@2nova/wu-ui (>=1.1.0 <=1.3.12), @action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5) +812 more potentially affected by unknown CVE via @antv/color-util (=2.0.6)

@antv/color-util NPM version =2.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/color-util and may be impacted: - @2nova/wu-ui =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =1.0.0, =1.1.15, =1.0.4, =0.1.5, =1.0.0, =0.0.1, =1.0.2,...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +255 more potentially affected by unknown CVE via @antv/l7-map (>=2.10.0 <=2.25.4)

@antv/l7-map NPM version =2.10.0, =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.0.17-beta.1, =0.0.1-beta.2, =1.2.0-beta.0, =0.0.2, =0.0.2, =1.0.1, =0.0.2, =0.0.1, =0.0.4 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4043...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/fix-data (>=0.4.1 <=0.6.3)

@squawk/fix-data NPM version =0.4.1, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3441...

@squawk/airports (>=0.2.0 <=0.6.1), @squawk/airspace (>=0.2.3 <=0.8.0) +7 more potentially affected by unknown CVE via @squawk/units (=0.4.2)

@squawk/units NPM version =0.4.2 is affected by a known vulnerability. The following packages have a transitive dependency on @squawk/units and may be impacted: - @squawk/airports =0.2.0, =0.2.3, =0.2.0, =0.1.0, =0.2.0, =0.3.0, =0.2.0, =0.2.0, =0.2.0, =0.4.1 Source cves: unknown CVE Source...

com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-22016 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)

org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-22016 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...

@agent-analytics/paperclip-live-analytics-plugin (>=0.1.1 <=0.1.11), @clawjedi/paperclip-plugin-chat (>=1.0.0 <=1.0.4) +16 more potentially affected by unknown CVE via @paperclipai/shared (>=2026.318.0-canary.0 <=2026.416.0-canary.1)

@paperclipai/shared NPM version =2026.318.0-canary.0, =0.1.1, =1.0.0, =0.0.1, =0.3.3, =0.1.0, =0.1.9, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.407.0-canary.5, =2026.3.17-canary.0, =2026.3.17-canary.2, =0.1.0, =2026.324.0-canary.0, =2026.325.0-canary.3 - corporateai =2026.328.0-canary.0 -...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +10 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.24)

openclaw NPM version =2026.3.22, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15928854...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +12 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.28)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15894806...

@9troisquarts/ant-form (>=2.3.0 <=4.0.5), @beliantech/bt-components (>=0.8.0 <=0.33.11) +55 more potentially affected by unknown CVE via trix (>=0.10.2 <=2.1.15)

trix NPM version =0.10.2, =2.3.0, =0.8.0, =0.1.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =0.1.18, =0.1.85, =0.2.0, =0.0.1, =0.1.0, =0.1.1, =1.32.0, =3.5.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-53P3-C7VP-4MCC...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +11 more potentially affected by unknown CVE via openclaw (>=0.0.1 <=2026.3.24)

openclaw NPM version =0.0.1, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =3.3.2, =3.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-9P93-7J67-5PC2...

CVE-2026-3796

creationtimestamp| type| source ---|---|--- 2026-03-09 03:15:58+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3796...

@antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1), @anyauth/design-system (>=0.5.0 <=0.5.1) +23 more potentially affected by CVE-2026-27829 via astro (>=5.0.0-beta.5 <=5.17.2)

astro NPM version =5.0.0-beta.5, =1.0.0, =0.5.0, =0.0.1, =0.1.0, =0.0.1, =2.0.0, =2.18.7, =0.1.2-alpha.1, =0.0.28, =0.0.28, =1.5.1, =1.13.2, =0.0.1, =0.0.2 and more Source cves: CVE-2026-27829 Source advisory: SNYK:JS-ASTRO-15357600...

amzn-nova-customization-sdk (>=1.0.29 <=1.0.72), anymodality (=0.1.0) +27 more potentially affected by CVE-2026-1777 via sagemaker (>=1.52.1 <=2.254.1)

sagemaker PYPI version =1.52.1, =1.0.29, =0.1.1b20230324, =0.4.6, =0.1.0, =0.1.1, =0.9.0, =0.2.8, =1.97.0.dev0, =2.0.0, =1.0.0, =1.0.0, =0.4.0, =0.7.3, =1.0.1 and more Source cves: CVE-2026-1777 Source advisory: OSV:GHSA-RJRP-M2JW-PV9C...

@vltpkg/cli-sdk (=1.0.0-rc.1), @vltpkg/config (=1.0.0-rc.1) +8 more potentially affected by CVE-2026-24909 via @vltpkg/tar (=1.0.0-rc.1)

@vltpkg/tar NPM version =1.0.0-rc.1 is affected by a known vulnerability. The following packages have a transitive dependency on @vltpkg/tar and may be impacted: - @vltpkg/cli-sdk =1.0.0-rc.1 - @vltpkg/config =1.0.0-rc.1 - @vltpkg/graph =1.0.0-rc.1 - @vltpkg/gui =1.0.0-rc.1 - @vltpkg/package-info...

libcrux-kem (>=0.0.2 <=0.0.2-beta.3), libcrux-psq (=0.0.2-beta.3) potentially affected by unknown CVE via libcrux-ecdh (>=0.0.2-beta.3 <=0.0.2)

libcrux-ecdh CARGO version =0.0.2-beta.3, =0.0.2, =0.0.2-beta.3 - libcrux-psq =0.0.2-beta.3 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0023...

GHSA-MVPQ-2V8X-WW6G

creationtimestamp| type| source ---|---|--- 2026-01-24 21:23:26+00:00| seen| https://gist.github.com/alon710/3a34c190ec4954919c2bf1ded12b6cf0...

CVE-2023-42670

creationtimestamp| type| source ---|---|--- 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875...

CVE-2026-21958

creationtimestamp| type| source ---|---|--- 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875...

@cenk1cenk2/renovate-config (>=2.0.0 <=2.3.148), @jamietanna/patch-testing (>=0.1.0 <=0.2.28) +9 more potentially affected by unknown CVE via renovate (>=31.97.3 <=40.21.2)

renovate NPM version =31.97.3, =2.0.0, =0.1.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =1.1.130, =0.0.1, =0.19.0 - @zotero-chinese/renovate-config =1.0.3 Source cves: unknown CVE Source advisory: SNYK:JS-RENOVATE-14927384...

01os (>=0.0.1 <=0.0.14), aaf (>=0.3.5 <=0.3.9) +600 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.80.10)

litellm PYPI version =1.0.0, =0.0.1, =0.3.5, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.1.0, =0.14.1a0, =0.4.1, =0.5.3 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-14807072...