@0l00000l/auth (>=1.0.0 <=1.0.8), @0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18) +990 more potentially affected by CVE-2026-44289 via protobufjs (>=8.0.0 <=8.0.1)

protobufjs NPM version =8.0.0, =1.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =2.1.4, =0.3.1, =0.3.1, =0.7.1, =0.9.0 - @access-mcp/software-discovery =0.8.0 and more Source cves: CVE-2026-44289 Source advisory: SNYK:JS-PROTOBUFJS-16643262...

be.ugent.idlab.knows:dataio (>=1.2.0 <=2.2.0), com.anrisoftware.globalpom:globalpomutils-data (>=2.14 <=4.8.0) +9 more potentially affected by CVE-2026-6501 via org.jopendocument:jOpenDocument (>=1.2 <=1.3)

org.jopendocument:jOpenDocument MAVEN version =1.2, =1.2.0, =2.14, =4.5.1, =3.5, =3.5, =0.10, =0.9.7, =0.9.0, =0.9.18 Source cves: CVE-2026-6501 Source advisory: OSV:GHSA-J9RH-P96M-MHHP...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +215 more potentially affected by CVE-2026-7500 via org.keycloak:keycloak-services (>=10.0.0 <=9.0.3)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =0.1, =0.1, =1.0.1, =0.1, =1.0.1, =0.1, =1.2.0, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

io.github.dbmdz.cudami:cudami (>=10.0.0 <=10.2.0-rc.3), io.github.gregor-poloczek.project-maintainer:project-maintainer-ui (>=0.13.0 <=0.20.0) +9 more potentially affected by CVE-2026-40972 via org.springframework.boot:spring-boot-devtools (>=3.5.0 <=3.5.11)

org.springframework.boot:spring-boot-devtools MAVEN version =3.5.0, =10.0.0, =0.13.0, =3.2.0, =4.1.1 Source cves: CVE-2026-40972 Source advisory: OSV:GHSA-56V8-86GJ-66JP...

@bynder/bynder-js-sdk (=2.5.3), @craftgate/craftgate (=1.0.66) +3 more potentially affected by CVE-2025-62718 +1 more via axios (=0.31.0)

axios NPM version =0.31.0 is affected by a known vulnerability. The following packages have a transitive dependency on axios and may be impacted: - @bynder/bynder-js-sdk =2.5.3 - @craftgate/craftgate =1.0.66 - @extrahorizon/exh-cli =1.5.0, =1.13.2-dev-199-d283c05 - @extrahorizon/javascript-sdk...

@alialf/cc-switch (>=1.0.0 <=1.0.1), codex-copilot-dx (>=0.1.0 <=0.1.3) potentially affected by CVE-2026-6874 via copilot-api (=0.7.0)

copilot-api NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on copilot-api and may be impacted: - @alialf/cc-switch =1.0.0, =0.1.0, =0.1.3 Source cves: CVE-2026-6874 Source advisory: OSV:GHSA-3VR4-CVMG-7FX4...

app.valuationcontrol:library (>=0.5.2 <=0.5.5), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +981 more potentially affected by CVE-2026-22748 via org.springframework.security:spring-security-oauth2-jose (>=6.0.0 <=6.5.1)

org.springframework.security:spring-security-oauth2-jose MAVEN version =6.0.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.10.0, =1.10.0, =1.10.0, =1.0.0, =1.55.1, =1.55.1, =3.1.0, =3.1.0, =8.4.0, =1.0.0, =17.16.0, =17.39.3 and more Source cves: CVE-2026-22748 Source advisory:...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +13 more potentially affected by CVE-2026-42435 via openclaw (>=2026.3.22 <=2026.4.11)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-42435 Source advisory: SNYK:JS-OPENCLAW-16109733...

co.luminositylabs.oss.ica.migration:legacy-data-viewer-webapp (=0.2.0), com.aripd:aricom (=1.0) +13 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=2.1 <=2.7.1)

org.omnifaces:omnifaces MAVEN version =2.1, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =1.0.0-RC1, =1.0.0, =0.1, =0.14 Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...

com.github.bjlhx15:common-pdf (=0.0.4), com.github.rjolly:flying-saucer (>=9.1.20 <=9.1.25) +81 more potentially affected by CVE-2025-14813 via org.bouncycastle:bcprov-jdk14 (>=1.59 <=1.83)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.59, =9.1.20, =0.1.1, =1.0.1.0.20180504134220, =2.2, =2.0.1, =7.0, =1.5, =12.3, =1.2.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.2.6 and more Source cves: CVE-2025-14813 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075264...

africa.shuwari.sbt:sbt-js_2.12_1.0 (>=0.14.1 <=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +19147 more potentially affected by CVE-2026-34477 via org.apache.logging.log4j:log4j-core (>=2.12.0 <=2.25.3)

org.apache.logging.log4j:log4j-core MAVEN version =2.12.0, =0.14.1, =0.1.0, =0.9.6, =0.12.0, =0.9.6, =0.9.6, =0.9.6, =0.9.6, =0.14.1, =0.9.6, =0.14.1, =4.4.0.1, =1.4.6, =1.4.6, =1.4.8 and more Source cves: CVE-2026-34477 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-15967727...

at.chrl:chrl-jms (=1.1.0), at.researchstudio.sat:won-core (>=0.2 <=0.9) +1350 more potentially affected by CVE-2026-39304 via org.apache.activemq:activemq-client (>=5.10.0 <=5.19.3)

org.apache.activemq:activemq-client MAVEN version =5.10.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 - at.researchstudio.sat:won-owner-webapp =0.3 and more Source cves: CVE-2026-39304 Source advisory: OSV:GHSA-5568-6QCG-G7F...

ai.chronon:online_2.13 (>=0.0.25 <=revert-391-thread-0.0.24), ai.chronon:service_2.13 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +4068 more potentially affected by CVE-2026-35554 via org.apache.kafka:kafka-clients (>=2.8.0 <=3.9.1)

org.apache.kafka:kafka-clients MAVEN version =2.8.0, =0.0.25, =0.0.86, =1.0.6, =1.0.6, =cloud-0.1, =0.2.7, =0.2.7, =3.0.1, =2.8.4-alpha1, =1.0.0, =1.0.0-beta, =0.0.1-alpha1, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-35554 Source advisory: SNYK:JAVA-ORGAPACHEKAFKA-16032179...

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2026-34197 via org.apache.activemq:activemq-all (>=4.1.2 <=5.19.4)

org.apache.activemq:activemq-all MAVEN version =4.1.2, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-34197 Source advisory: OSV:GHSA-RXPJ-7QVF-XV32...

@altipla/directus-sdk-utils (=0.7.2), @devix-tecnologia/utils-ts (=1.0.0) +5 more potentially affected by CVE-2026-35409 via directus (>=10.10.0 <=11.15.4)

directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2026-35409 Source advisory: OSV:GHSA-WV3H-5FX7-966H...

com.gitee.zodiacstack.base:zodiac-base-sdk-net (=1.7.1), com.matecoder:juggle-core (>=1.6.0 <=1.6.1) +27 more potentially affected by CVE-2026-33750 via org.webjars.npm:brace-expansion (=2.0.2)

org.webjars.npm:brace-expansion MAVEN version =2.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:brace-expansion and may be impacted: - com.gitee.zodiacstack.base:zodiac-base-sdk-net =1.7.1 - com.matecoder:juggle-core =1.6.0, =5.0.0...

@0dotxyz/p0-ts-sdk (>=2.1.1 <=2.2.0-alpha.4), @1stg/app-config (>=4.0.0 <=9.0.1) +2509 more potentially affected by CVE-2026-33532 via yaml (>=2.0.0 <=2.8.2)

yaml NPM version =2.0.0, =2.1.1, =4.0.0, =4.2.0, =6.0.0, =0.0.3, =1.0.0, =7.0.0, =0.1.0-alpha.1, =0.24.1-20230627140514, =0.25.1-20250326172337, =0.24.1-20230627140514, =3.25.5, =3.10.2-20230627150207, =3.14.1-20230608124329, =3.32.1 and more Source cves: CVE-2026-33532 Source advisory:...

ai.ancf.lmos:arc-runner (=0.114.0), ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0) +2224 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-actuator (>=3.4.0 <=3.5.11)

org.springframework.boot:spring-boot-actuator MAVEN version =3.4.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =0.8.2 - cc.zzzyu.nacos:nacos-ai =3.1.1 - cc.zzzyu.nacos:nacos-cmdb =3.1.1 - cc.zzzyu.nacos:nacos-config =3.1.1 - cc.zzzyu.nacos:nacos-console =3.1.1...

ai.ancf.lmos:arc-runner (>=0.1.1 <=0.114.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +4667 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-actuator (>=3.0.0 <=3.5.11)

org.springframework.boot:spring-boot-actuator MAVEN version =3.0.0, =0.1.1, =0.0.4, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =cloud-0.1, =0.1.0, =0.0.1, =7.0.0, =1.1.0, =3.4.0 and more Source cves: CVE-2026-22733 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701836...

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +679 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-starter-actuator (>=4.0.0-M1 <=4.0.3)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.2.1 and more Source cves: CVE-2026-22733 Source advisory: OSV:GHSA-MGVC-8Q2H-5PGC...