datavis-editor (=0.1.0), datavis-editor-flow (=0.1.0) +1 more potentially affected by unknown CVE via @antv/g2-extension-ava (=0.2.0)

@antv/g2-extension-ava NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2-extension-ava and may be impacted: - datavis-editor =0.1.0 - datavis-editor-flow =0.1.0 - ty-chat-components-v1 =0.0.1, =0.0.5 Source cves: unknown CVE...

1byte-react-design (>=1.7.1 <=1.14.0), @alicloud-panxi/aicoach-sdk (>=1.0.1 <=1.1.44) +182 more potentially affected by unknown CVE via @antv/g2 (>=5.0.0-beta.5 <=5.4.8)

@antv/g2 NPM version =5.0.0-beta.5, =1.7.1, =1.0.1, =2.0.0, =1.0.0, =2.0.0, =3.0.0, =3.0.0, =0.5.6, =5.1.5, =0.1.6, =0.1.0, =0.1.0, =0.0.1, =3.0.0-alpha.0, =2.1.2, =2.2.21 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3973...

@antv/ava (=3.6.0-alpha.0), @antv/gpt-vis (>=0.0.1 <=0.6.1) +20 more potentially affected by unknown CVE via @antv/larkmap (=1.5.1)

@antv/larkmap NPM version =1.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/larkmap and may be impacted: - @antv/ava =3.6.0-alpha.0 - @antv/gpt-vis =0.0.1, =0.1.0, =0.0.1, =0.1.1, =1.0.0, =1.0.2, =1.0.2, =0.0.1, =0.0.1, =1.0.0-alpha.4,...

@0xwork/connect (>=0.1.0 <=0.1.7), @1mmutex/featherkit (>=1.0.0-alpha <=1.0.3-alpha) +585 more potentially affected by unknown CVE via @mistralai/mistralai (>=2.1.2 <=2.2.1)

@mistralai/mistralai NPM version =2.1.2, =0.1.0, =1.0.0-alpha, =0.0.183, =5.0.0, =0.1.6, =0.1.1, =4.0.153, =0.1.1, =0.1.0, =0.1.1-staging.0a1c61e6, =0.1.1, =0.0.2-staging.0a1c61e6, =0.1.0, =0.0.183, =1.3.0, =1.3.10-canary.40.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3432...

@meme-sdk/trade (>=1.0.0 <=1.0.1), @solana-launchpad/sdk (>=1.0.10 <=1.0.13) +2 more potentially affected by unknown CVE via @validate-sdk/v2 (>=1.22.11 <=1.22.31)

@validate-sdk/v2 NPM version =1.22.11, =1.0.0, =1.0.10, =1.0.5, =1.0.6 - openpaw-graveyard =3.0.0 Source cves: unknown CVE Source advisory: SNYK:JS-VALIDATESDKV2-16321533...

companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3), corporateai (=2026.328.0-canary.0) +3 more potentially affected by unknown CVE via @paperclipai/server (>=2026.318.0-canary.0 <=2026.416.0-canary.1)

@paperclipai/server NPM version =2026.318.0-canary.0, =2026.324.0-canary.0, =2026.3.17-canary.3, =0.6.5, =0.6.6 Source cves: unknown CVE Source advisory: SNYK:JS-PAPERCLIPAISERVER-16421487...

be.ugent.idlab.knows:dataio (>=1.2.0 <=1.3.1), cn.org.expect:modest-build (=1.0.4) +221 more potentially affected by unknown CVE via com.github.junrar:junrar (>=7.4.0 <=7.5.1)

com.github.junrar:junrar MAVEN version =7.4.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.7.0, =2.7.2, =2.1, =3.5.3, =3.5.11 and more Source cves: unknown CVE Source advisory: SNYK:JAVA-COMGITHUBJUNRAR-16097905...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +11 more potentially affected by unknown CVE via openclaw (>=0.0.1 <=2026.3.24)

openclaw NPM version =0.0.1, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =3.3.2, =3.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-MW7W-G3MG-XQM7...

adventure-rusoto-ecs (=0.4.0), adventure-rusoto-sns (=0.4.0) +240 more potentially affected by unknown CVE via tokio-process (>=0.1.6 <=0.3.0-alpha.2)

tokio-process CARGO version =0.1.6, =0.0.2, =0.0.1, =0.1.5, =0.1.0, =0.2.1, =0.3.0, =0.1.0, =0.21.0, =0.2.0, =0.6.0, =0.6.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0055...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +938 more potentially affected by unknown CVE via nltk (>=2.0.4 <=3.9.3)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-NLTK-15692479...

article-extract (>=0.1.2 <=0.1.3), athlinks-races (>=0.0.4 <=0.0.7) +51 more potentially affected by unknown CVE via scrapy (>=1.4.0 <=2.14.1)

scrapy PYPI version =1.4.0, =0.1.2, =0.0.4, =3.4.0, =2.8.3, =0.0.1.dev1, =1.3.0, =1.2.1.20160901, =0.2.0, =0.0.5, =0.2.4, =0.0.2, =0.3.0a0, =0.0.20, =0.0.34 and more Source cves: unknown CVE Source advisory: OSV:GHSA-CWXJ-RR6W-M6W7...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +12 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.31)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15443475...

CVE-2026-3442

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may...

openmls (>=0.4.0-pre.1 <=0.4.0-pre.2), openmls_evercrypt (>=0.1.0-pre.1 <=0.1.0-pre.2) +2 more potentially affected by unknown CVE via hpke-rs (=0.1.2)

hpke-rs CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on hpke-rs and may be impacted: - openmls =0.4.0-pre.1, =0.1.0-pre.1, =0.1.0, =0.3.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:GHSA-G433-PQ76-6CMF...

@oku-ui/primitives (>=0.4.0 <=0.6.1) potentially affected by unknown CVE via @oku-ui/tooltip (=0.6.1)

@oku-ui/tooltip NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/tooltip and may be impacted: - @oku-ui/primitives =0.4.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191281...

react-native-modest-storage (=2.0.0) potentially affected by unknown CVE via @tiaanduplessis/json (=2.0.1)

@tiaanduplessis/json NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @tiaanduplessis/json and may be impacted: - react-native-modest-storage =2.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191056...

react-native-modest-storage (=2.0.0) potentially affected by unknown CVE via @tiaanduplessis/json (=2.0.1)

@tiaanduplessis/json NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @tiaanduplessis/json and may be impacted: - react-native-modest-storage =2.0.0 Source cves: unknown CVE Source advisory: SNYK:JS-TIAANDUPLESSISJSON-14103546...

siddheshtea (=1.1.6) potentially affected by unknown CVE via nokire-korean2 (=1.0.0)

nokire-korean2 NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nokire-korean2 and may be impacted: - siddheshtea =1.1.6 Source cves: unknown CVE Source advisory: OSV:MAL-2025-162751...

siddheshtea (=1.1.6) potentially affected by unknown CVE via nokire-nakala88 (=1.0.0)

nokire-nakala88 NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nokire-nakala88 and may be impacted: - siddheshtea =1.1.6 Source cves: unknown CVE Source advisory: OSV:MAL-2025-163045...

@abyedev/hono-dotenv (=1.0.0), @affectively/relay (>=5.0.0 <=6.0.1) +339 more potentially affected by unknown CVE via hono (>=0.5.10 <=4.10.2)

hono NPM version =0.5.10, =5.0.0, =0.1.1, =0.0.2-a, =0.1.22, =1.1.1, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =0.0.0, =0.0.11 - @bgord/bun =1.0.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-Q7JF-GF43-6X6P...