ROOT-APP-NPM-CVE-2026-42042 CVE-2026-42042 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42042 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-47140 CVE-2026-47140 in @rootio/vm2 - Patched by Root

Root has patched CVE-2026-47140 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2021-3795 CVE-2021-3795 in @rootio/semver-regex - Patched by Root

Root has patched CVE-2021-3795 in the @rootio/semver-regex package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44002 CVE-2026-44002 in @rootio/vm2 - Patched by Root

Root has patched CVE-2026-44002 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-24842 CVE-2026-24842 in @rootio/tar - Patched by Root

Root has patched CVE-2026-24842 in the @rootio/tar package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-2950 CVE-2026-2950 in @rootio/lodash - Patched by Root

Root has patched CVE-2026-2950 in the @rootio/lodash package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2022-23539 CVE-2022-23539 in @rootio/jsonwebtoken - Patched by Root

Root has patched CVE-2022-23539 in the @rootio/jsonwebtoken package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-GHSA-R4Q5-VMMM-2653 GHSA-r4q5-vmmm-2653 in @rootio/follow-redirects - Patched by Root

Root has patched GHSA-r4q5-vmmm-2653 in the @rootio/follow-redirects package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2024-21538 CVE-2024-21538 in @rootio/cross-spawn - Patched by Root

Root has patched CVE-2024-21538 in the @rootio/cross-spawn package for Root:npm. Multiple fixed versions available...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +560 more potentially affected by CVE-2026-47674 via hono (>=0.5.10 <=4.12.2)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-47674 Source advisory: OSV:GHSA-XRHX-7G5J-RCJ5...

ROOT-APP-NPM-CVE-2023-26133 CVE-2023-26133 in @rootio/progressbar.js - Patched by Root

Root has patched CVE-2023-26133 in the @rootio/progressbar.js package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-4923 CVE-2026-4923 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2026-4923 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2022-37599 CVE-2022-37599 in @rootio/loader-utils - Patched by Root

Root has patched CVE-2022-37599 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...

01-dev (=1.0.0), 04-musicplayer (=1.0.0) +1205 more potentially affected by CVE-2024-23222 via art-template (>=4.11.0 <=4.13.4)

art-template NPM version =4.11.0, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =1.0.2, =1.0.0-alpha.1, =1.0.3, =1.1.4, =1.0.0, =0.1.0, =0.0.1, =0.0.2-alpha.13 and more Source cves: CVE-2024-23222 Source advisory: SNYK:JS-ARTTEMPLATE-16779844...

MAL-2026-4560 Malicious code in fca-official-uzair-rajput (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83c96ed99bb1a48e80228ec0ca012c1dbb7817fe1dbbd492fcb3d2927805f29e fca-official-uzair-rajput is a Facebook chat API library whose only documented entry point, login, invokes an auto-update routine on every call when...

MAL-2026-4608 Malicious code in mcp-server-iehub-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba03746ec3542dbe6ea365d04c04a7b9ac1366a547da3a6e7bc146900ad67a51 proxy.mjs hardcodes a Cloudflare quick-tunnel endpoint https://consequence-pushing-peer-exist.trycloudflare.com and uses fetch... POST... with...

10minions-engine (>=0.0.1 <=0.0.4), @0xr404/lol404 (>=1.1.0 <=1.1.6) +3362 more potentially affected by CVE-2026-44293 via protobufjs (>=7.0.0 <=7.5.5)

protobufjs NPM version =7.0.0, =0.0.1, =1.1.0, =1.0.1-beta.0, =0.0.2-beta.0, =1.0.0, =1.5.10, =0.10.1, =1.1.0, =6.0.0, =2.0.2, =3.3.2 and more Source cves: CVE-2026-44293 Source advisory: SNYK:JS-PROTOBUFJS-16643421...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +550 more potentially affected by CVE-2026-44459 via hono (>=1.6.4 <=4.12.16)

hono NPM version =1.6.4, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-44459 Source advisory: SNYK:JS-HONO-16624529...

@awinogrodzki/embed-plugin-youtube (>=5.0.5 <=5.0.9), @radio4000/components (>=0.0.24 <=0.2.17) +11 more potentially affected by CVE-2025-65122 via youtube-regex (=1.0.5)

youtube-regex NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on youtube-regex and may be impacted: - @awinogrodzki/embed-plugin-youtube =5.0.5, =0.0.24, =1.0.0, =0.1.0-alpha.4c5f8c5a, =0.1.0-alpha.4c5f8c5a, =0.0.2, =1.0.1, =0.6.0,...

1router (>=0.3.96 <=1.0.2), 9router-custom (=0.3.55) +2146 more potentially affected by CVE-2026-41238 via dompurify (>=3.0.1 <=3.3.3)

dompurify NPM version =3.0.1, =0.3.96, =0.3.33, =0.5.0, =1.0.0, =1.5.1, =0.18.0-beta.0, =0.0.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =1.0.0, =1.0.35 and more Source cves: CVE-2026-41238 Source advisory: SNYK:JS-DOMPURIFY-16132234...