Update dependency @crowdin/crowdin-api-client to v1.33.2 #4
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue |
|---|---|---|---|---|---|---|
CVE-941441-362681Path to dependency file: /website/package.json Path to vulnerable library: /website/package.json Dependency Hierarchy: -> core-2.4.0.tgz (Root Library) -> shelljs-0.8.5.tgz -> glob-7.2.3.tgz -> ❌ once-1.4.0.tgz (Vulnerable Library) |
 Critical |
9.8 | Transitive once-1.4.0.tgz |
core-2.4.0.tgz | None | |
CVE-2026-44728Path to dependency file: /website/package.json Path to vulnerable library: /website/package.json Dependency Hierarchy: -> core-2.4.0.tgz (Root Library) -> preset-env-7.24.7.tgz -> ❌ plugin-transform-modules-systemjs-7.24.7.tgz (Vulnerable Library) |
 High |
8.2 | Transitive plugin-transform-modules-systemjs-7.24.7.tgz |
core-2.4.0.tgz | Transitive 7.29.4 |
None |
WS-2023-0439Path to dependency file: /website/package.json Path to vulnerable library: /website/package.json Dependency Hierarchy: -> core-2.4.0.tgz (Root Library) -> wait-on-6.0.1.tgz -> ❌ axios-0.25.0.tgz (Vulnerable Library) |
High |
7.5 | Transitive axios-0.25.0.tgz |
core-2.4.0.tgz | Transitive 0.29.0 |
None |
CVE-2025-27789Path to dependency file: /website/package.json Path to vulnerable library: /website/package.json Dependency Hierarchy: -> core-2.4.0.tgz (Root Library) -> core-7.24.7.tgz -> ❌ helpers-7.24.7.tgz (Vulnerable Library) |
 Medium |
6.2 | Transitive helpers-7.24.7.tgz |
core-2.4.0.tgz | Transitive 7.26.10 |
None |
CVE-2025-27789Path to dependency file: /website/package.json Path to vulnerable library: /website/package.json Dependency Hierarchy: -> core-2.4.0.tgz (Root Library) -> ❌ runtime-7.24.7.tgz (Vulnerable Library) |
Medium |
6.2 | Transitive runtime-7.24.7.tgz |
core-2.4.0.tgz | Transitive 7.26.10 |
None |
CVE-2025-27789Path to dependency file: /website/package.json Path to vulnerable library: /website/package.json Dependency Hierarchy: -> core-2.4.0.tgz (Root Library) -> ❌ runtime-corejs3-7.24.7.tgz (Vulnerable Library) |
Medium |
6.2 | Transitive runtime-corejs3-7.24.7.tgz |
core-2.4.0.tgz | Transitive 7.26.10 |
None |
CVE-2026-6402Path to dependency file: /website/package.json Path to vulnerable library: /website/package.json Dependency Hierarchy: -> core-2.4.0.tgz (Root Library) -> ❌ webpack-dev-server-4.15.2.tgz (Vulnerable Library) |
Medium |
5.3 | Transitive webpack-dev-server-4.15.2.tgz |
core-2.4.0.tgz | Transitive Upgrade to version webpack-dev-server - 5.2.4 or greater |
None |
CVE-2025-58181Path to dependency file: /v2/go.mod Path to vulnerable library: /home/wss-scanner/go/pkg/mod/cache/download/golang.org/x/crypto/@v/v0.23.0.mod Dependency Hierarchy: -> github.com/Go-git/go-git/v5-v5.11.0 (Root Library) -> ❌ golang.org/x/crypto-v0.23.0 (Vulnerable Library) |
Medium |
5.3 | Transitive golang.org/x/crypto-v0.23.0 |
github.com/Go-git/go-git/v5-v5.11.0 | Transitive v0.45.0 |
None |
CVE-2025-47914Path to dependency file: /v2/go.mod Path to vulnerable library: /home/wss-scanner/go/pkg/mod/cache/download/golang.org/x/crypto/@v/v0.23.0.mod Dependency Hierarchy: -> github.com/Go-git/go-git/v5-v5.11.0 (Root Library) -> ❌ golang.org/x/crypto-v0.23.0 (Vulnerable Library) |
Medium |
5.3 | Transitive golang.org/x/crypto-v0.23.0 |
github.com/Go-git/go-git/v5-v5.11.0 | Transitive v0.45.0 |
None |
CVE-2026-45736Path to dependency file: /website/package.json Path to vulnerable library: /website/package.json Dependency Hierarchy: -> core-2.4.0.tgz (Root Library) -> webpack-dev-server-4.15.2.tgz -> ❌ ws-8.17.0.tgz (Vulnerable Library) |
Medium |
4.4 | Transitive ws-8.17.0.tgz |
core-2.4.0.tgz | None | |
CVE-2025-32997Path to dependency file: /website/package.json Path to vulnerable library: /website/package.json Dependency Hierarchy: -> core-2.4.0.tgz (Root Library) -> webpack-dev-server-4.15.2.tgz -> ❌ http-proxy-middleware-2.0.6.tgz (Vulnerable Library) |
Medium |
4.0 | Transitive http-proxy-middleware-2.0.6.tgz |
core-2.4.0.tgz | Transitive 2.0.9 |
None |
CVE-2025-32996Path to dependency file: /website/package.json Path to vulnerable library: /website/package.json Dependency Hierarchy: -> core-2.4.0.tgz (Root Library) -> webpack-dev-server-4.15.2.tgz -> ❌ http-proxy-middleware-2.0.6.tgz (Vulnerable Library) |
Medium |
4.0 | Transitive http-proxy-middleware-2.0.6.tgz |
core-2.4.0.tgz | Transitive 2.0.8 |
None |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2026-40175 | axios-1.7.2.tgz |
| CVE-2026-25639 | axios-1.7.2.tgz |
| CVE-2025-27152 | axios-1.7.2.tgz |
| CVE-2025-7783 | form-data-4.0.0.tgz |
| CVE-2024-39338 | axios-1.7.2.tgz |
| CVE-2025-58754 | axios-1.7.2.tgz |
| CVE-2025-62718 | axios-1.7.2.tgz |
| CVE-2026-39865 | axios-1.7.2.tgz |
Base branch total remaining vulnerabilities: 75
Base branch commit: null
Total libraries scanned: 1272
Scan token: 7d46234c470a4840b1fab02340f2ccae