According to page GHSA-5cjr-mxj5-wmrx the CVE CVE-2026-49289 is fixed in v4.19.3.
Same applies for CVE-2026-49283, see GHSA-6929-8p9f-26jx
But there is no mentioning of these fixes on GHSA-5cjr-mxj5-wmrx and GHSA-6929-8p9f-26jx
After updating the package to v4.19.3 in our project both CVE's are still reported by the OSV Scanner
Should v4.19.3 be added to both pages GHSA-5cjr-mxj5-wmrx and GHSA-6929-8p9f-26jx?
If so can this be done?
According to page GHSA-5cjr-mxj5-wmrx the CVE CVE-2026-49289 is fixed in v4.19.3.
Same applies for CVE-2026-49283, see GHSA-6929-8p9f-26jx
But there is no mentioning of these fixes on GHSA-5cjr-mxj5-wmrx and GHSA-6929-8p9f-26jx
After updating the package to v4.19.3 in our project both CVE's are still reported by the OSV Scanner
Should v4.19.3 be added to both pages GHSA-5cjr-mxj5-wmrx and GHSA-6929-8p9f-26jx?
If so can this be done?