JavaScript Dependency Vulnerability Checker

Find outdated jQuery, Bootstrap and other libraries with known CVEs on your site.

Most websites load a handful of front-end JavaScript libraries — jQuery, Bootstrap, Lodash, Moment.js, Angular — and most of them are out of date. An old library version with a published CVE is one of the easiest things for an attacker to exploit, because the vulnerability is public, the code is right there in the page, and nobody remembers to upgrade it. A dependency vulnerability checker reads the libraries your page actually loads, works out their versions, and tells you which ones carry known security issues.

What it checks
  • The front-end JavaScript libraries your page loads and their exact versions
  • Known vulnerabilities (CVEs) affecting those versions — XSS, prototype pollution, ReDoS, RCE and more
  • The severity of each issue and the version that fixes it
  • Common libraries including jQuery, jQuery UI, Bootstrap, AngularJS, Lodash, Moment.js, Handlebars, Axios and others
  • New vulnerable dependencies introduced since the last check

Why it matters

Client-side libraries run in your visitors' browsers, so a vulnerable one can be turned against the people who trust your site — stealing sessions through XSS, polluting prototypes, or worse. These flaws are public knowledge the moment the CVE is published, and automated scanners look for them across the whole web. Because a library can fall out of date simply by sitting there while a new CVE is disclosed, a page that was clean last month can be vulnerable today — which is why ongoing checking matters.

How BrandSentryPro does it

Add your site as a monitor and BrandSentryPro loads the page, identifies the JavaScript libraries it references and their versions, and matches each one against a database of known vulnerabilities. It grades the page by the most serious issue found, lists every detected library, and re-checks over time — alerting you when a newly vulnerable dependency appears so you can upgrade before it is exploited.

Frequently asked questions

What is a dependency vulnerability?
It is a known security flaw in a third-party library your site uses. When the library publishes a fix, the vulnerability and the affected versions become public (as a CVE). Any site still running an affected version is exposed until it upgrades.
How do you detect which libraries my site uses?
We load your page and read the JavaScript files it references, identifying well-known libraries and their versions from the script URLs — the same approach as tools like Retire.js. Note that code bundled or minified by a build tool often has no version marker and cannot be detected from the outside.
How do I fix a vulnerable dependency?
Upgrade the library to the fixed version (or later) shown in the report. For libraries loaded from a CDN that usually means updating the version in the URL; for bundled dependencies, update the package and rebuild. Then re-scan to confirm the issue is gone.

Related checkers

All in one place

Run this check automatically

Add a monitor and BrandSentryPro keeps every check running for you — with alerts the moment something needs attention.

Get started