br.com.arsmachina:tapestry-url-rewriter (>=1.0.1 <=2.0.0), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2) +294 more potentially affected by CVE-2026-43513 via org.apache.tomcat:catalina (>=6.0.13 <=6.0.53)

org.apache.tomcat:catalina MAVEN version =6.0.13, =1.0.1, =1.2.1, =0.1, =7.12.0, =1.0.0, =1.0.3, =9.0.3, =9.0.3, =0.7.1, =1.5, =1.8.2, =0.9.0, =1.0.0 and more Source cves: CVE-2026-43513 Source advisory: SNYK:JAVA-ORGAPACHETOMCAT-16691227...

org.opensearch.migrations.trafficcapture:trafficCaptureProxyServer (>=0.2.5.3 <=0.2.5.17) potentially affected by unknown CVE via org.opensearch.plugin:opensearch-security (=2.19.3.0)

org.opensearch.plugin:opensearch-security MAVEN version =2.19.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.opensearch.plugin:opensearch-security and may be impacted: - org.opensearch.migrations.trafficcapture:trafficCaptureProxyServer...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.8.4) +237 more potentially affected by CVE-2026-44456 via hono (>=4.0.0 <=4.12.15)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =0.5.4 - @babylen/legion =0.1.7 and more Source cves: CVE-2026-44456 Source advisory: SNYK:JS-HONO-16438966...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.5.5) +203 more potentially affected by CVE-2026-39408 via hono (>=4.0.0 <=4.12.10)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =2026.4.4, =1.0.2, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =1.0.1-beta.0, =1.0.1-beta.7 and more Source cves: CVE-2026-39408 Source advisory: SNYK:JS-HONO-15928833...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-34573 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-34573 Source advisory: OSV:GHSA-MFJ6-6P54-M98C...

africa.shuwari.sbt:sbt-js_2.12_1.0 (=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +341 more potentially affected by CVE-2026-32948 via org.scala-sbt:main_2.12 (>=1.0.0-M5 <=1.12.6)

org.scala-sbt:main2.12 MAVEN version =1.0.0-M5, =0.1.0, =0.12.1, =0.12.1, =0.12.1, =0.12.1, =0.12.1, =0.12.1, =0.14.1, =0.12.1, =0.0.1, =0.0.5 - br.com.mobilemind:livereload2.121.0 =0.2.10 - build.bleep:sbt-export-dependencies2.121.0 =0.4.0 and more Source cves: CVE-2026-32948 Source advisory:...

01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +934 more potentially affected by CVE-2026-0847 via nltk (>=2.0.4 <=3.9.2)

nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-0847 Source advisory: OSV:PYSEC-2026-98...

11x-wagtail-blog (>=0.0.0 <=0.2.0), adede (=4.1.0) +190 more potentially affected by CVE-2026-28223 via wagtail (>=1.0.0 <=6.3.1)

wagtail PYPI version =1.0.0, =0.0.0, =0.57.1, =4.1.0, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =0.1.29, =0.2.0, =0.4.0 and more Source cves: CVE-2026-28223 Source advisory: OSV:GHSA-P4V8-RW59-93CQ...

siddheshtea (=1.1.6) potentially affected by unknown CVE via manda-5 (=1.0.0)

manda-5 NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on manda-5 and may be impacted: - siddheshtea =1.1.6 Source cves: unknown CVE Source advisory: OSV:MAL-2025-159648...

risc0-binfmt (>=1.0.0 <=1.2.6), risc0-build (>=0.1.0 <=1.2.6) +7 more potentially affected by CVE-2025-61588 via risc0-zkvm-platform (>=0.13.0 <=1.2.6)

risc0-zkvm-platform CARGO version =0.13.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0-rc.1, =1.0.0, =0.13.0, =0.13.0, =0.2.0, =0.6.0 Source cves: CVE-2025-61588 Source advisory: OSV:GHSA-JQQ4-C7WQ-36H7...

@crowdstrike/ember-toucan-styles (=3.0.1) potentially affected by unknown CVE via ember-browser-services (=5.0.1)

ember-browser-services NPM version =5.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on ember-browser-services and may be impacted: - @crowdstrike/ember-toucan-styles =3.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47306...

@c0b41/prettify-error (=1.0.0), assume (>=0.0.10 <=1.4.0) +24 more potentially affected by unknown CVE via failing-line (>=0.0.0 <=0.1.0)

failing-line NPM version =0.0.0, =0.0.10, =7.1.0, =0.0.0, =1.0.0, =0.1.1, =0.0.0, =1.0.0, =0.0.1, =0.0.4 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-20163...

cartridge-braintree (>=1.2.1 <=1.2.2), django-clubhouse (>=0.0.1 <=0.2.19) +1 more potentially affected by CVE-2025-50481 via mezzanine (>=4.1.0 <=4.3.1)

mezzanine PYPI version =4.1.0, =1.2.1, =0.0.1, =0.1.0b1, =1.7.1 Source cves: CVE-2025-50481 Source advisory: OSV:PYSEC-2025-137...

aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +505 more potentially affected by CVE-2025-48432 via django (>=4.0.0 <=4.2.21)

django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =0.1.0, =0.0.3, =4.0.9.0, =65.10.0, =65.10.3 and more Source cves: CVE-2025-48432 Source advisory: SNYK:PYTHON-DJANGO-10302884...

simmate (>=0.14.0 <=0.17.0), tvsd (>=1.4.0 <=1.4.1) potentially affected by CVE-2025-24370 via django-unicorn (>=0.50.0 <=0.59.0)

django-unicorn PYPI version =0.50.0, =0.14.0, =1.4.0, =1.4.1 Source cves: CVE-2025-24370 Source advisory: OSV:GHSA-G9WF-5777-GQ43...

@wcd/gqio.angular-element-starter-kit (=0.1.0), @wcd/gqio.angular-element-todo (=0.1.0) potentially affected by unknown CVE via platform-browser-dynamic (=0.0.1-security)

platform-browser-dynamic NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on platform-browser-dynamic and may be impacted: - @wcd/gqio.angular-element-starter-kit =0.1.0 - @wcd/gqio.angular-element-todo =0.1.0 Source cves: unkno...

ctadirac (>=2.2.0a1 <=2.2.35) potentially affected by CVE-2024-24825 via dirac (>=8.0.0 <=8.0.30)

dirac PYPI version =8.0.0, =2.2.0a1, =2.2.35 Source cves: CVE-2024-24825 Source advisory: OSV:GHSA-59QJ-JCJV-662J...

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +40231 more potentially affected by CVE-2024-23334 via aiohttp (>=1.0.5 <=3.9.1)

aiohttp PYPI version =1.0.5, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2024-23334 Source advisory: OSV:PYSEC-2024-24...

areq (=0.1.0-alpha), bws-web-server (>=0.1.0 <=0.1.1) +26 more potentially affected by unknown CVE via h2 (=0.4.14)

h2 CARGO version =0.4.14 is affected by a known vulnerability. The following packages have a transitive dependency on h2 and may be impacted: - areq =0.1.0-alpha - bws-web-server =0.1.0, =0.5.2, =0.1.0, =1.0.0, =1.5.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.6.0 and more Source cves: unknown CVE Sourc...

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49397 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49397 Source advisory: OSV:GHSA-5F56-H6FG-RCRH...