whistle.combo (>=1.0.0 <=1.0.2) potentially affected by CVE-2018-16474 via tianma-static (=1.0.4)
tianma-static NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on tianma-static and may be impacted: - whistle.combo =1.0.0, =1.0.2 Source cves: CVE-2018-16474 Source advisory: OSV:GHSA-JHGP-HVJ6-X2P2...