@agentscope-ai/chat (>=1.1.43 <=1.1.63-beta.1778041790294), @ant-design/charts (>=2.2.2 <=2.6.7) +78 more potentially affected by unknown CVE via @antv/graphin (=3.0.5)

@antv/graphin NPM version =3.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/graphin and may be impacted: - @agentscope-ai/chat =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0-beta.0, =1.0.1, =1.0.0, =1.0.0,...

@ant-design/charts (>=1.0.17-beta.1 <=1.1.4-alpha.0), @thcloud/vmap (>=1.0.1 <=1.0.2) +7 more potentially affected by unknown CVE via @antv/l7-district (=2.3.12)

@antv/l7-district NPM version =2.3.12 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/l7-district and may be impacted: - @ant-design/charts =1.0.17-beta.1, =1.0.1, =0.1.0, =4.4.1, =1.0.13, =1.0.0, =1.0.0, =2.0.2, =2.1.8 Source cves: unknown CVE...

@ant-design/graphs (>=2.0.0 <=2.0.4), @antv/g6-extension-react (>=0.0.1 <=0.1.19) potentially affected by unknown CVE via @antv/react-g (=2.1.1)

@antv/react-g NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/react-g and may be impacted: - @ant-design/graphs =2.0.0, =0.0.1, =0.1.19 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4076...

CVE-2019-18350

In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script...

EUVD-2025-199366

Malicious code in gatsby-plugin-antd npm...

EUVD-2025-178895

Malicious code in firebase-antd-lyra-version npm...

EUVD-2025-175979

Malicious code in testcafe-jsonp-lyra-antd npm...

EUVD-2025-112149

Malicious code in json-blaze-venus-antd npm...

EUVD-2025-115235

Malicious code in comet-cygnus-antd-koa npm...

EUVD-2025-116648

Malicious code in antd-ganymede-iota-tailwindcss npm...

EUVD-2025-111794

Malicious code in less-loader-dotenv-parse-variables-ophiuchus-antd npm...

EUVD-2025-112542

Malicious code in indus-optimize-css-assets-webpack-plugin-antd-quasar npm...

EUVD-2025-122603

Malicious code in resolvers-celeste-antd-sequelize npm...

EUVD-2025-116751

Malicious code in altair-farout-antd-await npm...

EUVD-2025-113175

Malicious code in global-hyperion-antd-iota npm...

EUVD-2025-113498

Malicious code in fornax-corvus-socketio-antd npm...

EUVD-2025-120662

Malicious code in warp-dagda-antd-scripts npm...

Malicious Package

Overview iwf-ant-design-draggable-modal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

EUVD-2025-34995

Malicious code in iwf-ant-design-draggable-modal npm...

MAL-2025-48459 Malicious code in iwf-ant-design-draggable-modal (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b9b3eeea0f26e99c27bbddc1d9e0940e5787aed77004f10d056d9fb1ded4dd8f Any computer that has this package installed or running should be considered...