@antv/gpt-vis (=0.5.0-beta.0), @antv/gpt-vis-ssr (>=0.1.0 <=0.3.7) +7 more potentially affected by unknown CVE via @antv/g2-ssr (>=0.0.8 <=0.2.0)

@antv/g2-ssr NPM version =0.0.8, =0.1.0, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3979...

stats-fr-emarque-basketball-extractor (>=1.0.0 <=1.0.2) potentially affected by CVE-2025-63705 via node-ts-ocr (=1.0.15)

node-ts-ocr NPM version =1.0.15 is affected by a known vulnerability. The following packages have a transitive dependency on node-ts-ocr and may be impacted: - stats-fr-emarque-basketball-extractor =1.0.0, =1.0.2 Source cves: CVE-2025-63705 Source advisory: OSV:GHSA-8JH2-3MW6-6PFM...

@24hr/ettapi (>=0.0.1 <=0.2.5), @dzangolab/fastify-s3 (>=0.48.0 <=0.87.0) +1 more potentially affected by CVE-2025-65587 via graphql-upload-minimal (>=1.5.3 <=1.6.1)

graphql-upload-minimal NPM version =1.5.3, =0.0.1, =0.48.0, =0.88.0, =0.93.4 Source cves: CVE-2025-65587 Source advisory: SNYK:JS-GRAPHQLUPLOADMINIMAL-15682460...

vantuz (>=3.3.2 <=3.3.7) potentially affected by unknown CVE via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-CJV3-M589-V3RX...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +190 more potentially affected by CVE-2026-1190 via org.keycloak:keycloak-services (>=10.0.0 <=26.5.3)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

@hover-design/react (>=0.2.1-beta <=0.2.4-beta) potentially affected by unknown CVE via @hover-design/core (=0.0.1-beta)

@hover-design/core NPM version =0.0.1-beta is affected by a known vulnerability. The following packages have a transitive dependency on @hover-design/core and may be impacted: - @hover-design/react =0.2.1-beta, =0.2.4-beta Source cves: unknown CVE Source advisory: OSV:MAL-2025-191226...

@actbase/react-native-less-transformer (>=1.0.0 <=1.0.5) potentially affected by unknown CVE via @actbase/css-to-react-native-transform (=1.0.2)

@actbase/css-to-react-native-transform NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @actbase/css-to-react-native-transform and may be impacted: - @actbase/react-native-less-transformer =1.0.0, =1.0.5 Source cves: unknown CVE Sourc...

siddheshtea (=1.1.6) potentially affected by unknown CVE via manda-5 (=1.0.0)

manda-5 NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on manda-5 and may be impacted: - siddheshtea =1.1.6 Source cves: unknown CVE Source advisory: OSV:MAL-2025-159648...

EUVD-2025-22475

Malicious code in bioql PyPI...

react-jsonschema-rxnt-extras (>=0.1.14 <=0.5.0-alpha.190053) potentially affected by unknown CVE via react-complaint-image (>=0.0.10 <=0.0.31)

react-complaint-image NPM version =0.0.10, =0.1.14, =0.5.0-alpha.190053 Source cves: unknown CVE Source advisory: SNYK:JS-REACTCOMPLAINTIMAGE-12705089...

drivesync (=0.1.0), geckopanda (>=0.1.0 <=0.2.0) +601 more potentially affected by unknown CVE via google-apis-common (>=4.0.1 <=6.0.4)

google-apis-common CARGO version =4.0.1, =0.1.0, =5.0.2+20230114, =5.0.2+20230123, =5.0.2+20230120, =5.0.2+20200708, =5.0.2+20230123, =5.0.2+20230123, =5.0.2+20210330, =5.0.4+20210330 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0066...

@astrojs/cloudflare (>=13.0.0 <=14.0.0-alpha.0), @decocms/vite-plugin (>=1.0.0-alpha.1 <=1.0.0-alpha.2) +39 more potentially affected by CVE-2025-59427 via @cloudflare/vite-plugin (>=0.0.0-1bae8618b <=1.36.3)

@cloudflare/vite-plugin NPM version =0.0.0-1bae8618b, =13.0.0, =1.0.0-alpha.1, =0.1.0, =0.0.9, =1.0.0, =1.0.0, =1.0.0, =0.3.0, =0.2.2, =0.0.1, =0.1.0, =0.0.0-0d2e556, =0.0.1, =0.1.13 and more Source cves: CVE-2025-59427 Source advisory: OSV:GHSA-4PFG-2MW5-F8JX...

Malicious code in transitive-vulnerability-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94b6b18dfb31ebb3155a17b612cec91c947ae2da8b9be46c3e172b779fa40e99 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7758 Malicious code in transitive-vulnerability-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94b6b18dfb31ebb3155a17b612cec91c947ae2da8b9be46c3e172b779fa40e99 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@emberai/agent-node (>=1.1.0 <=1.2.0), @pnpm/beta (>=0.0.0 <=0.0.6-6.17.0) +1 more potentially affected by CVE-2023-37478 via @pnpm/linux-x64 (>=0.0.0 <=7.33.3)

@pnpm/linux-x64 NPM version =0.0.0, =1.1.0, =0.0.0, =6.17.1, =11.0.9 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

org.jenkins-ci.plugins:ec2-cloud-axis (>=1.0 <=1.2) potentially affected by CVE-2020-2091 via org.jenkins-ci.plugins:ec2 (=1.19)

org.jenkins-ci.plugins:ec2 MAVEN version =1.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ec2 and may be impacted: - org.jenkins-ci.plugins:ec2-cloud-axis =1.0, =1.2 Source cves: CVE-2020-2091 Source advisory:...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1572 more potentially affected by CVE-2018-1999007 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.12)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2018-1999007 Source advisory: OSV:GHSA-6456-XJM5-G3PG...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +168 more potentially affected by CVE-2021-41200 via tensorflow-gpu (>=1.10.1 <=2.4.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 and more Source cves: CVE-2021-41200 Source advisory: OSV:GHSA-GH8H-7J2J-QV4F...

tsutils (>=4.0.5 <=5.2.0) potentially affected by CVE-2020-15278 via red-discordbot (=3.0.2)

red-discordbot PYPI version =3.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on red-discordbot and may be impacted: - tsutils =4.0.5, =5.2.0 Source cves: CVE-2020-15278 Source advisory: OSV:PYSEC-2020-267...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), aero.m-click:mcpdf (>=0.2.3 <=0.2.4) +6768 more potentially affected by CVE-2016-1000346 via org.bouncycastle:bcprov-jdk15on (>=1.46 <=1.55)

org.bouncycastle:bcprov-jdk15on MAVEN version =1.46, =1.0.1, =0.2.3, =0.42.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2016-1000346 Source advisory: OSV:GHSA-FJQM-246C-MWQG...