[VANTA] [VULNERABILITY] <HIGH> CVE-2026-41305, CVE-2026-41907, CVE-2026-44728 and others, fix before 2026-06-08

[commercelayer-ci]

Important

CLOSE THE ISSUE ONLY IF YOU PLAN TO DEPLOY THE FIX BEFORE THE DEADLINE IN THE TITLE.

DO NOT MANUALLY MODIFY THE ISSUE TITLE OR TEXT BODY.

npm-fast-uri <= 3.1.0 CODE_REPOSITORY/commercelayer-react-components CVE-2026-6321 HIGH remediate by: 2026-06-08T03:55:38.092Z

• https://github.com/commercelayer/commercelayer-react-components/security/dependabot/196

Related URLs

• GHSA-q3j6-qgpj-74h6
• https://nvd.nist.gov/vuln/detail/CVE-2026-6321
• https://cna.openjsf.org/security-advisories.html
• GHSA-q3j6-qgpj-74h6

npm-fast-uri <= 3.1.1 CODE_REPOSITORY/commercelayer-react-components CVE-2026-6322 HIGH remediate by: 2026-06-08T03:55:38.092Z

• https://github.com/commercelayer/commercelayer-react-components/security/dependabot/197

Related URLs

• GHSA-v39h-62p7-jpjc
• https://nvd.nist.gov/vuln/detail/CVE-2026-6322
• https://cna.openjsf.org/security-advisories.html
• GHSA-v39h-62p7-jpjc

npm-@babel/plugin-transform-modules-systemjs >= 7.12.0, <= 7.29.3 CODE_REPOSITORY/commercelayer-react-components CVE-2026-44728 HIGH remediate by: 2026-06-08T19:53:06.785Z

• https://github.com/commercelayer/commercelayer-react-components/security/dependabot/198

Related URLs

• GHSA-fv7c-fp4j-7gwp
• GHSA-fv7c-fp4j-7gwp

npm-js-cookie <= 3.0.5 CODE_REPOSITORY/commercelayer-react-components CVE-2026-46625 HIGH remediate by: 2026-06-21T05:28:39.074Z

• https://github.com/commercelayer/commercelayer-react-components/security/dependabot/202

Related URLs

• GHSA-qjx8-664m-686j
• GHSA-qjx8-664m-686j

npm-postcss < 8.5.10 CODE_REPOSITORY/commercelayer-react-components CVE-2026-41305 MEDIUM remediate by: 2026-06-26T11:09:35.270Z

• https://github.com/commercelayer/commercelayer-react-components/security/dependabot/186

Related URLs

• GHSA-qx2v-qp2m-jg93
• https://nvd.nist.gov/vuln/detail/CVE-2026-41305
• https://github.com/postcss/postcss/releases/tag/8.5.10
• GHSA-qx2v-qp2m-jg93

npm-qs >= 6.11.1, <= 6.15.1 CODE_REPOSITORY/commercelayer-react-components CVE-2026-8723 MEDIUM remediate by: 2026-07-22T19:40:43.361Z

• https://github.com/commercelayer/commercelayer-react-components/security/dependabot/203

Related URLs

• GHSA-q8mj-m7cp-5q26
• https://nvd.nist.gov/vuln/detail/CVE-2026-8723
• ljharb/qs@21f80b3
• GHSA-q8mj-m7cp-5q26

npm-uuid < 11.1.1 CODE_REPOSITORY/commercelayer-react-components CVE-2026-41907 MEDIUM remediate by: 2026-07-23T03:44:40.917Z

• https://github.com/commercelayer/commercelayer-react-components/security/dependabot/204

Related URLs

• GHSA-w5hq-g745-h8pq
• uuidjs/uuid@3d2c5b0
• https://github.com/uuidjs/uuid/releases/tag/v14.0.0
• https://nvd.nist.gov/vuln/detail/CVE-2026-41907
• uuidjs/uuid@32389c8
• uuidjs/uuid@3d61d6a
• uuidjs/uuid@9d27ddf
• https://github.com/uuidjs/uuid/releases/tag/v11.1.1
• https://github.com/uuidjs/uuid/releases/tag/v12.0.1
• https://github.com/uuidjs/uuid/releases/tag/v13.0.1
• GHSA-w5hq-g745-h8pq