Fix CVE-2025-69873: Upgrade ajv to 6.14.0 by sumukhswamy · Pull Request #736 · opensearch-project/dashboards-reporting

Security Report

You have successfully remediated 2 vulnerabilities, but introduced 9 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability	Severity	CVSS Score	Vulnerable Library	Direct Library	Suggested Fix	Issue
CVE-2026-27904 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> exceljs-4.4.0.tgz (Root Library) -> unzipper-0.10.14.tgz -> fstream-1.0.12.tgz -> rimraf-2.7.1.tgz -> glob-7.2.3.tgz -> ❌ minimatch-3.1.2.tgz (Vulnerable Library)	High	7.5	`Transitive` minimatch-3.1.2.tgz	exceljs-4.4.0.tgz	`Transitive` 3.1.4	#708
CVE-2026-27903 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> exceljs-4.4.0.tgz (Root Library) -> unzipper-0.10.14.tgz -> fstream-1.0.12.tgz -> rimraf-2.7.1.tgz -> glob-7.2.3.tgz -> ❌ minimatch-3.1.2.tgz (Vulnerable Library)	High	7.5	`Transitive` minimatch-3.1.2.tgz	exceljs-4.4.0.tgz	`Transitive` https://github.com/isaacs/minimatch.git - v7.4.8,https://github.com/isaacs/minimatch.git - v8.0.6,https://github.com/isaacs/minimatch.git - v9.0.7,https://github.com/isaacs/minimatch.git - v5.1.8,https://github.com/isaacs/minimatch.git - v10.2.3,https://github.com/isaacs/minimatch.git - v6.2.2,https://github.com/isaacs/minimatch.git - v4.2.5,https://github.com/isaacs/minimatch.git - v3.1.3	#706
CVE-2026-26996 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> exceljs-4.4.0.tgz (Root Library) -> unzipper-0.10.14.tgz -> fstream-1.0.12.tgz -> rimraf-2.7.1.tgz -> glob-7.2.3.tgz -> ❌ minimatch-3.1.2.tgz (Vulnerable Library)	High	7.5	`Transitive` minimatch-3.1.2.tgz	exceljs-4.4.0.tgz	`Transitive` https://github.com/isaacs/minimatch.git - v10.2.1,https://github.com/isaacs/minimatch.git - v7.4.7,https://github.com/isaacs/minimatch.git - v6.2.1,https://github.com/isaacs/minimatch.git - v9.0.6,https://github.com/isaacs/minimatch.git - v8.0.5,https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v4.2.4,https://github.com/isaacs/minimatch.git - v5.1.7	#702
CVE-2026-33750 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> exceljs-4.4.0.tgz (Root Library) -> archiver-5.3.2.tgz -> readdir-glob-1.1.3.tgz -> minimatch-3.1.2.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)	Medium	6.5	`Transitive` brace-expansion-1.1.11.tgz	exceljs-4.4.0.tgz	`Transitive` https://github.com/juliangruber/brace-expansion.git - v2.0.3,https://github.com/juliangruber/brace-expansion.git - v3.0.2,https://github.com/juliangruber/brace-expansion.git - v5.0.5,https://github.com/juliangruber/brace-expansion.git - v1.1.13	#722
CVE-2026-0540 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> jspdf-4.2.1.tgz (Root Library) -> ❌ dompurify-3.3.1.tgz (Vulnerable Library)	Medium	6.1	`Transitive` dompurify-3.3.1.tgz	jspdf-4.2.1.tgz	`Transitive` dompurify - 3.3.2,dompurify - 2.5.9	#707
CVE-2024-1899 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> ❌ showdown-1.9.1.tgz (Vulnerable Library)	Medium	5.3	`Direct` showdown-1.9.1.tgz	showdown-1.9.1.tgz		#323
CVE-2026-33532 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> react-toast-notifications-2.5.1.tgz (Root Library) -> core-10.3.1.tgz -> css-10.0.27.tgz -> babel-plugin-emotion-10.2.2.tgz -> babel-plugin-macros-2.8.0.tgz -> cosmiconfig-6.0.0.tgz -> ❌ yaml-2.7.0.tgz (Vulnerable Library)	Medium	4.3	`Transitive` yaml-2.7.0.tgz	react-toast-notifications-2.5.1.tgz	`Transitive` https://github.com/eemeli/yaml.git - v1.10.3,https://github.com/eemeli/yaml.git - v2.8.3	None
CVE-2025-5889 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> exceljs-4.4.0.tgz (Root Library) -> archiver-5.3.2.tgz -> readdir-glob-1.1.3.tgz -> minimatch-3.1.2.tgz -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)	Low	3.1	`Transitive` brace-expansion-1.1.11.tgz	exceljs-4.4.0.tgz	`Transitive` 1.1.12	None
CVE-2025-54798 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> exceljs-4.4.0.tgz (Root Library) -> ❌ tmp-0.2.3.tgz (Vulnerable Library)	Low	2.5	`Transitive` tmp-0.2.3.tgz	exceljs-4.4.0.tgz	`Transitive` 0.2.4	#613

✔️ Remediated vulnerabilities:

Vulnerability	Vulnerable Library
CVE-2026-33750	brace-expansion-1.1.12.tgz
CVE-2024-1899	showdown-2.1.0.tgz

Base branch total remaining vulnerabilities: 3
Base branch commit: eab1565977432f6f2b6afaa985df77825c7edb9c

Total libraries scanned: 457

Scan token: c563a3413e80404aaefa1f5d53493c00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix CVE-2025-69873: Upgrade ajv to 6.14.0#736

Fix CVE-2025-69873: Upgrade ajv to 6.14.0#736
sumukhswamy wants to merge 1 commit into
2.19from
fix/CVE-2025-69873

Uh oh!

Security Report

Re-running checks...