New Finding Detected

6803

Unique identifier for the workflow execution

9

Unique identifier for the workflow definition

demo

Tenant identifier where the event originated

h4r>>github>>github_repository>>acme-demo>>feature-flags

Heeler resource identifier for the repository

911836241

Repository numeric identifier

https://github.com/acme-demo/feature-flags

Repository URL

3981594

Unique identifier for the finding within Heeler

30055

Identifier of the code root (module or artifact) where the finding was detected

CVE-2025-68458

Public vulnerability identifier associated with this finding

25398897

Internal reference ID linking to the vulnerability record

webpack

Name of the vulnerable package or dependency

5.93.0

Version of the package that is vulnerable

LOW

Normalized severity level of the finding

2026-02-08T07:34:26.414955

Timestamp when the finding was first created

2026-02-08T07:34:26.414956

Timestamp when the finding was last updated

2

The Heeler Risk:

2

Original risk score before adjustments or recalculation

3

Business impact score assigned to the finding

3

Optional tier or classification assigned to the finding

Production

Highest impact deployment environment associated with the finding

3

Environment-specific impact score

true

Indicates whether the vulnerability is exploitable

true

Indicates whether the affected resource is internet accessible

true

Indicates whether the finding was observed at runtime

false

Indicates whether the finding has been mitigated

2

Indicates evidence of active compromise

true

Indicates whether this finding can be chained with others

1

Threat impact score used in overall risk calculation

1

Exploit signal (when present)

3925049

Dependency version where the vulnerability was introduced

4.5

Dependency version where the vulnerability was fixed

null

Reason the finding was marked as fixed

2026-02-08T07:34:26.414956

Timestamp when the vulnerability was fixed

f8f62683228a034f32be4722163f94166473d64f

Commit or changeset that fixed the vulnerability

[email protected]

Committer responsible for the fix

2026-02-08T07:34:26.414956

Earliest deployment timestamp containing the fix

2026-02-08T07:34:26.414956

Latest deployment timestamp containing the fix

2026-02-08T07:34:26.414956

Timestamp when the finding was fully remediated

2026-02-05T23:15:53.940000

Timestamp when the remediation SLO clock started (when available)

2026-04-06T23:15:53.940000

SLA/SLO due date for remediation

2026-04-06T23:15:53.940000

Original SLA/SLO due date before changes

null

Indicates whether the SLO is overridden (when applicable)

false

Indicates whether the finding can be automatically fixed

false

Indicates whether the finding was automatically fixed

{}

Additional structured metadata or notes attached to the finding

[]

List of mitigation records applied to the finding (when present)

null

Override value for mitigation status (when applicable)

https://demo.heeler.com/.../code_findings/3981594

Direct link to the finding in the Heeler UI

3925049

Unique identifier for the dependency version

30055

Code root identifier where this dependency version was observed

webpack

Dependency name

5.93.0

Dependency version number

5.93.0

Declared version constraint from the manifest/lockfile (when available)

true

Indicates the dependency was detected in source code

true

Indicates the dependency was observed at runtime

2025-11-26T01:39:11

Timestamp when the dependency was introduced

e2c3b83abc...

Commit that introduced the dependency

[email protected]

Committer who introduced the dependency

["-1","-1"]

Line numbers associated with introduction (when available; -1 may indicate unknown)

2025-11-26T01:39:53.785840

First time the dependency version was observed

2026-02-08T07:34:25.173466

Most recent observation of the dependency version

2026-01-30T01:47:14

Last known observation timestamp

9de9137039...

Commit where the dependency was last observed

[email protected]

Committer for the last seen commit

["-1","-1"]

Line numbers associated with last observation (when available)

true

Indicates whether the dependency version is currently active/present

true

Indicates whether this is a direct (top-level) dependency

["[email protected]","[email protected]",...]

List of dependencies this dependency version pulls in (when available)

pinned

Indicates whether the dependency version is pinned

911836241

Internal identifier for the repository

acme-demo

Organization that owns the repository

feature-flags

Repository name

acme-demo/feature-flags

Fully qualified repository name

Feature flags for Acme

Repository description (when available)

JavaScript

Primary programming language

main

Default branch of the repository

2025-01-04T01:26:00

Repository creation timestamp

2026-01-30T01:47:18

Last update timestamp

2026-01-30T01:47:42

Timestamp of the most recent push to the repository (when available)

https://github.com/acme-demo/feature-flags

Repository URL

https://github.com/acme-demo/feature-flags.git

Git clone URL

[email protected]:acme-demo/feature-flags.git

SSH clone URL (when available)

true

Indicates whether the repository is private

internal

Visibility level of the repository in Heeler

https://demo.heeler.com/.../repositories/...

Direct link to the repository in the Heeler UI

heeler-demo

Repository owner name/handle (when available)

Organization

Repository owner type (when available)

{"BU":"Engineering"}

Custom repository metadata ingested from the SCM (when available)

[email protected]

Assigned technical lead (when available)

[email protected]

Assigned security lead (when available)

25398897

Unique identifier for the vulnerability record

CVE-2025-68458

Public vulnerability identifier

webpack: webpack buildHttp: allowedUris allow-list bypass...

Human-readable vulnerability title

Webpack is a module bundler... patched in 5.104.1.

Detailed description of the vulnerability

LOW

Reported severity of the vulnerability

ghsa

Source used to determine severity (when available)

3.7

CVSS base score (when available)

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

CVSS vector string (when available)

ghsa

Source used to determine CVSS (when available)

null

EPSS probability score (when available)

2026-02-05T23:15:53.940000

Public disclosure date

2026-02-06T15:14:47.703000

Last time Heeler updated the vulnerability record

["CWE-918"]

Common Weakness Enumeration identifiers

[">=5.49.0, <5.104.1"]

Versions affected by the vulnerability

["5.104.1"]

Versions where the vulnerability is fixed

["https://nvd.nist.gov/...", "https://github.com/..."]

Reference URLs related to the vulnerability (when available)

30055

Unique identifier for the code root

h4r>>github>>github_repository>>heeler-demo>>feature-flags

Repository identifier associated with the code root

Path within the repository (when applicable)

package-lock.json

File where the dependency was detected

npm

Package manager used

npm

Dependency ecosystem

2026-01-30T01:47:14

Commit timestamp for the code root

2025-08-11T23:55:11.539077

Timestamp when the code root record was created

2026-02-08T07:34:24.204491

Timestamp when the code root record was last updated

feature-flags

Artifact or module name (when available)

https://demo.heeler.com/.../modules/30055

Direct link to the module (code root) in Heeler