ROOT-APP-NPM-GHSA-5C6J-R48X-RMVQ GHSA-5c6j-r48x-rmvq in @rootio/serialize-javascript - Patched by Root

Root has patched GHSA-5c6j-r48x-rmvq in the @rootio/serialize-javascript package for Root:npm. Multiple fixed versions available...

libcrux-aead (>=0.0.4 <=0.0.8-rc.2) potentially affected by unknown CVE via libcrux-chacha20poly1305 (>=0.0.4 <=0.0.8-rc.2)

libcrux-chacha20poly1305 CARGO version =0.0.4, =0.0.4, =0.0.8-rc.2 Source cves: unknown CVE Source advisory: OSV:GHSA-HC3C-63HC-2R9F...

GHSA-R95X-QFJJ-FJJ2 vulnerabilities

Vulnerabilities for packages: airflow...

data-prep-toolkit-transforms (>=0.2.1 <=0.2.1.dev3), data-prep-toolkit-transforms-ray (>=0.2.1.dev0 <=0.2.1.dev2) +16 more potentially affected by CVE-2026-31248 via docling (>=1.11.0 <=2.55.0)

docling PYPI version =1.11.0, =0.2.1, =0.2.1.dev0, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =0.4.0, =0.1.29, =0.3.1, =0.10.0, =0.2.1, =0.2.6 and more Source cves: CVE-2026-31248 Source advisory: OSV:GHSA-9F4Q-Q82Q-4359...

CVE-2026-45310

creationtimestamp| type| source ---|---|--- 2026-05-09 04:05:43+00:00| published-proof-of-concept| https://github.com/Hmbown/DeepSeek-TUI/security/advisories/GHSA-96ff-gc8g-wpvg...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-H5X4-M2QF-R4F2...

0xuath-sdk-react (>=0.0.2 <=0.0.23), 1-test-gulp-1 (>=0.0.1 <=0.0.4) +17798 more potentially affected by CVE-2026-41650 via fast-xml-parser (>=2.3.1 <=5.6.0)

fast-xml-parser NPM version =2.3.1, =0.0.2, =0.0.1, =0.0.1, =1.0.0, =1.0.10, =3.1.4, =3.1.6, =0.1.0, =0.0.2, =4.11.2, =2.0.0, =2.6.6 and more Source cves: CVE-2026-41650 Source advisory: OSV:GHSA-GH4J-GQV2-49F6...

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +23 more potentially affected by CVE-2026-41914 via openclaw (>=0.0.1 <=2026.4.5)

openclaw NPM version =0.0.1, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-41914 Source advisory: OSV:GHSA-3FV3-6P2V-GXWJ...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2583 more potentially affected by CVE-2026-34781 via electron (>=0.1.2 <=39.8.10)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34781 Source advisory: OSV:GHSA-F37V-82C4-4X64...

webpki-roots (>=0.26.0-alpha.0 <=0.26.0-alpha.1) potentially affected by unknown CVE via rustls-webpki (=0.102.8)

rustls-webpki CARGO version =0.102.8 is affected by a known vulnerability. The following packages have a transitive dependency on rustls-webpki and may be impacted: - webpki-roots =0.26.0-alpha.0, =0.26.0-alpha.1 Source cves: unknown CVE Source advisory: OSV:GHSA-PWJX-QHCG-RVJ4...

any2htpy (=0.1.4) potentially affected by unknown CVE via justhtml (=0.35.0)

justhtml PYPI version =0.35.0 is affected by a known vulnerability. The following packages have a transitive dependency on justhtml and may be impacted: - any2htpy =0.1.4 Source cves: unknown CVE Source advisory: OSV:GHSA-V7CF-C9RM-WM3J...

article-extract (>=0.1.2 <=0.1.3), athlinks-races (>=0.0.4 <=0.0.7) +51 more potentially affected by unknown CVE via scrapy (>=1.4.0 <=2.14.1)

scrapy PYPI version =1.4.0, =0.1.2, =0.0.4, =3.4.0, =2.8.3, =0.0.1.dev1, =1.3.0, =1.2.1.20160901, =0.2.0, =0.0.5, =0.2.4, =0.0.2, =0.3.0a0, =0.0.20, =0.0.34 and more Source cves: unknown CVE Source advisory: OSV:GHSA-CWXJ-RR6W-M6W7...

@9troisquarts/ant-form (>=2.3.0 <=4.0.5), @beliantech/bt-components (>=0.8.0 <=0.33.11) +55 more potentially affected by unknown CVE via trix (>=0.10.2 <=2.1.15)

trix NPM version =0.10.2, =2.3.0, =0.8.0, =0.1.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =0.1.18, =0.1.85, =0.2.0, =0.0.1, =0.1.0, =0.1.1, =1.32.0, =3.10.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QMPG-8XG6-PH5Q...

vantuz (>=3.3.2 <=3.3.7) potentially affected by unknown CVE via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-W7J5-J98M-W679...

vantuz (>=3.3.2 <=3.3.7) potentially affected by unknown CVE via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-JQ4X-98M3-GGQ6...

vantuz (>=3.3.2 <=3.3.7) potentially affected by unknown CVE via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-7XMQ-G46G-F8PV...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by unknown CVE via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-MQPR-49JJ-32RC...

1.1.0 (=1.0.0), 719component (>=1.1.1 <=1.1.6) +1033 more potentially affected by CVE-2026-27013 via fabric (>=1.4.13 <=7.1.0)

fabric NPM version =1.4.13, =1.1.1, =0.1.1-preview.0, =0.0.19, =0.14.2, =0.0.7, =1.0.5, =0.1.2, =0.0.1, =0.1.0, =5.5.0, =5.6.14 and more Source cves: CVE-2026-27013 Source advisory: OSV:GHSA-HFVX-25R5-QC3W...

GHSA-FW7P-63QQ-7HPR filippo.io/edwards25519 MultiScalarMult produces invalid results or undefined behavior if receiver is not the identity

Point.MultiScalarMult failed to initialize its receiver. If the method was called on an initialized point that is not the identity point, MultiScalarMult produced an incorrect result. If the method was called on an uninitialized point, the behavior was undefined. In particular, if the receiver wa...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-28392 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-28392 Source advisory: OSV:GHSA-V773-R54F-Q32W...