org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-inmemory (=2.0.0-milestone-01), org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-mongodb (=2.0.0-milestone-01) +3 more potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core (=2.0.0-milestone-01)

org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core and may be impacted: -...

@marko/compiler (=5.0.0-next.0), @marko/translator-default (=5.0.0-next.0) +1 more potentially affected by CVE-2026-41591 via marko (>=5.0.0-next.0 <=5.20.9)

marko NPM version =5.0.0-next.0, =1.1.4, =1.2.1 Source cves: CVE-2026-41591 Source advisory: SNYK:JS-MARKO-16421453...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +12 more potentially affected by CVE-2026-43567 via openclaw (>=2026.3.22 <=2026.4.1)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-43567 Source advisory: SNYK:JS-OPENCLAW-16109729...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +27262 more potentially affected by CVE-2026-22745 via org.springframework:spring-core (>=6.0.0 <=6.2.17)

org.springframework:spring-core MAVEN version =6.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

@altipla/directus-sdk-utils (=0.7.2), @depup/directus (=11.16.1-depup.0) +6 more potentially affected by unknown CVE via directus (>=10.10.0 <=11.16.1)

directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: unknown CVE Source advisory: OSV:GHSA-6Q22-G298-GRJH...

org.apache.activemq.tooling:activemq-maven-plugin (=6.2.0), org.apache.activemq:activemq-osgi (=6.2.0) +4 more potentially affected by CVE-2025-66168 +1 more via org.apache.activemq:activemq-all (=6.2.0)

org.apache.activemq:activemq-all MAVEN version =6.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.activemq:activemq-all and may be impacted: - org.apache.activemq.tooling:activemq-maven-plugin =6.2.0 - org.apache.activemq:activemq-osgi...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3618 more potentially affected by CVE-2025-14927 via transformers (>=4.0.0 <=4.57.6)

transformers PYPI version =4.0.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2025-14927 Source advisory:...

com.avast:sst-bundle-monix-http4s-ember_2.12 (>=0.17.0 <=0.19.3), com.avast:sst-bundle-zio-http4s-ember_2.12 (>=0.17.0 <=0.19.3) +25 more potentially affected by CVE-2025-59822 via org.http4s:http4s-ember-server_2.12 (>=0.22.10 <=0.23.30)

org.http4s:http4s-ember-server2.12 MAVEN version =0.22.10, =0.17.0, =0.17.0, =0.17.0, =0.17.0, =0.0.0-3-cca5341b, =0.12.1, =7.1.0, =0.20.4, =1.6.29, =1.6.29, =1.6.29, =0.8.0-rab.1, =0.1.0, =0.14.0-M2 and more Source cves: CVE-2025-59822 Source advisory: SNYK:JAVA-ORGHTTP4S-13019551...

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23318 via nvidia-pytriton (=0.7.0)

nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2025-23318 Source advisory:...

0x-web3 (=5.0.0a5), 2404-segmentation-pipeline (>=0.1.0 <=1.0.0) +4820 more potentially affected by CVE-2025-4565 via protobuf (>=2.6.0 <=4.25.7)

protobuf PYPI version =2.6.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.1.2, =0.1.6, =1.0.2, =0.0.1b1, =0.0.1b2 - ablator-ken-test =0.0.1b2 - ablator-ken-test2 =0.0.1 - ablator-ken-test3 =0.0.1 and more Source cves: CVE-2025-4565 Source advisory: OSV:GHSA-8QVM-5X2C-J2W7...

eu.interedition:collatex-cocoon (>=1.3 <=1.5.1), org.apache.cocoon:cocoon-acegisecurity-sample (=2.3.0) +129 more potentially affected by CVE-2025-24783 via org.apache.cocoon:cocoon-sitemap-impl (>=1.0.0-RC1 <=2.3.0)

org.apache.cocoon:cocoon-sitemap-impl MAVEN version =1.0.0-RC1, =1.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.3.0 - org.apache.cocoon:cocoon-auth-sample =2.3.0 - org.apache.cocoon:cocoon-authentication-fw-impl =2.3.0 - org.apache.cocoon:cocoon-authentication-fw-sample =2.3.0 -...

gophers (>=0.0.1 <=0.0.2), gupy-framework (>=0.0.1 <=0.5.7) +2 more potentially affected by CVE-2024-21543 via djoser (>=2.0.5 <=2.2.3)

djoser PYPI version =2.0.5, =0.0.1, =0.0.1, =1.3.0, =2023.12.19 Source cves: CVE-2024-21543 Source advisory: OSV:GHSA-V49P-M6GH-747C...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +337 more potentially affected by CVE-2023-6940 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 - apache-submarine =0.6.0 and more Source cves: CVE-2023-6940 Source advisory: OSV:GHSA-HVC6-42VF-JHF8...

ae.teletronics.nlp:entityextraction (=1.3), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +13916 more potentially affected by CVE-2023-44981 via org.apache.zookeeper:zookeeper (>=3.3.0 <=3.7.1)

org.apache.zookeeper:zookeeper MAVEN version =3.3.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.10 and more Source cves: CVE-2023-44981 Source advisory: OSV:GHSA-7286-PGFV-VXVH...

007putra-my-bot (=1.1.1), 03-asenkronsdasdsadavehttprequest (=1.0.0) +17773 more potentially affected by CVE-2022-25883 via semver (>=7.0.0 <=7.5.1)

semver NPM version =7.0.0, =7.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on semver and may be impacted: - 007putra-my-bot =1.1.1 - 03-asenkronsdasdsadavehttprequest =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 -...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2023-32689 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2023-32689 Source advisory: OSV:GHSA-9PRM-JQWX-45X9...

cn.vertxup:zero-ifx-stomp (=0.9.0), cn.vertxup:zero-vie (=0.9.0) +3 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=4.0.0 <=4.4.1)

io.vertx:vertx-stomp MAVEN version =4.0.0, =2.0.0, =4.0.0, =4.0.0, =4.4.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...

@fusuma/task-pdf (>=1.2.0 <=1.16.0), @infosupport/kc-cli (>=2.2.0 <=3.1.0) +10 more potentially affected by CVE-2022-25885 via hummus (>=1.0.104 <=1.0.110)

hummus NPM version =1.0.104, =1.2.0, =2.2.0, =1.0.0, =1.0.50, =0.0.10, =2.0.0, =1.0.0, =0.1.0, =0.1.2, =2.2.0, =0.0.7, =0.0.8 Source cves: CVE-2022-25885 Source advisory: OSV:GHSA-FRP9-2V6R-GJ97...

cc.uncarbon.framework:helio-starter-dubbo (=1.7.0), io.github.duang-labs:duang-starter-discovery-dubbo (>=0.0.1.RC1 <=0.0.1.RC2) +10 more potentially affected by CVE-2022-39198 via org.apache.dubbo:dubbo (=3.1.0)

org.apache.dubbo:dubbo MAVEN version =3.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.dubbo:dubbo and may be impacted: - cc.uncarbon.framework:helio-starter-dubbo =1.7.0 - io.github.duang-labs:duang-starter-discovery-dubbo =0.0.1.RC1,...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-35985 via tensorflow-cpu (>=1.15.0 <=2.7.0)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-35985 Source advisory: OSV:GHSA-9942-R22V-78CP...