HIGHCWE-1104Supply Chain
NPM Dependency With Known CVE
Description
Your project depends on npm packages with publicly known vulnerabilities (CVEs) that have available fixes.
How Vezraa Detects It
We check your package.json against a curated list of recent high-severity CVEs in commonly used npm packages.
Real-World Impact
Known CVEs are actively exploited in the wild. Attackers scan for apps using vulnerable versions and deploy automated attacks.
Fix Example
npm audit fix # Or update manually: npm update express@4.19.2 # Check: npm audit --audit-level=high
Affected Stacks
Node.jsNPM