@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +249 more potentially affected by unknown CVE via @antv/l7-renderer (>=2.10.0 <=2.25.4)

@antv/l7-renderer NPM version =2.10.0, =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.0.17-beta.1, =0.0.1-beta.2, =1.2.0-beta.0, =0.0.2, =0.0.2, =1.0.1, =0.0.2, =0.0.1, =0.0.4 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4049...

@2nova/wu-ui (>=1.1.0 <=1.3.12), @action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5) +1678 more potentially affected by unknown CVE via @antv/attr (>=0.0.7 <=0.3.5)

@antv/attr NPM version =0.0.7, =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =0.1.0, =0.5.0-alpha.0, =0.1.0, =0.5.0-alpha.0, =0.5.0-alpha.0, =0.1.0, =0.1.0, =0.1.0, =0.5.0-alpha.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3852...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +254 more potentially affected by unknown CVE via @antv/l7-maps (>=2.10.0 <=2.25.4)

@antv/l7-maps NPM version =2.10.0, =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.0.17-beta.1, =0.0.1-beta.2, =1.2.0-beta.0, =0.0.2, =0.0.2, =1.0.1, =0.0.2, =0.0.1, =0.0.4 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4045...

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, and MDM operations. Versions of Fleet prior to 4.82.0 contained security...

@uipath/ap-chat (>=1.4.6 <=1.5.6), @uipath/apollo-react (>=3.26.1 <=4.24.2) +4 more potentially affected by unknown CVE via @uipath/apollo-core (>=5.6.2 <=5.9.1)

@uipath/apollo-core NPM version =5.6.2, =1.4.6, =3.26.1, =0.7.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0-beta.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3531...

hickory-server (>=0.24.0 <=0.25.0-alpha.1) potentially affected by unknown CVE via hickory-recursor (>=0.24.4 <=0.25.0-alpha.1)

hickory-recursor CARGO version =0.24.4, =0.24.0, =0.25.0-alpha.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0106...

bjs-biginteger (=5.0.5) potentially affected by unknown CVE via bjs-lint-builders (=1.1.0)

bjs-lint-builders NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on bjs-lint-builders and may be impacted: - bjs-biginteger =5.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2881...

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (=0.0.0-canary-3a59770274bcb6f3bebd5d1b93a2c92d1fc4edbd) +7946 more potentially affected by unknown CVE via axios (>=1.0.0-alpha.1 <=1.14.0)

axios NPM version =1.0.0-alpha.1, =0.0.8, =0.1.0, =1.1.0, =0.1.0, =1.0.21, =0.1.4, =0.1.0, =1.0.10, =1.0.10, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.1.0-beta.18 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-2307...

CVE-2026-24418

creationtimestamp| type| source ---|---|--- 2026-02-06 16:47:32+00:00| published-proof-of-concept| https://github.com/devcode-it/openstamanager/security/advisories/GHSA-4xwv-49c8-fvhq...

cn.datask:dat-adapter-duckdb (>=0.6.1 <=0.7.1), cn.datask:dat-adapter-mysql (>=0.6.1 <=0.7.1) +158 more potentially affected by CVE-2026-25526 via com.hubspot.jinjava:jinjava (>=2.8.0 <=2.8.2)

com.hubspot.jinjava:jinjava MAVEN version =2.8.0, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.7.0, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.7.1 and more Source cves: CVE-2026-25526 Source advisory: OSV:GHSA-GJX9-J8F8-7J74...

vLLM code issues and vulnerabilities

vLLM is an open-source solution designed for LLM-based models, featuring high throughput and memory-efficient reasoning and service engines. Prior to vLLM 0.14.1, there were code-related vulnerabilities. These vulnerabilities stemmed from differences in the interpretation of backslashes by variou...

@cenk1cenk2/renovate-config (>=2.0.0 <=2.3.148), @jamietanna/patch-testing (>=0.1.0 <=0.2.28) +8 more potentially affected by unknown CVE via renovate (>=32.241.11 <=42.66.1)

renovate NPM version =32.241.11, =2.0.0, =0.1.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =0.0.1, =0.19.0 - @zotero-chinese/renovate-config =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-PFQ2-HH62-7M96...

query-rds-data (>=2.0.0 <=2.0.1) potentially affected by unknown CVE via aws-sdk-rdsdata (=0.15.0)

aws-sdk-rdsdata CARGO version =0.15.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-sdk-rdsdata and may be impacted: - query-rds-data =2.0.0, =2.0.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

iccDEV 代码问题漏洞

iccDEV is an open source color configuration code library from the International Color Consortium ICC. A code issue vulnerability exists in iccDEV 2.3.1 and earlier versions, which stems from an integer overflow and underflow in the CIccXmlArrayType::ParseTextCountNum function, which could lead t...

@voiceflow/widget (>=1.0.3 <=1.7.13) potentially affected by unknown CVE via @voiceflow/react-chat (>=1.0.3 <=1.47.4)

@voiceflow/react-chat NPM version =1.0.3, =1.0.3, =1.7.13 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191367...

@oku-ui/primitives (>=0.4.0 <=0.6.1) potentially affected by unknown CVE via @oku-ui/tabs (=0.6.1)

@oku-ui/tabs NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/tabs and may be impacted: - @oku-ui/primitives =0.4.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191276...

@hover-design/react (>=0.2.1-beta <=0.2.4-beta) potentially affected by unknown CVE via @hover-design/core (=0.0.1-beta)

@hover-design/core NPM version =0.0.1-beta is affected by a known vulnerability. The following packages have a transitive dependency on @hover-design/core and may be impacted: - @hover-design/react =0.2.1-beta, =0.2.4-beta Source cves: unknown CVE Source advisory: OSV:MAL-2025-191226...

@lessondesk/schoolbus (>=3.0.43 <=5.2.1) potentially affected by unknown CVE via @tiaanduplessis/react-progressbar (=1.0.0)

@tiaanduplessis/react-progressbar NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @tiaanduplessis/react-progressbar and may be impacted: - @lessondesk/schoolbus =3.0.43, =5.2.1 Source cves: unknown CVE Source advisory:...

@abtnode/blocklet-services (>=1.16.6 <=1.17.12-beta-20260422-093007-b389a838), @abtnode/cli (>=1.0.0 <=1.16.34-beta-20241113-102431-65542b84) +125 more potentially affected by unknown CVE via kill-port (>=2.0.0 <=2.0.1)

kill-port NPM version =2.0.0, =1.16.6, =1.0.0, =1.16.6, =0.0.0-beta.0, =0.0.0, =2.49.0, =1.0.0, =1.2.1, =1.16.6, =1.1.3, =2.6.0, =1.0.0, =0.1.1, =0.2.8, =0.2.10 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-191116...

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/java-spring-cloud-stream-template (=0.13.4)

@asyncapi/java-spring-cloud-stream-template NPM version =0.13.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/java-spring-cloud-stream-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source...