GHSA-FQW6-GF59-QR4W vulnerabilities

Vulnerabilities for packages: helm-exporter, trivy-operator-fips, opa-fips, helm-set-status, packer-fips, trivy, eks-node-monitoring-agent, k3s, buildkitd-fips, headlamp, helm-exporter-fips, k9s-fips, gitlab-rails-ce, helm-push, kaniko-fips, neuvector, zot, consul-k8s-fips, tigera-operator-fips,...

@aidps/canvas-flow (>=1.0.0 <=1.0.1), @antv/xflow (>=2.0.1 <=2.2.4) +116 more potentially affected by unknown CVE via @antv/x6-plugin-selection (>=2.0.0 <=2.2.2)

@antv/x6-plugin-selection NPM version =2.0.0, =1.0.0, =2.0.1, =0.0.1, =0.0.2, =1.0.0-beta.46, =0.0.4, =0.7.0, =0.0.3, =2.0.4, =0.0.27, =3.0.0, =4.0.0-600 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVX6PLUGINSELECTION-16754927...

@abtnode/ux (>=1.16.40 <=1.17.13-beta-20260512-042419-7b556a38), @ada-lc/echarts-materials (>=0.0.1 <=0.0.2) +496 more potentially affected by unknown CVE via echarts-for-react (>=3.0.0-beta.2 <=3.0.6)

echarts-for-react NPM version =3.0.0-beta.2, =1.16.40, =0.0.1, =0.1.0, =0.0.2-7.1, =0.1.1, =1.0.0, =1.0.0, =1.0.0, =1.3.5-beta.937, =1.0.8-alpha, =3.34.0, =0.1.10, =1.0.5, =0.2.0, =0.4.5-next.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ECHARTSFORREACT-16754865...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +297 more potentially affected by unknown CVE via @antv/async-hook (=2.2.9)

@antv/async-hook NPM version =2.2.9 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/async-hook and may be impacted: - @action.sustainability/storybook-dashboard =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.0.17-beta.1, =0.0.1-beta.2, =1.2.0-beta.0, =0.0.2...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +369 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-model (>=2.0.0-M1 <=2.0.0-M5)

org.springframework.ai:spring-ai-model MAVEN version =2.0.0-M1, =0.1.0, =0.1.0, =1.21.9, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +537 more potentially affected by CVE-2026-44455 via hono (>=0.5.10 <=4.12.15)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-44455 Source advisory: OSV:GHSA-69XW-7HCM-H432...

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: spicedb, wal-g, amass, steampipe, cerbos, openbao, step-issuer, keda, step-ca, seaweedfs, pgtimetable, splunk-otel-collector, flyte, sftpgo, src, temporal, ferretdb, kube-bench, gitlab-kas, kubeflow-pipelines, cloudprober, dapr, sftpgo-plugin-eventstore,...

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: trivy, guac, steampipe, cerbos, flux, crossplane, scorecard, kots, argo-events, dagger, zarf, snyk-cli, pulumi-kubernetes-operator, gitea, pulumi-language-dotnet, external-secrets-operator, kaniko, bom, gptscript, melange, kargo, gitlab-runner, syft, k9s,...

2adif (=0.1.0), 3robotics (=0.0.1) +1532 more potentially affected by CVE-2026-42304 via twisted (>=20.3.0 <=26.4.0)

twisted PYPI version =20.3.0, =0.0.12, =3.0.9, =3.0.0, =0.1.0, =23.12.0rc1, =0.10.0, =0.0.1, =0.4.0, =3.0.0, =0.1.4, =1.0.0, =1.0.2 - aha-scrapyd =1.3.0 and more Source cves: CVE-2026-42304 Source advisory: OSV:GHSA-GRGV-6HW6-V9G4...

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.4.13) +38 more potentially affected by CVE-2026-35192 via django (>=6.0.0 <=6.0.4)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 - django-tasks-aws =0.2.0b1 and more Source cves: CVE-2026-35192 Source advisory: OSV:PYSEC-2026-50...

com.github.niupengyu.schedule:ahead-schedule-distributed (>=1.2.6-RELEASE <=1.2.8-RELEASE), com.github.niupengyu:ahead-frame-socket (>=1.2.1-RELEASE <=1.2.3-RELEASE) +40 more potentially affected by CVE-2026-42779 via org.apache.mina:mina-core (>=2.1.0 <=2.1.11)

org.apache.mina:mina-core MAVEN version =2.1.0, =1.2.6-RELEASE, =1.2.1-RELEASE, =2.2.1, =2.2.1, =3.0.0, =1.0.0, =3.0.11, =3.6.7, =3.6.7, =3.6.7, =3.6.10 and more Source cves: CVE-2026-42779 Source advisory: OSV:GHSA-VF5J-865M-MQ7C...

africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +2767 more potentially affected by CVE-2026-22745 via org.springframework:spring-webflux (>=5.0.0.RELEASE <=5.3.4)

org.springframework:spring-webflux MAVEN version =5.0.0.RELEASE, =1.1.0, =1.1.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =0.0.1, =v0.3.12, =v0.3.10, =v0.3.12, =2.1.2.RELEASE, =4.1.36, =4.1.7, =4.7.1 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 and more...

CVE-2026-32952 vulnerabilities

Vulnerabilities for packages: sftpgo-plugin-auth, harbor, openbao, rancher-agent, flux, cert-manager-cmctl, gitea, k6, cert-manager-istio-csr, external-secrets-operator, frp, gitlab-runner, rclone, rancher, cert-manager, cert-manager-csi-driver, rancher-webhook, nuclei, grafana, xeol, telegraf,...

GHSA-J88V-2CHJ-QFWX vulnerabilities

Vulnerabilities for packages: spicedb, wal-g, amass, steampipe, cerbos, openbao, step-issuer, keda, step-ca, seaweedfs, pgtimetable, splunk-otel-collector, flyte, sftpgo, src, temporal, ferretdb, kube-bench, gitlab-kas, kubeflow-pipelines, cloudprober, dapr, sftpgo-plugin-eventstore,...

@adaptivestone/framework (>=2.7.3 <=3.0.22), @agsiri/common-utils (>=1.0.0 <=1.2.12) +320 more potentially affected by CVE-2026-41693 via i18next-fs-backend (>=1.0.2 <=2.6.3)

i18next-fs-backend NPM version =1.0.2, =2.7.3, =1.0.0, =0.2.0, =0.3.0, =3.7.0, =0.2.11, =1.1.0, =1.1.1, =1.0.0, =2.0.1, =2.0.1, =2.0.1, =2.0.1, =2.7.1-rc.5 and more Source cves: CVE-2026-41693 Source advisory: OSV:GHSA-8847-338W-5HCJ...

GHSA-3XC5-WRHM-F963 vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, packer-fips, trivy, pulumi-language-dotnet, src-fingerprint, crossplane, k9s-fips, gitlab-rails-ce, kaniko-fips, flux, rancher-fleet, tfsec, zot, pulumi, terragrunt-fips, gitsign, grafana-alloy, argo-workflows-fips, flux-fips, witness,...

@saltcorn/admin-models (>=1.0.0 <=1.4.5), @saltcorn/base-plugin (>=1.0.0 <=1.4.5) +5 more potentially affected by CVE-2026-41478 via @saltcorn/data (>=1.0.0-beta.0 <=1.4.5)

@saltcorn/data NPM version =1.0.0-beta.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.4.5 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNDATA-16110991...

@paperclipai/server (>=2026.3.17-canary.2 <=2026.416.0-canary.1), companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +4 more potentially affected by unknown CVE via @paperclipai/adapter-claude-local (>=2026.318.0-canary.0 <=2026.416.0-canary.1)

@paperclipai/adapter-claude-local NPM version =2026.318.0-canary.0, =2026.3.17-canary.2, =2026.324.0-canary.0, =2026.3.17-canary.3, =0.6.5, =0.6.6 Source cves: unknown CVE Source advisory: SNYK:JS-PAPERCLIPAIADAPTERCLAUDELOCAL-16421446...

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1491 more potentially affected by CVE-2026-41182 via langsmith (>=0.0.10 <=0.7.21)

langsmith PYPI version =0.0.10, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =0.1.0, =0.1.1, =2.1.7, =2.1.8 - agent-builder =0.0.1 and more Source cves: CVE-2026-41182 Source advisory: OSV:GHSA-RR7J-V2Q5-CHGV...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +17237 more potentially affected by CVE-2025-14813 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.83)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.2.0, =0.31.0, =0.5.0, =0.6.0, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.7 and more Source cves: CVE-2025-14813 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075266...