@accounter/client (>=0.0.3 <=0.0.12-alpha-20260508071110-20f5becdec9522d09c6a97f123f7c572407661fb), @appigram/react-code-split-ssr (>=1.3.7 <=1.3.8) +256 more potentially affected by CVE-2026-42342 via react-router (>=7.0.0 <=7.14.2)

react-router NPM version =7.0.0, =0.0.3, =1.3.7, =0.0.2, =3.5.2, =1.1.0, =1.0.1-MON-198808-web-js-deps-batch-1.0, =0.0.1, =3.4.9, =0.1.9, =0.3.1, =0.5.1 and more Source cves: CVE-2026-42342 Source advisory: OSV:GHSA-8X6R-G9MW-2R78...

1zlab-emp-ide (=0.0.3), 1zlab-homepage (>=0.0.2 <=0.0.3) +11108 more potentially affected by CVE-2026-48587 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =0.0.2, =2.2.0, =0.1.0, =0.1.0.1, =0.1.1, =0.2.0, =0.0.4a0, =0.0.7, =0.1.10 and more Source cves: CVE-2026-48587 Source advisory: OSV:PYSEC-2026-198...

antgent (>=0.3.0 <=0.3.2), ara-cli (>=0.1.14.13 <=0.1.14.14) +44 more potentially affected by CVE-2026-25580 +1 more via pydantic-ai-slim (>=1.56.0 <=1.98.0)

pydantic-ai-slim PYPI version =1.56.0, =0.3.0, =0.1.14.13, =1.5.0, =0.1.0a1, =0.0.400, =0.0.1, =1.0.0, =1.0.3, =0.0.498, =0.1.1, =0.7.0rc1, =0.1.1, =0.1.0, =0.3.1 and more Source cves: CVE-2026-25580, CVE-2026-46678 Source advisory: SNYK:PYTHON-PYDANTICAISLIM-16796278...

Fedora 42 : composer (2026-d91f313a63)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d91f313a63 advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...

@deviceinsight/ng-ui-scale-lib (>=9.14.0 <=10.1.0), @namiq/chat-widget (>=0.0.11 <=0.0.15) +6 more potentially affected by CVE-2026-41886 via locize (>=0.0.3 <=4.0.16)

locize NPM version =0.0.3, =9.14.0, =0.0.11, =1.5.0, =0.0.3, =1.0.0, =0.0.1, =0.0.7 Source cves: CVE-2026-41886 Source advisory: OSV:GHSA-W937-FG2H-XHQ2...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by CVE-2026-43579 via openclaw (>=2026.3.22 <=2026.4.1)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-43579 Source advisory: SNYK:JS-OPENCLAW-16109691...

@activeboxes/piece-sftp (=0.2.6), @activepieces/piece-apify (=0.2.1) +25 more potentially affected by CVE-2026-39983 via basic-ftp (>=5.0.2 <=5.1.0)

basic-ftp NPM version =5.0.2, =0.2.6, =1.0.0, =1.0.0, =2.0.18, =1.9.2, =1.2.0, =4.6.0-blowfish, =1.0.3, =1.0.4, =0.1.1, =0.2.0 and more Source cves: CVE-2026-39983 Source advisory: SNYK:JS-BASICFTP-15953339...

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1217 more potentially affected by CVE-2026-34518 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34518 Source advisory: SNYK:PYTHON-AIOHTTP-15873735...

a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +659 more potentially affected by CVE-2026-31958 via tornado (>=6.0.0 <=6.5.4)

tornado PYPI version =6.0.0, =0.0.0, =0.7.3, =0.0.5, =1.0.0, =1.0.0, =0.31.0, =1.3.0, =0.1.23, =0.0.9.1, =0.20.0, =0.9.5, =22.5.13, =26.2.0 and more Source cves: CVE-2026-31958 Source advisory: SNYK:PYTHON-TORNADO-15467447...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.4 bug fix and security update

Red Hat OpenShift Container Platform release 4.21.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-29609 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-29609 Source advisory: OSV:GHSA-J27P-HQ53-9WGC...

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +233 more potentially affected by CVE-2026-25722 via @anthropic-ai/claude-code (>=0.2.126 <=2.0.55)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2026-25722 Source advisory: OSV:GHSA-66Q4-VFJG-2QHH...

actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-3V2X-9XCV-2V2V...

aleksis (>=2022.6.0.post0 <=2023.6.1), aleksis-app-alsijil (>=2.0.0 <=3.0.1) +97 more potentially affected by CVE-2025-65431 via django-allauth (>=0.24.1 <=65.12.1)

django-allauth PYPI version =0.24.1, =2022.6.0.post0, =2.0.0, =1.0.0, =2.0.0, =2.1.0, =2.0.0, =1.0.0.dev0, =0.1.0, =2.0.0, =2.0.0, =0.1.0, =2.0.0, =1.0.0, =0.1.1, =2.0.0.dev0, =2.0.0.dev2 and more Source cves: CVE-2025-65431 Source advisory: OSV:PYSEC-2025-111...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

EUVD-2025-179444

Malicious code in cybernetics-duplex-wolf-json npm...

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.0.11.0) +254 more potentially affected by CVE-2025-64458 via django (>=5.0.0 <=5.1.13)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =0.1.0, =0.2.5 and more Source cves: CVE-2025-64458 Source advisory: SNYK:PYTHON-DJANGO-13837025...

anomalydetection (=0.0.0.dev1), athiruma-cloud-governance (>=1.1.89 <=1.1.345) +28 more potentially affected by CVE-2025-61912 via python-ldap (>=2.4.19 <=3.4.4)

python-ldap PYPI version =2.4.19, =1.1.89, =3.1.2, =3.7.1, =1.0.426, =2.2.1.dev6, =0.0.2, =0.4.4, =1.0.0, =0.0.0, =1.1.0, =3.7.0, =3.8.0 and more Source cves: CVE-2025-61912 Source advisory: OSV:GHSA-P34H-WQ7J-H5V6...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +113 more potentially affected by CVE-2025-59682 via django (>=4.2.0 <=4.2.24)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-59682 Source advisory: OSV:GHSA-Q95W-C7QG-HRFF...