@antv/ava (=3.6.0-alpha.0), @antv/gpt-vis (>=0.0.1 <=0.6.1) +23 more potentially affected by unknown CVE via @antv/l7-composite-layers (>=0.0.1-alpha.6 <=0.17.1)

@antv/l7-composite-layers NPM version =0.0.1-alpha.6, =0.0.1, =0.1.0, =0.0.1, =0.0.1-alpha.1, =0.1.1, =1.0.0, =1.0.2, =1.0.2, =0.0.1, =0.0.1, =1.0.0-alpha.4, =1.0.0-alpha.5 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4035...

7qb (=0.0.17), @4399ywkf/ui (=3.0.0-alpha.0) +570 more potentially affected by unknown CVE via @antv/g-webgpu-core (>=0.1.2 <=0.7.2)

@antv/g-webgpu-core NPM version =0.1.2, =0.1.1, =0.1.2, =1.1.15, =1.0.5, =1.0.5, =1.0.5, =1.1.26, =0.2.11-dev-1, =0.1.0, =1.0.14, =1.0.1, =1.0.0-beta.3, =1.5.0-beta.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3969...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2026-44792 via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2026-44792 Source advisory: OSV:GHSA-MHRX-QHRJ-673W...

@uipath/ap-chat (>=1.4.6 <=1.5.6), @uipath/apollo-react (>=3.26.1 <=4.24.2) +4 more potentially affected by unknown CVE via @uipath/apollo-core (>=5.6.2 <=5.9.1)

@uipath/apollo-core NPM version =5.6.2, =1.4.6, =3.26.1, =0.7.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0-beta.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3531...

@8btc/finance-assistant-mcp (>=0.0.1 <=0.0.69), @8btc/office-assistant-mcp (>=0.0.1 <=0.0.26-beta.1) +106 more potentially affected by CVE-2026-45321 via @tanstack/router-devtools-core (>=1.120.19 <=1.167.3)

@tanstack/router-devtools-core NPM version =1.120.19, =0.0.1, =0.0.1, =0.0.1-alpha.14, =0.1.0, =0.0.4, =0.1.0, =0.2.0, =0.2.0, =1.0.0, =0.1.0, =2.0.1-alpha-20260224145405, =2.0.1-alpha.6 - @ezshare/cli =0.0.0 - @ezshare/lib =0.0.0 - @ezshare/web =0.0.0 and more Source cves: CVE-2026-45321 Source...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3427 more potentially affected by CVE-2026-42583 via io.netty:netty-codec-compression (>=4.2.0.Alpha3 <=4.2.12.Final)

io.netty:netty-codec-compression MAVEN version =4.2.0.Alpha3, =0.1.0, =0.1.0, =4.7.4, =4.7.4, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.1 and more Source cves: CVE-2026-42583 Source advisory: SNYK:JAVA-IONETTY-16438323...

com.ritense.valtimo:audit (>=13.0.0.RELEASE <=13.22.0.RELEASE), com.ritense.valtimo:besluiten-api (>=13.0.0.RELEASE <=13.22.0.RELEASE) +48 more potentially affected by CVE-2026-42555 via com.ritense.valtimo:case (>=13.0.0.RELEASE <=13.22.0.RELEASE)

com.ritense.valtimo:case MAVEN version =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.13.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.0.0.RELEASE, =13.10.0.RELEASE, =13.10.0.RELEASE, =13.0.0.RELEASE,...

aloni (>=0.2.1 <=0.2.3), another (=0.1.0) +7 more potentially affected by CVE-2026-42545 via granian (>=0.2.6 <=2.6.1)

granian PYPI version =0.2.6, =0.2.1, =1.0.0, =2.5.0, =1.0.0, =0.2.0, =0.0.1, =2025.1.0, =0.1.1, =0.3.1 Source cves: CVE-2026-42545 Source advisory: OSV:GHSA-F5P7-9FR5-8JMJ...

@0xchain/empty (>=0.0.1 <=1.1.0-beta.4), @0xchain/expandable-text (>=0.0.1 <=1.1.0-beta.18) +107 more potentially affected by unknown CVE via icu-minify (=4.11.1)

icu-minify NPM version =4.11.1 is affected by a known vulnerability. The following packages have a transitive dependency on icu-minify and may be impacted: - @0xchain/empty =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.1, =0.1.0, =0.1.1, =2.2.0, =2.5...

279map-backend-common (>=0.1.2 <=0.33.1), @112dev/phunt-cli (>=1.0.0-beta.0 <=1.0.0-beta.2) +102 more potentially affected by CVE-2026-8813 via exifreader (>=4.13.2 <=4.38.1)

exifreader NPM version =4.13.2, =0.1.2, =1.0.0-beta.0, =1.0.0-beta.0, =0.0.5, =0.1.0, =1.0.1, =0.1.0, =0.10.0, =1.18.1, =1.0.2, =2.0.0, =0.1.0, =0.1.0-rc2 and more Source cves: CVE-2026-8813 Source advisory: SNYK:JS-EXIFREADER-16689335...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +13 more potentially affected by CVE-2026-43526 via openclaw (>=2026.3.22 <=2026.4.11)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-43526 Source advisory: SNYK:JS-OPENCLAW-16420278...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +12 more potentially affected by CVE-2026-42437 via openclaw (>=2026.3.22 <=2026.4.1)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-42437 Source advisory: SNYK:JS-OPENCLAW-16420275...

@0xd541ecb3/byte-babe (>=1.0.0 <=1.2.1), @514labs/aurora-mcp (>=0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939 <=0.0.64) +665 more potentially affected by CVE-2026-43870 via thrift (>=0.10.0 <=0.22.0)

thrift NPM version =0.10.0, =1.0.0, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.6, =0.0.0-dev, =1.0.0, =0.9.0, =0.0.0-9d773c, =0.0.0-5ad901, =0.0.1, =0.2.0, =0.2.0, =1.0.0-beta.1, =1.0.0-beta.6 and more Source cves: CVE-2026-43870 Source advisory: OSV:GHSA-526F-JXPJ-JMG2...

org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42809 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42809 Source advisory: OSV:GHSA-8GGJ-J522-H5QF...

ai-24sea (>=0.1.0 <=1.1.1), ai-documentation-writer (>=0.1.0 <=0.1.1) +31 more potentially affected by CVE-2026-7725 via prefect (>=3.0.0rc20 <=3.6.22)

prefect PYPI version =3.0.0rc20, =0.1.0, =0.1.0, =0.16.0, =0.6.1, =6.0.0, =1.0.1, =2.2.8, =2.25.0, =1.1.0, =1.3.0b5, =0.0.2, =0.1.11, =1.1.0, =2.3.0rc19 - mcp-prefect =0.1.0 and more Source cves: CVE-2026-7725 Source advisory: SNYK:PYTHON-PREFECT-16406537...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +15 more potentially affected by CVE-2026-41383 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.8 and more Source cves: CVE-2026-41383 Source advisory: SNYK:JS-OPENCLAW-16322613...

ai.h2o:sparkling-water-core_2.11 (>=3.46.0.1-1-2.3 <=3.46.0.6-1-2.4), ai.h2o:sparkling-water-core_2.12 (>=3.46.0.1-1-3.0 <=3.46.0.6-1-3.5) +760 more potentially affected by CVE-2026-41635 via org.apache.mina:mina-core (>=2.2.0 <=2.2.5)

org.apache.mina:mina-core MAVEN version =2.2.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =1.5.4.RELEASE, =0.0.2, =3.0.0, =1.0.9, =1.6.9, =1.2.5, =1.1.7, =1.2.8 and more Source cves: CVE-2026-41635 Sourc...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +19 more potentially affected by CVE-2026-44114 via openclaw (>=2026.3.22 <=2026.4.2)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 - @xmoxmo/bncr =0.0.8 - morpho-vault-manager =0.1.0 and more Source cves: CVE-2026-44114 Source advisory: SNYK:JS-OPENCLAW-16298041...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +20 more potentially affected by unknown CVE via openclaw (>=0.0.1 <=2026.4.2)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 - @xmoxmo/bncr =0.0.8 - morpho-vault-manager =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-72Q8-JCMC-97WX...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.107.0) +101 more potentially affected by CVE-2026-41044 via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.4)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =2.2.0 - io.mats3:mats-spring-test =B-2.0.0.B0+2025-10-22 and more Source cves: CVE-2026-41044 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-16323331...