11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +201 more potentially affected by CVE-2026-44199 via wagtail (>=1.0.0 <=7.0.0)

wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =0.1.0a0.dev0, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =6.3.8 and more Source cves: CVE-2026-44199 Source advisory: OSV:PYSEC-2026-148...

aa-rag (=0.4.3), acex (>=3.0.0 <=5.24.4) +814 more potentially affected by CVE-2025-64340 via fastmcp (>=0.1.0 <=3.1.1)

fastmcp PYPI version =0.1.0, =3.0.0, =0.2.0, =0.1.7, =2.1.7, =0.1.0, =1.0.0, =0.4.6, =0.1.0, =1.8.0, =0.1.1, =0.1.0, =4.0.4 and more Source cves: CVE-2025-64340 Source advisory: OSV:GHSA-M8X7-R2RG-VH5G...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-35648 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-35648 Source advisory: OSV:GHSA-WJ55-88GF-X564...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-runner (>=0.114.0 <=0.120.0) +1424 more potentially affected by CVE-2026-22737 via org.springframework:spring-webflux (>=6.2.0 <=6.2.16)

org.springframework:spring-webflux MAVEN version =6.2.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 - ai.telosforge:kimaira-util-webclient =1.2.6 and more Source cves: CVE-2026-22737 Source advisory:...

0utmailauth (=1.0.0), 0xsodium (>=0.2.0 <=0.14.0) +13853 more potentially affected by CVE-2026-1525 via undici (>=0.3.3 <=6.23.0)

undici NPM version =0.3.3, =0.2.0, =1.0.0, =0.2.0, =0.4.0, =0.1.0, =0.0.1, =1.0.21, =1.0.1, =2.1.0, =2.1.1 and more Source cves: CVE-2026-1525 Source advisory: OSV:GHSA-2MJP-6Q6P-2QXM...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-32030 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-32030 Source advisory: OSV:GHSA-X9CF-3W63-RPQ9...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-29611 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-29611 Source advisory: OSV:GHSA-RWJ8-P9VQ-25GV...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-28480 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-28480 Source advisory: OSV:GHSA-MJ5R-HH7J-4GXF...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-28472 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-28472 Source advisory: OSV:GHSA-RV39-79C4-7459...

coldsnap (>=0.4.0 <=0.5.1) potentially affected by unknown CVE via aws-sdk-ebs (>=0.16.0 <=0.24.0)

aws-sdk-ebs CARGO version =0.16.0, =0.4.0, =0.5.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

adamix-gpt2 (>=0.0.1 <=0.0.2), allennlp (>=1.1.0 <=1.2.2) +67 more potentially affected by CVE-2025-14928 via transformers (>=3.0.0 <=3.5.1)

transformers PYPI version =3.0.0, =0.0.1, =1.1.0, =1.1.0, =0.0.2, =0.0.1, =0.0.7, =0.7.1, =0.2.4, =51.0.1, =0.0.1, =0.2.0, =0.4.1 and more Source cves: CVE-2025-14928 Source advisory: OSV:PYSEC-2025-216...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1889 more potentially affected by CVE-2025-67639 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.528.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-67639 Source advisory: OSV:GHSA-6837-QGRC-X5P6...

@oku-ui/hover-card (>=0.4.0 <=0.6.1), @oku-ui/menu (>=0.6.0 <=0.6.1) +4 more potentially affected by unknown CVE via @oku-ui/arrow (>=0.2.3 <=0.6.1)

@oku-ui/arrow NPM version =0.2.3, =0.4.0, =0.6.0, =0.4.0, =0.2.0, =0.4.0, =0.4.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191249...

@oku-ui/accordion (>=0.5.0 <=0.6.1), @oku-ui/alert-dialog (>=0.0.1 <=0.6.1) +13 more potentially affected by unknown CVE via @oku-ui/presence (=0.6.1)

@oku-ui/presence NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/presence and may be impacted: - @oku-ui/accordion =0.5.0, =0.0.1, =0.4.0, =0.2.3, =0.4.0, =0.4.0, =0.6.0, =0.4.0, =0.0.1, =0.4.0, =0.0.1, =0.4.0, =0.4.0, =0.4.0...

@nmime/nestjs-asyncapi (>=2.0.0 <=2.0.7) potentially affected by unknown CVE via @asyncapi/nodejs-ws-template (=0.10.0)

@asyncapi/nodejs-ws-template NPM version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/nodejs-ws-template and may be impacted: - @nmime/nestjs-asyncapi =2.0.0, =2.0.7 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190719...

aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1439 more potentially affected by CVE-2025-64458 via django (>=5.2.0 <=5.2.7)

django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.1.0 and more Source cves: CVE-2025-64458 Source advisory: OSV:PYSEC-2025-107...

@anjy7/navbar-cms (=0.0.5), @contentql/core (>=0.1.2 <=0.3.5) +17 more potentially affected by CVE-2025-4643 via @payloadcms/graphql (>=3.0.0-alpha.0 <=3.44.0-internal.6b79dc2)

@payloadcms/graphql NPM version =3.0.0-alpha.0, =0.1.2, =0.1.0, =3.0.0, =3.2.0, =0.2.0, =3.0.0-beta.10, =1.0.1, =0.1.0, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.5, =0.0.5, =1.0.3 and more Source cves: CVE-2025-4643 Source advisory: OSV:GHSA-5V66-M237-HWF7...

@artemislunapatron/common (>=1.0.4 <=1.0.14), pwp-core (>=1.0.0 <=1.2.4) +1 more potentially affected by unknown CVE via exprss (=0.0.1-security)

exprss NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on exprss and may be impacted: - @artemislunapatron/common =1.0.4, =1.0.0, =0.0.1, =0.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-20100...

quantguard (>=0.1.37 <=0.1.38) potentially affected by CVE-2025-55672 via apache-superset (=4.1.4)

apache-superset PYPI version =4.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on apache-superset and may be impacted: - quantguard =0.1.37, =0.1.38 Source cves: CVE-2025-55672 Source advisory: OSV:GHSA-FJ97-2V9X-W5M4...

tough-kms (>=0.2.0 <=0.5.0), tough-ssm (>=0.5.0 <=0.8.0) +1 more potentially affected by CVE-2025-2887 via tough (>=0.10.0 <=0.1.0)

tough CARGO version =0.10.0, =0.2.0, =0.5.0, =0.1.0, =0.9.0 Source cves: CVE-2025-2887 Source advisory: OSV:GHSA-Q6R9-R9PW-4CF7...