-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +28795 more potentially affected by CVE-2026-9277 via shell-quote (>=1.3.3 <=1.8.3)

shell-quote NPM version =1.3.3, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xcorde-pac =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...

bsign-ui (>=0.0.3 <=0.0.5), gc-nimbus-ui (>=3.0.0 <=3.0.12) potentially affected by CVE-2026-47759 via tinymce (>=8.0.2 <=8.2.2)

tinymce NPM version =8.0.2, =0.0.3, =3.0.0, =3.0.12 Source cves: CVE-2026-47759 Source advisory: OSV:GHSA-Q742-QVGC-GC2F...

a2a-sigstore (=0.4.0), aiogithubapi (>=23.9.0 <=23.11.0) +68 more potentially affected by unknown CVE via tuf (>=1.0.0 <=6.0.0)

tuf PYPI version =1.0.0, =23.9.0, =0.2.0, =0.14.0, =0.0.1, =0.1.0, =0.1.9, =0.1.9, =0.1.9, =0.1.20 - floe-catalog-glue =0.1.0a1 - floe-catalog-polaris =0.1.0a1 - floe-compute-duckdb =0.1.0a1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QP9X-WP8F-QGJJ...

@airalogy/airalogy-engine (>=0.0.1 <=0.0.2) potentially affected by CVE-2026-46695 via @boxlite-ai/boxlite (=0.8.2)

@boxlite-ai/boxlite NPM version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on @boxlite-ai/boxlite and may be impacted: - @airalogy/airalogy-engine =0.0.1, =0.0.2 Source cves: CVE-2026-46695 Source advisory: OSV:GHSA-G6WW-W5J2-R7X3...

5htp-airtable (>=0.0.1 <=0.1.2-3), @a-cube-io/ereceipts-js-sdk (=1.1.0) +146 more potentially affected by CVE-2025-57282 via ngrok (=5.0.0-beta.2)

ngrok NPM version =5.0.0-beta.2 is affected by a known vulnerability. The following packages have a transitive dependency on ngrok and may be impacted: - 5htp-airtable =0.0.1, =1.0.0, =5.0.0, =1.0.0, =3.1.6, =1.4.4, =1.0.0, =1.3.2, =1.0.31, =1.0.0, =1.0.26, =1.0.2, =1.1.0 and more Source cves:...

nimiq-account (>=0.1.0 <=0.2.0), nimiq-accounts (>=0.1.0 <=0.2.0) +17 more potentially affected by CVE-2026-40092 via nimiq-keys (>=0.1.0 <=0.2.0)

nimiq-keys CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2026-40092 Source advisory: OSV:GHSA-27W2-87XV-37C6...

voice-agent-tequity (>=0.1.0 <=0.1.1) potentially affected by CVE-2026-44209 via banks (=2.2.0)

banks PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on banks and may be impacted: - voice-agent-tequity =0.1.0, =0.1.1 Source cves: CVE-2026-44209 Source advisory: OSV:GHSA-GPHH-9Q3H-JGPP...

ai.spice:spiceai (=0.6.0), cn.isqing.icloud:icloud-common-utils (>=4.0.3-M1 <=4.0.3.1) +373 more potentially affected by CVE-2026-44248 via io.netty:netty-codec-mqtt (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-mqtt MAVEN version =4.2.0.Alpha1, =4.0.3-M1, =1.21.9, =3.4.7, =25.4.1, =26.2.1, =7.9.0, =5.1.0, =5.1.0, =6.80, =0.2.2, =0.2.4 and more Source cves: CVE-2026-44248 Source advisory: OSV:GHSA-JFG9-48MV-9QGX...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +537 more potentially affected by CVE-2026-44456 via hono (>=0.5.10 <=4.12.15)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.4, =2026.4.4, =1.0.2, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =1.3.0 and more Source cves: CVE-2026-44456 Source advisory: OSV:GHSA-9VQF-7F2P-GF9V...

ldap3_cli (>=0.3.1 <=0.6.1), ldap3_client (>=0.1.0 <=0.6.1) potentially affected by unknown CVE via ldap3_proto (>=0.2.3 <=0.6.1)

ldap3proto CARGO version =0.2.3, =0.3.1, =0.1.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:GHSA-QCXQ-75WR-5CM8...

@100x/application (>=0.0.1 <=0.0.6), @aero-js/cli (=0.4.0) +36 more potentially affected by CVE-2026-44373 via nitro (>=0.0.0 <=3.0.260415-beta)

nitro NPM version =0.0.0, =0.0.1, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.1.0, =0.1.0, =0.4.2, =2.4.0-alpha.2, =2.4.0-alpha.2, =3.0.0-alpha.55 and more Source cves: CVE-2026-44373 Source advisory: OSV:GHSA-5W89-W975-HF9Q...

ae.teletronics.nlp:entityextraction (=1.3), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0) +1738 more potentially affected by CVE-2026-42027 via org.apache.opennlp:opennlp-tools (>=1.5.2-incubating <=2.5.8)

org.apache.opennlp:opennlp-tools MAVEN version =1.5.2-incubating, =0.1.0, =0.1.0, =2.12.1, =2.12.1, =19.9.0, =19.9.1, =19.9.1, =19.9.0, =19.9.0, =19.9.0, =19.9.0, =26.3.2 and more Source cves: CVE-2026-42027 Source advisory: OSV:GHSA-CX4M-2P55-RW7J...

01os (=0.0.14), 0xpwn (=0.1.1) +647 more potentially affected by CVE-2026-42271 via litellm (>=1.74.3 <=1.83.4)

litellm PYPI version =1.74.3, =0.0.14, =0.0.14, =0.0.1a0, =0.3.5, =0.6.0, =0.7.3, =0.1.0, =0.4.0, =0.1.39, =0.2.1, =0.2.1.10062025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 - agent-quality-inspect =2.0.0a1 and more Source cves: CVE-2026-42271 Source advisory: OSV:GHSA-V4P8-MG3P-G94G...

ADuCM302x (=0.1.0), Icarus-nrf9160-bsp (=0.0.0) +1583 more potentially affected by unknown CVE via bare-metal (>=0.1.3 <=1.0.0)

bare-metal CARGO version =0.1.3, =0.1.0, =0.1.0, =0.1.2 - PY32L020xx-pac =0.1.0 - PY32T020xx-pac =0.1.0 - PY32c610xx-pac =0.1.0 - PY32c611xx-pac =0.1.0 - PY32c640xx-pac =0.1.0 - PY32c641xx-pac =0.1.0 - PY32c670xx-pac =0.1.0 - PY32f001xx-pac =0.1.0 - PY32f002axx-pac =0.1.0 - PY32f002bxx-pac =0.1.0...

@headspinio/appium-roku-driver (>=2.6.1 <=2.7.0), @natlibfi/passport-melinda-aleph (=3.0.3-alpha.1) +2 more potentially affected by CVE-2026-41674 via @xmldom/xmldom (=0.9.0)

@xmldom/xmldom NPM version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on @xmldom/xmldom and may be impacted: - @headspinio/appium-roku-driver =2.6.1, =3.0.0, =1.7.9-beta.3, =1.8.0-beta.2 Source cves: CVE-2026-41674 Source advisory:...

@godmode-team/godmode (=1.6.1), @growthub/cli (>=0.3.1 <=0.3.44) +8 more potentially affected by unknown CVE via @paperclipai/server (>=0.2.7 <=2026.416.0-canary.1)

@paperclipai/server NPM version =0.2.7, =0.3.1, =0.1.45, =2026.324.0-canary.0, =0.0.2, =0.2.2, =0.6.5, =0.6.6 - solounicornclub =0.3.1 - stacy-cli =0.3.1 Source cves: unknown CVE Source advisory: OSV:GHSA-P7MM-R948-4Q3Q...

@godmode-team/godmode (=1.6.1), companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +1 more potentially affected by unknown CVE via paperclipai (>=0.3.1 <=2026.324.0-canary.7)

paperclipai NPM version =0.3.1, =2026.324.0-canary.0, =2026.325.0-canary.3 - stacy-cli =0.3.1 Source cves: unknown CVE Source advisory: OSV:GHSA-GQQJ-85QM-8QHF...

@inkeep/agents-api (>=0.0.0-dev-20260121145510 <=0.73.0), @inkeep/agents-cli (>=0.0.0-chat-to-edit-20251119071712 <=0.72.2) +22 more potentially affected by CVE-2026-41427 via @better-auth/oauth-provider (>=1.5.5 <=1.6.12)

@better-auth/oauth-provider NPM version =1.5.5, =0.0.0-dev-20260121145510, =0.0.0-chat-to-edit-20251119071712, =0.0.0-dev-20260410224321, =0.0.0-chat-to-edit-20251119071712, =0.0.0-chat-to-edit-20251119071712, =0.0.0-chat-to-edit-20251119071712, =0.0.0-chat-to-edit-20251119071712,...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +660 more potentially affected by CVE-2026-41312 via pypdf (>=3.10.0 <=6.10.1)

pypdf PYPI version =3.10.0, =0.1.1, =0.8.1, =0.9.1, =0.2.0, =0.0.2, =0.0.1, =0.0.1, =0.2.0, =0.1.4, =0.1.0a0.dev0, =1.1.3 and more Source cves: CVE-2026-41312 Source advisory: OSV:GHSA-7GW9-CF7V-778F...

1claw-crewai-tools (=0.1.0), abs-sdk (=10.1.3) +1012 more potentially affected by unknown CVE via uv (>=0.10.0 <=0.11.4)

uv PYPI version =0.10.0, =1.10.30, =1.10.30, =0.31.5, =1.3.0, =1.6.0, =1.6.0, =1.2.2, =1.2.4, =0.6.0, =0.1.0, =0.0.0.post225, =2025.3.31.dev0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-PJJW-68HJ-V9MW...