audit-ci.jsonc

{
  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
  "low": true,
  "allowlist": [
    // OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
    "GHSA-93hq-5wgc-jc82",
    // OpenZeppelin: Using ERC2771Context with a custom forwarder can yield address(0)
    "GHSA-g4vp-m682-qqmp",
    // OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
    "GHSA-mx2q-35m2-x2rh",
    // OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
    "GHSA-5h3x-9wvq-w4m2",
    // axios cookies data-privacy issue; used only in hardhat-deploy and sol2uml (dev deps)
    "GHSA-wf5p-g6vw-rhxx",
    //  OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees; unused
    "GHSA-wprv-93r4-jj2p",
    // Open Zeppelin: Base64 encoding may read from potentially dirty memory
    "GHSA-9vx6-7xxf-x967",
    // Server-Side Request Forgery in axios
    "GHSA-8hc4-vh64-cxmj",
    // cookie accepts cookie name, path, and domain with out of bounds characters
    "GHSA-pxg6-pf52-xh8x",
    // axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
    "GHSA-jr5f-v2jv-69x6",
    // tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
    "GHSA-52f5-9888-hmc6",
    // Axios is vulnerable to DoS attack through lack of data size check
    "GHSA-4hjh-wcwx-xvwj",
    // Elliptic Uses a Cryptographic Primitive with a Risky Implementation
    "GHSA-848j-6mx2-7j84",
    // jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch
    "GHSA-73rr-hh4g-fpgx",
    // Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
    "GHSA-g9mf-h72j-4rw9"
  ]
}