This page collects WhisperX intelligence signals tagged #transitive-dependency. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A medium-severity XML injection vulnerability in `fast-xml-parser` versions below 5.7.0 has been identified as reachable through a transitive dependency chain affecting `firebase-admin` deployments. The flaw, cataloged as GHSA-gh4j-gqv2-49f6 with a CVSS score of 6.1, allows attackers to inject malformed XML structures ...
The csurf middleware package, a widely adopted CSRF token library for Node.js applications, has been flagged for containing two security vulnerabilities in its dependency chain, including a critical-severity flaw scoring 9.8 on the CVSS scale. The root cause traces not to csurf itself but to the transitive dependency c...
A security scan of the deltaHotelNine-Security-Demos/_demo_eShop_SCA repository has identified seven vulnerabilities linked to the microsoft.entityframeworkcore.sqlserver.7.0.5.nupkg package, with the highest reaching a CVSS score of 8.8. The findings, detected in commit a8031bc149a00a5a9a8174a98c957d42a9fc018a, point ...