@a1st/aix (>=0.0.3 <=0.5.1), @a1st/aix-core (>=0.2.0 <=0.5.1) +93 more potentially affected by CVE-2026-47428 via vitest (>=4.0.17 <=4.1.5)

vitest NPM version =4.0.17, =0.0.3, =0.2.0, =0.79.1, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =0.0.231, =0.0.231, =4.0.0-alpha.49, =4.0.0-alpha.66 and more Source cves: CVE-2026-47428 Source advisory: SNYK:JS-VITEST-17120487...

@astralis-os/vitest (=2.4.1), @aws/nx-plugin (>=0.79.1 <=0.84.2) +76 more potentially affected by CVE-2026-47429 via vitest (>=4.0.0-beta.11 <=4.0.9)

vitest NPM version =4.0.0-beta.11, =0.79.1, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =4.0.0-alpha.31, =1.2.3-preview-a960555.0, =7.2.0, =11.0.33, =21.0.0-alpha.33, =23.0.0-alpha.1 - @forsakringskassan/vitest-config =1.1.0 and more Source cves:...

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +264 more potentially affected by CVE-2026-42266 via jupyterlab (>=4.0.0 <=4.5.6)

jupyterlab PYPI version =4.0.0, =0.1.0, =0.1.0b0, =0.1.0b0, =0.1.0b0, =0.1.0, =0.5.5, =2.0.0, =0.1.1, =4.33.0, =0.6.4, =0.8.0, =1.0.1, =0.1.0, =0.5.0 and more Source cves: CVE-2026-42266 Source advisory: SNYK:PYTHON-JUPYTERLAB-16425771...

@saltcorn/cli (>=1.5.0 <=1.5.5-beta.0), @saltcorn/mobile-builder (>=1.5.0 <=1.5.5-beta.0) potentially affected by CVE-2026-41478 via @saltcorn/server (>=1.5.0-beta.0 <=1.5.5)

@saltcorn/server NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.5-beta.0 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNSERVER-16110989...

@alexaegis/svelte-config (>=0.9.2 <=0.15.0), @builders-of-stuff/svelte-sui-wallet-adapter (>=1.1.4 <=2.1.0) +11 more potentially affected by CVE-2026-40073 via @sveltejs/kit (>=2.0.0 <=2.55.0)

@sveltejs/kit NPM version =2.0.0, =0.9.2, =1.1.4, =0.0.137, =0.1.0, =0.4.1, =5.0.0-alpha.1, =0.0.1, =1.0.1-next.0, =0.0.10, =1.0.2, =0.0.1, =1.3.0, =1.15.1 Source cves: CVE-2026-40073 Source advisory: SNYK:JS-SVELTEJSKIT-15967891...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2025-57735 via apache-airflow (>=3.0.0 <=3.1.8)

apache-airflow PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2025-57735 Source advisory: OSV:GHSA-C92R-G8J5-VHCX...

@11ty/eleventy-plugin-vite (>=8.0.0 <=8.0.0-alpha.2), @17sierra/config (=0.1.0) +1214 more potentially affected by CVE-2026-39363 via vite (>=8.0.0 <=8.0.3)

vite NPM version =8.0.0, =8.0.0, =0.0.1, =0.1.9, =0.0.15-0.1, =0.0.42, =0.1.8, =0.0.1-bate.2, =0.1.0, =0.1.0, =0.0.8, =0.0.9 - @adhisang/minecraft-modding-mcp =1.0.0 and more Source cves: CVE-2026-39363 Source advisory: SNYK:JS-VITE-15922242...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +12 more potentially affected by CVE-2026-35640 via openclaw (>=0.0.1 <=2026.3.24)

openclaw NPM version =0.0.1, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =3.3.2, =3.3.7 Source cves: CVE-2026-35640 Source advisory: OSV:GHSA-3H52-CX59-C456...

1shot (>=0.0.1 <=0.0.2), @3030-labs/wotw (=0.8.4) +178 more potentially affected by CVE-2026-33068 via @anthropic-ai/claude-code (>=2.0.0 <=2.1.71)

@anthropic-ai/claude-code NPM version =2.0.0, =0.0.1, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.0.0-main-260517022600, =0.0.0-main-260517043948, =0.2.5, =4.10.0, =2.1.2, =3.0.2 - @chude/memory =4.0.0 and more Source cves: CVE-2026-33068 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-15701841...

org.webjars.npm:browser-sync-ui (=2.27.11), org.webjars.npm:bulma (=1.0.0) +21 more potentially affected by CVE-2026-29063 via org.webjars.npm:immutable (>=3.7.6 <=5.1.3)

org.webjars.npm:immutable MAVEN version =3.7.6, =0.7.0, =0.8.3, =0.8.4 - org.webjars.npm:flux =2.1.1 - org.webjars.npm:github-com-DataTables-DataTablesSrc =2.0.5 - org.webjars.npm:github-com-codeforms-Punica-CSS-Framework =3.0.0 - org.webjars.npm:github-com-digicorp-propeller =1.3.2 -...

@activepieces/piece-snowflake (>=0.2.1 <=0.3.0), @bhanu17/nextjs-starter (>=1.2.0 <=2.2.14) +92 more potentially affected by CVE-2026-3449 via @tootallnate/once (=2.0.0)

@tootallnate/once NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @tootallnate/once and may be impacted: - @activepieces/piece-snowflake =0.2.1, =1.2.0, =0.0.18, =0.2.0, =0.0.6, =0.0.1, =50.32.5-depup.0, =0.6.0, =0.4.2, =0.1.10,...

@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +75 more potentially affected by CVE-2026-22029 via react-router (>=7.0.0 <=7.12.0-pre.0)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-22029 Source advisory: SNYK:JS-REACTROUTER-14908531...

10xanswers (>=1.1.0 <=1.1.16), 31g-form-parser (=1.0.107) +3346 more potentially affected by CVE-2025-59057 via react-router (>=7.0.0 <=7.9.0-pre.1)

react-router NPM version =7.0.0, =1.1.0, =1.0.0, =0.0.6, =0.0.1, =0.1.0, =3.1.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.1, =5.0.8 and more Source cves: CVE-2025-59057 Source advisory: SNYK:JS-REACTROUTER-14908289...

agentengine-sdk-python (>=0.2.0 <=0.4.0), agentic-chat-ui (>=0.1.0 <=0.2.4) +42 more potentially affected by CVE-2026-22218 via chainlit (>=2.0.0 <=2.6.3)

chainlit PYPI version =2.0.0, =0.2.0, =0.1.0, =0.3.0, =0.0.3, =0.14.0, =0.0.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =0.1.1, =0.1.0, =1.3.0 and more Source cves: CVE-2026-22218 Source advisory: SNYK:PYTHON-CHAINLIT-14829575...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @a1st/aix (>=0.0.3 <=0.5.1) +531 more potentially affected by CVE-2025-55303 via @astrojs/internal-helpers (>=0.0.0-markdoc-config-changes-20230626153541 <=0.7.1)

@astrojs/internal-helpers NPM version =0.0.0-markdoc-config-changes-20230626153541, =0.0.1, =0.0.3, =0.2.0, =1.3.0, =0.9.0, =0.5.2, =1.0.0, =1.0.0, =1.0.0, =0.0.17, =0.0.2, =0.2.0, =0.0.0-experimental-7c2f356, =0.10.1 and more Source cves: CVE-2025-55303 Source advisory:...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1) +44 more potentially affected by CVE-2025-54793 via @astrojs/internal-helpers (>=0.6.1 <=0.7.0)

@astrojs/internal-helpers NPM version =0.6.1, =0.0.1, =1.0.0, =12.2.4, =0.12.11, =6.2.1, =4.1.1, =6.2.3, =9.1.3, =8.1.2, =0.1.0, =0.1.0, =1.0.5, =1.25.426, =0.0.9, =1.3.0, =1.3.4 and more Source cves: CVE-2025-54793 Source advisory: SNYK:JS-ASTROJSINTERNALHELPERS-11508621...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1431 more potentially affected by CVE-2024-11393 via transformers (>=4.0.0 <=4.47.1)

transformers PYPI version =4.0.0, =0.1.1, =0.1.0, =0.0.3, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.0, =0.1.1 - advtok =0.0.2 and more Source cves: CVE-2024-11393 Source advisory: SNYK:PYTHON-TRANSFORMERS-8400823...

danceschool-dancervax (>=0.1.1 <=0.1.5), django-danceschool (>=0.9.1 <=0.9.3) +5 more potentially affected by CVE-2024-11404 via django-filer (=3.0.3)

django-filer PYPI version =3.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on django-filer and may be impacted: - danceschool-dancervax =0.1.1, =0.9.1, =0.2.0.0, =1.16.0, =2.7.1 Source cves: CVE-2024-11404 Source advisory:...

africanwhisper (>=0.2.1 <=0.9.0), agentx (>=0.0.6 <=0.0.27) +56 more potentially affected by CVE-2024-47084 via gradio (>=4.0.0b15 <=4.43.0)

gradio PYPI version =4.0.0b15, =0.2.1, =0.0.6, =0.4.0, =25.3.1, =1.1.0, =0.1.0, =25.3.1, =0.1.2, =0.2.11, =25.3.4, =0.1.1, =0.5.0, =0.0.41, =0.0.65 and more Source cves: CVE-2024-47084 Source advisory: SNYK:PYTHON-GRADIO-8180440...

@bobsled/consumer-components (>=0.0.2 <=0.0.10), @conform-to/react (>=1.0.0 <=1.19.3) +25 more potentially affected by CVE-2024-32866 via @conform-to/dom (>=1.0.0 <=1.1.0)

@conform-to/dom NPM version =1.0.0, =0.0.2, =1.0.0, =1.0.0, =1.10.0, =1.0.0, =1.17.1-depup.0, =1.17.1-depup.0, =0.0.0-semantically-released, =0.1.0, =0.5.4-unstable.983d500f - @kurocado-studio/atelier-motion-react =1.0.0 - @kurocado-studio/atelier-motion-vue =1.0.0 -...