Please provide supplementary information or consider update for the following vulnerabilities:

Critical vulnerabilities:

• c3p0 : 0.9.5.2 – recommended upgrade to 0.9.5.3
• tomcat-embed-core : 8.5.28 -  have you considered configuring the filter appropriately for your environment?
• angular-sanitize 1.5.0 – in further versions by default, the svgEnabled is set to false, so upgrade should be considered to 1.5+.
• org.webjars.bower angular 1.5.0
• elasticsearch : 2.2.0 – upgrade of Elasticsearch Alerting and Monitoring to versions after 6.4.1 or 5.6.12
• postgresql : 9.1-901-1.jdbc4 – to consider either upgrade or ed by switch the SSL factory back to the default LibPQFactory.
• jetty-util : 9.2.14.v20151106
• moment 2.1.0 – if you could please look at this link https:// www.npmjs.com/advisories/55/versions , you could discover that upgrade to at least 2.11.2+ is a solution.
• angular-ui-grid 3.0.7
• dom4j : 1.6.1

Severe vulnerabilities:

• wicket-util : 1.5.16
• jquery 2.2.4 and 1.4.2
• org.webjars bootstrap 3.3.7 – I think that you should consider an upgrade to at least 4.1.2 version or later
• esapi : 2.1.0.1
• angularjs 1.4.8
• For netty handler please click on the link under the issue description (digit 295) for more details and you get redirection to the following page: https:// cwe.mitre.org/data/definitions/295.html
• zookeeper : 3.4.11
• antisamy : 1.4.3
• commons-fileupload : 1.3.3