167 matches found
GHSA-FQW6-GF59-QR4W vulnerabilities
Vulnerabilities for packages: grype, opa, kube-mgmt-fips, linkerd2-fips, grype-db, k9s, neuvector-fips, trivy-operator, kubescape-server-fips, k9s-fips, chaos-mesh-fips, kubevela-fips, spegel, k8sgpt, zarf, trivy, cluster-api-helm-controller-fips, osv-scanner, teleport, k3s, headlamp-fips,...
@amag-ch/cds-dk (=0.4.0), @cap-js/ord (>=1.3.0 <=1.6.0) +11 more potentially affected by unknown CVE via @cap-js/openapi (=1.4.0)
@cap-js/openapi NPM version =1.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on @cap-js/openapi and may be impacted: - @amag-ch/cds-dk =0.4.0 - @cap-js/ord =1.3.0, =3.0.0, =2.0.0, =8.0.2, =0.0.1, =1.0.0, =0.5.0, =3.202312.1, =1.0.0, =1.0.0, =1.1.5,...
@antv/xflow (>=2.0.1 <=2.2.4), @antv/xflow-diff (=1.0.0) +63 more potentially affected by unknown CVE via @antv/x6-plugin-transform (>=2.1.7 <=2.1.8)
@antv/x6-plugin-transform NPM version =2.1.7, =2.0.1, =0.0.1, =0.0.2, =0.0.4, =0.0.3, =2.0.4, =0.0.27, =0.0.3, =0.0.2, =0.0.64 - @rxdrag/uml-editor =0.6.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4111...
@0xsequence/checkout (>=0.0.0-20250314205219 <=5.2.4), @0xsequence/kit-checkout (>=0.0.0-20250305153405 <=4.6.6-beta.0) +601 more potentially affected by unknown CVE via timeago.js (>=4.0.0-beta.1 <=4.0.2)
timeago.js NPM version =4.0.0-beta.1, =0.0.0-20250314205219, =0.0.0-20250305153405, =0.10.0, =1.0.0, =1.0.0, =0.5.4, =1.0.1, =1.16.33-beta-20241028-005826-60afb7c4, =1.8.68, =1.8.40, =1.8.68, =0.21.2, =1.0.12, =1.13.1, =1.17.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4156...
7qb (=0.0.17), @4399ywkf/ui (=3.0.0-alpha.0) +576 more potentially affected by unknown CVE via @antv/algorithm (>=0.0.6 <=0.1.8-beta.6)
@antv/algorithm NPM version =0.0.6, =0.1.1, =0.1.2, =1.1.43, =5.0.48, =1.1.15, =1.0.5, =1.0.5, =1.0.5, =1.1.26, =0.2.11-dev-1, =0.1.0, =1.0.14, =2.6.7 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3850...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +254 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-model (>=2.0.0-M1 <=2.0.0-M5)
org.springframework.ai:spring-ai-model MAVEN version =2.0.0-M1, =0.1.0, =0.1.0, =1.21.9, =1.54.0, =0.8.0, =0.0.1, =0.1.0, =0.21.0, =0.26.0 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...
@8btc/finance-assistant-mcp (>=0.0.1 <=0.0.69), @8btc/office-assistant-mcp (>=0.0.1 <=0.0.26-beta.1) +101 more potentially affected by unknown CVE via @tanstack/react-router-devtools (>=1.120.20 <=1.166.13)
@tanstack/react-router-devtools NPM version =1.120.20, =0.0.1, =0.0.1, =0.0.1-alpha.14, =0.1.0, =0.0.4, =0.1.0, =0.2.0, =0.2.0, =1.0.0, =0.1.0, =2.0.1-alpha-20260224145405, =2.0.1-alpha.6 - @ezshare/cli =0.0.0 - @ezshare/lib =0.0.0 - @ezshare/web =0.0.0 and more Source cves: unknown CVE Source...
@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +526 more potentially affected by CVE-2026-44455 via hono (>=0.5.10 <=4.12.15)
hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-44455 Source advisory: OSV:GHSA-69XW-7HCM-H432...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: caddy, amass, kine, jitsucom-bulker, teleport, pgtimetable, dapr, hydra, openbao, juicefs, bento, seaweedfs, azure-service-operator, cloudprober, certificate-transparency, keda, sftpgo, spqr, sftpgo-plugin-eventstore, falcosidekick, timescaledb-parallel-copy,...
CVE-2026-41506 vulnerabilities
Vulnerabilities for packages: src-fingerprint, trivy-operator, grype, crossplane, flux-image-automation-controller, flux-source-controller, kaniko, kots, scorecard, teleport, dagger, tfsec, flux, skaffold, act, zarf, kubevela, pulumi-kubernetes-operator, trufflehog, apko, argo-events,...
arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.4.13) +35 more potentially affected by CVE-2026-35192 via django (>=6.0.0 <=6.0.4)
django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.2.0b1 and more Source cves: CVE-2026-35192 Source advisory: OSV:PYSEC-2026-50...
com.github.niupengyu.schedule:ahead-schedule-distributed (>=1.2.6-RELEASE <=1.2.8-RELEASE), com.github.niupengyu:ahead-frame-socket (>=1.2.1-RELEASE <=1.2.3-RELEASE) +40 more potentially affected by CVE-2026-42779 via org.apache.mina:mina-core (>=2.1.0 <=2.1.11)
org.apache.mina:mina-core MAVEN version =2.1.0, =1.2.6-RELEASE, =1.2.1-RELEASE, =2.2.1, =2.2.1, =3.0.0, =1.0.0, =3.0.11, =3.6.7, =3.6.7, =3.6.7, =3.6.10 and more Source cves: CVE-2026-42779 Source advisory: OSV:GHSA-VF5J-865M-MQ7C...
africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +2764 more potentially affected by CVE-2026-22745 via org.springframework:spring-webflux (>=5.0.0.RELEASE <=5.3.4)
org.springframework:spring-webflux MAVEN version =5.0.0.RELEASE, =1.1.0, =1.1.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =0.0.1, =v0.3.12, =v0.3.10, =v0.3.12, =2.1.2.RELEASE, =4.1.36, =4.1.7, =4.7.1 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 and more...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: kyverno-notation-aws, ratify, flux-source-controller, cert-manager, rancher-webhook, sftpgo-plugin-auth, percona-server-mongodb-operator, teleport, opentofu, openbao, flux, k6, cert-manager-istio-csr, seaweedfs, spqr, trufflehog, terraform, frp, gitea, grafana,...
GHSA-J88V-2CHJ-QFWX vulnerabilities
Vulnerabilities for packages: caddy, amass, kine, jitsucom-bulker, teleport, pgtimetable, dapr, hydra, openbao, juicefs, bento, seaweedfs, azure-service-operator, cloudprober, certificate-transparency, keda, sftpgo, spqr, sftpgo-plugin-eventstore, falcosidekick, timescaledb-parallel-copy,...
@adaptivestone/framework (>=2.7.3 <=3.0.22), @agsiri/common-utils (>=1.0.0 <=1.2.12) +322 more potentially affected by CVE-2026-41693 via i18next-fs-backend (>=1.0.2 <=2.6.3)
i18next-fs-backend NPM version =1.0.2, =2.7.3, =1.0.0, =0.2.0, =0.3.0, =3.7.0, =0.2.11, =1.1.0, =1.1.1, =1.0.0, =2.0.1, =2.0.1, =2.0.1, =2.0.1, =2.7.1-rc.5 and more Source cves: CVE-2026-41693 Source advisory: OSV:GHSA-8847-338W-5HCJ...
GHSA-3XC5-WRHM-F963 vulnerabilities
Vulnerabilities for packages: chainloop-cli, grype, kyverno-fips, grype-db, k9s, redpanda-console, cerbos-fips, mapotf-fips, trivy-operator, gitlab-runner, external-secrets-operator-fips, kubescape-server-fips, pulumi, k9s-fips, goreleaser, kubevela-fips, zarf, witness, trivy, trufflehog,...
@saltcorn/admin-models (>=1.0.0 <=1.4.5), @saltcorn/base-plugin (>=1.0.0 <=1.4.5) +5 more potentially affected by CVE-2026-41478 via @saltcorn/data (>=1.0.0-beta.0 <=1.4.5)
@saltcorn/data NPM version =1.0.0-beta.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.4.5 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNDATA-16110991...
@paperclipai/server (>=2026.3.17-canary.2 <=2026.416.0-canary.1), companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +4 more potentially affected by unknown CVE via @paperclipai/adapter-claude-local (>=2026.318.0-canary.0 <=2026.416.0-canary.1)
@paperclipai/adapter-claude-local NPM version =2026.318.0-canary.0, =2026.3.17-canary.2, =2026.324.0-canary.0, =2026.3.17-canary.3, =0.6.5, =0.6.6 Source cves: unknown CVE Source advisory: SNYK:JS-PAPERCLIPAIADAPTERCLAUDELOCAL-16421446...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +16992 more potentially affected by CVE-2025-14813 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.83)
org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.2.0, =0.31.0, =0.5.0, =0.6.0, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.7 and more Source cves: CVE-2025-14813 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075266...