Skip to content

[VANTA] [VULNERABILITY] <HIGH> CVE-2026-27977, CVE-2026-27978, CVE-2026-27979 and others, fix before 2026-04-25 #129

Closed
Closed
[VANTA] [VULNERABILITY] <HIGH> CVE-2026-27977, CVE-2026-27978, CVE-2026-27979 and others, fix before 2026-04-25#129
Assignees
marcomontalbanomalessani
Labels
compliancep1Security priority: Highp2Security priority: Mediump3Security priority: Lowvulnerability
@commercelayer-ci

Description

@commercelayer-ci
commercelayer-ci
opened on Apr 11, 2026

Important

CLOSE THE ISSUE ONLY IF YOU PLAN TO DEPLOY THE FIX BEFORE THE DEADLINE IN THE TITLE.

DO NOT MANUALLY MODIFY THE ISSUE TITLE OR TEXT BODY.

FIXED npm-picomatch >= 4.0.0, < 4.0.4 CVE-2026-33671 HIGH

npm-picomatch >= 4.0.0, < 4.0.4 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-33671 HIGH remediate by: 2026-04-25T14:19:30.796Z

Related URLs
FIXED npm-picomatch >= 4.0.0, < 4.0.4 CVE-2026-33672 MEDIUM

npm-picomatch >= 4.0.0, < 4.0.4 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-33672 MEDIUM remediate by: 2026-05-25T14:19:31.055Z

Related URLs
FIXED npm-picomatch < 2.3.2 CVE-2026-33671 HIGH

npm-picomatch < 2.3.2 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-33671 HIGH remediate by: 2026-04-29T22:15:21.750Z

Related URLs
FIXED npm-picomatch < 2.3.2 CVE-2026-33672 MEDIUM

npm-picomatch < 2.3.2 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-33672 MEDIUM remediate by: 2026-05-29T22:15:22.072Z

Related URLs
FIXED npm-h3 < 1.15.6 CVE-2026-33128 HIGH

npm-h3 < 1.15.6 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-33128 HIGH remediate by: 2026-04-29T22:15:21.750Z

Related URLs
FIXED npm-h3 < 1.15.6 GHSA-wr4h-v87w-p3r7 MEDIUM

npm-h3 < 1.15.6 CODE_REPOSITORY/commercelayer-js-auth GHSA-wr4h-v87w-p3r7 MEDIUM remediate by: 2026-05-29T22:15:22.072Z

Related URLs
FIXED npm-defu <= 6.1.4 CVE-2026-35209 HIGH

npm-defu <= 6.1.4 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-35209 HIGH remediate by: 2026-05-04T14:17:32.574Z

Related URLs
FIXED npm-vite >= 7.0.0, <= 7.3.1 CVE-2026-39363 HIGH

npm-vite >= 7.0.0, <= 7.3.1 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-39363 HIGH remediate by: 2026-05-07T06:20:48.749Z

Related URLs
FIXED npm-vite >= 7.0.0, <= 7.3.1 CVE-2026-39365 MEDIUM

npm-vite >= 7.0.0, <= 7.3.1 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-39365 MEDIUM remediate by: 2026-06-06T14:36:41.686Z

Related URLs
FIXED npm-vite >= 7.1.0, <= 7.3.1 CVE-2026-39364 HIGH

npm-vite >= 7.1.0, <= 7.3.1 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-39364 HIGH remediate by: 2026-05-07T14:36:41.372Z

Related URLs
FIXED npm-next >= 16.0.0-beta.0, < 16.2.3 GHSA-q4gf-8mx6-v5v3 HIGH

npm-next >= 16.0.0-beta.0, < 16.2.3 CODE_REPOSITORY/commercelayer-js-auth GHSA-q4gf-8mx6-v5v3 HIGH remediate by: 2026-05-11T06:21:49.843Z

Related URLs
FIXED npm-h3 <= 1.15.8 GHSA-72gr-qfp7-vwhw MEDIUM

npm-h3 <= 1.15.8 CODE_REPOSITORY/commercelayer-js-auth GHSA-72gr-qfp7-vwhw MEDIUM remediate by: 2026-05-29T22:15:22.072Z

Related URLs
FIXED npm-h3 < 1.15.9 GHSA-4hxc-9384-m385 MEDIUM

npm-h3 < 1.15.9 CODE_REPOSITORY/commercelayer-js-auth GHSA-4hxc-9384-m385 MEDIUM remediate by: 2026-05-29T22:15:22.072Z

Related URLs
FIXED npm-next >= 16.0.0-beta.0, < 16.1.7 CVE-2026-27980 MEDIUM

npm-next >= 16.0.0-beta.0, < 16.1.7 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-27980 MEDIUM remediate by: 2026-05-29T22:15:22.072Z

Related URLs
FIXED npm-next >= 16.0.0-beta.0, < 16.1.7 CVE-2026-29057 MEDIUM

npm-next >= 16.0.0-beta.0, < 16.1.7 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-29057 MEDIUM remediate by: 2026-05-29T22:15:22.072Z

Related URLs
FIXED npm-next >= 16.0.1, < 16.1.7 CVE-2026-27978 MEDIUM

npm-next >= 16.0.1, < 16.1.7 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-27978 MEDIUM remediate by: 2026-05-29T22:15:22.072Z

Related URLs
FIXED npm-next >= 16.0.1, < 16.1.7 CVE-2026-27979 MEDIUM

npm-next >= 16.0.1, < 16.1.7 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-27979 MEDIUM remediate by: 2026-05-29T22:15:22.072Z

Related URLs
FIXED npm-next >= 16.0.1, < 16.1.7 CVE-2026-27977 LOW

npm-next >= 16.0.1, < 16.1.7 CODE_REPOSITORY/commercelayer-js-auth CVE-2026-27977 LOW remediate by: 2026-06-28T22:15:22.360Z

Related URLs

Metadata

Metadata

Assignees

Labels

compliancep1Security priority: Highp2Security priority: Mediump3Security priority: Lowvulnerability

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions