Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Media: Verisilicon: Avoid G2 bus errors during H.264 and HEVC decoding. For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously. Doing so may cause a bus error, resulting in...

Malicious code in @antv/g2-brush (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/g2 (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-3974 Malicious code in @antv/g2-brush (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-3977 Malicious code in @antv/g2-extension-plot (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-3973 Malicious code in @antv/g2 (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

1byte-react-design (>=1.7.1 <=1.14.0), @alicloud-panxi/aicoach-sdk (>=1.0.1 <=1.1.44) +192 more potentially affected by unknown CVE via @antv/g2 (>=5.0.0-beta.5 <=5.4.8)

@antv/g2 NPM version =5.0.0-beta.5, =1.7.1, =1.0.1, =2.0.0, =1.0.0, =2.0.0, =3.0.0, =3.0.0, =0.5.6, =5.1.5, =0.1.6, =0.1.0, =0.1.0, =0.0.1, =3.0.0-alpha.0, =2.1.2, =2.2.21 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVG2-16754346...

1byte-react-design (>=1.7.1 <=1.14.0), @ant-design/charts (>=2.0.3 <=2.6.7) +100 more potentially affected by unknown CVE via @antv/g2-extension-plot (>=0.1.2 <=0.2.2)

@antv/g2-extension-plot NPM version =0.1.2, =1.7.1, =2.0.3, =1.0.0, =2.0.8, =0.0.1, =0.1.0, =1.0.0, =1.0.1, =2.0.2, =1.2.0, =4.1.13, =1.0.1, =3.0.28 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVG2EXTENSIONPLOT-16754921...

@antv/g2 (>=3.2.0 <=3.2.8-beta.6), @bizcharts/other-datamarker_dataregion (>=0.0.1 <=0.1.4) +22 more potentially affected by unknown CVE via @antv/interaction (>=0.0.8 <=0.1.5)

@antv/interaction NPM version =0.0.8, =3.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.4, =0.1.8, =1.0.4, =1.0.4, =0.1.4, =0.1.14, =0.1.5, =1.0.5, =3.0.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVINTERACTION-16755011...

@alicloud/cloud-charts (>=0.1.0 <=0.1.10), @alicloud/console-charts (>=0.1.0 <=0.3.0) +140 more potentially affected by unknown CVE via @antv/g2-brush (=0.0.2)

@antv/g2-brush NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2-brush and may be impacted: - @alicloud/cloud-charts =0.1.0, =0.1.0, =0.0.113, =0.0.113, =0.1.4-beta-3.3, =2.5.1, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5,...

1byte-react-design (>=1.7.1 <=1.14.0), @ant-design/charts (>=2.0.3 <=2.6.7) +100 more potentially affected by unknown CVE via @antv/g2-extension-plot (>=0.1.2 <=0.2.2)

@antv/g2-extension-plot NPM version =0.1.2, =1.7.1, =2.0.3, =1.0.0, =2.0.8, =0.0.1, =0.1.0, =1.0.0, =1.0.1, =2.0.2, =1.2.0, =4.1.13, =1.0.1, =3.0.28 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVG2EXTENSIONPLOT-16755090...

datavis-editor (=0.1.0), datavis-editor-flow (=0.1.0) +1 more potentially affected by unknown CVE via @antv/g2-extension-ava (=0.2.0)

@antv/g2-extension-ava NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2-extension-ava and may be impacted: - datavis-editor =0.1.0 - datavis-editor-flow =0.1.0 - ty-chat-components-v1 =0.0.1, =0.0.5 Source cves: unknown CVE...

@antv/g2-extension-3d (>=0.2.0 <=1.0.0), @antv/g6-extension-3d (>=0.1.0 <=0.1.23) potentially affected by unknown CVE via @antv/g-plugin-3d (>=2.0.42 <=2.1.1)

@antv/g-plugin-3d NPM version =2.0.42, =0.2.0, =0.1.0, =0.1.23 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGIN3D-16754988...

@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0), @antv/ava (>=3.0.0 <=3.6.0-alpha.0) +18 more potentially affected by unknown CVE via @antv/color-schema (=0.2.3)

@antv/color-schema NPM version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/color-schema and may be impacted: - @antv/auto-chart =2.0.0, =3.0.0, =3.0.0, =2.0.0, =5.1.5, =0.1.0, =2.0.4, =0.1.7, =1.0.0, =3.4.1-formant, =3.3.2-formant,...

datavis-editor (=0.1.0), datavis-editor-flow (=0.1.0) +1 more potentially affected by unknown CVE via @antv/g2-extension-ava (=0.2.0)

@antv/g2-extension-ava NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2-extension-ava and may be impacted: - datavis-editor =0.1.0 - datavis-editor-flow =0.1.0 - ty-chat-components-v1 =0.0.1, =0.0.5 Source cves: unknown CVE...

@antv/ava-react (>=3.0.0 <=3.3.2-beta.1), @antv/g2 (>=5.1.5 <=5.1.6-beta.1) +12 more potentially affected by unknown CVE via @antv/ava (>=3.0.0-alpha.0 <=3.4.1)

@antv/ava NPM version =3.0.0-alpha.0, =3.0.0, =5.1.5, =0.1.0, =1.0.0, =0.0.1-lb, =0.0.30, =0.0.0, =0.1.1, =1.1.1, =0.0.4, =0.0.1, =0.0.5 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVAVA-16754363...

@antelopecloud/components (>=0.3.0 <=0.5.12), @baoxi/viser (=2.5.1) +327 more potentially affected by unknown CVE via @antv/g2-plugin-slider (>=2.0.0 <=2.1.1)

@antv/g2-plugin-slider NPM version =2.0.0, =0.3.0, =2.5.1, =2.6.0 - @bizcharts/area-percentage =0.0.2 - @bizcharts/area-range =0.0.2 - @bizcharts/area-stacked =0.0.2 - @bizcharts/area-with-negative =0.0.2 - @bizcharts/bar-basic =0.0.2 - @bizcharts/bar-basic-column =0.0.2 -...

@antv/gpt-vis (=0.5.0-beta.0), @antv/gpt-vis-ssr (>=0.1.0 <=0.3.8) +7 more potentially affected by unknown CVE via @antv/g2-ssr (>=0.0.8 <=0.2.0)

@antv/g2-ssr NPM version =0.0.8, =0.1.0, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVG2SSR-16754434...

@antv/g2-extension-3d (>=0.2.0 <=1.0.0), @antv/g6-extension-3d (>=0.1.0 <=0.1.23) potentially affected by unknown CVE via @antv/g-plugin-3d (>=2.0.42 <=2.1.1)

@antv/g-plugin-3d NPM version =2.0.42, =0.2.0, =0.1.0, =0.1.23 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGIN3D-16754819...

CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produ...