@forwardemail/wildduck (>=4.0.1 <=4.0.3), @johnqh/haraka (>=8.0.1 <=8.0.17) +32 more potentially affected by unknown CVE via @opensearch-project/opensearch (>=3.2.0 <=3.5.1)

@opensearch-project/opensearch NPM version =3.2.0, =4.0.1, =8.0.1, =8.0.2, =5.8.38, =1.0.0, =1.0.0, =1.0.0-alpha.1, =1.1.3, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.3.0-beta.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-27F5-XJRR-Q9FF...

@agentionai/agents (>=0.11.0 <=0.12.0-beta), @andreafspeziale/nestjs-search (>=2.0.0 <=2.0.1) +83 more potentially affected by unknown CVE via @opensearch-project/opensearch (>=3.2.0 <=3.6.0)

@opensearch-project/opensearch NPM version =3.2.0, =0.11.0, =2.0.0, =1.8.0, =3.0.17, =1.0.84, =0.1.0, =1.0.1, =0.1.0, =0.1.0, =0.0.0, =0.5.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-27F5-XJRR-Q9FF...

@amag-ch/cds-dk (=0.4.0), @cap-js/ord (>=1.3.0 <=1.6.0) +11 more potentially affected by unknown CVE via @cap-js/openapi (=1.4.0)

@cap-js/openapi NPM version =1.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on @cap-js/openapi and may be impacted: - @amag-ch/cds-dk =0.4.0 - @cap-js/ord =1.3.0, =3.0.0, =2.0.0, =8.0.2, =0.0.1, =1.0.0, =0.5.0, =3.202312.1, =1.0.0, =1.0.0, =1.1.5,...

link-chart (>=0.0.0 <=0.1.12) potentially affected by unknown CVE via @antv/ava-react (=3.3.2)

@antv/ava-react NPM version =3.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/ava-react and may be impacted: - link-chart =0.0.0, =0.1.12 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3854...

@antv/ava-react (>=3.0.0 <=3.3.2-beta.1), @antv/g2 (>=5.1.5 <=5.1.6-beta.1) +12 more potentially affected by unknown CVE via @antv/ava (>=3.0.0-alpha.0 <=3.4.1)

@antv/ava NPM version =3.0.0-alpha.0, =3.0.0, =5.1.5, =0.1.0, =1.0.0, =0.0.1-lb, =0.0.30, =0.0.0, =0.1.1, =1.1.1, =0.0.4, =0.0.1, =0.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3853...

@antv/g-canvas (>=2.0.0 <=2.0.52), @antv/g-canvaskit (>=1.0.0 <=1.0.51) +8 more potentially affected by unknown CVE via @antv/g-plugin-canvas-path-generator (>=2.0.0 <=2.1.9)

@antv/g-plugin-canvas-path-generator NPM version =2.0.0, =2.0.0, =1.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.58 - @antv/g6 =5.0.46 - @antv/s2 =2.4.12-alpha.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3935...

@als-tp/als-react-ts-ui (>=0.10.1 <=0.15.4), @axiom-lattice/react-sdk (>=2.1.17 <=2.1.66) +10 more potentially affected by unknown CVE via @antv/infographic (>=0.2.16 <=0.2.2)

@antv/infographic NPM version =0.2.16, =0.10.1, =2.1.17, =0.1.1, =0.3.2, =0.1.0, =0.0.1, =0.1.0, =1.0.1, =1.0.0, =1.0.0, =1.3.0, =2.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4028...

@lint-md/cli (>=0.0.1 <=0.1.4), @lint-md/eslint-plugin (>=0.0.1 <=0.0.3) +4 more potentially affected by unknown CVE via ast-plugin (>=0.0.1 <=0.0.7)

ast-plugin NPM version =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2, =0.1.0, =0.1.2 - yuque-lint =0.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4128...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +171 more potentially affected by unknown CVE via @antv/xflow-hook (>=1.0.0 <=1.1.52)

@antv/xflow-hook NPM version =1.0.0, =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.3.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =0.0.0, =1.0.0, =1.0.0, =0.2.0, =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4122...

@drop-in-gaming/core (=0.1.7), demo-message (=1.0.0) +16 more potentially affected by unknown CVE via canvas-nest.js (>=2.0.3 <=2.0.4)

canvas-nest.js NPM version =2.0.3, =1.0.3, =1.0.0, =1.0.0, =1.0.18, =0.6.32, =0.4.17, =0.0.1, =1.0.0, =1.0.2 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4131...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +251 more potentially affected by unknown CVE via @antv/l7-layers (>=2.10.0 <=2.25.4)

@antv/l7-layers NPM version =2.10.0, =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.0.17-beta.1, =0.0.1-beta.2, =1.2.0-beta.0, =0.0.2, =0.0.2, =1.0.1, =0.0.2, =0.0.1, =0.0.4 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4041...

@ithinkdt/lowcode (>=4.0.0 <=4.0.4), @nywqs/scada-engine (>=2.0.0 <=2.0.3) +2 more potentially affected by unknown CVE via @antv/x6-vue-shape (=3.0.2)

@antv/x6-vue-shape NPM version =3.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/x6-vue-shape and may be impacted: - @ithinkdt/lowcode =4.0.0, =2.0.0, =1.0.0, =1.0.54 - ems-desktop =1.0.8-202601151630 Source cves: unknown CVE Source advisory...

datavis-editor (=0.1.0), datavis-editor-flow (=0.1.0) +1 more potentially affected by unknown CVE via @antv/g2-extension-ava (=0.2.0)

@antv/g2-extension-ava NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2-extension-ava and may be impacted: - datavis-editor =0.1.0 - datavis-editor-flow =0.1.0 - ty-chat-components-v1 =0.0.1, =0.0.5 Source cves: unknown CVE...

@antv/auto-chart (>=2.0.0 <=2.0.1), @antv/chartshaper (>=1.2.0-beta.0 <=1.2.0-beta.3) potentially affected by unknown CVE via @antv/g2plot-schemas (=1.2.2)

@antv/g2plot-schemas NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g2plot-schemas and may be impacted: - @antv/auto-chart =2.0.0, =1.2.0-beta.0, =1.2.0-beta.3 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3981...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @ada-lc/fusion-materials (>=0.1.1 <=0.1.3) +552 more potentially affected by unknown CVE via @antv/g2plot (>=2.2.13 <=2.4.8)

@antv/g2plot NPM version =2.2.13, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =1.1.15, =1.0.4, =0.1.5, =1.0.0, =0.0.1, =1.0.2, =1.0.0-alpha.1, =1.0.3, =1.1.4, =1.1.6-alpha.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3980...

@mas.io/mas-chart (=0.0.2) potentially affected by unknown CVE via @antv/my-f2 (=2.1.7)

@antv/my-f2 NPM version =2.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/my-f2 and may be impacted: - @mas.io/mas-chart =0.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4070...

fhrons-mobile (>=1.1.2-5.2 <=1.2.4-beta.5), fhrons-mobile-next (>=2.0.1 <=2.0.4) +1 more potentially affected by unknown CVE via @antv/f6 (=0.0.19)

@antv/f6 NPM version =0.0.19 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/f6 and may be impacted: - fhrons-mobile =1.1.2-5.2, =2.0.1, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3900...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +259 more potentially affected by unknown CVE via @antv/l7-utils (>=2.0.0-beta.1 <=2.25.4)

@antv/l7-utils NPM version =2.0.0-beta.1, =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.0.17-beta.1, =0.0.1-beta.2, =1.2.0-beta.0, =0.0.2, =0.0.2, =1.0.1, =0.0.2, =0.0.1, =0.0.4 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4053...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +167 more potentially affected by unknown CVE via @antv/xflow-core (>=1.0.0 <=1.1.52)

@antv/xflow-core NPM version =1.0.0, =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.3.0, =1.0.1, =1.0.0, =1.0.0, =0.0.0, =1.0.0, =1.0.0, =0.2.0, =1.1.0, =1.6.6 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4119...

7qb (=0.0.17), @4399ywkf/ui (=3.0.0-alpha.0) +570 more potentially affected by unknown CVE via @antv/g-webgpu-core (>=0.1.2 <=0.7.2)

@antv/g-webgpu-core NPM version =0.1.2, =0.1.1, =0.1.2, =1.1.15, =1.0.5, =1.0.5, =1.0.5, =1.1.26, =0.2.11-dev-1, =0.1.0, =1.0.14, =1.0.1, =1.0.0-beta.3, =1.5.0-beta.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3969...