limit-size (>=0.1.3 <=0.1.4), limit-size-webpack-plugin (>=1.0.0 <=1.0.5) potentially affected by unknown CVE via byte-parser (=1.0.0)

byte-parser NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on byte-parser and may be impacted: - limit-size =0.1.3, =1.0.0, =1.0.5 Source cves: unknown CVE Source advisory: SNYK:JS-BYTEPARSER-16754340...

7qb (=0.0.17), @4399ywkf/ui (=3.0.0-alpha.0) +579 more potentially affected by unknown CVE via @antv/algorithm (>=0.0.6 <=0.1.8-beta.6)

@antv/algorithm NPM version =0.0.6, =1.0.0, =0.1.1, =0.1.2, =1.1.43, =5.0.48, =1.1.15, =1.0.5, =1.0.5, =1.0.5, =1.1.26, =0.2.11-dev-1, =0.1.0, =0.1.7 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVALGORITHM-16755028...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

@antv/gi-assets-advance (>=1.0.0 <=2.5.22), @antv/gi-assets-basic (>=1.0.0 <=2.4.40) +15 more potentially affected by unknown CVE via @antv/graphin-icons (=1.0.0)

@antv/graphin-icons NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/graphin-icons and may be impacted: - @antv/gi-assets-advance =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.0.4, =0.0.1, =0.1.0, =1.0.4, =1.0.11, =0.2.6-beta.4,...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

@antv/gi-assets-advance (>=1.0.0 <=2.5.22), @antv/gi-assets-algorithm (>=2.0.1 <=2.3.19) +12 more potentially affected by unknown CVE via @antv/gi-common-components (>=1.1.1 <=1.3.9)

@antv/gi-common-components NPM version =1.1.1, =1.0.0, =2.0.1, =1.0.0, =1.1.1, =2.0.5, =1.0.1, =1.0.1, =2.0.1, =2.0.1, =2.0.2, =0.1.0, =0.1.0, =2.0.1, =0.6.30, =0.6.43 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGICOMMONCOMPONENTS-16754420...

1byte-react-design (>=1.7.1 <=1.14.0), @ant-design/charts (>=2.0.3 <=2.6.7) +100 more potentially affected by unknown CVE via @antv/g2-extension-plot (>=0.1.2 <=0.2.2)

@antv/g2-extension-plot NPM version =0.1.2, =1.7.1, =2.0.3, =1.0.0, =2.0.8, =0.0.1, =0.1.0, =1.0.0, =1.0.1, =2.0.2, =1.2.0, =4.1.13, =1.0.1, =3.0.28 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVG2EXTENSIONPLOT-16755090...

1byte-react-design (>=1.7.1 <=1.14.0), @2nova/wu-ui (>=1.1.0 <=1.3.12) +1769 more potentially affected by unknown CVE via @antv/coord (>=0.0.3 <=0.4.7)

@antv/coord NPM version =0.0.3, =1.7.1, =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =1.0.1, =0.1.0, =0.5.0-alpha.0, =0.1.0, =0.5.0-alpha.0, =0.5.0-alpha.0, =0.1.0, =0.5.0-alpha.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVCOORD-16754904...

@antv/l7 (=2.0.0-beta.5), @antv/l7-draw (>=2.1.13 <=2.1.14) +4 more potentially affected by unknown CVE via @antv/l7 (>=2.0.0-beta.4 <=2.25.9)

@antv/l7 NPM version =2.0.0-beta.4, =2.1.13, =2.1.13, =2.10.0, =1.0.0, =1.0.17, =1.0.18 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7-16755105...

@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0), @antv/thumbnails-component (>=2.0.0 <=2.0.0-alpha.2) potentially affected by unknown CVE via @antv/thumbnails (=2.0.0)

@antv/thumbnails NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/thumbnails and may be impacted: - @antv/auto-chart =2.0.0, =2.0.0, =2.0.0-alpha.2 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVTHUMBNAILS-16754918...

@antv/smart-board (>=2.0.0 <=2.1.0-alpha.0) potentially affected by unknown CVE via @antv/lite-insight (=2.1.1)

@antv/lite-insight NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/lite-insight and may be impacted: - @antv/smart-board =2.0.0, =2.1.0-alpha.0 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVLITEINSIGHT-16754380...

@antv/l7 (>=2.1.13 <=2.25.10), @antv/l7-component (>=2.21.4 <=2.25.10) +8 more potentially affected by unknown CVE via @antv/l7-source (>=2.10.0 <=2.25.9)

@antv/l7-source NPM version =2.10.0, =2.1.13, =2.21.4, =2.1.13, =2.1.13, =2.10.0, =2.1.13, =2.10.0, =2.10.0, =1.0.0, =1.0.17, =1.0.18 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7SOURCE-16754469...

1byte-react-design (>=1.7.1 <=1.14.0), @aaf-comp/graph-widget (>=1.0.0 <=1.0.3) +250 more potentially affected by unknown CVE via @antv/expr (=1.0.2)

@antv/expr NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/expr and may be impacted: - 1byte-react-design =1.7.1, =1.0.0, =1.1.43, =1.0.1, =0.14.3, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =0.5.6, =5.1.5, =0.1.6, =0.1.0,...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +167 more potentially affected by unknown CVE via @antv/l7plot (>=0.0.11 <=0.5.11)

@antv/l7plot NPM version =0.0.11, =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.3.0, =0.0.1-beta.2, =1.0.0, =0.0.0, =1.0.0, =1.0.0, =0.2.0, =1.0.0, =1.2.4 - @brushes/core-transform-mini =1.0.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7PLOT-16754365...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

@0xsequence/checkout (>=0.0.0-20250314205219 <=5.2.4), @0xsequence/kit-checkout (>=0.0.0-20250305153405 <=4.6.6-beta.0) +212 more potentially affected by unknown CVE via timeago-react (>=3.0.2 <=3.0.7)

timeago-react NPM version =3.0.2, =0.0.0-20250314205219, =0.0.0-20250305153405, =1.0.0, =1.0.0, =0.5.4, =1.0.1, =2.0.10, =0.25.0, =0.23.0, =0.0.1, =1.0.7, =1.1.6 and more Source cves: unknown CVE Source advisory: SNYK:JS-TIMEAGOREACT-16755037...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

10 Top OSINT Tools Every Investigator Should Know in 2026

Modern OSINT platforms rely more on AI and automation, while older social tracking methods keep losing access due to privacy and API restrictions...

CVE-2026-41195

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...