Security Audit Report for Secrover

Audit run on 2026-03-28 03:53 with Secrover 0.8 osv-scanner: 2.1.0
opengrep: 1.16.0

📦 Dependencies Report

104 vulnerabilities

0 Critical 0 High 0 Moderate 0 Low 104 Info

cluster

Talos Kubernetes Cluster

No audit data available.

cluster-scripts

Cluster Scripts

No audit data available.

rompatcherjs

RomPatcher.js

No audit data available.

apod

APOD project

79 vulnerabilities

0 Critical 0 High 0 Moderate 0 Low 79 Info

📦 Impacted Packages:

package-lock.json

node-forge 1.3.1 CVE-2026-33896, GHSA-2328-f5f3-gj25

minimatch 3.1.2 CVE-2026-27904, GHSA-23c5-xmqv-rm74

minimatch 5.1.6 CVE-2026-27904, GHSA-23c5-xmqv-rm74

minimatch 9.0.3 CVE-2026-27904, GHSA-23c5-xmqv-rm74

flatted 3.2.9 CVE-2026-32141, GHSA-25h7-pfq9-p65f

ajv 6.12.6 CVE-2025-69873, GHSA-2g4f-4pwh-qvx6

ajv 8.12.0 CVE-2025-69873, GHSA-2g4f-4pwh-qvx6

path-to-regexp 0.1.7 CVE-2026-4867, GHSA-37ch-88jc-xwx2

webpack 5.89.0 CVE-2025-68157, GHSA-38r7-794h-5758

ws 7.5.9 CVE-2024-37890, GHSA-3h5v-q93c-6h6q

ws 8.16.0 CVE-2024-37890, GHSA-3h5v-q93c-6h6q

minimatch 3.1.2 CVE-2026-26996, GHSA-3ppc-4f35-3m26

minimatch 5.1.6 CVE-2026-26996, GHSA-3ppc-4f35-3m26

minimatch 9.0.3 CVE-2026-26996, GHSA-3ppc-4f35-3m26

picomatch 2.3.1 CVE-2026-33672, GHSA-3v7f-55p6-f55p

cross-spawn 7.0.3 CVE-2024-21538, GHSA-3xgq-45jj-v275

yaml 1.10.2 CVE-2026-33532, GHSA-48c2-rrv3-qjmp

yaml 2.3.4 CVE-2026-33532, GHSA-48c2-rrv3-qjmp

webpack-dev-server 4.15.1 CVE-2025-30359, GHSA-4v9v-hfq4-rm2v

webpack 5.89.0 CVE-2024-43788, GHSA-4vvj-4cpr-p986

http-proxy-middleware 2.0.6 CVE-2025-32996, GHSA-4www-5p9h-95mh

node-forge 1.3.1 CVE-2025-66031, GHSA-554w-wpv2-vw27

serialize-javascript 4.0.0 GHSA-5c6j-r48x-rmvq

serialize-javascript 6.0.1 GHSA-5c6j-r48x-rmvq

node-forge 1.3.1 CVE-2025-12816, GHSA-5gfm-wpxj-wjgq

glob 10.3.10 CVE-2025-64756, GHSA-5j98-mcp5-4vw2

node-forge 1.3.1 CVE-2026-33891, GHSA-5m6q-g25r-mvwx

node-forge 1.3.1 CVE-2025-66030, GHSA-65ch-62r8-g69g

jsonpath 1.1.1 CVE-2025-61140, GHSA-6c59-mwgh-r2x6

qs 6.11.0 CVE-2025-15284, GHSA-6rw7-vpxm-498p

on-headers 1.0.2 CVE-2025-7339, GHSA-76c9-3jph-rj3q

serialize-javascript 6.0.1 CVE-2024-11831, GHSA-76p7-773f-r4q5

postcss 7.0.39 CVE-2023-44270, GHSA-7fh5-64p2-3v2j

minimatch 3.1.2 CVE-2026-27903, GHSA-7r86-cg39-jmmj

minimatch 5.1.6 CVE-2026-27903, GHSA-7r86-cg39-jmmj

minimatch 9.0.3 CVE-2026-27903, GHSA-7r86-cg39-jmmj

jsonpath 1.1.1 CVE-2026-1615, GHSA-87r5-mp6g-5w5j

webpack 5.89.0 CVE-2025-68458, GHSA-8fgc-7cc6-rx7x

micromatch 4.0.5 CVE-2024-4067, GHSA-952p-6rrq-rcjv

@babel/helpers 7.23.7 CVE-2025-27789, GHSA-968p-4wvh-cqc8

@babel/runtime 7.23.7 CVE-2025-27789, GHSA-968p-4wvh-cqc8

http-proxy-middleware 2.0.6 CVE-2025-32997, GHSA-9gqv-wp59-fq42

webpack-dev-server 4.15.1 CVE-2025-30360, GHSA-9jgg-88mc-972h

path-to-regexp 0.1.7 CVE-2024-45296, GHSA-9wv6-86v2-598j

picomatch 2.3.1 CVE-2026-33671, GHSA-c2c7-rcm5-vvqj

http-proxy-middleware 2.0.6 CVE-2024-21536, GHSA-c7qv-q95q-8v27

serve-static 1.15.0 CVE-2024-43800, GHSA-cm22-4g7w-348p

follow-redirects 1.15.3 CVE-2024-28849, GHSA-cxjh-pqwp-8mfp

brace-expansion 1.1.11 CVE-2026-33750, GHSA-f886-m6hf-6m8v

brace-expansion 2.0.1 CVE-2026-33750, GHSA-f886-m6hf-6m8v

form-data 3.0.1 CVE-2025-7783, GHSA-fjxv-7rqg-78g4

rollup 2.79.1 CVE-2024-47068, GHSA-gcx4-mw62-g8wm

ejs 3.1.9 CVE-2024-33883, GHSA-ghr5-ch3p-vcr6

braces 3.0.2 CVE-2024-4068, GHSA-grv7-fg5c-xmjg

follow-redirects 1.15.3 CVE-2023-26159, GHSA-jchw-25xp-jwwc

send 0.18.0 CVE-2024-43799, GHSA-m6fv-jmcg-4jfg

js-yaml 3.14.1 CVE-2025-64718, GHSA-mh29-5h37-fv8m

js-yaml 4.1.0 CVE-2025-64718, GHSA-mh29-5h37-fv8m

rollup 2.79.1 CVE-2026-27606, GHSA-mw96-cpmx-2vgc

nanoid 3.3.7 CVE-2024-55565, GHSA-mwcw-c2x4-8c55

node-forge 1.3.1 CVE-2026-33894, GHSA-ppp5-5v6c-4jwp

cookie 0.5.0 CVE-2024-47764, GHSA-pxg6-pf52-xh8x

node-forge 1.3.1 CVE-2026-33895, GHSA-q67f-28xg-22rw

serialize-javascript 4.0.0 CVE-2026-34043, GHSA-qj8w-gfj5-8c6v

serialize-javascript 6.0.1 CVE-2026-34043, GHSA-qj8w-gfj5-8c6v

underscore 1.12.1 CVE-2026-27601, GHSA-qpx9-hpmf-5gmw

express 4.18.2 CVE-2024-43796, GHSA-qw6h-vgh9-j6wx

body-parser 1.20.1 CVE-2024-45590, GHSA-qwcr-r2fm-qrc7

flatted 3.2.9 CVE-2026-33228, GHSA-rf6f-7fwh-wjgh

path-to-regexp 0.1.7 CVE-2024-52798, GHSA-rhx6-c78j-4q9w

nth-check 1.0.2 CVE-2021-3803, GHSA-rp65-9cf3-cjxr

express 4.18.2 CVE-2024-29041, GHSA-rv95-896h-c2vc

brace-expansion 1.1.11 CVE-2025-5889, GHSA-v6h2-p8h4-qcjw

brace-expansion 2.0.1 CVE-2025-5889, GHSA-v6h2-p8h4-qcjw

@tootallnate/once 1.1.2 CVE-2026-3449, GHSA-vpq2-c234-7xj6

qs 6.11.0 CVE-2026-2391, GHSA-w7fw-mjwx-w883

webpack-dev-middleware 5.3.3 CVE-2024-29180, GHSA-wr3j-pwj9-hqq6

svgo 2.8.0 CVE-2026-29074, GHSA-xpqw-6gx7-v673

lodash 4.17.21 CVE-2025-13465, GHSA-xxjr-mmjv-4gpg

go-littlelinks-generator

GO LittleLinks Generator

25 vulnerabilities

0 Critical 0 High 0 Moderate 0 Low 25 Info

📦 Impacted Packages:

go.mod

stdlib 1.22.99 CVE-2025-22871, BIT-golang-2025-22871, GO-2025-3563, GHSA-g9pc-8g42-g6vq

stdlib 1.22.99 CVE-2025-0913, BIT-golang-2025-0913, GO-2025-3750

stdlib 1.22.99 CVE-2025-4673, BIT-golang-2025-4673, GO-2025-3751

stdlib 1.22.99 CVE-2025-47907, BIT-golang-2025-47907, GO-2025-3849

stdlib 1.22.99 CVE-2025-47906, BIT-golang-2025-47906, GO-2025-3956

stdlib 1.22.99 CVE-2025-61725, BIT-golang-2025-61725, GO-2025-4006

stdlib 1.22.99 CVE-2025-58187, BIT-golang-2025-58187, GO-2025-4007

stdlib 1.22.99 CVE-2025-58189, BIT-golang-2025-58189, GO-2025-4008

stdlib 1.22.99 CVE-2025-61723, BIT-golang-2025-61723, GO-2025-4009

stdlib 1.22.99 CVE-2025-47912, BIT-golang-2025-47912, GO-2025-4010

stdlib 1.22.99 CVE-2025-58185, BIT-golang-2025-58185, GO-2025-4011

stdlib 1.22.99 CVE-2025-58186, BIT-golang-2025-58186, GO-2025-4012

stdlib 1.22.99 CVE-2025-58188, BIT-golang-2025-58188, GO-2025-4013

stdlib 1.22.99 CVE-2025-58183, BIT-golang-2025-58183, GO-2025-4014

stdlib 1.22.99 CVE-2025-61724, BIT-golang-2025-61724, GO-2025-4015

stdlib 1.22.99 CVE-2025-61729, BIT-golang-2025-61729, GO-2025-4155

stdlib 1.22.99 CVE-2025-61727, BIT-golang-2025-61727, GO-2025-4175

stdlib 1.22.99 CVE-2025-68121, BIT-golang-2025-68121, GO-2026-4337

stdlib 1.22.99 CVE-2025-61730, BIT-golang-2025-61730, GO-2026-4340

stdlib 1.22.99 CVE-2025-61726, BIT-golang-2025-61726, GO-2026-4341

stdlib 1.22.99 CVE-2025-61728, BIT-golang-2025-61728, GO-2026-4342

stdlib 1.22.99 CVE-2025-22873, BIT-golang-2025-22873, GO-2026-4403

stdlib 1.22.99 CVE-2026-25679, BIT-golang-2026-25679, GO-2026-4601

stdlib 1.22.99 CVE-2026-27139, BIT-golang-2026-27139, GO-2026-4602

stdlib 1.22.99 CVE-2026-27142, BIT-golang-2026-27142, GO-2026-4603