ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2174 more potentially affected by CVE-2026-45673 via io.netty:netty-resolver-dns (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-resolver-dns MAVEN version =4.2.0.Final, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-45673 Source advisory: OSV:GHSA-XMV7-R254-6Q78...

ai.tock:bot-test (>=26.3.1 <=26.3.2), ai.tock:bot-test-base (>=26.3.1 <=26.3.2) +561 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=5.0.0 <=5.0.11)

io.vertx:vertx-core MAVEN version =5.0.0, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.2 and more Source cves: CVE-2026-6860 Source advisory: OSV:GHSA-3G76-F9XQ-8VP6...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2561 more potentially affected by CVE-2026-42587 via io.netty:netty-codec-http2 (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http2 MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42587 Source advisory: OSV:GHSA-F6HV-JMP6-3VWV...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2561 more potentially affected by CVE-2026-42587 via io.netty:netty-codec-http2 (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http2 MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42587 Source advisory: SNYK:JAVA-IONETTY-16438929...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2845 more potentially affected by CVE-2026-42587 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42587 Source advisory: OSV:GHSA-F6HV-JMP6-3VWV...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2845 more potentially affected by CVE-2026-42585 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42585 Source advisory: OSV:GHSA-38F8-5428-X5CV...

ai.tock:bot-test (>=22.9.0 <=23.9.1), ai.tock:bot-test-base (>=22.9.0 <=23.9.1) +469 more potentially affected by CVE-2026-40458 via org.pac4j:pac4j-core (>=5.0.0-RC1 <=5.7.1)

org.pac4j:pac4j-core MAVEN version =5.0.0-RC1, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =23.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =23.9.1 and more Source cves: CVE-2026-40458 Source advisory: SNYK:JAVA-ORGPAC4J-16109661...

ai.tock:bot-test (>=22.3.0 <=23.9.1), ai.tock:bot-test-base (>=22.3.0 <=23.9.1) +1287 more potentially affected by CVE-2026-40458 via org.pac4j:pac4j-core (>=1.4.0 <=5.7.1)

org.pac4j:pac4j-core MAVEN version =1.4.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =23.9.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =23.9.1 and more Source cves: CVE-2026-40458 Source advisory: OSV:GHSA-XW5C-JC7X-GF75...

ai.tock:bot-test (=23.9.2), ai.tock:bot-test-base (=23.9.2) +498 more potentially affected by CVE-2026-40458 via org.pac4j:pac4j-core (>=6.0.0-RC1 <=6.4.0)

org.pac4j:pac4j-core MAVEN version =6.0.0-RC1, =6.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.pac4j:pac4j-core and may be impacted: - ai.tock:bot-test =23.9.2 - ai.tock:bot-test-base =23.9.2 - ai.tock:bot-toolkit =23.9.2 -...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +1721 more potentially affected by CVE-2026-33871 via io.netty:netty-codec-http2 (>=4.2.0.Alpha1 <=4.2.10.Final)

io.netty:netty-codec-http2 MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =0.3.0 - ai.tock:bot-test =26.3.0 - ai.tock:bot-test-base =26.3.0 - ai.tock:bot-toolkit =26.3.0 - ai.tock:bot-toolkit-base =26.3.0 - ai.tock:tock-analytics-chatbase =26.3.0 - ai.tock:tock-aws-tools =26.3.0 -...

ai.catboost:catboost-spark_4.1_2.13 (=1.2.10), ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0) +4101 more potentially affected by CVE-2025-67735 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.7.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2025-67735 Source advisory: SNYK:JAVA-IONETTY-14423947...

ai.tock:bot-test (>=25.9.0 <=26.3.2), ai.tock:bot-test-base (>=25.9.0 <=26.3.2) +212 more potentially affected by CVE-2025-11966 via io.vertx:vertx-web (>=5.0.0 <=5.0.4)

io.vertx:vertx-web MAVEN version =5.0.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2025-11966 Source advisory: OSV:GHSA-45P5-V273-3QQR...

ai.tock:bot-test (>=25.9.0 <=26.3.2), ai.tock:bot-test-base (>=25.9.0 <=26.3.2) +212 more potentially affected by CVE-2025-11965 via io.vertx:vertx-web (>=5.0.0 <=5.0.4)

io.vertx:vertx-web MAVEN version =5.0.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2025-11965 Source advisory: OSV:GHSA-H5FG-JPGR-RV9C...

ai.tock:bot-test (>=25.9.0 <=26.3.2), ai.tock:bot-test-base (>=25.9.0 <=26.3.2) +211 more potentially affected by CVE-2025-11965 via io.vertx:vertx-web (>=5.0.0.CR1 <=5.0.4)

io.vertx:vertx-web MAVEN version =5.0.0.CR1, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2025-11965 Source advisory: SNYK:JAVA-IOVERTX-13669868...

EUVD-2018-1990

Malware in sbrugna...

EUVD-2025-2800

Malicious code in bioql PyPI...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3475 more potentially affected by CVE-2025-58056 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.4.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2025-58056 Source advisory: SNYK:JAVA-IONETTY-12485149...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3043 more potentially affected by CVE-2025-55163 via io.netty:netty-codec-http2 (>=4.2.0.Alpha1 <=4.2.3.Final)

io.netty:netty-codec-http2 MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2025-55163 Source advisory: OSV:GHSA-PRJ3-CCX8-P6X4...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3043 more potentially affected by CVE-2025-55163 via io.netty:netty-codec-http2 (>=4.2.0.Alpha1 <=4.2.3.Final)

io.netty:netty-codec-http2 MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2025-55163 Source advisory: SNYK:JAVA-IONETTY-11799531...

CVE-2018-1000660

TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function getpackagename in the file kernel/src/tbfheader.rs, variable "pub packagename: &'static str," in the file process.r...