@antv/g2 (>=3.2.0 <=3.2.8-beta.6), @bizcharts/other-datamarker_dataregion (>=0.0.1 <=0.1.4) +22 more potentially affected by unknown CVE via @antv/interaction (>=0.0.8 <=0.1.5)

@antv/interaction NPM version =0.0.8, =3.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.4, =0.1.8, =1.0.4, =1.0.4, =0.1.4, =0.1.14, =0.1.5, =1.0.5, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4030...

libcrux has an Incorrect Check of Signer Response Norm During Verification

The ML-DSA verification algorithm as specified in FIPS 204, subsection 6.3 requires verifiers to check that the infinity norm of the deserialized signer response $z$ does not exceed $\gamma1 - \beta$ line 13 of Algorithm 8. The same check is required to be performed during signature generation...

GHSA-CP57-FQ8G-QH6V libcrux has an Incorrect Check of Signer Response Norm During Verification

The ML-DSA verification algorithm as specified in FIPS 204, subsection 6.3 requires verifiers to check that the infinity norm of the deserialized signer response $z$ does not exceed $\gamma1 - \beta$ line 13 of Algorithm 8. The same check is required to be performed during signature generation...

libcrux-sha3: Incorrect output from SHAKE squeeze functions

The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...

GHSA-Q29P-9PFR-J652 libcrux-sha3: Incorrect output from SHAKE squeeze functions

The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...

Incorrect Output of Incremental Portable SHAKE API

The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...

Malicious code in examplereactnative76 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a118efca65c484515f9ae2cee508db99ef356bb6dc1e9ec249858e561f96f089 The package examplereactnative76 was found to contain malicious code. Source: ossf-package-analysis...

PT-2026-6675

Name of the Vulnerable Software and Affected Versions libuvc versions prior to 0.0.8 Description A flaw exists in libuvc up to version 0.0.7 related to the uvc scan streaming function within the UVC Descriptor Handler component, specifically in the src/device.c file. This issue can lead to a null...

CVE-2026-23875 CrawlChat's Discord Bot has a Knowledge Permission vulnerability

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

CVE-2026-23875 CrawlChat's Discord Bot has a Knowledge Permission vulnerability

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

PT-2026-3503

Name of the Vulnerable Software and Affected Versions CrawlChat versions prior to 0.0.8 Description CrawlChat is a platform that converts technical documentation into intelligent chatbots. Before version 0.0.8, a missing permission check in the Discord bot component allowed users without...

EUVD-2025-7873

Malicious code in bioql PyPI...

EUVD-2023-2655

Malicious code in bioql PyPI...

CVE-2023-46135

rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.innerpayloadlen should not above 64. This vulnerability has been patched in version 0.0.8...

CVE-2025-28922

Cross-Site Request Forgery CSRF vulnerability in Terence D. Go To Top go-to-top allows Stored XSS.This issue affects Go To Top: from n/a through = 0.0.8...

CVE-2025-28922

Cross-Site Request Forgery CSRF vulnerability in Terence D. Go To Top go-to-top allows Stored XSS.This issue affects Go To Top: from n/a through = 0.0.8...

CVE-2025-28922 WordPress Go To Top plugin <= 0.0.8 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Terence D. Go To Top go-to-top allows Stored XSS.This issue affects Go To Top: from n/a through = 0.0.8...

PT-2024-21820 · Unknown · Refuel Autolabel Library

Name of the Vulnerable Software and Affected Versions: Refuel Autolabel library versions 0.0.8 and newer Description: An arbitrary code execution issue exists due to the way the Refuel Autolabel library handles provided CSV files in its classification tasks. If a maliciously crafted CSV file...

CVE-2024-38983

Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via the assign method at /lib/index.js:91...

PT-2024-28300 · Unknown · Mini-Deep-Assign

Name of the Vulnerable Software and Affected Versions: mini-deep-assign version 0.0.8 Description: The issue allows an attacker to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via the assign method. This method is located at /lib/index.js:91. Recommendations: Fo...