@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airspace (>=0.4.1 <=0.8.0)

@squawk/airspace NPM version =0.4.1, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3437...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/icao-registry (>=0.2.3 <=0.5.1)

@squawk/icao-registry NPM version =0.2.3, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3446...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airports (>=0.3.2 <=0.6.1)

@squawk/airports NPM version =0.3.2, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3436...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airways (>=0.2.3 <=0.4.1)

@squawk/airways NPM version =0.2.3, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3440...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/procedures (>=0.2.4 <=0.5.1)

@squawk/procedures NPM version =0.2.4, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3453...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/navaids (>=0.2.4 <=0.4.1)

@squawk/navaids NPM version =0.2.4, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3450...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/procedure-data (>=0.3.3 <=0.7.2)

@squawk/procedure-data NPM version =0.3.3, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3452...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airspace-data (>=0.3.2 <=0.5.2)

@squawk/airspace-data NPM version =0.3.2, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3438...

MAL-2026-3448 Malicious code in @squawk/mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed4b99ef5ac5fd4f25fdd4844c49a608343d6596def04cfb9df850c40e927dc9 The package @squawk/mcp was found to contain malicious code. Source: ghsa-malware 7d06b20db1195e1e5566e553087c2be971625c4a648e9cbfe5c1e0e836b93aa9 An...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/flight-math (=0.5.3)

@squawk/flight-math NPM version =0.5.3 is affected by a known vulnerability. The following packages have a transitive dependency on @squawk/flight-math and may be impacted: - @squawk/mcp =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3443...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/flightplan (>=0.3.3 <=0.5.1)

@squawk/flightplan NPM version =0.3.3, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3444...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airport-data (>=0.4.1 <=0.7.3)

@squawk/airport-data NPM version =0.4.1, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3435...

@squawk/mcp (>=0.2.0 <=0.8.13) potentially affected by unknown CVE via @squawk/icao-registry-data (>=0.3.3 <=0.8.3)

@squawk/icao-registry-data NPM version =0.3.3, =0.2.0, =0.8.13 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3447...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/icao-registry (>=0.2.3 <=0.5.1)

@squawk/icao-registry NPM version =0.2.3, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKICAOREGISTRY-16640891...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/procedure-data (>=0.3.3 <=0.7.2)

@squawk/procedure-data NPM version =0.3.3, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKPROCEDUREDATA-16640883...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airports (>=0.3.2 <=0.6.1)

@squawk/airports NPM version =0.3.2, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKAIRPORTS-16640888...

@squawk/mcp (>=0.2.0 <=0.8.13) potentially affected by unknown CVE via @squawk/icao-registry-data (>=0.3.3 <=0.8.3)

@squawk/icao-registry-data NPM version =0.3.3, =0.2.0, =0.8.13 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKICAOREGISTRYDATA-16640875...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/fixes (>=0.1.4 <=0.3.1)

@squawk/fixes NPM version =0.1.4, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKFIXES-16640881...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airport-data (>=0.4.1 <=0.7.3)

@squawk/airport-data NPM version =0.4.1, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKAIRPORTDATA-16640876...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airspace-data (>=0.3.2 <=0.5.2)

@squawk/airspace-data NPM version =0.3.2, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKAIRSPACEDATA-16640882...