@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +21 more potentially affected by CVE-2026-47137 via vm2 (>=3.0.0 <=3.11.3)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =0.1.0, =1.1.15, =1.27.8, =1.0.0-beta.1, =1.1.0, =0.2.0, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.72.4 and more Source cves: CVE-2026-47137 Source advisory: SNYK:JS-VM2-17111317...

@ifanrx/dashboard (>=0.1.1 <=1.3.0-alpha-20240730001), @ithinkdt/editor (>=3.4.11 <=3.5.0) +6 more potentially affected by CVE-2026-47762 via tinymce (>=7.0.1 <=7.5.1)

tinymce NPM version =7.0.1, =0.1.1, =3.4.11, =3.0.7, =3.0.0, =4.0.0, =0.2.10, =0.2.19 Source cves: CVE-2026-47762 Source advisory: SNYK:JS-TINYMCE-17056141...

@0xsequence/checkout (>=0.0.0-20250314205219 <=5.2.4), @0xsequence/kit-checkout (>=0.0.0-20250305153405 <=4.6.6-beta.0) +604 more potentially affected by unknown CVE via timeago.js (>=4.0.0-beta.1 <=4.0.2)

timeago.js NPM version =4.0.0-beta.1, =0.0.0-20250314205219, =0.0.0-20250305153405, =0.10.0, =1.0.0, =1.0.0, =0.5.4, =1.0.1, =1.16.33-beta-20241028-005826-60afb7c4, =1.8.68, =1.8.40, =1.8.68, =0.21.2, =1.0.12, =1.13.1, =1.17.0 and more Source cves: unknown CVE Source advisory:...

axa-fr-splitter (>=0.0.2 <=0.1.2), cyvoreos (>=0.2.0.3b0 <=0.2.0.7b0) +4 more potentially affected by CVE-2026-44844 via eml-parser (>=1.17.5 <=2.0.1)

eml-parser PYPI version =1.17.5, =0.0.2, =0.2.0.3b0, =1.0.7, =1.1.1, =0.1.13, =0.0.99.dev0, =0.0.125.dev0 Source cves: CVE-2026-44844 Source advisory: OSV:GHSA-G47V-RWMH-R9F8...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +16 more potentially affected by CVE-2026-44996 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.11 and more Source cves: CVE-2026-44996 Source advisory: SNYK:JS-OPENCLAW-16322612...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +14 more potentially affected by CVE-2026-43533 via openclaw (>=0.0.1 <=2026.4.1)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 and more Source cves: CVE-2026-43533 Source advisory: OSV:GHSA-66R7-M7XM-V49H...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +11 more potentially affected by CVE-2026-35667 via openclaw (>=2026.3.22 <=2026.3.24)

openclaw NPM version =2026.3.22, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 Source cves: CVE-2026-35667 Source advisory: SNYK:JS-OPENCLAW-15857087...

4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3655 more potentially affected by CVE-2026-33937 via handlebars (>=4.0.0 <=4.7.8)

handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33937 Source advisory: OSV:GHSA-2W6W-674Q-4C4Q...

@2ly/runtime (>=0.0.3 <=0.2.5), @aa.tamura/lib-gqf (>=0.0.1 <=0.0.5) +552 more potentially affected by unknown CVE via @apollo/server (>=4.10.0 <=5.4.0)

@apollo/server NPM version =4.10.0, =0.0.3, =0.0.1, =0.0.0, =0.0.9, =1.0.6, =0.0.4, =0.0.29, =0.0.4, =0.0.4, =0.0.29, =0.0.32, =1.1.1, =4.1.0, =0.0.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9Q82-XGWF-VJ6H...

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +191 more potentially affected by CVE-2026-27482 via ray (>=2.0.0 <=2.53.0)

ray PYPI version =2.0.0, =0.0.1b1, =0.2.5, =0.3.1, =0.2.2, =1.1.1, =0.1.0, =0.1.0, =0.1.1 - autogenesis =0.0.1 and more Source cves: CVE-2026-27482 Source advisory: SNYK:PYTHON-RAY-15325639...

aaanalysis (>=0.1.2 <=1.0.2), aadetools (>=0.0.3 <=0.0.5) +582 more potentially affected by CVE-2026-1703 via pip (>=10.0.0b2 <=25.3.0)

pip PYPI version =10.0.0b2, =0.1.2, =0.0.3, =0.5.14, =0.1.1, =2.0.0, =0.2.1, =0.1.2, =0.0.1, =0.1.0, =0.1.10, =0.2.0, =0.68.0, =1.8.15, =1.8.17, =1.8.19 and more Source cves: CVE-2026-1703 Source advisory: OSV:GHSA-6VGW-5PG2-W6JP...

aces-apps (=1.5.4), aggfly (>=0.1.0 <=0.1.5) +411 more potentially affected by CVE-2026-23528 via distributed (>=1.13.0 <=2025.9.2)

distributed PYPI version =1.13.0, =0.1.0, =0.3.9, =0.0.1, =0.2.0, =0.1.0, =0.0.13b20200721, =0.5.3b20221014 and more Source cves: CVE-2026-23528 Source advisory: OSV:PYSEC-2026-169...

@pakasa/duuka-airtel-money-pay (>=0.0.12 <=0.0.16), @pakasa/duuka-checkout (>=0.0.1 <=0.0.9) +9 more potentially affected by CVE-2025-67419 via @evershop/evershop (>=1.0.0-rc.5 <=1.2.2)

@evershop/evershop NPM version =1.0.0-rc.5, =0.0.12, =0.0.1, =0.0.5, =0.0.1, =1.0.0, =0.0.2, =0.0.2, =0.0.4, =0.1.2, =1.1.0 Source cves: CVE-2025-67419 Source advisory: OSV:GHSA-M2Q5-XHQG-92R2...

@asherng/storybook (>=1.0.6 <=1.0.15), @asng/storybook (>=0.0.0-AddSnapshotPipeline-20240326102812 <=0.0.10) +30 more potentially affected by CVE-2025-68429 via storybook (>=8.0.10 <=8.6.14)

storybook NPM version =8.0.10, =1.0.6, =0.0.0-AddSnapshotPipeline-20240326102812, =1.5.1-canary.0, =0.4.2, =0.1.3, =1.0.0-canary.12734, =0.11.4, =0.12.4, =0.0.1-3d99df6-20260330104634, =1.0.12, =3.32.0-rc.2, =9.0.0-next.47, =7.33.6-qa-airteam-7.35.1.0, =0.0.3, =1.1.1, =2.0.0-beta.2 and more Sourc...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...