@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by unknown CVE via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-2VX9-7WPG-88JQ...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @dragonforce2010/openclaw-cn (>=0.1.7 <=0.1.7-fix7) +6 more potentially affected by unknown CVE via @openclaw-cn/libsignal (=2.0.1)

@openclaw-cn/libsignal NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @openclaw-cn/libsignal and may be impacted: - @3onedata/alsatian =0.1.8-fix.3, =0.1.7, =0.1.8-fix.3, =0.1.4, =0.1.0, =0.1.7, =2026.2.28, =2026.2.29 Source cves:...

@amag-ch/cds-dk (=0.4.0), @cap-js/ord (>=1.3.0 <=1.6.0) +11 more potentially affected by unknown CVE via @cap-js/openapi (=1.4.0)

@cap-js/openapi NPM version =1.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on @cap-js/openapi and may be impacted: - @amag-ch/cds-dk =0.4.0 - @cap-js/ord =1.3.0, =3.0.0, =2.0.0, =8.0.2, =0.0.1, =1.0.0, =0.5.0, =3.202312.1, =1.0.0, =1.0.0, =1.1.5,...

@antv/li-analysis-assets (>=1.0.0 <=1.9.1), @antv/li-core-assets (>=1.0.0 <=1.3.7) +3 more potentially affected by unknown CVE via @antv/li-sdk (=1.5.1)

@antv/li-sdk NPM version =1.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/li-sdk and may be impacted: - @antv/li-analysis-assets =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4065...

@widget-js/mindmap (>=0.0.1 <=0.0.5), gulf_web_scs (>=1.0.0 <=1.0.5) potentially affected by unknown CVE via @antv/x6-react-shape (=3.0.1)

@antv/x6-react-shape NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/x6-react-shape and may be impacted: - @widget-js/mindmap =0.0.1, =1.0.0, =1.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4114...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +309 more potentially affected by unknown CVE via @antv/g-device-api (=1.6.13)

@antv/g-device-api NPM version =1.6.13 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-device-api and may be impacted: - @action.sustainability/storybook-dashboard =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.0.17-beta.1, =0.0.1-beta.2, =1.2.0-beta.0,...

@antv/g2 (>=3.2.0 <=3.2.8-beta.6), @bizcharts/other-datamarker_dataregion (>=0.0.1 <=0.1.4) +22 more potentially affected by unknown CVE via @antv/interaction (>=0.0.8 <=0.1.5)

@antv/interaction NPM version =0.0.8, =3.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.4, =0.1.8, =1.0.4, =1.0.4, =0.1.4, =0.1.14, =0.1.5, =1.0.5, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4030...

@aidps/canvas-flow (>=1.0.0 <=1.0.1), @antv/xflow (>=2.0.1 <=2.2.4) +59 more potentially affected by unknown CVE via @antv/x6-plugin-minimap (>=2.0.5 <=2.0.7)

@antv/x6-plugin-minimap NPM version =2.0.5, =1.0.0, =2.0.1, =0.0.1, =0.0.4, =0.6.0, =2.0.4, =3.0.0, =3.5.1-alpha.3, =0.0.3, =0.2.2, =0.2.1, =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4106...

@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0), @antv/ava (>=3.0.0 <=3.6.0-alpha.0) +18 more potentially affected by unknown CVE via @antv/color-schema (=0.2.3)

@antv/color-schema NPM version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/color-schema and may be impacted: - @antv/auto-chart =2.0.0, =3.0.0, =3.0.0, =2.0.0, =5.1.5, =0.1.0, =2.0.4, =0.1.7, =1.0.0, =3.4.1-formant, =3.3.2-formant,...

@antv/graphin-graphscope (>=0.0.1 <=1.0.5), @graph-analysis/grapher-2d (>=0.0.1 <=0.0.2-beta.11) +22 more potentially affected by unknown CVE via @antv/graphin-components (>=2.0.0-beta.1 <=2.4.1)

@antv/graphin-components NPM version =2.0.0-beta.1, =0.0.1, =0.0.1, =0.9.42, =0.9.42, =0.9.42, =0.9.42, =0.10.5, =0.9.42, =0.9.42, =0.9.42, =0.9.42, =0.9.42, =0.9.42, =0.9.42, =0.11.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4023...

@join-com/jest-matchers (>=1.0.0 <=1.0.1) potentially affected by unknown CVE via jest-expect (=0.0.1)

jest-expect NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on jest-expect and may be impacted: - @join-com/jest-matchers =1.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4139...

@aidps/canvas-flow (>=1.0.0 <=1.0.1), @antv/xflow (>=2.0.1 <=2.2.4) +76 more potentially affected by unknown CVE via @antv/x6-plugin-clipboard (=2.1.6)

@antv/x6-plugin-clipboard NPM version =2.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/x6-plugin-clipboard and may be impacted: - @aidps/canvas-flow =1.0.0, =2.0.1, =0.0.1, =0.0.2, =1.0.0-beta.46, =0.0.4, =0.0.3, =2.0.4, =0.0.27, =3.0.0,...

hik-mapbox (>=0.0.1 <=1.4.3) potentially affected by unknown CVE via @antv/l7-three (=2.25.4)

@antv/l7-three NPM version =2.25.4 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/l7-three and may be impacted: - hik-mapbox =0.0.1, =1.4.3 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4052...

@antv/xflow (>=2.0.1 <=2.2.4), @antv/xflow-diff (=1.0.0) +63 more potentially affected by unknown CVE via @antv/x6-plugin-transform (>=2.1.7 <=2.1.8)

@antv/x6-plugin-transform NPM version =2.1.7, =2.0.1, =0.0.1, =0.0.2, =0.0.4, =0.0.3, =2.0.4, =0.0.27, =0.0.3, =0.0.2, =0.0.64 - @rxdrag/uml-editor =0.6.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4111...

1byte-react-design (>=1.7.1 <=1.14.0), 1g6table (=0.1.0) +1587 more potentially affected by unknown CVE via @antv/event-emitter (=0.1.3)

@antv/event-emitter NPM version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/event-emitter and may be impacted: - 1byte-react-design =1.7.1, =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.0.9, =0.1.2, =1.1.43, =0.9.1, =5.0.48, =1.0.1, =1.1....

@antv/f-my (>=0.0.1 <=1.6.0), @antv/f2-my (>=4.0.0 <=5.0.0-alpha.1) +13 more potentially affected by unknown CVE via @antv/f2-context (>=0.0.0 <=0.0.1)

@antv/f2-context NPM version =0.0.0, =0.0.1, =4.0.0, =2.0.0, =0.1.0, =0.3.1, =0.3.1, =1.0.0, =1.1.0, =1.0.0, =1.0.1 - qn-pc-f2 =0.1.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3892...

@antv/g-base (=0.5.13), @yogeshcl/g6-react-ba (=0.0.6) potentially affected by unknown CVE via @antv/d3-interpolate (=1.0.3)

@antv/d3-interpolate NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/d3-interpolate and may be impacted: - @antv/g-base =0.5.13 - @yogeshcl/g6-react-ba =0.0.6 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3866...

@antv/gpt-vis-ssr (>=0.1.9 <=0.3.7), @jsr2npm/yao__gpt-vis-mcp (>=0.1.0 <=0.1.2-beta.1) +5 more potentially affected by unknown CVE via @antv/g-plugin-rough-canvas-renderer (=2.1.1)

@antv/g-plugin-rough-canvas-renderer NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-plugin-rough-canvas-renderer and may be impacted: - @antv/gpt-vis-ssr =0.1.9, =0.1.0, =0.0.1, =0.2.1, =1.0.0, =1.0.0, =1.0.2 Source cves:...

@antv/g-mobile-svg (>=1.0.0 <=1.0.46), @antv/g-plugin-rough-svg-renderer (>=2.0.0 <=2.0.47) +2 more potentially affected by unknown CVE via @antv/g-plugin-svg-picker (>=2.0.0 <=2.0.9)

@antv/g-plugin-svg-picker NPM version =2.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.46 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3953...

@hocgin/ui (>=4.0.43 <=4.2.13), ame-miniapp-components (>=1.4.10-beta0 <=1.6.3-beta1) +5 more potentially affected by unknown CVE via react-adsense (=0.1.0)

react-adsense NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-adsense and may be impacted: - @hocgin/ui =4.0.43, =1.4.10-beta0, =0.30.0, =2.0.3 - hello-tea-js =1.0.0 - jie-web =1.0.0 Source cves: unknown CVE Source advisory:...