CPT FAQ: Using components with known vulnerabilities ServiceNow recognizes the importance of maintaining third party client-side libraries per the OWASP Top 10 security risk category "A9: Using Components With Known Vulnerabilities". To help measure and mitigate risk, ServiceNow utilizes Software Composition Analysis (SCA) tools within its secure development lifecycle. Additional details be found in the "Application Vulnerability Management SOP" accessible via the CORE document repository: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0564067 In some occurrences, ServiceNow maintains libraries which no longer receive support in their respective open-source projects. This is done to maintain API compatibility for custom app development in use by customers. If you come across a vulnerability that is not mitigated by our strategy, please let us know and we will review promptly.