26517 matches found
d2m-apigen (>=1.0.1 <=2.1.7), dm-apigen (>=0.0.0 <=1.0.0) +2 more potentially affected by CVE-2026-24132 via @orval/mock (>=7.0.0 <=7.1.1)
@orval/mock NPM version =7.0.0, =1.0.1, =0.0.0, =7.0.0, =7.1.0, =7.13.2 Source cves: CVE-2026-24132 Source advisory: SNYK:JS-ORVALMOCK-15091570...
be.personify.iam:personify-frontend (>=1.5.4.RELEASE <=1.5.7.RELEASE), ch.admin.bit.jeap:jeap-archrepo-instance (>=1.12.0 <=1.14.0) +1376 more potentially affected by CVE-2025-22234 via org.springframework.security:spring-security-core (=6.4.4)
org.springframework.security:spring-security-core MAVEN version =6.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - be.personify.iam:personify-frontend =1.5.4.RELEASE, =1.12.0,...
com.almis.awe:awe-annotation (>=4.10.11 <=4.11.2), com.almis.awe:awe-annotations-spring-boot-starter (>=4.10.11 <=4.11.2) +107 more potentially affected by CVE-2025-22234 via org.springframework.security:spring-security-core (=6.3.8)
org.springframework.security:spring-security-core MAVEN version =6.3.8 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - com.almis.awe:awe-annotation =4.10.11, =4.10.11, =4.10.11,...
170051277-trab-final-gces (>=0.3.0 <=0.5.0), 2022-2-gces-ifpf (=0.3.0) +527 more potentially affected by CVE-2026-1260 via sentencepiece (>=0.1.82 <=0.2.0)
sentencepiece PYPI version =0.1.82, =0.3.0, =0.0.4.80, =1.0.32, =1.1.0, =0.3.0, =0.5.0, =0.2.2, =2.0.0, =0.3.5, =0.0.3, =0.3.0, =0.3.17 - akira =0.1.2 - al-for-design =0.0.1 - alignmap =1.0.0 and more Source cves: CVE-2026-1260 Source advisory: OSV:GHSA-38VQ-G6VR-W8WF...
a-mailx (=0.1.0), aaaai (>=0.1.3 <=0.3.0) +344 more potentially affected by CVE-2025-67221 via orjson (>=2.0.11 <=3.11.5)
orjson PYPI version =2.0.11, =0.1.3, =4.8.2, =0.1.3, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.31, =0.0.1, =0.0.2, =0.0.4 and more Source cves: CVE-2025-67221 Source advisory: OSV:GHSA-HX9Q-6W63-J58V...
orval (>=8.0.0 <=8.0.2) potentially affected by CVE-2026-24132 via @orval/mock (>=8.0.0-rc.0 <=8.0.2)
@orval/mock NPM version =8.0.0-rc.0, =8.0.0, =8.0.2 Source cves: CVE-2026-24132 Source advisory: OSV:GHSA-F456-RF33-4626...
@dohyper/cli.hyper (>=0.0.1 <=0.0.10), @lumeweb/portal-sdk (>=0.0.0-20240306223335 <=0.0.2) +16 more potentially affected by CVE-2026-24132 via @orval/mock (>=6.21.0 <=7.1.1)
@orval/mock NPM version =6.21.0, =0.0.1, =0.0.0-20240306223335, =1.0.0, =0.1.0, =1.0.0, =1.2.0, =1.9.101, =1.9.101, =1.0.1, =0.0.0, =6.21.0, =7.19.0 and more Source cves: CVE-2026-24132 Source advisory: OSV:GHSA-F456-RF33-4626...
actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)
surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-3V2X-9XCV-2V2V...
a-mailx (=0.1.0), a2grunnerp (>=0.1.0 <=0.1.8) +863 more potentially affected by CVE-2026-24049 via wheel (>=0.40.0 <=0.46.1)
wheel PYPI version =0.40.0, =0.1.0, =0.4.24, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =1.0.0, =1.1.0, =1.1.0, =0.0.6, =0.1.0, =1.2.6, =1.2.7 and more Source cves: CVE-2026-24049 Source advisory: OSV:GHSA-8RRH-RW8J-W5FX...
io4it (=3.0.4.1) potentially affected by CVE-2020-14343 +1 more via docling-core (=2.26.3)
docling-core PYPI version =2.26.3 is affected by a known vulnerability. The following packages have a transitive dependency on docling-core and may be impacted: - io4it =3.0.4.1 Source cves: CVE-2020-14343, CVE-2026-24009 Source advisory: SNYK:PYTHON-DOCLINGCORE-15091522...
io4it (=3.0.4.1) potentially affected by CVE-2026-24009 via docling-core (=2.26.3)
docling-core PYPI version =2.26.3 is affected by a known vulnerability. The following packages have a transitive dependency on docling-core and may be impacted: - io4it =3.0.4.1 Source cves: CVE-2026-24009 Source advisory: OSV:GHSA-VQXF-V2GG-X3HC...
170051277-trab-final-gces (>=0.3.0 <=0.5.0), 2022-2-gces-ifpf (=0.3.0) +527 more potentially affected by CVE-2026-1260 via sentencepiece (>=0.1.82 <=0.2.0)
sentencepiece PYPI version =0.1.82, =0.3.0, =0.0.4.80, =1.0.32, =1.1.0, =0.3.0, =0.5.0, =0.2.2, =2.0.0, =0.3.5, =0.0.3, =0.3.0, =0.3.17 - akira =0.1.2 - al-for-design =0.0.1 - alignmap =1.0.0 and more Source cves: CVE-2026-1260 Source advisory: SNYK:PYTHON-SENTENCEPIECE-15091567...
a-mailx (=0.1.0), aaaai (>=0.1.3 <=0.3.0) +322 more potentially affected by CVE-2025-67221 via orjson (>=2.0.11 <=3.11.4)
orjson PYPI version =2.0.11, =0.1.3, =4.8.2, =0.1.3, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.31, =0.0.1, =0.0.3, =0.2.0, =0.1.1, =0.6.0.post1 and more Source cves: CVE-2025-67221 Source advisory: OSV:PYSEC-2026-107...
170051277-trab-final-gces (>=0.3.0 <=0.5.0), 5gasp-cli (>=0.1.0 <=0.4.0) +5754 more potentially affected by CVE-2025-71176 via pytest (>=2.5.2 <=9.0.2)
pytest PYPI version =2.5.2, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =1.0.2, =0.1.1, =0.1.0, =0.0.0, =0.1.0, =0.1.3, =0.1.15 and more Source cves: CVE-2025-71176 Source advisory: OSV:GHSA-6W46-J5RX-G56G...
a-mailx (=0.1.0), a2grunnerp (>=0.1.0 <=0.1.8) +1576 more potentially affected by CVE-2026-24049 via wheel (>=0.24.0 <=0.46.1)
wheel PYPI version =0.24.0, =0.1.0, =0.1.0, =0.4.24, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =0.0.3, =1.0.0, =1.1.0, =1.1.0, =1.2.5 and more Source cves: CVE-2026-24049 Source advisory: SNYK:PYTHON-WHEEL-15053866...
org.webjars.npm:solid-js (=1.9.5) potentially affected by CVE-2026-24006 via org.webjars.npm:seroval (=1.2.1)
org.webjars.npm:seroval MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:seroval and may be impacted: - org.webjars.npm:solid-js =1.9.5 Source cves: CVE-2026-24006 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15054528...
@aexol/opencode-tui (>=0.2.5 <=0.2.10), @alcyone-labs/arg-parser (>=2.11.0 <=2.13.4) +90 more potentially affected by CVE-2026-24006 via seroval (>=1.0.7 <=1.3.2)
seroval NPM version =1.0.7, =0.2.5, =2.11.0, =1.0.0, =1.1.54, =1.1.54, =1.0.24, =0.1.0, =0.3.0, =1.0.0, =1.1.1 - @gettrace/agent =1.0.0 and more Source cves: CVE-2026-24006 Source advisory: SNYK:JS-SEROVAL-15054527...
org.webjars.npm:chevrotain (=11.0.3), org.webjars.npm:chevrotain__cst-dts-gen (=11.0.3) +71 more potentially affected by CVE-2025-13465 via org.webjars.npm:lodash-es (=4.17.21)
org.webjars.npm:lodash-es MAVEN version =4.17.21 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:lodash-es and may be impacted: - org.webjars.npm:chevrotain =11.0.3 - org.webjars.npm:chevrotaincst-dts-gen =11.0.3 -...
@aaronuu/react-forms (>=0.0.1 <=0.2.2), @actra-development-oss/redux-persist-transform-filter-immutable (>=0.1.1 <=1.0.0) +774 more potentially affected by CVE-2025-13465 via lodash.unset (>=4.0.2 <=4.5.2)
lodash.unset NPM version =4.0.2, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =1.1.0, =0.0.4, =1.8.28, =1.1.0, =0.1.2, =0.0.1, =0.1.0, =0.0.1, =2.1.1 and more Source cves: CVE-2025-13465 Source advisory: SNYK:JS-LODASHUNSET-15053837...
-fides-amor-et-lux (=1.0.0), 0.electron.main (>=1.0.49 <=1.0.50) +34378 more potentially affected by CVE-2025-13465 via lodash (>=4.0.0 <=4.17.21)
lodash NPM version =4.0.0, =1.0.49, =1.0.7, =1.0.0, =1.0.0, =0.0.2, =0.1.1, =1.0.0, =1.0.0, =3.7.1, =4.0.12 - 3---nodejs-npm =1.0.0 and more Source cves: CVE-2025-13465 Source advisory: OSV:GHSA-XXJR-MMJV-4GPG...
@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2025-13465 via lodash-amd (=4.16.4)
lodash-amd NPM version =4.16.4 is affected by a known vulnerability. The following packages have a transitive dependency on lodash-amd and may be impacted: - @dojo/cli-test-intern =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves:...
com.newmediaworks:nmw-oss-website (>=1.7.0 <=1.11.0), com.pragmatickm:website (>=1.10.0 <=2.0.0) +29 more potentially affected by CVE-2025-13465 via org.webjars.npm:lodash (>=4.0.0 <=4.17.21)
org.webjars.npm:lodash MAVEN version =4.0.0, =1.7.0, =1.10.0, =1.11.0, =1.7.0, =1.6.1, =1.11.0, =1.13.0, =1.0, =1.0, =1.0, =1.0.0-M1, =1.0.0-beta7 - org.webjars.npm:github-com-bevacqua-horsey =4.2.2 - org.webjars.npm:graphql-toolkitcommon =0.7.5 and more Source cves: CVE-2025-13465 Source advisor...
-fides-amor-et-lux (=1.0.0), 0.electron.main (>=1.0.49 <=1.0.50) +34378 more potentially affected by CVE-2025-13465 via lodash (>=4.0.0 <=4.17.21)
lodash NPM version =4.0.0, =1.0.49, =1.0.7, =1.0.0, =1.0.0, =0.0.2, =0.1.1, =1.0.0, =1.0.0, =3.7.1, =4.0.12 - 3---nodejs-npm =1.0.0 and more Source cves: CVE-2025-13465 Source advisory: SNYK:JS-LODASH-15053838...
4game-support-ckeditor5-custom-build (>=0.0.1 <=0.0.5), 87-midnight-ckeditor5 (>=0.0.3 <=0.0.5) +4324 more potentially affected by CVE-2025-13465 via lodash-es (>=4.0.0 <=4.17.22)
lodash-es NPM version =4.0.0, =0.0.1, =0.0.3, =0.0.1, =1.0.0, =2.14.1, =41.3.1, =2.1.0, =0.7.0, =1.0.0, =0.1.3, =0.0.4, =0.1.0, =0.0.1-alpha.4, =1.0.1, =0.0.1, =0.0.7 and more Source cves: CVE-2025-13465 Source advisory: OSV:GHSA-XXJR-MMJV-4GPG...
4game-support-ckeditor5-custom-build (>=0.0.1 <=0.0.5), 87-midnight-ckeditor5 (>=0.0.3 <=0.0.5) +4324 more potentially affected by CVE-2025-13465 via lodash-es (>=4.0.0 <=4.17.22)
lodash-es NPM version =4.0.0, =0.0.1, =0.0.3, =0.0.1, =1.0.0, =2.14.1, =41.3.1, =2.1.0, =0.7.0, =1.0.0, =0.1.3, =0.0.4, =0.1.0, =0.0.1-alpha.4, =1.0.1, =0.0.1, =0.0.7 and more Source cves: CVE-2025-13465 Source advisory: SNYK:JS-LODASHES-15053836...
@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2025-13465 via lodash-amd (=4.16.4)
lodash-amd NPM version =4.16.4 is affected by a known vulnerability. The following packages have a transitive dependency on lodash-amd and may be impacted: - @dojo/cli-test-intern =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves:...
@aaronuu/react-forms (>=0.0.1 <=0.2.2), @actra-development-oss/redux-persist-transform-filter-immutable (>=0.1.1 <=1.0.0) +774 more potentially affected by CVE-2025-13465 via lodash.unset (>=4.0.2 <=4.5.2)
lodash.unset NPM version =4.0.2, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =1.1.0, =0.0.4, =1.8.28, =1.1.0, =0.1.2, =0.0.1, =0.1.0, =0.0.1, =2.1.1 and more Source cves: CVE-2025-13465 Source advisory: OSV:GHSA-XXJR-MMJV-4GPG...
@astrojs/cloudflare (=0.4.0), @cfpreview/pages-e2e-test-runner-cli (>=0.0.1 <=0.0.8) +20 more potentially affected by CVE-2026-0933 via wrangler (>=2.0.23 <=3.114.1)
wrangler NPM version =2.0.23, =0.0.1, =1.0.387, =0.5.41, =2.1.0, =0.0.0-next-20230221055802, =1.0.0, =0.0.3, =0.0.47, =1.0.0, =1.0.0, =0.1.1, =0.1.106 and more Source cves: CVE-2026-0933 Source advisory: OSV:GHSA-36P8-MVP6-CV38...
@abuiles/vite-plugin (>=1.8.0 <=1.10.0), @anyauth/design-system (>=0.5.0 <=0.5.1) +18 more potentially affected by CVE-2026-0933 via wrangler (>=4.0.0 <=4.59.0)
wrangler NPM version =4.0.0, =1.8.0, =0.5.0, =12.6.6, =0.1.11, =0.8.0, =0.2.0, =0.0.0, =0.0.0-snapshot-0ac76b86f5045e62447317d6844f3c9c364df5e8, =1.0.6, =0.16.0, =0.37.0, =0.37.0, =0.1.0, =0.2.9 and more Source cves: CVE-2026-0933 Source advisory: OSV:GHSA-36P8-MVP6-CV38...
@alithya-oss/backstage-plugin-aws-apps-backend (=0.4.7), @alithya-oss/backstage-plugin-changelog-backend (=1.0.3) +165 more potentially affected by CVE-2026-24048 via @backstage/backend-defaults (>=0.0.0-nightly-20240929023448 <=0.12.1-next.1)
@backstage/backend-defaults NPM version =0.0.0-nightly-20240929023448, =1.0.7, =0.1.8, =0.3.10, =0.3.6, =0.1.0, =0.4.0, =4.6.0, =0.10.0, =0.12.0 and more Source cves: CVE-2026-24048 Source advisory: SNYK:JS-BACKSTAGEBACKENDDEFAULTS-15064476...
@alithya-oss/backstage-plugin-aws-apps-backend (=0.4.7), @alithya-oss/backstage-plugin-changelog-backend (=1.0.3) +165 more potentially affected by CVE-2026-24048 via @backstage/backend-defaults (>=0.0.0-nightly-20240929023448 <=0.12.1-next.1)
@backstage/backend-defaults NPM version =0.0.0-nightly-20240929023448, =1.0.7, =0.1.8, =0.3.10, =0.3.6, =0.1.0, =0.4.0, =4.6.0, =0.10.0, =0.12.0 and more Source cves: CVE-2026-24048 Source advisory: OSV:GHSA-Q2X5-4XJX-C6P9...
algokit (>=2.9.0 <=2.10.0), biopipen (>=1.0.0 <=1.3.8) +4 more potentially affected by CVE-2026-23986 via copier (>=9.0.1 <=9.11.1)
copier PYPI version =9.0.1, =2.9.0, =1.0.0, =2.2.2, =1.2.1, =2.14.1, =2.51.0 Source cves: CVE-2026-23986 Source advisory: SNYK:PYTHON-COPIER-15054509...
@backstage/backend-app-api (>=0.0.0-nightly-20241221023113 <=1.4.0-next.1), @backstage/backend-defaults (>=0.0.0-nightly-20241120023536 <=0.15.0-next.2) +111 more potentially affected by CVE-2026-24047 via @backstage/backend-plugin-api (>=1.0.1-next.0 <=1.6.0)
@backstage/backend-plugin-api NPM version =1.0.1-next.0, =0.0.0-nightly-20241221023113, =0.0.0-nightly-20241120023536, =0.0.0-nightly-20241120023536, =0.2.0-next.1, =0.0.0-nightly-20241221023113, =0.0.0-nightly-20241121023535, =0.1.26-next.1, =0.0.0-nightly-20250225023230, =0.3.1-next.1,...
@alithya-oss/backstage-plugin-aws-apps-backend (=0.4.7), @alithya-oss/backstage-plugin-changelog-backend (=1.0.3) +165 more potentially affected by CVE-2026-24046 via @backstage/backend-defaults (>=0.0.0-nightly-20240929023448 <=0.12.1-next.1)
@backstage/backend-defaults NPM version =0.0.0-nightly-20240929023448, =1.0.7, =0.1.8, =0.3.10, =0.3.6, =0.1.0, =0.4.0, =4.6.0, =0.10.0, =0.12.0 and more Source cves: CVE-2026-24046 Source advisory: SNYK:JS-BACKSTAGEBACKENDDEFAULTS-15054278...
@alithya-oss/backstage-plugin-scaffolder-backend-module-aws-apps (>=0.3.10 <=0.3.12), @alithya-oss/plugin-scaffolder-backend-module-aws-apps (>=0.3.6 <=0.3.9) +55 more potentially affected by CVE-2026-24046 via @backstage/plugin-scaffolder-backend (>=0.0.0-nightly-20220708025041 <=1.33.0)
@backstage/plugin-scaffolder-backend NPM version =0.0.0-nightly-20220708025041, =0.3.10, =0.3.6, =0.1.0, =0.4.0, =0.0.0-nightly-2021712211, =0.0.0-nightly-20230325022054, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-20230112022659, =0.0.0-nightly-2022122206, =0.4.3, =0.4.7...
@alithya-oss/backstage-plugin-aws-apps-backend (=0.4.7), @alithya-oss/backstage-plugin-changelog-backend (=1.0.3) +165 more potentially affected by CVE-2026-24046 via @backstage/backend-defaults (>=0.0.0-nightly-20240929023448 <=0.12.1-next.1)
@backstage/backend-defaults NPM version =0.0.0-nightly-20240929023448, =1.0.7, =0.1.8, =0.3.10, =0.3.6, =0.1.0, =0.4.0, =4.6.0, =0.10.0, =0.12.0 and more Source cves: CVE-2026-24046 Source advisory: OSV:GHSA-RQ6Q-WR2Q-7PGP...
@backstage-community/plugin-scaffolder-backend-module-amplication (=0.4.0), @backstage-community/plugin-scaffolder-backend-module-annotator (=2.9.0) +33 more potentially affected by CVE-2026-24046 via @backstage/plugin-scaffolder-node (>=0.0.0-nightly-20240929023448 <=0.11.1-next.0)
@backstage/plugin-scaffolder-node NPM version =0.0.0-nightly-20240929023448, =2.8.0, =0.0.0-nightly-20240116021644, =0.0.0-nightly-2022122206, =0.0.0-nightly-20231213021616, =0.0.0-nightly-20231213021616, =0.3.14-next.0 and more...
@backstage-community/plugin-scaffolder-backend-module-amplication (=0.4.0), @backstage-community/plugin-scaffolder-backend-module-annotator (=2.9.0) +33 more potentially affected by CVE-2026-24046 via @backstage/plugin-scaffolder-node (>=0.0.0-nightly-20240929023448 <=0.11.1-next.0)
@backstage/plugin-scaffolder-node NPM version =0.0.0-nightly-20240929023448, =2.8.0, =0.0.0-nightly-20240116021644, =0.0.0-nightly-2022122206, =0.0.0-nightly-20231213021616, =0.0.0-nightly-20231213021616, =0.3.14-next.0 and more...
algokit (>=0.2.0 <=2.10.0), algorun (>=0.0.1b1 <=0.0.1b4) +37 more potentially affected by CVE-2026-23986 via copier (>=2.3.3 <=9.11.1)
copier PYPI version =2.3.3, =0.2.0, =0.0.1b1, =0.0.1, =0.11.0, =0.31.0, =1.4.14, =0.2.3, =2.0.0, =0.18.0, =0.9.0, =0.10.0, =0.1.1, =0.14.1, =0.1.0, =0.1.10, =0.1.11 and more Source cves: CVE-2026-23986 Source advisory: OSV:GHSA-4FQP-R85R-HXQH...
algokit (>=2.9.0 <=2.10.0), biopipen (>=1.0.0 <=1.3.8) +4 more potentially affected by CVE-2026-23968 via copier (>=9.0.1 <=9.11.1)
copier PYPI version =9.0.1, =2.9.0, =1.0.0, =2.2.2, =1.2.1, =2.14.1, =2.51.0 Source cves: CVE-2026-23968 Source advisory: SNYK:PYTHON-COPIER-15054434...
algokit (>=0.2.0 <=2.10.0), algorun (>=0.0.1b1 <=0.0.1b4) +37 more potentially affected by CVE-2026-23968 via copier (>=2.3.3 <=9.11.1)
copier PYPI version =2.3.3, =0.2.0, =0.0.1b1, =0.0.1, =0.11.0, =0.31.0, =1.4.14, =0.2.3, =2.0.0, =0.18.0, =0.9.0, =0.10.0, =0.1.1, =0.14.1, =0.1.0, =0.1.10, =0.1.11 and more Source cves: CVE-2026-23968 Source advisory: OSV:GHSA-XJHM-GP88-8PFX...
org.webjars.npm:solid-js (=1.9.5) potentially affected by CVE-2026-23957 via org.webjars.npm:seroval (=1.2.1)
org.webjars.npm:seroval MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:seroval and may be impacted: - org.webjars.npm:solid-js =1.9.5 Source cves: CVE-2026-23957 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15054526...
@aexol/opencode-tui (>=0.2.5 <=0.2.10), @alcyone-labs/arg-parser (>=2.11.0 <=2.13.4) +90 more potentially affected by CVE-2026-23957 via seroval (>=1.0.7 <=1.3.2)
seroval NPM version =1.0.7, =0.2.5, =2.11.0, =1.0.0, =1.1.54, =1.1.54, =1.0.24, =0.1.0, =0.3.0, =1.0.0, =1.1.1 - @gettrace/agent =1.0.0 and more Source cves: CVE-2026-23957 Source advisory: SNYK:JS-SEROVAL-15054525...
@aexol/opencode-tui (>=0.2.5 <=0.2.10), @alcyone-labs/arg-parser (>=2.11.0 <=2.13.4) +90 more potentially affected by CVE-2026-23956 via seroval (>=1.0.7 <=1.3.2)
seroval NPM version =1.0.7, =0.2.5, =2.11.0, =1.0.0, =1.1.54, =1.1.54, =1.0.24, =0.1.0, =0.3.0, =1.0.0, =1.1.1 - @gettrace/agent =1.0.0 and more Source cves: CVE-2026-23956 Source advisory: SNYK:JS-SEROVAL-15054520...
@aexol/opencode-tui (>=0.2.5 <=0.2.10), @agent-embed/js (>=0.0.1 <=0.0.45) +278 more potentially affected by CVE-2026-23956 via seroval (>=0.2.1 <=1.3.2)
seroval NPM version =0.2.1, =0.2.5, =0.0.1, =2.11.0, =1.0.0, =0.0.1, =0.0.1, =0.0.7, =0.0.1, =0.0.1, =1.0.0, =0.1.26, =0.0.1, =1.1.54, =1.1.55 and more Source cves: CVE-2026-23956 Source advisory: OSV:GHSA-HX9M-JF43-8FFR...
org.webjars.npm:solid-js (=1.9.5) potentially affected by CVE-2026-23956 via org.webjars.npm:seroval (=1.2.1)
org.webjars.npm:seroval MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:seroval and may be impacted: - org.webjars.npm:solid-js =1.9.5 Source cves: CVE-2026-23956 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15054521...
@accounter/server (>=0.0.0 <=0.0.3-alpha-20241114141215-09b7d417e7e139562b2a77a6eb2d990da536e1ec), @frontside/backstage-plugin-graphql (>=0.1.0 <=0.6.0) +4 more potentially affected by unknown CVE via @envelop/graphql-modules (>=0.2.1 <=6.0.0)
@envelop/graphql-modules NPM version =0.2.1, =0.0.0, =0.1.0, =0.1.7, =0.2.6, =0.1.0, =0.7.0, =0.9.6 Source cves: unknown CVE Source advisory: OSV:GHSA-H3HW-29FV-2X75...
cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23965 via org.webjars.npm:sm-crypto (=0.3.13)
org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...
@3w5h/knowledge_query (=1.0.30), @3w5h/utils (>=1.0.0 <=1.0.7) +576 more potentially affected by CVE-2026-23965 via sm-crypto (>=0.0.9 <=0.3.8)
sm-crypto NPM version =0.0.9, =1.0.0, =0.1.0, =4.4.42, =0.0.2, =2.2.6, =2.2.6, =2.2.6, =2.3.10, =2.1.4, =2.2.6, =2.2.6, =2.2.6, =2.1.15, =2.3.9 and more Source cves: CVE-2026-23965 Source advisory: SNYK:JS-SMCRYPTO-15054484...
@3w5h/knowledge_query (=1.0.30), @3w5h/utils (>=1.0.0 <=1.0.7) +576 more potentially affected by CVE-2026-23965 via sm-crypto (>=0.0.9 <=0.3.8)
sm-crypto NPM version =0.0.9, =1.0.0, =0.1.0, =4.4.42, =0.0.2, =2.2.6, =2.2.6, =2.2.6, =2.3.10, =2.1.4, =2.2.6, =2.2.6, =2.2.6, =2.1.15, =2.3.9 and more Source cves: CVE-2026-23965 Source advisory: OSV:GHSA-HPWG-XG7M-3P6M...