be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2026-42253 via org.apache.activemq:activemq-all (>=5.0.0 <=5.19.6)

org.apache.activemq:activemq-all MAVEN version =5.0.0, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-42253 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17151925...

at.chrl:chrl-jms (=1.1.0), at.researchstudio.sat:won-core (>=0.2 <=0.9) +1035 more potentially affected by CVE-2026-34197 +1 more via org.apache.activemq:activemq-broker (>=5.10.0 <=5.19.6)

org.apache.activemq:activemq-broker MAVEN version =5.10.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 - at.researchstudio.sat:won-owner-webapp =0.3 and more Source cves: CVE-2026-34197, CVE-2026-45505 Source advisory:...

0perator (>=0.1.0 <=0.3.0), 0pflow (>=0.1.0 <=0.1.0-dev.f5622ac) +1677 more potentially affected by CVE-2026-44902 via @opentelemetry/sdk-node (>=0.10.2 <=0.216.0)

@opentelemetry/sdk-node NPM version =0.10.2, =0.1.0, =0.1.0, =0.1.1, =0.0.1, =0.8.0, =0.1.1, =0.1.1, =0.1.1, =0.1.8, =0.1.5, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =0.3.4, =0.1.0, =0.4.0, =5.0.1-staging.f17326334 and more Source cves: CVE-2026-44902 Source advisory:...

Compromised version of intercom-client published to npm

Impact On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version was not produced by Intercom's build pipeline. The malicious version contained an obfuscated JavaScript payload that executed during packag...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2845 more potentially affected by CVE-2026-42580 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42580 Source advisory: SNYK:JAVA-IONETTY-16438926...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), am.ik.home:uaa-server (>=1.0.0 <=1.9.0) +3237 more potentially affected by CVE-2026-41901 via org.thymeleaf:thymeleaf (>=m1 <=3.1.4.RELEASE)

org.thymeleaf:thymeleaf MAVEN version =m1, =0.5.0, =1.0.0, =0.9.6, =0.9.6, =1.0.0, =0.0.1, =1.0.0, =1.0, =3.4.0, =5.6.5, =4.1.0, =6.4.7 and more Source cves: CVE-2026-41901 Source advisory: OSV:GHSA-C9PH-GXWW-7744...

com.github.niupengyu.schedule:ahead-schedule-distributed (>=1.2.6-RELEASE <=1.2.8-RELEASE), com.github.niupengyu:ahead-frame-socket (>=1.2.1-RELEASE <=1.2.3-RELEASE) +40 more potentially affected by CVE-2024-52046 +1 more via org.apache.mina:mina-core (>=2.1.0 <=2.1.10)

org.apache.mina:mina-core MAVEN version =2.1.0, =1.2.6-RELEASE, =1.2.1-RELEASE, =2.2.1, =2.2.1, =3.0.0, =1.0.0, =3.0.11, =3.6.7, =3.6.7, =3.6.7, =3.6.10 and more Source cves: CVE-2024-52046, CVE-2026-41409 Source advisory: SNYK:JAVA-ORGAPACHEMINA-16322973...

be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), ch.admin.bit.jeap:jeap-audit-command-builder (>=7.0.0-alpha-springboot4 <=7.1.0-alpha-springboot4) +1085 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=7.0.0 <=7.0.4)

org.springframework.security:spring-security-core MAVEN version =7.0.0, =0.2.0, =7.0.0-alpha-springboot4, =2.0.0-alpha-springboot4, =5.0.0-alpha-springboot4, =9.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4,...

app.cash.backfila:client-misk-hibernate (>=2025.05.13.195510-03b951f <=2026.05.28.162006-546becb), app.cash.backfila:service (>=2025.05.13.195510-03b951f <=2026.05.28.162006-546becb) +1017 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk18on (>=1.71 <=1.83)

org.bouncycastle:bcpg-jdk18on MAVEN version =1.71, =2025.05.13.195510-03b951f, =2025.05.13.195510-03b951f, =2025.05.13.195510-03b951f, =1.0.0, =1.0.0, =1.1, =1.5.0, =0.1.0, =4.0.0, =7.0.0 and more Source cves: CVE-2026-3505 Source advisory: OSV:GHSA-CJ8J-37RH-8475...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), am.ik.home:uaa-server (>=1.0.0 <=1.9.0) +3237 more potentially affected by CVE-2026-40477 via org.thymeleaf:thymeleaf (>=m1 <=3.1.3.RELEASE)

org.thymeleaf:thymeleaf MAVEN version =m1, =0.5.0, =1.0.0, =0.9.6, =0.9.6, =1.0.0, =0.0.1, =1.0.0, =1.0, =3.4.0, =5.6.5, =4.1.0, =6.4.7 and more Source cves: CVE-2026-40477 Source advisory: OSV:GHSA-R4V4-5MWR-2FWR...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2513 more potentially affected by CVE-2026-34772 via electron (>=0.1.2 <=38.6.0)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34772 Source advisory: OSV:GHSA-9W97-2464-8783...

ai.langsa:ccaas-starter (=cloud-0.3), au.csiro.pathling:fhir-server (>=7.0.0 <=7.1.0) +2752 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-starter-actuator (>=3.0.0 <=3.3.13)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =3.0.0, =7.0.0, =2.10.0, =3.6.0, =3.3.0, =2.10.0, =2.10.0, =2.10.0, =3.0.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.4.0 and more So...

africa.absa:inception-test (>=1.0.0 <=1.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0) +7555 more potentially affected by CVE-2026-24400 via org.assertj:assertj-core (>=1.4.0 <=3.27.6)

org.assertj:assertj-core MAVEN version =1.4.0, =1.0.0, =0.1.0, =0.1.0, =0.0.62, =0.7.0, =0.0.10, =0.0.6, =0.8.38, =20.3.3, =20.3.3, =20.3.3, =20.3.3, =20.3.3, =20.3.3, =26.3.2 and more Source cves: CVE-2026-24400 Source advisory: SNYK:JAVA-ORGASSERTJ-15102413...

ai.catboost:catboost-spark_4.1_2.13 (=1.2.10), ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0) +4101 more potentially affected by CVE-2025-67735 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.7.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2025-67735 Source advisory: OSV:GHSA-84H7-RJJ3-6JX4...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.stainless:grails-tika (=0.1.0) +739 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-parsers (>=1.13 <=1.9)

org.apache.tika:tika-parsers MAVEN version =1.13, =1.3, =1.0.1, =3.6.1, =3.11.0, =4.6.0, =8.10.1.3, =8.10.1.3, =8.10.1.3, =0.1, =3.0.0, =3.0.1 and more Source cves: CVE-2025-54988, CVE-2025-66516 Source advisory: OSV:GHSA-F58C-GQ56-VJJF...

app.valuationcontrol:webservice (>=0.5.0 <=0.5.1), ba.sake:deder-publish-example_3 (=0.0.1) +1353 more potentially affected by CVE-2024-3884 via io.undertow:undertow-core (>=2.3.0.Alpha1 <=2.3.20.Final)

io.undertow:undertow-core MAVEN version =2.3.0.Alpha1, =0.5.0, =0.10.0, =0.0.7, =1.1.15, =1.0.6, =1.0.6, =1.0.6, =2.0.1, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =2.1.1 and more Source cves: CVE-2024-3884 Source advisory: SNYK:JAVA-IOUNDERTOW-15053841...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.h2o:h2o-app (>=0.1.22 <=0.1.25) +1040 more potentially affected by CVE-2025-8916 via org.bouncycastle:bcprov-jdk15 (>=1.38 <=1.46)

org.bouncycastle:bcprov-jdk15 MAVEN version =1.38, =1.3, =0.1.22, =0.1.22, =1.0.0, =2.1.0, =1.0.1, =4.2.0, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.0.3, =1.3.3 and more Source cves: CVE-2025-8916 Source advisory:...

10by10-react-app (=1.2.1), 192.168.0.172 (=4.6.1) +13982 more potentially affected by CVE-2025-7339 via on-headers (>=0.0.0 <=1.0.2)

on-headers NPM version =0.0.0, =1.0.2, =1.0.0, =0.30.0, =0.2.0, =0.0.28, =4.11.0, =4.11.46 and more Source cves: CVE-2025-7339 Source advisory: OSV:GHSA-76C9-3JPH-RJ3Q...

be.atbash.test:integration-testing (=2.2.0), be.atbash.test:integration-testing-database (=2.2.0) +641 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=4.0.0 <=4.0.6)

org.apache.cxf:cxf-core MAVEN version =4.0.0, =1.0.0, =12.1-7-21, =0.0.1, =2.70.0, =2.71.1 - com.codbex.kronos:codbex-kronos-commons =2.70.0 - com.codbex.kronos:codbex-kronos-components-api-parent =2.69.0 - com.codbex.kronos:codbex-kronos-components-engine-xsjob =2.69.0 and more Source cves:...

com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.3.0), cv.igrp:igrp-core (=2.0.0.250321-GA) +416 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (=4.1.0)

org.apache.cxf:cxf-core MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:cxf-core and may be impacted: - com.codbex.atlas:codbex-atlas-application =1.1.0, =4.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0...