling enterprise scale self-service powered by the GitHub API 🏔🧑‍💻🧰","fork":true,"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal","forks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/forks","keys_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/keys{/key_id}","collaborators_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/teams","hooks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/hooks","issue_events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/events{/number}","events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/events","assignees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/assignees{/user}","branches_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/branches{/branch}","tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/tags","blobs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/refs{/sha}","trees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/trees{/sha}","statuses_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/statuses/{sha}","languages_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/languages","stargazers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/stargazers","contributors_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contributors","subscribers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscribers","subscription_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscription","commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/commits{/sha}","git_commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/commits{/sha}","comments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/comments{/number}","issue_comment_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/comments{/number}","contents_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contents/{+path}","compare_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/compare/{base}...{head}","merges_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/merges","archive_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/downloads","issues_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues{/number}","pulls_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/pulls{/number}","milestones_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/milestones{/number}","notifications_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/labels{/name}","releases_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/releases{/id}","deployments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/deployments"}},{"number":5,"state":"open","dependency":{"package":{"ecosystem":"npm","name":"@babel/traverse"},"manifest_path":"package-lock.json","scope":"development"},"security_advisory":{"ghsa_id":"GHSA-67hx-6x53-jw92","cve_id":"CVE-2023-45133","summary":"Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code","description":"### Impact\n\nUsing Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods.\n\nKnown affected plugins are:\n- `@babel/plugin-transform-runtime`\n- `@babel/preset-env` when using its [`useBuiltIns`](https://babeljs.io/docs/babel-preset-env#usebuiltins) option\n- Any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`\n\nNo other plugins under the `@babel/` namespace are impacted, but third-party plugins might be.\n\n**Users that only compile trusted code are not impacted.**\n\n### Patches\n\nThe vulnerability has been fixed in `@babel/traverse@7.23.2`.\n\nBabel 6 does not receive security fixes anymore (see [Babel's security policy](https://github.com/babel/babel/security/policy)), hence there is no patch planned for `babel-traverse@6`.\n\n### Workarounds\n\n- Upgrade `@babel/traverse` to v7.23.2 or higher. You can do this by deleting it from your package manager's lockfile and re-installing the dependencies. `@babel/core` >=7.23.2 will automatically pull in a non-vulnerable version.\n- If you cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above, upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions:\n  - `@babel/plugin-transform-runtime` v7.23.2\n  - `@babel/preset-env` v7.23.2\n  - `@babel/helper-define-polyfill-provider` v0.4.3\n  - `babel-plugin-polyfill-corejs2` v0.4.6\n  - `babel-plugin-polyfill-corejs3` v0.8.5\n  - `babel-plugin-polyfill-es-shims` v0.10.0\n  - `babel-plugin-polyfill-regenerator` v0.5.3","severity":"critical","identifiers":[{"value":"GHSA-67hx-6x53-jw92","type":"GHSA"},{"value":"CVE-2023-45133","type":"CVE"}],"references":[{"url":"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45133"},{"url":"https://github.com/babel/babel/pull/16033"},{"url":"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"},{"url":"https://github.com/babel/babel/releases/tag/v7.23.2"},{"url":"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"},{"url":"https://www.debian.org/security/2023/dsa-5528"},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"},{"url":"https://babeljs.io/blog/2023/10/16/cve-2023-45133"},{"url":"https://github.com/advisories/GHSA-67hx-6x53-jw92"}],"published_at":"2023-10-16T13:55:36Z","updated_at":"2023-12-08T19:11:42Z","withdrawn_at":null,"vulnerabilities":[{"package":{"ecosystem":"npm","name":"@babel/traverse"},"severity":"critical","vulnerable_version_range":"< 7.23.2","first_patched_version":{"identifier":"7.23.2"}},{"package":{"ecosystem":"npm","name":"@babel/traverse"},"severity":"critical","vulnerable_version_range":">= 8.0.0-alpha.0, < 8.0.0-alpha.4","first_patched_version":{"identifier":"8.0.0-alpha.4"}}],"cvss":{"vector_string":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","score":9.3},"cwes":[{"cwe_id":"CWE-184","name":"Incomplete List of Disallowed Inputs"},{"cwe_id":"CWE-697","name":"Incorrect Comparison"}]},"security_vulnerability":{"package":{"ecosystem":"npm","name":"@babel/traverse"},"severity":"critical","vulnerable_version_range":"< 7.23.2","first_patched_version":{"identifier":"7.23.2"}},"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/dependabot/alerts/5","html_url":"https://github.com/BeaverSoftware/opensource-management-portal/security/dependabot/5","created_at":"2024-01-21T01:29:52Z","updated_at":"2024-01-21T01:29:52Z","dismissed_at":null,"dismissed_by":null,"dismissed_reason":null,"dismissed_comment":null,"fixed_at":null,"auto_dismissed_at":null,"repository":{"id":682315953,"node_id":"R_kgDOKKtQsQ","name":"opensource-management-portal","full_name":"BeaverSoftware/opensource-management-portal","private":false,"owner":{"login":"BeaverSoftware","id":138729970,"node_id":"O_kgDOCETZ8g","avatar_url":"https://avatars.githubusercontent.com/u/138729970?v=4","gravatar_id":"","url":"https://api.github.com/users/BeaverSoftware","html_url":"https://github.com/BeaverSoftware","followers_url":"https://api.github.com/users/BeaverSoftware/followers","following_url":"https://api.github.com/users/BeaverSoftware/following{/other_user}","gists_url":"https://api.github.com/users/BeaverSoftware/gists{/gist_id}","starred_url":"https://api.github.com/users/BeaverSoftware/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/BeaverSoftware/subscriptions","organizations_url":"https://api.github.com/users/BeaverSoftware/orgs","repos_url":"https://api.github.com/users/BeaverSoftware/repos","events_url":"https://api.github.com/users/BeaverSoftware/events{/privacy}","received_events_url":"https://api.github.com/users/BeaverSoftware/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/BeaverSoftware/opensource-management-portal","description":"Microsoft's monolithic, opinionated Open Source Management Portal enabling enterprise scale self-service powered by the GitHub API 🏔🧑‍💻🧰","fork":true,"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal","forks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/forks","keys_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/keys{/key_id}","collaborators_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/teams","hooks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/hooks","issue_events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/events{/number}","events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/events","assignees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/assignees{/user}","branches_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/branches{/branch}","tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/tags","blobs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/refs{/sha}","trees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/trees{/sha}","statuses_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/statuses/{sha}","languages_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/languages","stargazers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/stargazers","contributors_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contributors","subscribers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscribers","subscription_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscription","commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/commits{/sha}","git_commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/commits{/sha}","comments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/comments{/number}","issue_comment_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/comments{/number}","contents_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contents/{+path}","compare_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/compare/{base}...{head}","merges_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/merges","archive_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/downloads","issues_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues{/number}","pulls_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/pulls{/number}","milestones_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/milestones{/number}","notifications_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/labels{/name}","releases_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/releases{/id}","deployments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/deployments"}},{"number":4,"state":"open","dependency":{"package":{"ecosystem":"npm","name":"semver"},"manifest_path":"package-lock.json","scope":"runtime"},"security_advisory":{"ghsa_id":"GHSA-c2qf-rxjj-qqgw","cve_id":"CVE-2022-25883","summary":"semver vulnerable to Regular Expression Denial of Service","description":"Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.","severity":"medium","identifiers":[{"value":"GHSA-c2qf-rxjj-qqgw","type":"GHSA"},{"value":"CVE-2022-25883","type":"CVE"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25883"},{"url":"https://github.com/npm/node-semver/pull/564"},{"url":"https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441"},{"url":"https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"},{"url":"https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104"},{"url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L138"},{"url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L160"},{"url":"https://github.com/npm/node-semver/pull/585"},{"url":"https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c"},{"url":"https://github.com/npm/node-semver/pull/593"},{"url":"https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0"},{"url":"https://github.com/advisories/GHSA-c2qf-rxjj-qqgw"}],"published_at":"2023-06-21T06:30:28Z","updated_at":"2024-01-08T20:36:49Z","withdrawn_at":null,"vulnerabilities":[{"package":{"ecosystem":"npm","name":"semver"},"severity":"medium","vulnerable_version_range":">= 7.0.0, < 7.5.2","first_patched_version":{"identifier":"7.5.2"}},{"package":{"ecosystem":"npm","name":"semver"},"severity":"medium","vulnerable_version_range":">= 6.0.0, < 6.3.1","first_patched_version":{"identifier":"6.3.1"}},{"package":{"ecosystem":"npm","name":"semver"},"severity":"medium","vulnerable_version_range":"< 5.7.2","first_patched_version":{"identifier":"5.7.2"}}],"cvss":{"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","score":5.3},"cwes":[{"cwe_id":"CWE-1333","name":"Inefficient Regular Expression Complexity"}]},"security_vulnerability":{"package":{"ecosystem":"npm","name":"semver"},"severity":"medium","vulnerable_version_range":"< 5.7.2","first_patched_version":{"identifier":"5.7.2"}},"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/dependabot/alerts/4","html_url":"https://github.com/BeaverSoftware/opensource-management-portal/security/dependabot/4","created_at":"2024-01-21T01:29:52Z","updated_at":"2024-01-21T01:29:52Z","dismissed_at":null,"dismissed_by":null,"dismissed_reason":null,"dismissed_comment":null,"fixed_at":null,"auto_dismissed_at":null,"repository":{"id":682315953,"node_id":"R_kgDOKKtQsQ","name":"opensource-management-portal","full_name":"BeaverSoftware/opensource-management-portal","private":false,"owner":{"login":"BeaverSoftware","id":138729970,"node_id":"O_kgDOCETZ8g","avatar_url":"https://avatars.githubusercontent.com/u/138729970?v=4","gravatar_id":"","url":"https://api.github.com/users/BeaverSoftware","html_url":"https://github.com/BeaverSoftware","followers_url":"https://api.github.com/users/BeaverSoftware/followers","following_url":"https://api.github.com/users/BeaverSoftware/following{/other_user}","gists_url":"https://api.github.com/users/BeaverSoftware/gists{/gist_id}","starred_url":"https://api.github.com/users/BeaverSoftware/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/BeaverSoftware/subscriptions","organizations_url":"https://api.github.com/users/BeaverSoftware/orgs","repos_url":"https://api.github.com/users/BeaverSoftware/repos","events_url":"https://api.github.com/users/BeaverSoftware/events{/privacy}","received_events_url":"https://api.github.com/users/BeaverSoftware/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/BeaverSoftware/opensource-management-portal","description":"Microsoft's monolithic, opinionated Open Source Management Portal enabling enterprise scale self-service powered by the GitHub API 🏔🧑‍💻🧰","fork":true,"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal","forks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/forks","keys_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/keys{/key_id}","collaborators_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/teams","hooks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/hooks","issue_events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/events{/number}","events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/events","assignees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/assignees{/user}","branches_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/branches{/branch}","tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/tags","blobs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/refs{/sha}","trees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/trees{/sha}","statuses_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/statuses/{sha}","languages_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/languages","stargazers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/stargazers","contributors_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contributors","subscribers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscribers","subscription_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscription","commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/commits{/sha}","git_commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/commits{/sha}","comments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/comments{/number}","issue_comment_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/comments{/number}","contents_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contents/{+path}","compare_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/compare/{base}...{head}","merges_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/merges","archive_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/downloads","issues_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues{/number}","pulls_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/pulls{/number}","milestones_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/milestones{/number}","notifications_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/labels{/name}","releases_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/releases{/id}","deployments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/deployments"}},{"number":3,"state":"auto_dismissed","dependency":{"package":{"ecosystem":"npm","name":"semver"},"manifest_path":"package-lock.json","scope":"development"},"security_advisory":{"ghsa_id":"GHSA-c2qf-rxjj-qqgw","cve_id":"CVE-2022-25883","summary":"semver vulnerable to Regular Expression Denial of Service","description":"Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.","severity":"medium","identifiers":[{"value":"GHSA-c2qf-rxjj-qqgw","type":"GHSA"},{"value":"CVE-2022-25883","type":"CVE"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25883"},{"url":"https://github.com/npm/node-semver/pull/564"},{"url":"https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441"},{"url":"https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"},{"url":"https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104"},{"url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L138"},{"url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L160"},{"url":"https://github.com/npm/node-semver/pull/585"},{"url":"https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c"},{"url":"https://github.com/npm/node-semver/pull/593"},{"url":"https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0"},{"url":"https://github.com/advisories/GHSA-c2qf-rxjj-qqgw"}],"published_at":"2023-06-21T06:30:28Z","updated_at":"2024-01-08T20:36:49Z","withdrawn_at":null,"vulnerabilities":[{"package":{"ecosystem":"npm","name":"semver"},"severity":"medium","vulnerable_version_range":">= 7.0.0, < 7.5.2","first_patched_version":{"identifier":"7.5.2"}},{"package":{"ecosystem":"npm","name":"semver"},"severity":"medium","vulnerable_version_range":">= 6.0.0, < 6.3.1","first_patched_version":{"identifier":"6.3.1"}},{"package":{"ecosystem":"npm","name":"semver"},"severity":"medium","vulnerable_version_range":"< 5.7.2","first_patched_version":{"identifier":"5.7.2"}}],"cvss":{"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","score":5.3},"cwes":[{"cwe_id":"CWE-1333","name":"Inefficient Regular Expression Complexity"}]},"security_vulnerability":{"package":{"ecosystem":"npm","name":"semver"},"severity":"medium","vulnerable_version_range":">= 6.0.0, < 6.3.1","first_patched_version":{"identifier":"6.3.1"}},"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/dependabot/alerts/3","html_url":"https://github.com/BeaverSoftware/opensource-management-portal/security/dependabot/3","created_at":"2024-01-21T01:29:52Z","updated_at":"2024-01-21T01:29:52Z","dismissed_at":null,"dismissed_by":null,"dismissed_reason":null,"dismissed_comment":null,"fixed_at":null,"auto_dismissed_at":"2024-01-21T01:29:52Z","repository":{"id":682315953,"node_id":"R_kgDOKKtQsQ","name":"opensource-management-portal","full_name":"BeaverSoftware/opensource-management-portal","private":false,"owner":{"login":"BeaverSoftware","id":138729970,"node_id":"O_kgDOCETZ8g","avatar_url":"https://avatars.githubusercontent.com/u/138729970?v=4","gravatar_id":"","url":"https://api.github.com/users/BeaverSoftware","html_url":"https://github.com/BeaverSoftware","followers_url":"https://api.github.com/users/BeaverSoftware/followers","following_url":"https://api.github.com/users/BeaverSoftware/following{/other_user}","gists_url":"https://api.github.com/users/BeaverSoftware/gists{/gist_id}","starred_url":"https://api.github.com/users/BeaverSoftware/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/BeaverSoftware/subscriptions","organizations_url":"https://api.github.com/users/BeaverSoftware/orgs","repos_url":"https://api.github.com/users/BeaverSoftware/repos","events_url":"https://api.github.com/users/BeaverSoftware/events{/privacy}","received_events_url":"https://api.github.com/users/BeaverSoftware/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/BeaverSoftware/opensource-management-portal","description":"Microsoft's monolithic, opinionated Open Source Management Portal enabling enterprise scale self-service powered by the GitHub API 🏔🧑‍💻🧰","fork":true,"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal","forks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/forks","keys_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/keys{/key_id}","collaborators_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/teams","hooks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/hooks","issue_events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/events{/number}","events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/events","assignees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/assignees{/user}","branches_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/branches{/branch}","tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/tags","blobs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/refs{/sha}","trees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/trees{/sha}","statuses_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/statuses/{sha}","languages_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/languages","stargazers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/stargazers","contributors_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contributors","subscribers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscribers","subscription_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscription","commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/commits{/sha}","git_commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/commits{/sha}","comments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/comments{/number}","issue_comment_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/comments{/number}","contents_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contents/{+path}","compare_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/compare/{base}...{head}","merges_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/merges","archive_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/downloads","issues_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues{/number}","pulls_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/pulls{/number}","milestones_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/milestones{/number}","notifications_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/labels{/name}","releases_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/releases{/id}","deployments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/deployments"}},{"number":2,"state":"open","dependency":{"package":{"ecosystem":"npm","name":"fast-xml-parser"},"manifest_path":"package-lock.json","scope":"runtime"},"security_advisory":{"ghsa_id":"GHSA-gpv5-7x3g-ghjv","cve_id":null,"summary":"fast-xml-parser regex vulnerability patch could be improved from a safety perspective","description":"### Summary\nThis is a comment on https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw and the patches fixing it.\n\n### Details\nThe code which validates a name calls the validator:\nhttps://github.com/NaturalIntelligence/fast-xml-parser/blob/ecf6016f9b48aec1a921e673158be0773d07283e/src/xmlparser/DocTypeReader.js#L145-L153\nThis checks for the presence of an invalid character.  Such an approach is always risky, as it is so easy to forget to include an invalid character in the list.  A safer approach is to validate entity names against the XML specification: https://www.w3.org/TR/xml11/#sec-common-syn - an ENTITY name is a Name:\n\n```\n[4]   NameStartChar ::= \":\" | [A-Z] | \"_\" | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF] | [#x370-#x37D] |\n                        [#x37F-#x1FFF] | [#x200C-#x200D] | [#x2070-#x218F] | [#x2C00-#x2FEF] | [#x3001-#xD7FF] |\n                        [#xF900-#xFDCF] | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]\n[4a]  NameChar ::= NameStartChar | \"-\" | \".\" | [0-9] | #xB7 | [#x0300-#x036F] | [#x203F-#x2040]\n[5]   Name ::= NameStartChar (NameChar)*\n```\n\nso the safest way to validate an entity name is to build a regex to represent this expression and check whether the name given matches the regex.  (Something along the lines of `/^[name start char class][name char class]*$/`.)  There's probably a nice way to simplify the explicit list rather than typing it out verbatim using Unicode character properties, but I don't know enough to do so.","severity":"low","identifiers":[{"value":"GHSA-gpv5-7x3g-ghjv","type":"GHSA"}],"references":[{"url":"https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw"},{"url":"https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gpv5-7x3g-ghjv"},{"url":"https://github.com/NaturalIntelligence/fast-xml-parser/commit/9a880b887916855c3a510869fd1ee268d7fe58b1"},{"url":"https://github.com/advisories/GHSA-gpv5-7x3g-ghjv"}],"published_at":"2023-06-15T19:05:13Z","updated_at":"2023-11-29T00:28:48Z","withdrawn_at":null,"vulnerabilities":[{"package":{"ecosystem":"npm","name":"fast-xml-parser"},"severity":"low","vulnerable_version_range":"= 4.2.4","first_patched_version":{"identifier":"4.2.5"}}],"cvss":{"vector_string":null,"score":0.0},"cwes":[]},"security_vulnerability":{"package":{"ecosystem":"npm","name":"fast-xml-parser"},"severity":"low","vulnerable_version_range":"= 4.2.4","first_patched_version":{"identifier":"4.2.5"}},"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/dependabot/alerts/2","html_url":"https://github.com/BeaverSoftware/opensource-management-portal/security/dependabot/2","created_at":"2024-01-21T01:29:52Z","updated_at":"2024-01-21T01:29:52Z","dismissed_at":null,"dismissed_by":null,"dismissed_reason":null,"dismissed_comment":null,"fixed_at":null,"auto_dismissed_at":null,"repository":{"id":682315953,"node_id":"R_kgDOKKtQsQ","name":"opensource-management-portal","full_name":"BeaverSoftware/opensource-management-portal","private":false,"owner":{"login":"BeaverSoftware","id":138729970,"node_id":"O_kgDOCETZ8g","avatar_url":"https://avatars.githubusercontent.com/u/138729970?v=4","gravatar_id":"","url":"https://api.github.com/users/BeaverSoftware","html_url":"https://github.com/BeaverSoftware","followers_url":"https://api.github.com/users/BeaverSoftware/followers","following_url":"https://api.github.com/users/BeaverSoftware/following{/other_user}","gists_url":"https://api.github.com/users/BeaverSoftware/gists{/gist_id}","starred_url":"https://api.github.com/users/BeaverSoftware/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/BeaverSoftware/subscriptions","organizations_url":"https://api.github.com/users/BeaverSoftware/orgs","repos_url":"https://api.github.com/users/BeaverSoftware/repos","events_url":"https://api.github.com/users/BeaverSoftware/events{/privacy}","received_events_url":"https://api.github.com/users/BeaverSoftware/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/BeaverSoftware/opensource-management-portal","description":"Microsoft's monolithic, opinionated Open Source Management Portal enabling enterprise scale self-service powered by the GitHub API 🏔🧑‍💻🧰","fork":true,"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal","forks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/forks","keys_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/keys{/key_id}","collaborators_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/teams","hooks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/hooks","issue_events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/events{/number}","events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/events","assignees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/assignees{/user}","branches_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/branches{/branch}","tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/tags","blobs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/refs{/sha}","trees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/trees{/sha}","statuses_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/statuses/{sha}","languages_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/languages","stargazers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/stargazers","contributors_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contributors","subscribers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscribers","subscription_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscription","commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/commits{/sha}","git_commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/commits{/sha}","comments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/comments{/number}","issue_comment_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/comments{/number}","contents_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contents/{+path}","compare_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/compare/{base}...{head}","merges_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/merges","archive_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/downloads","issues_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues{/number}","pulls_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/pulls{/number}","milestones_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/milestones{/number}","notifications_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/labels{/name}","releases_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/releases{/id}","deployments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/deployments"}},{"number":1,"state":"auto_dismissed","dependency":{"package":{"ecosystem":"npm","name":"semver"},"manifest_path":"default-assets-package/package-lock.json","scope":"development"},"security_advisory":{"ghsa_id":"GHSA-c2qf-rxjj-qqgw","cve_id":"CVE-2022-25883","summary":"semver vulnerable to Regular Expression Denial of Service","description":"Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.","severity":"medium","identifiers":[{"value":"GHSA-c2qf-rxjj-qqgw","type":"GHSA"},{"value":"CVE-2022-25883","type":"CVE"}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25883"},{"url":"https://github.com/npm/node-semver/pull/564"},{"url":"https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441"},{"url":"https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"},{"url":"https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104"},{"url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L138"},{"url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L160"},{"url":"https://github.com/npm/node-semver/pull/585"},{"url":"https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c"},{"url":"https://github.com/npm/node-semver/pull/593"},{"url":"https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0"},{"url":"https://github.com/advisories/GHSA-c2qf-rxjj-qqgw"}],"published_at":"2023-06-21T06:30:28Z","updated_at":"2024-01-08T20:36:49Z","withdrawn_at":null,"vulnerabilities":[{"package":{"ecosystem":"npm","name":"semver"},"severity":"medium","vulnerable_version_range":">= 7.0.0, < 7.5.2","first_patched_version":{"identifier":"7.5.2"}},{"package":{"ecosystem":"npm","name":"semver"},"severity":"medium","vulnerable_version_range":">= 6.0.0, < 6.3.1","first_patched_version":{"identifier":"6.3.1"}},{"package":{"ecosystem":"npm","name":"semver"},"severity":"medium","vulnerable_version_range":"< 5.7.2","first_patched_version":{"identifier":"5.7.2"}}],"cvss":{"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","score":5.3},"cwes":[{"cwe_id":"CWE-1333","name":"Inefficient Regular Expression Complexity"}]},"security_vulnerability":{"package":{"ecosystem":"npm","name":"semver"},"severity":"medium","vulnerable_version_range":"< 5.7.2","first_patched_version":{"identifier":"5.7.2"}},"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/dependabot/alerts/1","html_url":"https://github.com/BeaverSoftware/opensource-management-portal/security/dependabot/1","created_at":"2024-01-21T01:29:52Z","updated_at":"2024-01-21T01:29:52Z","dismissed_at":null,"dismissed_by":null,"dismissed_reason":null,"dismissed_comment":null,"fixed_at":null,"auto_dismissed_at":"2024-01-21T01:29:52Z","repository":{"id":682315953,"node_id":"R_kgDOKKtQsQ","name":"opensource-management-portal","full_name":"BeaverSoftware/opensource-management-portal","private":false,"owner":{"login":"BeaverSoftware","id":138729970,"node_id":"O_kgDOCETZ8g","avatar_url":"https://avatars.githubusercontent.com/u/138729970?v=4","gravatar_id":"","url":"https://api.github.com/users/BeaverSoftware","html_url":"https://github.com/BeaverSoftware","followers_url":"https://api.github.com/users/BeaverSoftware/followers","following_url":"https://api.github.com/users/BeaverSoftware/following{/other_user}","gists_url":"https://api.github.com/users/BeaverSoftware/gists{/gist_id}","starred_url":"https://api.github.com/users/BeaverSoftware/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/BeaverSoftware/subscriptions","organizations_url":"https://api.github.com/users/BeaverSoftware/orgs","repos_url":"https://api.github.com/users/BeaverSoftware/repos","events_url":"https://api.github.com/users/BeaverSoftware/events{/privacy}","received_events_url":"https://api.github.com/users/BeaverSoftware/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/BeaverSoftware/opensource-management-portal","description":"Microsoft's monolithic, opinionated Open Source Management Portal enabling enterprise scale self-service powered by the GitHub API 🏔🧑‍💻🧰","fork":true,"url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal","forks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/forks","keys_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/keys{/key_id}","collaborators_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/teams","hooks_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/hooks","issue_events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/events{/number}","events_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/events","assignees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/assignees{/user}","branches_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/branches{/branch}","tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/tags","blobs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/refs{/sha}","trees_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/trees{/sha}","statuses_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/statuses/{sha}","languages_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/languages","stargazers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/stargazers","contributors_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contributors","subscribers_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscribers","subscription_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/subscription","commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/commits{/sha}","git_commits_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/git/commits{/sha}","comments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/comments{/number}","issue_comment_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues/comments{/number}","contents_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/contents/{+path}","compare_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/compare/{base}...{head}","merges_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/merges","archive_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/downloads","issues_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/issues{/number}","pulls_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/pulls{/number}","milestones_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/milestones{/number}","notifications_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/labels{/name}","releases_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/releases{/id}","deployments_url":"https://api.github.com/repos/BeaverSoftware/opensource-management-portal/deployments"}}]