@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +297 more potentially affected by unknown CVE via @antv/async-hook (=2.2.9)

@antv/async-hook NPM version =2.2.9 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/async-hook and may be impacted: - @action.sustainability/storybook-dashboard =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.0.17-beta.1, =0.0.1-beta.2, =1.2.0-beta.0, =0.0.2...

link-chart (>=0.0.0 <=0.1.12) potentially affected by unknown CVE via @antv/ava-react (=3.3.2)

@antv/ava-react NPM version =3.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/ava-react and may be impacted: - link-chart =0.0.0, =0.1.12 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVAVAREACT-16755055...

1byte-react-design (>=1.7.1 <=1.14.0), @aaf-comp/graph-widget (>=1.0.0 <=1.0.3) +246 more potentially affected by unknown CVE via @antv/g-plugin-dragndrop (>=2.0.0 <=2.1.1)

@antv/g-plugin-dragndrop NPM version =2.0.0, =1.7.1, =1.0.0, =1.1.43, =5.0.48, =1.0.1, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =0.5.6, =1.0.0, =1.0.0, =1.0.0, =1.1.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINDRAGNDROP-16754940...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +168 more potentially affected by unknown CVE via @antv/xflow-core (>=1.0.0 <=1.1.52)

@antv/xflow-core NPM version =1.0.0, =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.3.0, =1.0.1, =1.0.0, =1.0.0, =0.0.0, =1.0.0, =1.0.0, =0.2.0, =1.1.0, =1.6.6 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVXFLOWCORE-16754364...

@antv/li-sam-assets (>=0.1.1 <=0.1.3) potentially affected by unknown CVE via @antv/insight-component (=1.0.0)

@antv/insight-component NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/insight-component and may be impacted: - @antv/li-sam-assets =0.1.1, =0.1.3 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVINSIGHTCOMPONENT-16755079...

@antv/li-sam-assets (>=0.1.1 <=0.1.3) potentially affected by unknown CVE via @antv/insight-component (=1.0.0)

@antv/insight-component NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/insight-component and may be impacted: - @antv/li-sam-assets =0.1.1, =0.1.3 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVINSIGHTCOMPONENT-16754910...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=6.6.0 <=7.4.5) +155 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.validation (>=6.0.0 <=6.9.4.1)

ca.uhn.hapi.fhir:org.hl7.fhir.validation MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.4.0, =6.8.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757892...

au.csiro.pathling:encoders (>=6.2.2 <=9.6.0), au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0) +246 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.0.0 <=6.9.6)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.0.0, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757891...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=6.6.0 <=7.4.5) +182 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=6.0.0 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.4.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757890...

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.3 <=8.10.0) +251 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=0.0.1 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =0.0.1, =5.6.5, =4.0.3, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.3, =4.0.0, =5.0.0, =4.0.3, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +223 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.validation (>=1.0.0 <=6.9.4.1)

ca.uhn.hapi.fhir:org.hl7.fhir.validation MAVEN version =1.0.0, =4.0.0, =5.6.5, =4.1.0, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =4.0.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

au.csiro.pathling:encoders (>=5.1.0 <=9.6.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.2.0) +322 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=0.0.1 <=6.9.6)

ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.2.1 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-base-test-mindeps-client (>=5.6.5 <=7.4.5) +277 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (>=0.0.1 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 MAVEN version =0.0.1, =5.6.5, =5.6.5, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =5.2.1 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.7.7 <=7.4.5) +209 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r4b (>=5.6.22 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.r4b MAVEN version =5.6.22, =3.4.0, =5.7.7, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =6.2.0, =6.8.0, =6.4.0, =5.7.0, =5.7.0, =5.7.0, =5.7.0, =5.7.7, =6.8.0 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.6.5 <=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=8.10.0) +259 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (>=0.0.1 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 MAVEN version =0.0.1, =5.6.5, =4.0.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

au.csiro.pathling:encoders (>=6.2.2 <=9.6.0), au.csiro.pathling:fhir-server (>=6.2.2 <=7.2.0) +220 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r4 (>=6.0.0 <=6.9.6)

ca.uhn.hapi.fhir:org.hl7.fhir.r4 MAVEN version =6.0.0, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.2.2, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757888...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=3.4.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=7.4.5) +262 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =4.0.0, =5.5.7 and more Source cves: CVE-2026-45367 Source advisory: OSV:GHSA-3653-68V6-RQ57...

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0) +185 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (>=6.0.0 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 - ca.uhn.hapi.fhir:hapi-fhir-jpaserver-uhnfhirtest =6.8.0 and more Source cves: CVE-2026-45367 Source advisory:...

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0) +186 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (>=6.0.0 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757885...

ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (=6.8.0), ca.uhn.hapi.fhir:hapi-fhir-base-test-mindeps-client (>=6.6.0 <=7.4.5) +197 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (>=6.0.0 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757886...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=6.6.0 <=8.10.0), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=6.6.0 <=7.4.5) +172 more potentially affected by CVE-2026-45367 via ca.uhn.hapi.fhir:org.hl7.fhir.r4b (>=6.0.0 <=6.9.5)

ca.uhn.hapi.fhir:org.hl7.fhir.r4b MAVEN version =6.0.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.8.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =6.6.0, =8.4.0, =6.8.0, =8.10.0 and more Source cves: CVE-2026-45367 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-16757889...

ai-plays-jackbox (>=0.0.1 <=0.3.2), air-link (>=0.0.0 <=0.5.0) +74 more potentially affected by CVE-2026-45554 via nicegui (>=0.9.11 <=3.10.0)

nicegui PYPI version =0.9.11, =0.0.1, =0.0.0, =0.1.0, =1.1.3, =1.9.5, =0.3.0, =0.0.1, =0.6.7, =1.0.0, =1.2.0, =1.23.0 and more Source cves: CVE-2026-45554 Source advisory: OSV:GHSA-PQ7C-X8G4-RVP6...

crm-automator (>=1.9.5 <=1.11.5), ex4nicegui (=0.9.0) +3 more potentially affected by CVE-2026-45554 via nicegui (>=3.0.4 <=3.10.0)

nicegui PYPI version =3.0.4, =1.9.5, =1.0.0, =12.22.3, =12.22.5 Source cves: CVE-2026-45554 Source advisory: SNYK:PYTHON-NICEGUI-16757878...

crm-automator (>=1.9.5 <=1.11.5), ex4nicegui (=0.9.0) +3 more potentially affected by CVE-2026-45553 via nicegui (>=3.0.4 <=3.10.0)

nicegui PYPI version =3.0.4, =1.9.5, =1.0.0, =12.22.3, =12.22.5 Source cves: CVE-2026-45553 Source advisory: SNYK:PYTHON-NICEGUI-16757863...

ai-plays-jackbox (>=0.0.1 <=0.3.2), air-link (>=0.0.0 <=0.5.0) +74 more potentially affected by CVE-2026-45553 via nicegui (>=0.9.11 <=3.10.0)

nicegui PYPI version =0.9.11, =0.0.1, =0.0.0, =0.1.0, =1.1.3, =1.9.5, =0.3.0, =0.0.1, =0.6.7, =1.0.0, =1.2.0, =1.23.0 and more Source cves: CVE-2026-45553 Source advisory: OSV:GHSA-JFRM-RX66-G536...

-fides-amor-et-lux (=1.0.0), -price-checker (>=1.0.0 <=1.0.5) +35810 more potentially affected by CVE-2026-45736 via ws (>=8.0.0 <=8.20.0)

ws NPM version =8.0.0, =1.0.0, =1.0.0, =1.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0-beta.3 - 0g-vibekit =0.1.0 - 0g-zksettlement-client =1.0.0 and more Source cves: CVE-2026-45736 Source advisory: OSV:GHSA-58QX-3VCG-4XPX...

1claw-crewai-tools (=0.1.0), 4dpocket (>=0.1.3 <=0.1.4) +1516 more potentially affected by CVE-2026-45829 via chromadb (>=1.0.0 <=1.5.9)

chromadb PYPI version =1.0.0, =0.1.3, =0.1.0, =0.1.0, =1.0.0, =0.2.0, =0.6.4, =0.0.4, =0.1.0, =1.0.1, =1.0.0, =1.0.29 and more Source cves: CVE-2026-45829 Source advisory: OSV:GHSA-F4J7-R4Q5-QW2C...

@addtodoist/twitter-autohook (=2.2.0), @alessiodf/core-chameleon (=0.0.1) +156 more potentially affected by CVE-2025-57282 via ngrok (=4.3.3)

ngrok NPM version =4.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on ngrok and may be impacted: - @addtodoist/twitter-autohook =2.2.0 - @alessiodf/core-chameleon =0.0.1 - @archer-edu/qa-test-cli =0.1.0, =0.1.1, =3.8.2, =3.0.0, =3.0.0-alpha.9, =1.0....

5htp-airtable (>=0.0.1 <=0.1.2-3), @a-cube-io/ereceipts-js-sdk (=1.1.0) +146 more potentially affected by CVE-2025-57282 via ngrok (=5.0.0-beta.2)

ngrok NPM version =5.0.0-beta.2 is affected by a known vulnerability. The following packages have a transitive dependency on ngrok and may be impacted: - 5htp-airtable =0.0.1, =1.0.0, =5.0.0, =1.0.0, =3.1.6, =1.4.4, =1.0.0, =1.3.2, =1.0.31, =1.0.0, =1.0.26, =1.0.2, =1.1.0 and more Source cves:...

budibase (>=0.0.3 <=0.0.31) potentially affected by CVE-2026-45719 via @budibase/server (>=0.0.1 <=0.0.9)

@budibase/server NPM version =0.0.1, =0.0.3, =0.0.31 Source cves: CVE-2026-45719 Source advisory: OSV:GHSA-363W-HVWH-W7M6...

@budibase/client (>=3.0.0 <=3.2.26), @budibase/server (>=3.0.0 <=3.2.26) potentially affected by CVE-2026-45716 via @budibase/frontend-core (>=3.0.0 <=3.2.7)

@budibase/frontend-core NPM version =3.0.0, =3.0.0, =3.0.0, =3.2.26 Source cves: CVE-2026-45716 Source advisory: SNYK:JS-BUDIBASEFRONTENDCORE-16759691...

@aaa-backend-stack/graphql-rest-bindings (>=1.16.0 <=1.16.9), @aaa-backend-stack/image-service (>=1.16.0 <=1.16.9) +589 more potentially affected by CVE-2026-8159 via multiparty (>=4.0.0 <=4.2.3)

multiparty NPM version =4.0.0, =1.16.0, =1.16.0, =1.16.0, =0.1.155, =1.0.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.58.14, =0.1.0, =1.0.0, =0.1.1, =0.1.3 and more Source cves: CVE-2026-8159 Source advisory: SNYK:JS-MULTIPARTY-16790693...

@aaa-backend-stack/graphql-rest-bindings (>=1.16.0 <=1.16.9), @aaa-backend-stack/image-service (>=1.16.0 <=1.16.9) +589 more potentially affected by CVE-2026-8161 via multiparty (>=4.0.0 <=4.2.3)

multiparty NPM version =4.0.0, =1.16.0, =1.16.0, =1.16.0, =0.1.155, =1.0.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.58.14, =0.1.0, =1.0.0, =0.1.1, =0.1.3 and more Source cves: CVE-2026-8161 Source advisory: SNYK:JS-MULTIPARTY-16790691...

ai.evolv:ascend-sdk (=0.5.0), app.peac:core (=0.0.1) +2567 more potentially affected by CVE-2026-45300 via org.asynchttpclient:async-http-client (>=2.0.0-RC1 <=2.14.5)

org.asynchttpclient:async-http-client MAVEN version =2.0.0-RC1, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.1.0, =0.2.0, =2.2, =2.0, =2.0-RC2 and more Source cves: CVE-2026-45300 Source advisory: SNYK:JAVA-ORGASYNCHTTPCLIENT-16755239...

com.akamai.edgegrid:edgegrid-signer-async-http-client (>=6.0.1 <=6.0.1-rc.1), com.cloudbees.thirdparty:zendesk-java-client (>=1.1.0 <=1.3.1) +50 more potentially affected by CVE-2026-45300 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.1)

org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =6.0.1, =1.1.0, =0.4.8, =0.4.8, =0.4.8, =218.0.0, =14.5.0, =15.4.0 - com.navercorp.pinpoint:pinpoint-agentstatistics-collector =3.1.0 - com.navercorp.pinpoint:pinpoint-batch =3.1.0 - com.navercorp.pinpoint:pinpoint-collector-starte...

com.akamai.edgegrid:edgegrid-signer-async-http-client (>=6.0.1 <=6.0.1-rc.1), com.cloudbees.thirdparty:zendesk-java-client (>=1.1.0 <=1.3.1) +50 more potentially affected by CVE-2026-45300 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.1)

org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =6.0.1, =1.1.0, =0.4.8, =0.4.8, =0.4.8, =218.0.0, =14.5.0, =15.4.0 - com.navercorp.pinpoint:pinpoint-agentstatistics-collector =3.1.0 - com.navercorp.pinpoint:pinpoint-batch =3.1.0 - com.navercorp.pinpoint:pinpoint-collector-starte...

ai.evolv:ascend-sdk (=0.5.0), app.peac:core (=0.0.1) +2551 more potentially affected by CVE-2026-45300 via org.asynchttpclient:async-http-client (>=2.0.0 <=2.14.5)

org.asynchttpclient:async-http-client MAVEN version =2.0.0, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.1.0, =0.2.0, =2.2, =2.0, =2.0-RC2 and more Source cves: CVE-2026-45300 Source advisory: OSV:GHSA-FMXF-PM6P-7XGM...

@aws/nx-plugin (>=0.105.0 <=0.120.0), @breadstone-infrastructure/nx-tasks (>=0.0.237 <=0.0.289) +46 more potentially affected by CVE-2026-45149 via brace-expansion (>=5.0.2 <=5.0.5)

brace-expansion NPM version =5.0.2, =0.105.0, =0.0.237, =0.0.237, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =23.0.0-pr.35465.2bc2643 and more Source cves: CVE-2026-45149 Source advisory: SNYK:JS-BRACEEXPANSION-16755174...

@aws/nx-plugin (>=0.105.0 <=0.120.0), @breadstone-infrastructure/nx-tasks (>=0.0.237 <=0.0.289) +46 more potentially affected by CVE-2026-45149 via brace-expansion (>=5.0.2 <=5.0.5)

brace-expansion NPM version =5.0.2, =0.105.0, =0.0.237, =0.0.237, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =22.7.0, =23.0.0-pr.35465.2bc2643 and more Source cves: CVE-2026-45149 Source advisory: OSV:GHSA-JXXR-4GWJ-5JF2...

01os (>=0.0.5 <=0.0.13), 1claw-crewai-tools (=0.1.0) +1779 more potentially affected by CVE-2026-45829 via chromadb (>=0.3.21 <=1.5.9)

chromadb PYPI version =0.3.21, =0.0.5, =0.1.3, =0.1.0, =0.1.0, =1.0.0, =0.2.0, =0.6.4, =0.0.4, =0.1.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-45829 Source advisory: SNYK:PYTHON-CHROMADB-16758047...

arbor-ai (>=0.1.5 <=0.1.14), coreason-runtime (>=0.1.0 <=0.31.0) +10 more potentially affected by CVE-2026-7304 via sglang (>=0.4.5 <=0.5.2)

sglang PYPI version =0.4.5, =0.1.5, =0.1.0, =1.1.0, =2.0.0b40, =0.0.1, =0.1.0, =0.1.0, =0.0.1.post1, =0.0.0, =0.8.0, =0.10.7 Source cves: CVE-2026-7304 Source advisory: SNYK:PYTHON-SGLANG-17111815...

lightrft (=0.1.0), rl-square (=0.0.1.post1) potentially affected by CVE-2026-7304 via sglang (>=0.4.5 <=0.4.6.post5)

sglang PYPI version =0.4.5, =0.4.6.post5 is affected by a known vulnerability. The following packages have a transitive dependency on sglang and may be impacted: - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-7304 Source advisory: OSV:GHSA-36M8-W8QF-G76P...

0pflow (>=0.1.0 <=0.1.0-dev.f5622ac), 0xble (>=14.0.0 <=23.2.2) +9430 more potentially affected by CVE-2026-8769 via @ai-sdk/provider-utils (>=0.0.0-b66d09a8-20260328011513 <=5.0.0-canary.44)

@ai-sdk/provider-utils NPM version =0.0.0-b66d09a8-20260328011513, =0.1.0, =14.0.0, =1.1.5, =0.1.0, =1.0.0, =0.0.2, =0.1.6, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =0.1.0, =1.1.0, =0.1.0-alpha.1, =0.7.1 and more Source cves: CVE-2026-8769 Source advisory:...

0pflow (>=0.1.0 <=0.1.0-dev.f5622ac), 0xble (>=14.0.0 <=23.2.2) +8891 more potentially affected by CVE-2026-8768 via ai (>=0.0.0-b66d09a8-20260328011513 <=7.0.0-canary.159)

ai NPM version =0.0.0-b66d09a8-20260328011513, =0.1.0, =14.0.0, =1.1.5, =1.0.0, =0.2.14, =0.1.6, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =0.1.0, =1.1.0, =0.1.0-alpha.1, =0.6.0, =0.1.0, =0.1.29 and more Source cves: CVE-2026-8768 Source advisory: SNYK:JS-AI-16734889...

org.webjars.npm:ai-sdk__vue (=3.0.33) potentially affected by CVE-2026-8768 via org.webjars.npm:ai (=6.0.33)

org.webjars.npm:ai MAVEN version =6.0.33 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:ai and may be impacted: - org.webjars.npm:ai-sdkvue =3.0.33 Source cves: CVE-2026-8768 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16734890...

0pflow (>=0.1.0 <=0.1.0-dev.f5622ac), 0xble (>=14.0.0 <=23.2.2) +9430 more potentially affected by CVE-2026-8768 via @ai-sdk/provider-utils (>=0.0.0-b66d09a8-20260328011513 <=5.0.0-canary.44)

@ai-sdk/provider-utils NPM version =0.0.0-b66d09a8-20260328011513, =0.1.0, =14.0.0, =1.1.5, =0.1.0, =1.0.0, =0.0.2, =0.1.6, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =0.1.0, =1.1.0, =0.1.0-alpha.1, =0.7.1 and more Source cves: CVE-2026-8768 Source advisory:...

0xble (>=14.0.0 <=23.2.2), 100xchat (>=1.1.5 <=1.3.5) +5661 more potentially affected by CVE-2026-8769 via @ai-sdk/provider-utils (>=0.0.0-b66d09a8-20260328011513 <=3.0.9)

@ai-sdk/provider-utils NPM version =0.0.0-b66d09a8-20260328011513, =14.0.0, =1.1.5, =0.1.0, =1.0.0, =0.0.2, =0.1.6, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =0.1.0, =0.1.0-alpha.1, =0.1.0, =0.0.5, =0.1.7 - @activepieces/ai-providers-shared =0.0.1 and more Source cves:...

acpreact (>=1.0.3 <=1.1.3), dadapter (>=1.0.1 <=1.0.3) potentially affected by CVE-2026-8766 via @kilocode/cli (=1.0.25)

@kilocode/cli NPM version =1.0.25 is affected by a known vulnerability. The following packages have a transitive dependency on @kilocode/cli and may be impacted: - acpreact =1.0.3, =1.0.1, =1.0.3 Source cves: CVE-2026-8766 Source advisory: OSV:GHSA-RPC6-9C4P-J5CG...

com.ibeetl:beetl-online-web (=3.15.3.RELEASE), com.ibeetl:beetl-spring-boot-starter-classic (>=3.14.1.RELEASE <=3.20.2.RELEASE) potentially affected by CVE-2026-8759 via com.ibeetl:beetl-spring-classic (>=3.14.1.RELEASE <=3.20.2.RELEASE)

com.ibeetl:beetl-spring-classic MAVEN version =3.14.1.RELEASE, =3.14.1.RELEASE, =3.20.2.RELEASE Source cves: CVE-2026-8759 Source advisory: OSV:GHSA-FMMW-44RP-JCFP...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.11), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.11) +49 more potentially affected by CVE-2026-8750 via ai.h2o:h2o-core (>=0.1.10 <=3.8.3.4)

ai.h2o:h2o-core MAVEN version =0.1.10, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.8.2.4, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.11 and more Source cves: CVE-2026-8750 Source advisory: SNYK:JAVA-AIH2O-17191772...