@antv/l7 (=2.0.0-beta.5), @antv/l7-draw (>=2.1.13 <=2.1.14) +4 more potentially affected by unknown CVE via @antv/l7 (>=2.0.0-beta.4 <=2.25.9)

@antv/l7 NPM version =2.0.0-beta.4, =2.1.13, =2.1.13, =2.10.0, =1.0.0, =1.0.17, =1.0.18 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7-16755105...

@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0), @antv/thumbnails-component (>=2.0.0 <=2.0.0-alpha.2) potentially affected by unknown CVE via @antv/thumbnails (=2.0.0)

@antv/thumbnails NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/thumbnails and may be impacted: - @antv/auto-chart =2.0.0, =2.0.0, =2.0.0-alpha.2 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVTHUMBNAILS-16754918...

@antv/smart-board (>=2.0.0 <=2.1.0-alpha.0) potentially affected by unknown CVE via @antv/lite-insight (=2.1.1)

@antv/lite-insight NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/lite-insight and may be impacted: - @antv/smart-board =2.0.0, =2.1.0-alpha.0 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVLITEINSIGHT-16754380...

@antv/l7 (>=2.1.13 <=2.25.10), @antv/l7-component (>=2.21.4 <=2.25.10) +8 more potentially affected by unknown CVE via @antv/l7-source (>=2.10.0 <=2.25.9)

@antv/l7-source NPM version =2.10.0, =2.1.13, =2.21.4, =2.1.13, =2.1.13, =2.10.0, =2.1.13, =2.10.0, =2.10.0, =1.0.0, =1.0.17, =1.0.18 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7SOURCE-16754469...

1byte-react-design (>=1.7.1 <=1.14.0), @aaf-comp/graph-widget (>=1.0.0 <=1.0.3) +250 more potentially affected by unknown CVE via @antv/expr (=1.0.2)

@antv/expr NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/expr and may be impacted: - 1byte-react-design =1.7.1, =1.0.0, =1.1.43, =1.0.1, =0.14.3, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =0.5.6, =5.1.5, =0.1.6, =0.1.0,...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +167 more potentially affected by unknown CVE via @antv/l7plot (>=0.0.11 <=0.5.11)

@antv/l7plot NPM version =0.0.11, =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.3.0, =0.0.1-beta.2, =1.0.0, =0.0.0, =1.0.0, =1.0.0, =0.2.0, =1.0.0, =1.2.4 - @brushes/core-transform-mini =1.0.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7PLOT-16754365...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

@0xsequence/checkout (>=0.0.0-20250314205219 <=5.2.4), @0xsequence/kit-checkout (>=0.0.0-20250305153405 <=4.6.6-beta.0) +212 more potentially affected by unknown CVE via timeago-react (>=3.0.2 <=3.0.7)

timeago-react NPM version =3.0.2, =0.0.0-20250314205219, =0.0.0-20250305153405, =1.0.0, =1.0.0, =0.5.4, =1.0.1, =2.0.10, =0.25.0, =0.23.0, =0.0.1, =1.0.7, =1.1.6 and more Source cves: unknown CVE Source advisory: SNYK:JS-TIMEAGOREACT-16755037...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

10 Top OSINT Tools Every Investigator Should Know in 2026

Modern OSINT platforms rely more on AI and automation, while older social tracking methods keep losing access due to privacy and API restrictions...

CVE-2026-41195

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...

CVE-2026-42822

creationtimestamp| type| source ---|---|--- 2026-05-18 19:03:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mm5kvcj64m2t 2026-05-19 03:00:48+00:00| seen| https://infosec.exchange/users/offseq/statuses/116599005689905038 2026-05-19 06:00:36+00:00| seen|...

CVE-2026-3140

creationtimestamp| type| source ---|---|--- 2026-05-18 18:33:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mm5j7mibzt2s...

5htp-airtable (>=0.0.1 <=0.1.2-3), @a-cube-io/ereceipts-js-sdk (=1.1.0) +146 more potentially affected by CVE-2025-57282 via ngrok (=5.0.0-beta.2)

ngrok NPM version =5.0.0-beta.2 is affected by a known vulnerability. The following packages have a transitive dependency on ngrok and may be impacted: - 5htp-airtable =0.0.1, =1.0.0, =5.0.0, =1.0.0, =3.1.6, =1.4.4, =1.0.0, =1.3.2, =1.0.31, =1.0.0, =1.0.26, =1.0.2, =1.1.0 and more Source cves:...

CVE-2026-42559

creationtimestamp| type| source ---|---|--- 2026-05-18 17:40:50+00:00| seen| https://gist.github.com/alon710/1478335359dc82e8637524c3acdbcdae...

GHSA-FVH2-GM75-J4J7

creationtimestamp| type| source ---|---|--- 2026-05-18 17:40:50+00:00| seen| https://gist.github.com/alon710/1478335359dc82e8637524c3acdbcdae...

CVE-2026-41949

creationtimestamp| type| source ---|---|--- 2026-05-18 17:01:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm5e4ahjr62h...

CVE-2026-7302

creationtimestamp| type| source ---|---|--- 2026-05-18 17:00:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mm5e2l2fzt2g...

CVE-2026-20685

creationtimestamp| type| source ---|---|--- 2026-05-18 16:46:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm5dbepiyd2h...