@ant-design/graphs (>=2.0.0 <=2.0.4), @antv/g6-extension-react (>=0.0.1 <=0.1.19) potentially affected by unknown CVE via @antv/react-g (=2.1.1)

@antv/react-g NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/react-g and may be impacted: - @ant-design/graphs =2.0.0, =0.0.1, =0.1.19 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVREACTG-16755026...

@ant-design/graphs (>=2.0.0 <=2.0.4), @antv/g6-extension-react (>=0.0.1 <=0.1.19) potentially affected by unknown CVE via @antv/react-g (=2.1.1)

@antv/react-g NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/react-g and may be impacted: - @ant-design/graphs =2.0.0, =0.0.1, =0.1.19 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVREACTG-16754857...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +312 more potentially affected by unknown CVE via @antv/g-device-api (=1.6.13)

@antv/g-device-api NPM version =1.6.13 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-device-api and may be impacted: - @action.sustainability/storybook-dashboard =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.0.17-beta.1, =0.0.1-beta.2, =1.2.0-beta.0,...

@agentscope-ai/chat (>=1.1.43 <=1.1.66), @ant-design/charts (>=2.2.2 <=2.6.7) +78 more potentially affected by unknown CVE via @antv/graphin (=3.0.5)

@antv/graphin NPM version =3.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/graphin and may be impacted: - @agentscope-ai/chat =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0-beta.0, =1.0.1, =1.0.0, =1.0.0,...

@antv/gi-assets-xlab (>=0.1.0 <=0.1.30) potentially affected by unknown CVE via @antv/gi-theme-antd (=0.6.11)

@antv/gi-theme-antd NPM version =0.6.11 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/gi-theme-antd and may be impacted: - @antv/gi-assets-xlab =0.1.0, =0.1.30 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGITHEMEANTD-16755091...

CVE-2019-18350

In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script...

EUVD-2025-199366

Malicious code in gatsby-plugin-antd npm...

EUVD-2025-178895

Malicious code in firebase-antd-lyra-version npm...

EUVD-2025-175979

Malicious code in testcafe-jsonp-lyra-antd npm...

EUVD-2025-122603

Malicious code in resolvers-celeste-antd-sequelize npm...

EUVD-2025-113175

Malicious code in global-hyperion-antd-iota npm...

EUVD-2025-113498

Malicious code in fornax-corvus-socketio-antd npm...

EUVD-2025-115235

Malicious code in comet-cygnus-antd-koa npm...

EUVD-2025-116648

Malicious code in antd-ganymede-iota-tailwindcss npm...

EUVD-2025-116751

Malicious code in altair-farout-antd-await npm...

EUVD-2025-120662

Malicious code in warp-dagda-antd-scripts npm...

EUVD-2025-111794

Malicious code in less-loader-dotenv-parse-variables-ophiuchus-antd npm...

EUVD-2025-112542

Malicious code in indus-optimize-css-assets-webpack-plugin-antd-quasar npm...

EUVD-2025-112149

Malicious code in json-blaze-venus-antd npm...

Malicious Package

Overview iwf-ant-design-draggable-modal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...