@antv/gpt-vis (>=0.6.0 <=0.6.1), @antv/gpt-vis-ssr (>=0.3.4 <=0.3.7) +17 more potentially affected by unknown CVE via @antv/s2 (>=2.0.0-next.25 <=2.7.0)

@antv/s2 NPM version =2.0.0-next.25, =0.6.0, =0.3.4, =0.0.1, =1.0.0-alpha18, =0.5.63, =0.5.66, =0.0.1, =0.1.1, =0.0.21, =1.0.5, =0.0.1-alpha.0, =0.0.1-beta.3 - qbi-charts =1.0.17 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4077...

@antv/gpt-vis (=0.5.0-beta.0), @antv/gpt-vis-ssr (>=0.1.0 <=0.3.7) +7 more potentially affected by unknown CVE via @antv/g2-ssr (>=0.0.8 <=0.2.0)

@antv/g2-ssr NPM version =0.0.8, =0.1.0, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3979...

@squawk/airports (>=0.3.1 <=0.6.1), @squawk/airspace (>=0.2.3 <=0.8.0) +4 more potentially affected by unknown CVE via @squawk/geo (>=0.2.1 <=0.4.3)

@squawk/geo NPM version =0.2.1, =0.3.1, =0.2.3, =0.1.3, =0.3.1, =0.2.0, =0.2.3, =0.4.1 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKGEO-16640893...

aoh (>=1.0.1 <=1.1.0), beratools (=0.2.2) +25 more potentially affected by CVE-2026-8212 via gdal (>=3.0.1 <=3.12.1)

gdal PYPI version =3.0.1, =1.0.1, =0.1.1, =0.0.7, =2.0.1, =0.4.0, =0.2.92, =0.9.2, =0.10.3, =0.4.5, =2.6.0, =2.7.0 - hyp3lib =4.0.1 and more Source cves: CVE-2026-8212 Source advisory: SNYK:PYTHON-GDAL-16624512...

sfx (=0.1.0) potentially affected by CVE-2026-34380 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34380 Source advisory: SNYK:PYTHON-OPENEXR-15993236...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +11 more potentially affected by CVE-2026-35663 via openclaw (>=0.0.1 <=2026.3.24)

openclaw NPM version =0.0.1, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =3.3.2, =3.3.7 Source cves: CVE-2026-35663 Source advisory: OSV:GHSA-9HJH-FR4F-GXC4...

@tinacms/app (>=0.0.0-0b7103c-20251216023146 <=2.3.25), @tinacms/cli (>=0.0.0-0b7103c-20251216023146 <=2.1.6) +4 more potentially affected by CVE-2026-28791 via @tinacms/graphql (>=2.0.0 <=2.1.2)

@tinacms/graphql NPM version =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0b7103c-20251216023146, =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0b7103c-20251216023146, =0.0.0-0b7103c-20251216023146, =3.5.0 Source cves: CVE-2026-28791 Source advisory: SNYK:JS-TINACMSGRAPHQL-15518326...

01os (=0.0.14), 10xscale-agentflow-cli (>=0.3.0 <=0.3.1) +11343 more potentially affected by CVE-2025-69534 via markdown (>=2.1.1 <=3.8.0)

markdown PYPI version =2.1.1, =0.3.0, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.0.4.80, =3.4.6 - aait-store-cut-part-001 =0.0.1 - aait-store-cut-part-002 =0.0.1 and more Source cves: CVE-2025-69534 Source advisory: OSV:GHSA-5WMX-573V-2QWQ...

agent-library (>=0.7.0 <=0.13.0), arcade-ai (=2.3.0) +67 more potentially affected by CVE-2025-66454 via arcade-mcp-server (>=1.0.0rc3 <=1.21.3)

arcade-mcp-server PYPI version =1.0.0rc3, =0.7.0, =1.2.0, =0.3.0, =0.1.0, =0.3.0, =0.2.0, =1.2.0, =2.3.0, =1.1.0, =3.1.0, =0.2.0, =3.1.0, =3.1.0, =4.0.0, =4.2.0 and more Source cves: CVE-2025-66454 Source advisory: SNYK:PYTHON-ARCADEMCPSERVER-14171924...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Linux Distros Unpatched Vulnerability : CVE-2025-39755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix cb7210 pcmcia Oops The pcmciadriver struct was still only using the old...

Linux Distros Unpatched Vulnerability : CVE-2025-38458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - atm: clip: Fix NULL pointer dereference in vccsendmsg atmarpddevops does not implement the send method, which may cause crash as bellow. BUG: kernel NULL pointe...

Linux Distros Unpatched Vulnerability : CVE-2025-21974

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: return fail if interface is down in bnxtqueuememalloc The bnxtqueuememalloc is...

Linux Distros Unpatched Vulnerability : CVE-2025-38057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - espintcp: fix skb leaks A few error paths are missing a kfreeskb. CVE-2025-38057 Note that Nessus relies on the presence of the package as reported by the vendo...

Linux Distros Unpatched Vulnerability : CVE-2021-47468

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - isdn: mISDN: Fix sleeping function called from invalid context The driver can call card-isac.release function from an atomic context. Fix this by calling this...

Linux Distros Unpatched Vulnerability : CVE-2025-22115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix block group refcount race in btrfscreatependingblockgroups Block group creation is done in two phases, which results in a slightly unintuitive...

Linux Distros Unpatched Vulnerability : CVE-2025-38071

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/mm: Check return value from memblockphysallocrange At least with CONFIGPHYSICALSTART=0x100000, if there is 4 MiB of contiguous free memory available at this...

Linux Distros Unpatched Vulnerability : CVE-2025-22014

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdraddlookup to...

Linux Distros Unpatched Vulnerability : CVE-2025-21723

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: mpi3mr: Fix possible crash when setting up bsg fails If bsgsetupqueue fails, the bsgqueue is assigned a non-NULL value. Consequently, in mpi3mrbsgexit, th...

Linux Distros Unpatched Vulnerability : CVE-2024-53052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/rw: fix missing NOWAIT check for ODIRECT start write When iouring starts a write, it'll call kiocbstartwrite to bump the super block rwsem, preventing a...