Skip to content

Navigation Menu

Appearance settings

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Appearance settings

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

ant-design / ant-design-charts Public

Notifications You must be signed in to change notification settings
Fork 401
Star 2k

Code
Issues 293
Pull requests 1
Discussions
Actions
Models
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Models
Security
Insights

[Bug]: Npm audit 6 high severity vulnerabilities #2909

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

1 of 10 tasks

DusanLuketic opened this issue May 14, 2025 · 0 comments

Open

1 of 10 tasks

[Bug]: Npm audit 6 high severity vulnerabilities #2909

DusanLuketic opened this issue May 14, 2025 · 0 comments

Labels

waiting for maintainer

Triage or intervention needed from a maintainer

Comments

Copy link

DusanLuketic commented May 14, 2025 •

edited

Loading

Describe the bug / 问题描述

npm audit report

rollup <2.79.2
Severity: high
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS - GHSA-gcx4-mw62-g8wm
fix available via npm audit fix --force
Will install @ant-design/charts@1.4.3, which is a breaking change
node_modules/fmin/node_modules/rollup
fmin <=0.0.2
Depends on vulnerable versions of rollup
node_modules/fmin
@antv/g2 >=5.0.12
Depends on vulnerable versions of fmin
node_modules/@antv/g2
@ant-design/plots >=2.0.0-alpha.0
Depends on vulnerable versions of @antv/g2
Depends on vulnerable versions of @antv/g2-extension-plot
node_modules/@ant-design/plots
@ant-design/charts >=2.0.0-alpha.0
Depends on vulnerable versions of @ant-design/plots
node_modules/@ant-design/charts
@antv/g2-extension-plot *
Depends on vulnerable versions of @antv/g2
node_modules/@antv/g2-extension-plot

6 high severity vulnerabilities

Reproduction link / 复现链接

No response

Steps to Reproduce the Bug or Issue / 重现步骤

No response

Version / 版本

🆕 2.x

OS / 操作系统

macOS
Windows
Linux
Others / 其他

Browser / 浏览器

Chrome
Edge
Firefox
Safari (Limited support / 有限支持)
IE (Nonsupport / 不支持)
Others / 其他

The text was updated successfully, but these errors were encountered:

All reactions

DusanLuketic added the waiting for maintainer Triage or intervention needed from a maintainer label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Assignees

No one assigned

Labels

waiting for maintainer

Triage or intervention needed from a maintainer

Projects

None yet

Milestone

No milestone

Development

No branches or pull requests

1 participant

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.