@clerk/chrome-extension (>=3.0.1-canary.v20260303211310 <=3.1.15-snapshot.v20260421194054), @clerk/expo (>=3.0.1-canary.v20260303211310 <=3.2.2-snapshot.v20260421194054) +7 more potentially affected by CVE-2026-42349 via @clerk/react (>=6.0.1-canary.v20260303211310 <=6.4.3-snapshot.v20260421194054)

@clerk/react NPM version =6.0.1-canary.v20260303211310, =3.0.1-canary.v20260303211310, =3.0.1-canary.v20260303211310, =7.0.1-canary.v20260303211310, =3.0.1-canary.v20260303211310, =1.0.1-canary.v20260303211310, =2.0.0, =2.0.0, =0.20.1-dev-push, =0.20.3-dev-push, =0.20.4-dev-push Source cves:...

africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +2764 more potentially affected by CVE-2026-22745 via org.springframework:spring-webflux (>=5.0.0.RELEASE <=5.3.4)

org.springframework:spring-webflux MAVEN version =5.0.0.RELEASE, =1.1.0, =1.1.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =0.0.1, =v0.3.12, =v0.3.10, =v0.3.12, =2.1.2.RELEASE, =4.1.36, =4.1.7, =4.7.1 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 and more...

org.springframework.ai:spring-ai-starter-vector-store-milvus (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-milvus-store (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-milvus-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321391...

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-beta.1), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-beta.1) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-beta.1)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.1 Source cves: unknown CVE Source advisory: OSV:GHSA-9237-RG5P-RHFW...

@godmode-team/godmode (=1.6.1), @growthub/cli (>=0.3.1 <=0.3.44) +8 more potentially affected by CVE-2026-41208 via @paperclipai/server (>=0.2.7 <=2026.416.0-canary.1)

@paperclipai/server NPM version =0.2.7, =0.3.1, =0.1.45, =2026.324.0-canary.0, =0.0.2, =0.2.2, =0.6.5, =0.6.6 - solounicornclub =0.3.1 - stacy-cli =0.3.1 Source cves: CVE-2026-41208 Source advisory: OSV:GHSA-265W-RF2W-CJH4...

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +8 more potentially affected by CVE-2026-41242 via org.webjars.npm:protobufjs (>=6.8.8 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.8.8, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.7.3, =0.7.13, =0.7.15 Source cves: CVE-2026-41242 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16094666...

io.github.jinahya:jinahya-bcprov (=0.0.1), org.apache.camel.karaf:camel-as2 (>=4.7.0 <=4.10.7) +14 more potentially affected by CVE-2026-5598 via org.bouncycastle:bcprov-debug-jdk18on (>=1.71 <=1.83)

org.bouncycastle:bcprov-debug-jdk18on MAVEN version =1.71, =4.7.0, =4.7.0, =3.0.0-M1, =3.0.0-M1, =3.2.0, =3.18.0, =3.18.0, =3.18.0, =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 and more Source cves: CVE-2026-5598 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16074609...

com.akamai.edgegrid:edgegrid-signer-async-http-client (>=6.0.1 <=6.0.3-rc.1), com.arpnetworking.metrics:mad-experimental (>=1.2.4 <=1.2.11) +48 more potentially affected by CVE-2026-40490 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.7)

org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =6.0.1, =1.2.4, =1.22.5, =1.13.8, =1.1.0, =0.4.8, =0.4.8, =0.4.8, =1.17.0, =1.17.0, =1.17.0, =0.5.0, =218.0.0, =14.5.0, =16.0.0 and more Source cves: CVE-2026-40490 Source advisory: OSV:GHSA-CMXV-58FP-FM3G...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +10 more potentially affected by CVE-2026-34503 via openclaw (>=2026.3.22 <=2026.3.24)

openclaw NPM version =2026.3.22, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 Source cves: CVE-2026-34503 Source advisory: SNYK:JS-OPENCLAW-15857163...

@seafile/seafile-sdoc-editor (>=3.0.0 <=3.0.162) potentially affected by CVE-2026-30587 via @seafile/sdoc-editor (=3.0.162)

@seafile/sdoc-editor NPM version =3.0.162 is affected by a known vulnerability. The following packages have a transitive dependency on @seafile/sdoc-editor and may be impacted: - @seafile/seafile-sdoc-editor =3.0.0, =3.0.162 Source cves: CVE-2026-30587 Source advisory:...

com.io7m.jsay:com.io7m.jsay (=0.0.2), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +5 more potentially affected by CVE-2026-32642 via org.apache.activemq:artemis-openwire-protocol (>=2.0.0 <=2.4.0)

org.apache.activemq:artemis-openwire-protocol MAVEN version =2.0.0, =1.14.2, =0.1.0, =0.1.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-32642 Source advisory: OSV:GHSA-F4GC-MWRG-Q36R...

@dicebear/collection (>=5.0.6 <=5.4.3), dicebear (>=5.0.6 <=5.4.3) potentially affected by CVE-2026-33311 via @dicebear/initials (>=5.0.6 <=5.4.3)

@dicebear/initials NPM version =5.0.6, =5.0.6, =5.0.6, =5.4.3 Source cves: CVE-2026-33311 Source advisory: SNYK:JS-DICEBEARINITIALS-15746953...

@vevedh/bke-dsi-cacem (>=2.0.4 <=4.0.1), @xrengine/analytics (>=0.5.0 <=0.5.8) +2 more potentially affected by CVE-2026-27192 via @feathersjs/authentication-oauth (>=5.0.0-pre.10 <=5.0.12)

@feathersjs/authentication-oauth NPM version =5.0.0-pre.10, =2.0.4, =0.5.0, =0.5.4, =0.0.1, =2.0.4 Source cves: CVE-2026-27192 Source advisory: SNYK:JS-FEATHERSJSAUTHENTICATIONOAUTH-15325871...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-28463 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-28463 Source advisory: OSV:GHSA-XVHF-X56F-2HPP...

de.arbeitsagentur.opdt:keycloak-cassandra-model-tests (>=2.5.6-24.0 <=5.5.1), io.kokuwa.keycloak:keycloak-event-metrics (>=0.1.0 <=1.0.0) +26 more potentially affected by CVE-2025-11537 via org.keycloak:keycloak-quarkus-server (>=12.0.0 <=26.5.5)

org.keycloak:keycloak-quarkus-server MAVEN version =12.0.0, =2.5.6-24.0, =0.1.0, =8.1, =26.3.0, =26.1.0, =26.4.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.4.0, =26.1.0, =26.2.0, =26.2.0, =26.5.5 and more Source cves:...

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +229 more potentially affected by CVE-2026-25723 via @anthropic-ai/claude-code (>=0.2.126 <=2.0.51)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2026-25723 Source advisory: OSV:GHSA-MHG7-666J-CQG4...

@backstage/plugin-search-backend-module-techdocs (>=0.4.9-next.0 <=0.4.9-next.1), @backstage/plugin-techdocs-backend (>=0.0.0-nightly-20251222025103 <=2.1.4-next.2) +2 more potentially affected by CVE-2026-25153 via @backstage/plugin-techdocs-node (>=1.0.0 <=1.13.11-next.0)

@backstage/plugin-techdocs-node NPM version =1.0.0, =0.4.9-next.0, =0.0.0-nightly-20251222025103, =0.11.13, =0.0.0-nightly-20241120023536, =1.10.4-next.2 Source cves: CVE-2026-25153 Source advisory: SNYK:JS-BACKSTAGEPLUGINTECHDOCSNODE-15166604...

@kimuson/claude-code-viewer (>=0.4.2 <=0.5.9), @netlify/agent-runner-cli (>=1.31.0 <=1.58.1-alpha) +15 more potentially affected by CVE-2026-21852 via @anthropic-ai/claude-code (>=2.0.0 <=2.0.64)

@anthropic-ai/claude-code NPM version =2.0.0, =0.4.2, =1.31.0, =0.0.1-rc.1, =0.12.0, =0.5.2, =0.12.1, =1.1.43, =0.0.0, =0.1.2, =0.11.1, =0.11.0, =1.0.0, =1.2.1 and more Source cves: CVE-2026-21852 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-15046268...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.2.6 <=1.4.11) +51 more potentially affected by CVE-2025-14082 via org.keycloak:keycloak-model-infinispan (>=10.0.0 <=26.4.7)

org.keycloak:keycloak-model-infinispan MAVEN version =10.0.0, =0.1.0, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =2.0.1-23.0, =2.5.6-24.0, =0.1.0, =1.0.0 and more Source cves: CVE-2025-14082 Source advisory: SNYK:JAVA-ORGKEYCLOAK-14361675...

ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.4_2.12 (>=0.25 <=1.2.7) +1534 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.12 (>=2.4.0 <=3.4.3)

org.apache.spark:spark-network-common2.12 MAVEN version =2.4.0, =0.25-rc1, =0.25, =0.25, =1.0.1, =1.0.6, =1.1, =1.2, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.20.0, =0.21.0 and more Source cves: CVE-2025-55039 Source advisory: OSV:GHSA-6P6V-M64V-JX8Q...