@antelopecloud/components (>=0.3.0 <=0.5.12), @baoxi/viser (=2.5.1) +327 more potentially affected by unknown CVE via @antv/g2-plugin-slider (>=2.0.0 <=2.1.1)

@antv/g2-plugin-slider NPM version =2.0.0, =0.3.0, =2.5.1, =2.6.0 - @bizcharts/area-percentage =0.0.2 - @bizcharts/area-range =0.0.2 - @bizcharts/area-stacked =0.0.2 - @bizcharts/area-with-negative =0.0.2 - @bizcharts/bar-basic =0.0.2 - @bizcharts/bar-basic-column =0.0.2 -...

@antv/g2 (>=3.2.0 <=3.2.8-beta.6), @bizcharts/other-datamarker_dataregion (>=0.0.1 <=0.1.4) +22 more potentially affected by unknown CVE via @antv/interaction (>=0.0.8 <=0.1.5)

@antv/interaction NPM version =0.0.8, =3.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.4, =0.1.8, =1.0.4, =1.0.4, =0.1.4, =0.1.14, =0.1.5, =1.0.5, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4030...

MAL-2026-3974 Malicious code in @antv/g2-brush (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

1byte-react-design (>=1.7.1 <=1.14.0), @ant-design/charts (>=2.0.3 <=2.6.7) +99 more potentially affected by unknown CVE via @antv/g2-extension-plot (>=0.1.2 <=0.2.2)

@antv/g2-extension-plot NPM version =0.1.2, =1.7.1, =2.0.3, =1.0.0, =2.0.8, =0.0.1, =0.1.0, =1.0.0, =1.0.1, =2.0.2, =1.2.0, =4.1.13, =1.0.1, =3.0.28 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3977...

@alicloud/cloud-charts (>=0.1.0 <=0.1.10), @alicloud/console-charts (>=0.1.0 <=0.3.0) +140 more potentially affected by unknown CVE via @antv/g2-brush (=0.0.2)

@antv/g2-brush NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2-brush and may be impacted: - @alicloud/cloud-charts =0.1.0, =0.1.0, =0.0.113, =0.0.113, =0.1.4-beta-3.3, =2.5.1, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5,...

@antv/gpt-vis (=0.5.0-beta.0), @antv/gpt-vis-ssr (>=0.1.0 <=0.3.7) +7 more potentially affected by unknown CVE via @antv/g2-ssr (>=0.0.8 <=0.2.0)

@antv/g2-ssr NPM version =0.0.8, =0.1.0, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3979...

datavis-editor (=0.1.0), datavis-editor-flow (=0.1.0) +1 more potentially affected by unknown CVE via @antv/g2-extension-ava (=0.2.0)

@antv/g2-extension-ava NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2-extension-ava and may be impacted: - datavis-editor =0.1.0 - datavis-editor-flow =0.1.0 - ty-chat-components-v1 =0.0.1, =0.0.5 Source cves: unknown CVE...

1byte-react-design (>=1.7.1 <=1.14.0), @alicloud-panxi/aicoach-sdk (>=1.0.1 <=1.1.44) +182 more potentially affected by unknown CVE via @antv/g2 (>=5.0.0-beta.5 <=5.4.8)

@antv/g2 NPM version =5.0.0-beta.5, =1.7.1, =1.0.1, =2.0.0, =1.0.0, =2.0.0, =3.0.0, =3.0.0, =0.5.6, =5.1.5, =0.1.6, =0.1.0, =0.1.0, =0.0.1, =3.0.0-alpha.0, =2.1.2, =2.2.21 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3973...

MAL-2026-3973 Malicious code in @antv/g2 (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/g2 (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-3977 Malicious code in @antv/g2-extension-plot (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/g2-brush (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@antv/g-mobile-webgl (>=1.0.0 <=1.1.1), @antv/g-plugin-3d (>=2.0.0 <=2.1.1) +7 more potentially affected by unknown CVE via @antv/g-shader-components (>=2.0.0 <=2.0.1-beta.0)

@antv/g-shader-components NPM version =2.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.2.0, =0.1.0, =1.0.2, =1.0.8 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3961...

CVE-2026-43310

The CVE-2026-43310 issue affects the Linux kernel Verisilicon media driver on the i.MX8MQ platform. It describes a hardware limitation where the g1 VPU and g2 VPU cannot decode H.264 and HEVC simultaneously; doing so can trigger a bus error, producing corrupted video output and potentially causin...

CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produ...

CVE-2026-43310

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produ...

Linux Distros Unpatched Vulnerability : CVE-2026-43310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot deco...

CVE-2026-5572

A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. Th...

CVE-2026-5570

A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function indexconfig of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may ...

CVE-2026-5574

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...