blob: 2109a3ba668cffc24e555cf3bcb4cf54c197de02 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
# See repository root `osv-scanner.toml` for instructions and rules for this file.
# PostCSS line return parsing error
[[IgnoredVulns]]
id = "CVE-2023-44270" # GHSA-7fh5-64p2-3v2j
ignoreUntil = 2025-06-05
reason = "This project does not use PostCSS to parse untrusted CSS"
# braces: Uncontrolled resource consumption
[[IgnoredVulns]]
id = "CVE-2024-4068" # GHSA-grv7-fg5c-xmjg
ignoreUntil = 2025-06-05
reason = "This package is only used to match paths from either us or trusted libraries"
# micromatch (dev): Regular Expression Denial of Service (ReDoS) in micromatch
[[IgnoredVulns]]
id = "CVE-2024-4067" # GHSA-952p-6rrq-rcjv
ignoreUntil = 2025-05-23
reason = "This is just a dev dependency, and we don't have untrusted input to micromatch there"
# node-gettext: Prototype Pullution via the addTranslations function
[[IgnoredVulns]]
id = "CVE-2024-21528" # GHSA-g974-hxvm-x689
ignoreUntil = 2026-04-16 # The vulnerability is ignored for 6 months as the affected library is not receiving updates and we can not patch the vulnerability without migrating to another library, which is no minor feat.
reason = "There is no fix yet and we don't send untrusted input to the first argument of addTranslations"
# electron: Electron has ASAR Integrity Bypass via resource modification
[[IgnoredVulns]]
id = "CVE-2025-55305" # GHSA-vmqv-hx8q-j7mg
ignoreUntil = 2025-12-04
reason = "The embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses aren't enabled"
|
