[VANTA] [VULNERABILITY] <HIGH> CVE-2026-2950, CVE-2026-33671, CVE-2026-33672 and others, fix before 2026-04-29

> [!IMPORTANT]
> CLOSE THE ISSUE ONLY IF YOU PLAN TO DEPLOY THE FIX BEFORE THE DEADLINE IN THE TITLE.
>
> DO NOT MANUALLY MODIFY THE ISSUE TITLE OR TEXT BODY.

`npm-path-to-regexp < 0.1.13` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-4867</ins> **HIGH** remediate by: 2026-04-29T14:24:03.258Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/171

> <details><summary>Related URLs</summary>
> 
> - https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2
> - https://nvd.nist.gov/vuln/detail/CVE-2026-4867
> - https://blakeembrey.com/posts/2024-09-web-redos
> - https://cna.openjsf.org/security-advisories.html
> - https://github.com/advisories/GHSA-9wv6-86v2-598j
> - https://github.com/pillarjs/path-to-regexp/releases/tag/v.0.1.13
> - https://github.com/advisories/GHSA-37ch-88jc-xwx2
> 
> </details>

`npm-picomatch < 2.3.2` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-33671</ins> **HIGH** remediate by: 2026-04-29T22:15:21.750Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/156

> <details><summary>Related URLs</summary>
> 
> - https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj
> - https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d
> - https://nvd.nist.gov/vuln/detail/CVE-2026-33671
> - https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
> 
> </details>

`npm-picomatch < 2.3.2` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-33672</ins> **MEDIUM** remediate by: 2026-05-29T22:15:22.072Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/157

> <details><summary>Related URLs</summary>
> 
> - https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p
> - https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903
> - https://nvd.nist.gov/vuln/detail/CVE-2026-33672
> - https://github.com/advisories/GHSA-3v7f-55p6-f55p
> 
> </details>

`npm-vite >= 7.0.0, <= 7.3.1` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-39363</ins> **HIGH** remediate by: 2026-05-07T06:20:48.749Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/173

> <details><summary>Related URLs</summary>
> 
> - https://github.com/vitejs/vite/security/advisories/GHSA-p9ff-h696-f583
> - https://github.com/vitejs/vite/pull/22159
> - https://github.com/vitejs/vite/commit/f02d9fde0b195afe3ea2944414186962fbbe41e0
> - https://github.com/vitejs/vite/releases/tag/v6.4.2
> - https://github.com/vitejs/vite/releases/tag/v7.3.2
> - https://github.com/vitejs/vite/releases/tag/v8.0.5
> - https://nvd.nist.gov/vuln/detail/CVE-2026-39363
> - https://github.com/advisories/GHSA-p9ff-h696-f583
> 
> </details>

`npm-vite >= 7.0.0, <= 7.3.1` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-39365</ins> **MEDIUM** remediate by: 2026-06-06T14:36:41.686Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/174

> <details><summary>Related URLs</summary>
> 
> - https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9
> - https://github.com/vitejs/vite/pull/22161
> - https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694
> - https://github.com/vitejs/vite/releases/tag/v6.4.2
> - https://github.com/vitejs/vite/releases/tag/v7.3.2
> - https://github.com/vitejs/vite/releases/tag/v8.0.5
> - https://nvd.nist.gov/vuln/detail/CVE-2026-39365
> - https://github.com/advisories/GHSA-4w7w-66w2-5vf9
> 
> </details>

`npm-vite >= 6.0.0, <= 6.4.1` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-39363</ins> **HIGH** remediate by: 2026-05-07T06:20:48.749Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/175

> <details><summary>Related URLs</summary>
> 
> - https://github.com/vitejs/vite/security/advisories/GHSA-p9ff-h696-f583
> - https://github.com/vitejs/vite/pull/22159
> - https://github.com/vitejs/vite/commit/f02d9fde0b195afe3ea2944414186962fbbe41e0
> - https://github.com/vitejs/vite/releases/tag/v6.4.2
> - https://github.com/vitejs/vite/releases/tag/v7.3.2
> - https://github.com/vitejs/vite/releases/tag/v8.0.5
> - https://nvd.nist.gov/vuln/detail/CVE-2026-39363
> - https://github.com/advisories/GHSA-p9ff-h696-f583
> 
> </details>

`npm-vite >= 7.1.0, <= 7.3.1` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-39364</ins> **HIGH** remediate by: 2026-05-07T14:36:41.372Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/172

> <details><summary>Related URLs</summary>
> 
> - https://github.com/vitejs/vite/security/advisories/GHSA-v2wj-q39q-566r
> - https://github.com/vitejs/vite/pull/22160
> - https://github.com/vitejs/vite/commit/a9a3df299378d9cbc5f069e3536a369f8188c8ff
> - https://github.com/vitejs/vite/releases/tag/v7.3.2
> - https://github.com/vitejs/vite/releases/tag/v8.0.5
> - https://nvd.nist.gov/vuln/detail/CVE-2026-39364
> - https://github.com/advisories/GHSA-v2wj-q39q-566r
> 
> </details>

`npm-lodash >= 4.0.0, <= 4.17.23` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-4800</ins> **HIGH** remediate by: 2026-05-10T06:21:04.459Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/177

> <details><summary>Related URLs</summary>
> 
> - https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc
> - https://nvd.nist.gov/vuln/detail/CVE-2026-4800
> - https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
> - https://cna.openjsf.org/security-advisories.html
> - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
> - https://github.com/advisories/GHSA-r5fr-rjxr-66jc
> 
> </details>

`npm-vite <= 6.4.1` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-39365</ins> **MEDIUM** remediate by: 2026-06-09T06:21:04.770Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/176

> <details><summary>Related URLs</summary>
> 
> - https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9
> - https://github.com/vitejs/vite/pull/22161
> - https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694
> - https://github.com/vitejs/vite/releases/tag/v6.4.2
> - https://github.com/vitejs/vite/releases/tag/v7.3.2
> - https://github.com/vitejs/vite/releases/tag/v8.0.5
> - https://nvd.nist.gov/vuln/detail/CVE-2026-39365
> - https://github.com/advisories/GHSA-4w7w-66w2-5vf9
> 
> </details>

`npm-lodash <= 4.17.23` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-2950</ins> **MEDIUM** remediate by: 2026-06-09T14:23:14.879Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/178

> <details><summary>Related URLs</summary>
> 
> - https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh
> - https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
> - https://nvd.nist.gov/vuln/detail/CVE-2026-2950
> - https://github.com/advisories/GHSA-f23m-r3pf-42rh
> 
> </details>

<details><summary>FIXED <code>npm-picomatch >= 4.0.0, < 4.0.4</code> <ins>CVE-2026-33671</ins> HIGH</summary>

`npm-picomatch >= 4.0.0, < 4.0.4` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-33671</ins> **HIGH** remediate by: 2026-04-25T14:19:30.796Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/159

> <details><summary>Related URLs</summary>
> 
> - https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj
> - https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d
> - https://nvd.nist.gov/vuln/detail/CVE-2026-33671
> - https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
> 
> </details>

</details>

<details><summary>FIXED <code>npm-picomatch >= 4.0.0, < 4.0.4</code> <ins>CVE-2026-33672</ins> MEDIUM</summary>

`npm-picomatch >= 4.0.0, < 4.0.4` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-33672</ins> **MEDIUM** remediate by: 2026-05-25T14:19:31.055Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/158

> <details><summary>Related URLs</summary>
> 
> - https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p
> - https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903
> - https://nvd.nist.gov/vuln/detail/CVE-2026-33672
> - https://github.com/advisories/GHSA-3v7f-55p6-f55p
> 
> </details>

</details>

<details><summary>FIXED <code>npm-handlebars >= 4.0.0, <= 4.7.8</code> <ins>CVE-2026-33937</ins> CRITICAL</summary>

`npm-handlebars >= 4.0.0, <= 4.7.8` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-33937</ins> **CRITICAL** remediate by: 2026-04-26T22:19:27.887Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/163

> <details><summary>Related URLs</summary>
> 
> - https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q
> - https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2
> - https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9
> - https://nvd.nist.gov/vuln/detail/CVE-2026-33937
> - https://github.com/advisories/GHSA-2w6w-674q-4c4q
> 
> </details>

</details>

<details><summary>FIXED <code>npm-handlebars >= 4.0.0, <= 4.7.8</code> <ins>CVE-2026-33941</ins> HIGH</summary>

`npm-handlebars >= 4.0.0, <= 4.7.8` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-33941</ins> **HIGH** remediate by: 2026-04-26T22:19:28.149Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/167

> <details><summary>Related URLs</summary>
> 
> - https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf
> - https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2
> - https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9
> - https://nvd.nist.gov/vuln/detail/CVE-2026-33941
> - https://github.com/advisories/GHSA-xjpj-3mr7-gcpf
> 
> </details>

</details>

<details><summary>FIXED <code>npm-handlebars >= 4.0.0, <= 4.7.8</code> <ins>CVE-2026-33938</ins> HIGH</summary>

`npm-handlebars >= 4.0.0, <= 4.7.8` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-33938</ins> **HIGH** remediate by: 2026-04-26T22:19:28.149Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/164

> <details><summary>Related URLs</summary>
> 
> - https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r
> - https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2
> - https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9
> - https://nvd.nist.gov/vuln/detail/CVE-2026-33938
> - https://github.com/advisories/GHSA-3mfm-83xf-c92r
> 
> </details>

</details>

<details><summary>FIXED <code>npm-handlebars >= 4.0.0, <= 4.7.8</code> <ins>CVE-2026-33940</ins> HIGH</summary>

`npm-handlebars >= 4.0.0, <= 4.7.8` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-33940</ins> **HIGH** remediate by: 2026-04-26T22:19:28.149Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/166

> <details><summary>Related URLs</summary>
> 
> - https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6
> - https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2
> - https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9
> - https://nvd.nist.gov/vuln/detail/CVE-2026-33940
> - https://github.com/advisories/GHSA-xhpv-hc6g-r9c6
> 
> </details>

</details>

<details><summary>FIXED <code>npm-handlebars >= 4.0.0, <= 4.7.8</code> <ins>CVE-2026-33939</ins> HIGH</summary>

`npm-handlebars >= 4.0.0, <= 4.7.8` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-33939</ins> **HIGH** remediate by: 2026-04-26T22:19:28.149Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/165

> <details><summary>Related URLs</summary>
> 
> - https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff
> - https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2
> - https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9
> - https://nvd.nist.gov/vuln/detail/CVE-2026-33939
> - https://github.com/advisories/GHSA-9cx6-37pm-9jff
> 
> </details>

</details>

<details><summary>FIXED <code>npm-handlebars >= 4.0.0, <= 4.7.8</code> <ins>GHSA-442j-39wm-28r2</ins> LOW</summary>

`npm-handlebars >= 4.0.0, <= 4.7.8` CODE_REPOSITORY/commercelayer-react-components <ins>GHSA-442j-39wm-28r2</ins> **LOW** remediate by: 2026-06-27T22:22:40.282Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/169

> <details><summary>Related URLs</summary>
> 
> - https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2
> - https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2
> - https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9
> - https://github.com/advisories/GHSA-442j-39wm-28r2
> 
> </details>

</details>

<details><summary>FIXED <code>npm-handlebars >= 4.0.0, < 4.7.9</code> <ins>CVE-2026-33916</ins> MEDIUM</summary>

`npm-handlebars >= 4.0.0, < 4.7.9` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-33916</ins> **MEDIUM** remediate by: 2026-05-26T06:15:32.686Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/160

> <details><summary>Related URLs</summary>
> 
> - https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9
> - https://nvd.nist.gov/vuln/detail/CVE-2021-23369
> - https://nvd.nist.gov/vuln/detail/CVE-2021-23383
> - https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2
> - https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9
> - https://nvd.nist.gov/vuln/detail/CVE-2026-33916
> - https://github.com/advisories/GHSA-2qvq-rjwj-gvw9
> 
> </details>

</details>

<details><summary>FIXED <code>npm-yaml >= 2.0.0, < 2.8.3</code> <ins>CVE-2026-33532</ins> MEDIUM</summary>

`npm-yaml >= 2.0.0, < 2.8.3` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-33532</ins> **MEDIUM** remediate by: 2026-05-26T06:15:32.686Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/161

> <details><summary>Related URLs</summary>
> 
> - https://github.com/eemeli/yaml/security/advisories/GHSA-48c2-rrv3-qjmp
> - https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b
> - https://github.com/eemeli/yaml/releases/tag/v1.10.3
> - https://github.com/eemeli/yaml/releases/tag/v2.8.3
> - https://nvd.nist.gov/vuln/detail/CVE-2026-33532
> - https://github.com/advisories/GHSA-48c2-rrv3-qjmp
> 
> </details>

</details>

<details><summary>FIXED <code>npm-brace-expansion >= 4.0.0, < 5.0.5</code> <ins>CVE-2026-33750</ins> MEDIUM</summary>

`npm-brace-expansion >= 4.0.0, < 5.0.5` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-33750</ins> **MEDIUM** remediate by: 2026-05-26T22:19:28.497Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/162

> <details><summary>Related URLs</summary>
> 
> - https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v
> - https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113
> - https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184
> - https://github.com/juliangruber/brace-expansion/issues/98
> - https://github.com/juliangruber/brace-expansion/pull/95
> - https://github.com/juliangruber/brace-expansion/pull/96
> - https://github.com/juliangruber/brace-expansion/pull/97
> - https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5
> - https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2
> - https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a
> - https://nvd.nist.gov/vuln/detail/CVE-2026-33750
> - https://github.com/advisories/GHSA-f886-m6hf-6m8v
> 
> </details>

</details>

<details><summary>FIXED <code>npm-brace-expansion >= 2.0.0, < 2.0.3</code> <ins>CVE-2026-33750</ins> MEDIUM</summary>

`npm-brace-expansion >= 2.0.0, < 2.0.3` CODE_REPOSITORY/commercelayer-react-components <ins>CVE-2026-33750</ins> **MEDIUM** remediate by: 2026-05-28T22:22:39.992Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/168

> <details><summary>Related URLs</summary>
> 
> - https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v
> - https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113
> - https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184
> - https://github.com/juliangruber/brace-expansion/issues/98
> - https://github.com/juliangruber/brace-expansion/pull/95
> - https://github.com/juliangruber/brace-expansion/pull/96
> - https://github.com/juliangruber/brace-expansion/pull/97
> - https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5
> - https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2
> - https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a
> - https://nvd.nist.gov/vuln/detail/CVE-2026-33750
> - https://github.com/advisories/GHSA-f886-m6hf-6m8v
> 
> </details>

</details>

<details><summary>FIXED <code>npm-handlebars >= 4.6.0, <= 4.7.8</code> <ins>GHSA-7rx3-28cr-v5wh</ins> MEDIUM</summary>

`npm-handlebars >= 4.6.0, <= 4.7.8` CODE_REPOSITORY/commercelayer-react-components <ins>GHSA-7rx3-28cr-v5wh</ins> **MEDIUM** remediate by: 2026-05-28T22:22:39.992Z
- https://github.com/commercelayer/commercelayer-react-components/security/dependabot/170

> <details><summary>Related URLs</summary>
> 
> - https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh
> - https://github.com/advisories/GHSA-765h-qjxv-5f44
> - https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9
> - https://github.com/advisories/GHSA-7rx3-28cr-v5wh
> 
> </details>

</details>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[VANTA] [VULNERABILITY] <HIGH> CVE-2026-2950, CVE-2026-33671, CVE-2026-33672 and others, fix before 2026-04-29 #746

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

[VANTA] [VULNERABILITY] <HIGH> CVE-2026-2950, CVE-2026-33671, CVE-2026-33672 and others, fix before 2026-04-29 #746

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions