[PM-34543] Add owner email to share data by Thomas-Avery · Pull Request #19927 · bitwarden/clients

Thomas-Avery · 2026-04-01T19:53:35Z

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-34543

📔 Objective

Adds receive owner email to share data response.

Needs server PR bitwarden/server#7377

…ive/add-owner-email-to-share

codecov · 2026-04-01T20:04:09Z

Codecov Report

❌ Patch coverage is 0% with 8 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (PM-33889-Innovation-sprint-Bitwarden-Receive@b475d65). Learn more about missing BASE report.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...app/tools/receive/receive-file-upload.component.ts	0.00%	4 Missing ⚠️
...ve/models/response/receive-shared-data.response.ts	0.00%	4 Missing ⚠️

Additional details and impacted files

@@                               Coverage Diff                               @@
##             PM-33889-Innovation-sprint-Bitwarden-Receive   #19927   +/-   ##
===============================================================================
  Coverage                                                ?   46.38%           
===============================================================================
  Files                                                   ?     3861           
  Lines                                                   ?   114892           
  Branches                                                ?    17510           
===============================================================================
  Hits                                                    ?    53290           
  Misses                                                  ?    59174           
  Partials                                                ?     2428

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

github-actions · 2026-04-01T20:06:19Z

Checkmarx One – Scan Summary & Details – 02d654c1-c081-462c-8600-b0ed760d596d

New Issues (218)

Checkmarx found the following issues in this Pull Request

#	Issue	Source File / Package	Checkmarx Insight
1	CVE-2024-40643	Npm-htmlparser2-3.10.1	details Recommended version: 5.0.0 Description: Joplin is a free, open-source note-taking and to-do application. Joplin fails to consider that "<" followed by a non-letter character will not be c... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
2	CVE-2026-0905	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Insufficient policy enforcement in the Network in Google Chrome prior to 144.0.7559.59 allowed an attacker who obtained a network log file to poten... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3	CVE-2026-0906	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4	CVE-2026-0907	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
5	CVE-2026-1525	Npm-undici-7.16.0	details Recommended version: 7.24.0 Description: Undici versions prior to 6.24.0 and 7.0.x prior to 7.24.0 allow duplicate HTTPContent-Length headers when they are provided in an array with case-v... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
6	CVE-2026-25547	Npm-@isaacs/brace-expansion-5.0.0	details Recommended version: 5.0.1 Description: @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
7	CVE-2026-3061	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Out-of-bounds Read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafte... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
8	CVE-2026-3062	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Out-of-bounds Read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory acce... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
9	CVE-2026-33937	Npm-handlebars-4.7.8	details Recommended version: 4.7.9 Description: Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pr... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
10	CVE-2026-3545	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox esca... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
11	CVE-2026-3916	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Out-of-bounds Read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a cr... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
12	Absolute_Path_Traversal	/apps/cli/src/oss-serve-configurator.ts: 332	details Method Lambda at line 332 of /apps/cli/src/oss-serve-configurator.ts gets dynamic data from the query element. This element’s value then flows ... Attack Vector
13	Absolute_Path_Traversal	/apps/cli/src/oss-serve-configurator.ts: 364	details Method Lambda at line 364 of /apps/cli/src/oss-serve-configurator.ts gets dynamic data from the query element. This element’s value then flows ... Attack Vector
14	Absolute_Path_Traversal	/apps/cli/src/oss-serve-configurator.ts: 332	details Method Lambda at line 332 of /apps/cli/src/oss-serve-configurator.ts gets dynamic data from the query element. This element’s value then flows ... Attack Vector
15	Absolute_Path_Traversal	/apps/cli/src/oss-serve-configurator.ts: 364	details Method Lambda at line 364 of /apps/cli/src/oss-serve-configurator.ts gets dynamic data from the query element. This element’s value then flows ... Attack Vector
16	CVE-2025-13630	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
17	CVE-2025-13631	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform Privilege Escala... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
18	CVE-2025-13633	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Use After Free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
19	CVE-2025-13638	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Use After Free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a craft... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
20	CVE-2025-13639	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a craf... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
21	CVE-2025-13720	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploi... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
22	CVE-2025-13721	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
23	CVE-2025-14174	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory acce... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
24	CVE-2025-14765	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HT... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
25	CVE-2025-14766	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
26	CVE-2025-59343	Npm-tar-fs-2.1.3	details Recommended version: 2.1.4 Description: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.4, and 1.16.6 are vulnerable to symlink validation bypass if the d... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
27	CVE-2025-64756	Npm-glob-10.4.5	details Recommended version: 10.5.0 Description: Glob matches files using patterns the shell uses. In versions 10.2.0 prior to 10.5.0 and 11.0.0 prior to 11.1.0, the glob CLI contains a command in... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
28	CVE-2025-64756	Npm-glob-11.0.3	details Recommended version: 11.1.0 Description: Glob matches files using patterns the shell uses. In versions 10.2.0 prior to 10.5.0 and 11.0.0 prior to 11.1.0, the glob CLI contains a command in... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
29	CVE-2025-66414	Npm-@modelcontextprotocol/sdk-1.17.3	details Recommended version: 1.26.0 Description: MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol (MCP)... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
30	CVE-2026-0621	Npm-@modelcontextprotocol/sdk-1.17.3	details Recommended version: 1.26.0 Description: Anthropic's MCP TypeScript SDK versions through 1.25.1 contain a Regular Expression Denial-of-Service (ReDoS) vulnerability in the "UriTemplate" cl... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
31	CVE-2026-0628	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malic... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
32	CVE-2026-0899	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
33	CVE-2026-0900	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
34	CVE-2026-0902	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
35	CVE-2026-0908	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Use-after-free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
36	CVE-2026-1526	Npm-undici-7.16.0	details Recommended version: 7.24.0 Description: The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. W... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
37	CVE-2026-1528	Npm-undici-7.16.0	details Recommended version: 7.24.0 Description: ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
38	CVE-2026-1861	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Heap Buffer Overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a craf... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
39	CVE-2026-1862	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
40	CVE-2026-22036	Npm-undici-7.16.0	details Recommended version: 7.24.0 Description: Undici is an HTTP/1.1 client for Node.js. In Undici versions prior to 6.23.0 and 7.x prior to 7.18.2, the number of links in the decompression chai... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
41	CVE-2026-2229	Npm-undici-7.16.0	details Recommended version: 7.24.0 Description: Impact: The undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of theserver_max_window_bitsparameter in... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
42	CVE-2026-2313	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Use After Free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
43	CVE-2026-2314	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Heap Buffer Overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a craft... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
44	CVE-2026-2315	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memor... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
45	CVE-2026-2319	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and insta... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
46	CVE-2026-2321	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
47	CVE-2026-2359	Npm-multer-2.0.2	details Recommended version: 2.1.1 Description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
48	CVE-2026-23745	Npm-tar-7.5.2	details Recommended version: 7.5.11 Description: node-tar is a Tar for Node.js. The node-tar library versions through 7.5.2 fail to sanitize the "linkpath" of Link (hardlink) and Symbolic Link ent... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
49	CVE-2026-23745	Npm-tar-6.2.1	details Recommended version: 7.5.11 Description: node-tar is a Tar for Node.js. The node-tar library versions through 7.5.2 fail to sanitize the "linkpath" of Link (hardlink) and Symbolic Link ent... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
50	CVE-2026-23745	Npm-tar-7.4.3	details Recommended version: 7.5.11 Description: node-tar is a Tar for Node.js. The node-tar library versions through 7.5.2 fail to sanitize the "linkpath" of Link (hardlink) and Symbolic Link ent... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
51	CVE-2026-2441	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Use After Free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HT... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
52	CVE-2026-24842	Npm-tar-7.5.2	details Recommended version: 7.5.11 Description: node-tar, a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
53	CVE-2026-24842	Npm-tar-6.2.1	details Recommended version: 7.5.11 Description: node-tar, a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
54	CVE-2026-24842	Npm-tar-7.4.3	details Recommended version: 7.5.11 Description: node-tar, a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
55	CVE-2026-25536	Npm-@modelcontextprotocol/sdk-1.17.3	details Recommended version: 1.26.0 Description: MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 through 1.25.3, cross-client ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
56	CVE-2026-25639	Npm-axios-1.13.2	details Recommended version: 1.13.5 Description: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
57	CVE-2026-2648	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Heap Buffer Overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a cr... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
58	CVE-2026-2649	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Integer Overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
59	CVE-2026-2650	Npm-electron-39.2.6	details Recommended version: 41.0.3 Description: Heap Buffer Overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a craft... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
60	CVE-2026-26960	Npm-tar-7.4.3	details Recommended version: 7.5.11 Description: "tar.extract()" in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outsid... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
61	CVE-2026-26960	Npm-tar-6.2.1	details Recommended version: 7.5.11 Description: "tar.extract()" in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outsid... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
62	CVE-2026-26960	Npm-tar-7.5.2	details Recommended version: 7.5.11 Description: "tar.extract()" in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outsid... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
63	CVE-2026-26996	Npm-minimatch-10.1.1	details Recommended version: 10.2.3 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions prior to 3.1.3, 4.0.0 prior to 4.2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
64	CVE-2026-26996	Npm-minimatch-5.1.6	details Recommended version: 5.1.8 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions prior to 3.1.3, 4.0.0 prior to 4.2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
65	CVE-2026-26996	Npm-minimatch-10.0.3	details Recommended version: 10.2.3 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions prior to 3.1.3, 4.0.0 prior to 4.2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
66	CVE-2026-26996	Npm-minimatch-9.0.5	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions prior to 3.1.3, 4.0.0 prior to 4.2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
67	CVE-2026-26996	Npm-minimatch-9.0.3	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions prior to 3.1.3, 4.0.0 prior to 4.2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
68	CVE-2026-26996	Npm-minimatch-3.1.2	details Recommended version: 3.1.4 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions prior to 3.1.3, 4.0.0 prior to 4.2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
69	CVE-2026-27606	Npm-rollup-4.52.3	details Recommended version: 4.59.0 Description: Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.0.0 prior to 3.30.0, and 4.0.0 prior to 4.59.0 of the Rollup module bundler ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
70	CVE-2026-27903	Npm-minimatch-3.1.2	details Recommended version: 3.1.4 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
71	CVE-2026-27903	Npm-minimatch-5.1.6	details Recommended version: 5.1.8 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
72	CVE-2026-27903	Npm-minimatch-9.0.5	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
73	CVE-2026-27903	Npm-minimatch-9.0.3	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
74	CVE-2026-27903	Npm-minimatch-10.1.1	details Recommended version: 10.2.3 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
75	CVE-2026-27903	Npm-minimatch-10.0.3	details Recommended version: 10.2.3 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
76	CVE-2026-27904	Npm-minimatch-9.0.5	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
77	CVE-2026-27904	Npm-minimatch-5.1.6	details Recommended version: 5.1.8 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
78	CVE-2026-27904	Npm-minimatch-10.1.1	details Recommended version: 10.2.3 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
79	CVE-2026-27904	Npm-minimatch-9.0.3	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
80	CVE-2026-27904	Npm-minimatch-3.1.2	details Recommended version: 3.1.4 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
81	CVE-2026-27904	Npm-minimatch-10.0.3	details Recommended version: 10.2.3 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
82	CVE-2026-27959	Npm-koa-3.1.1	details Recommended version: 3.1.2 Description: Koa is middleware for Node.js using ES2017 async functions. Prior to versions 2.16.4 and 3.x prior to 3.1.2, Koa's `ctx.hostname` API performs naiv... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
83	CVE-2026-29063	Npm-immutable-5.1.3	details Recommended version: 5.1.5 Description: Immutable.js provides many Persistent Immutable data structures. 3.x prior to versions 3.8.3, 4.x prior to versions 4.3.7, and 5.x prior to versio... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
84	CVE-2026-29074	Npm-svgo-3.3.2	details Recommended version: 3.3.3 Description: SVGO is a Node.js library and command-line application for optimizing SVG files. Versions 2.1.0 through 2.8.0, 3.0.0 through 3.3.2, and versions pr... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
85	CVE-2026-29786	Npm-tar-7.5.2	details Recommended version: 7.5.11 Description: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extractio... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
86	CVE-2026-29786	Npm-tar-7.5.9	details Recommended version: 7.5.11 Description: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extractio... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
87	CVE-2026-29786	Npm-tar-7.4.3	details Recommended version: 7.5.11 Description: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extractio... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
88	CVE-2026-29786	Npm-tar-6.2.1	details Recommended version: 7.5.11 Description: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extractio... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
89	CVE-2026-31802	Npm-tar-7.4.3	details Recommended version: 7.5.11 Description: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extr... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
90	CVE-2026-31802	Npm-tar-7.5.2	details Recommended version: 7.5.11 Description: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extr... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
91	CVE-2026-31802	Npm-tar-6.2.1	details Recommended version: 7.5.11 Description: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extr... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package

More results are available on the CxOne platform

sonarqubecloud · 2026-04-01T20:16:57Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

bw-ghapp · 2026-04-01T20:29:21Z

Changes in this PR impact the Autofill experience of the browser client

BIT has tested the core experience with these changes and the feature flag configuration used by vault.bitwarden.com.

✅ Fortunately, these BIT tests have passed! 🎉

bw-ghapp · 2026-04-01T20:29:33Z

Changes in this PR impact the Autofill experience of the browser client

BIT has tested the core experience with these changes and all feature flags disabled.

✅ Fortunately, these BIT tests have passed! 🎉

Add owner email to share data

b37652f

Thomas-Avery requested a review from a team as a code owner April 1, 2026 19:53

Thomas-Avery self-assigned this Apr 1, 2026

Thomas-Avery removed the request for review from a team April 1, 2026 19:54

Merge branch 'PM-33889-Innovation-sprint-Bitwarden-Receive' into rece…

db4ab40

…ive/add-owner-email-to-share

Thomas-Avery changed the title ~~Add owner email to share data~~ [PM-34543] Add owner email to share data Apr 1, 2026

Add successful file upload

5d212e1

itsadrago approved these changes Apr 1, 2026

View reviewed changes

Thomas-Avery merged commit 8f25b9f into PM-33889-Innovation-sprint-Bitwarden-Receive Apr 1, 2026
129 of 132 checks passed

Thomas-Avery deleted the receive/add-owner-email-to-share branch April 1, 2026 20:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PM-34543] Add owner email to share data#19927

[PM-34543] Add owner email to share data#19927
Thomas-Avery merged 3 commits intoPM-33889-Innovation-sprint-Bitwarden-Receivefrom
receive/add-owner-email-to-share

Thomas-Avery commented Apr 1, 2026 •

edited

Loading

Uh oh!

codecov bot commented Apr 1, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Apr 1, 2026 •

edited

Loading

Uh oh!

sonarqubecloud bot commented Apr 1, 2026

Uh oh!

bw-ghapp bot commented Apr 1, 2026

Uh oh!

bw-ghapp bot commented Apr 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

Thomas-Avery commented Apr 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🎟️ Tracking

📔 Objective

Uh oh!

codecov bot commented Apr 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

github-actions bot commented Apr 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sonarqubecloud bot commented Apr 1, 2026

Quality Gate passed

Uh oh!

bw-ghapp bot commented Apr 1, 2026

Changes in this PR impact the Autofill experience of the browser client

Uh oh!

bw-ghapp bot commented Apr 1, 2026

Changes in this PR impact the Autofill experience of the browser client

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Thomas-Avery commented Apr 1, 2026 •

edited

Loading

codecov bot commented Apr 1, 2026 •

edited

Loading

github-actions bot commented Apr 1, 2026 •

edited

Loading