❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

npm

https://amplearning.jfrog.io/artifactory/api/npm/amplify-npm

Step	Level	Description	Details
Setting the scanner configuration	⚠Warn	Failure to set private registries, due to an issue with the configuration provided by the user	no "registry" field corresponding to this url was found in the .npmrc files

You have successfully remediated 5 vulnerabilities, but introduced 2 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue	Reachability
CVE-2025-2306 Path to dependency file: /package.json Path to vulnerable library: /node_modules/mongoose/package.json Dependency Hierarchy: -> ❌ mongoose-8.5.2.tgz (Vulnerable Library)	Critical	9.4	mongoose-8.5.2.tgz	Upgrade to version: mongoose -6.13.6,7.8.4,8.9.5	#402
CVE-2024-52798 Path to dependency file: /package.json Path to vulnerable library: /node_modules/path-to-regexp/package.json Dependency Hierarchy: -> express-4.21.0.tgz (Root Library)    -> ❌ path-to-regexp-0.1.10.tgz (Vulnerable Library)	High	7.5	path-to-regexp-0.1.10.tgz	Upgrade to version: path-to-regexp - 0.1.12	None

✔️ Remediated vulnerabilities:

CVE	Vulnerable Library
CVE-2024-43796	express-4.19.2.tgz
CVE-2024-52798	path-to-regexp-0.1.7.tgz
CVE-2024-45296	path-to-regexp-0.1.7.tgz
CVE-2024-43800	serve-static-1.15.0.tgz
CVE-2024-43799	send-0.18.0.tgz

Base branch total remaining vulnerabilities: 15
Base branch commit: d78fa6c704e955e6c8c8cfced0439e66cf72809e


Total libraries scanned: 654

Scan token: 24cf24d92ceb41d987930b1c82ddb958