{
"name": "demo-app",
"version": "1.0.0",
"dependencies": {
"vulnLib": "1.2.3"
}
}
// LATENT: Library declared in package.json but not imported nor used
console.log("Hello world");
// POTENTIAL: Library imported but vulnerable function not used
import vulnLib from 'vulnLib',
console.log("Library loaded but dangerous function not used")
// REACHABLE: Library imported and vulnerable function is used
import vulnLib from 'vulnLib',
vulnLib.dangerousFunction(); // <- Risk activated// REACHABLE: Library imported and vulnerable function is used
// REACHABLE: Library imported and vulnerable function is used
vuln-lib==1.2.3
# LATENT: Library declared in requirements.txt but not imported nor used
print("Hello world")
# POTENTIAL: Library imported but vulnerable function not used
import vuln_lib
print("Library loaded but dangerous function not used")
# REACHABLE: Library imported and vulnerable function is used
import vuln_lib
vuln_lib.dangerousFunction() # <- Risk activated// REACHABLE: Library imported and vulnerable function is used
// REACHABLE: Library imported and vulnerable function is used
Language
|
CVE IDs
|
Methods
|
C#
|
2
|
|
Dart
|
1
|
|
Go
|
1
|
|
Java
|
4
|
|
JavaScript
|
41
|
|
Kotlin
|
1
|
|
PHP
|
1
|
|
Python
|
5
|
|
Ruby
|
1
|
|
Scala
|
1
|
|
Swift
|
1
|
|
TypeScript
|
|
41
|
|
Total methods
|
100
|