{"package":"cachethq/cachet","ecosystem":"composer","latest_version":"v2.4.1","description":"An open source status page system, for everyone.","license":"BSD-3-Clause","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"","repository":"https://github.com/cachethq/cachet","downloads_weekly":0,"health":{"score":29,"risk":"critical","breakdown":{"maintenance":0,"popularity":0,"security":10,"maturity":15,"community":4},"deprecated":false,"max_score":100},"vulnerabilities":{"count":3,"critical":0,"high":3,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2021-39174","severity":"high","summary":"Cachet configuration leak","affected_versions":"<2.5.1|=v0.1.0-alpha|=v1.0.0|=v1.1.0|=v1.1.1|=v1.2.0|=v1.2.1|=v2.0.0|=v2.0.0-RC1|=v2.0.0-RC2|=v2.0.0-RC3|=v2.0.0-RC4|=v2.0.0-RC5|=v2.0.0-beta1|=v2.0.0-beta2|=v2.0.1|=v2.0.2|=v2.0.3|=v2.0.4|=v2.1.0|=v2.1.0-RC1|=v2.1.0-RC2|=v2.1.1|=v2.1.2|=v2.2.0|=v2.2.0-RC1|=v2.2.1|=v2.2.2|=v2.2.3|=v2.2.4|=v2.3.0|=v2.3.0-RC1|=v2.3.0-RC2|=v2.3.0-RC3|=v2.3.0-RC4|=v2.3.0-RC5|=v2.3.0-RC6|=v2.3.1|=v2.3.10|=v2.3.11|=v2.3.12|=v2.3.13|=v2.3.14|=v2.3.15|=v2.3.16|=v2.3.17|=v2.3.18|=v2.3.2|=v2.3.3|=v2.3.4|=v2.3.5|=v2.3.6|=v2.3.7|=v2.3.8|=v2.3.9|=v2.4.0|=v2.4.1","fixed_version":"2.5.1","source":"osv","published_at":"2021-08-30T16:11:43Z","in_kev":false,"epss_prob":0.52426,"epss_percentile":0.97943,"threat_tier":"likely_exploited"},{"vuln_id":"CVE-2021-39172","severity":"high","summary":"Cachet vulnerable to new line injection during configuration edition","affected_versions":"<2.5.1|=v0.1.0-alpha|=v1.0.0|=v1.1.0|=v1.1.1|=v1.2.0|=v1.2.1|=v2.0.0|=v2.0.0-RC1|=v2.0.0-RC2|=v2.0.0-RC3|=v2.0.0-RC4|=v2.0.0-RC5|=v2.0.0-beta1|=v2.0.0-beta2|=v2.0.1|=v2.0.2|=v2.0.3|=v2.0.4|=v2.1.0|=v2.1.0-RC1|=v2.1.0-RC2|=v2.1.1|=v2.1.2|=v2.2.0|=v2.2.0-RC1|=v2.2.1|=v2.2.2|=v2.2.3|=v2.2.4|=v2.3.0|=v2.3.0-RC1|=v2.3.0-RC2|=v2.3.0-RC3|=v2.3.0-RC4|=v2.3.0-RC5|=v2.3.0-RC6|=v2.3.1|=v2.3.10|=v2.3.11|=v2.3.12|=v2.3.13|=v2.3.14|=v2.3.15|=v2.3.16|=v2.3.17|=v2.3.18|=v2.3.2|=v2.3.3|=v2.3.4|=v2.3.5|=v2.3.6|=v2.3.7|=v2.3.8|=v2.3.9|=v2.4.0|=v2.4.1","fixed_version":"2.5.1","source":"osv","published_at":"2021-08-30T16:11:24Z","in_kev":false,"epss_prob":0.5554,"epss_percentile":0.98089,"threat_tier":"likely_exploited"},{"vuln_id":"CVE-2021-39173","severity":"high","summary":"Cachet vulnerable to forced reinstall","affected_versions":"<2.5.1|=v0.1.0-alpha|=v1.0.0|=v1.1.0|=v1.1.1|=v1.2.0|=v1.2.1|=v2.0.0|=v2.0.0-RC1|=v2.0.0-RC2|=v2.0.0-RC3|=v2.0.0-RC4|=v2.0.0-RC5|=v2.0.0-beta1|=v2.0.0-beta2|=v2.0.1|=v2.0.2|=v2.0.3|=v2.0.4|=v2.1.0|=v2.1.0-RC1|=v2.1.0-RC2|=v2.1.1|=v2.1.2|=v2.2.0|=v2.2.0-RC1|=v2.2.1|=v2.2.2|=v2.2.3|=v2.2.4|=v2.3.0|=v2.3.0-RC1|=v2.3.0-RC2|=v2.3.0-RC3|=v2.3.0-RC4|=v2.3.0-RC5|=v2.3.0-RC6|=v2.3.1|=v2.3.10|=v2.3.11|=v2.3.12|=v2.3.13|=v2.3.14|=v2.3.15|=v2.3.16|=v2.3.17|=v2.3.18|=v2.3.2|=v2.3.3|=v2.3.4|=v2.3.5|=v2.3.6|=v2.3.7|=v2.3.8|=v2.3.9|=v2.4.0|=v2.4.1","fixed_version":"2.5.1","source":"osv","published_at":"2021-08-30T16:11:33Z","in_kev":false,"epss_prob":0.037,"epss_percentile":0.87987,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":2},"versions":{"latest":"v2.4.1","total_count":56,"recent":["v2.4.1","v2.4.0","v2.3.18","v2.3.17","v2.3.16","v2.3.15","v2.3.14","v2.3.13","v2.3.12","v2.3.11","v2.3.10","v2.3.9","v2.3.8","v2.3.7","v2.3.6","v2.3.5","v2.3.4","v2.3.3","v2.3.2","v2.3.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":3,"first_published":null,"last_published":"2023-11-07T21:30:09+00:00","dependencies_count":27,"dependencies":["php","ext-mbstring","ext-openssl","ext-xml","alt-three/bus","cachethq/badger","cachethq/emoji","cachethq/twitter","alt-three/validator","aws/aws-sdk-php","barryvdh/laravel-cors","bugsnag/bugsnag-laravel","chillerlan/php-qrcode","doctrine/dbal","fideloper/proxy","graham-campbell/binput","graham-campbell/exceptions","graham-campbell/markdown","guzzlehttp/guzzle","jenssegers/date","laravel/framework","laravel/tinker","mccool/laravel-auto-presenter","nexmo/client","pragmarx/google2fa","predis/predis","twig/twig"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Low health score (29/100)","3 high severity vulnerabilities"],"use_version":"v2.4.1","version_hint":"Update to >= 2.5.1 to fix known vulnerabilities","summary":"cachethq/cachet@v2.4.1 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":903,"avg_days_between_releases":null,"release_velocity":"stale"}}