@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +23 more potentially affected by CVE-2026-45321 via @tanstack/start-plugin-core (>=1.121.0-alpha.28 <=1.169.20)

@tanstack/start-plugin-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.1, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.97.4, =1.111.10, =1.141.0, =0.3.0, =0.6.0 and more Source cves: CVE-2026-45321 Source advisory:...

@2digits/eslint-config (>=4.10.0 <=5.1.10), @yunarch/config-web (>=0.1.0 <=0.7.6) potentially affected by CVE-2026-45321 via @tanstack/eslint-plugin-router (>=1.115.0 <=1.155.0)

@tanstack/eslint-plugin-router NPM version =1.115.0, =4.10.0, =0.1.0, =0.7.6 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKESLINTPLUGINROUTER-16640202...

@tanstack/solid-start (>=1.121.0-alpha.28 <=1.167.62) potentially affected by CVE-2026-45321 via @tanstack/solid-start-client (>=1.121.0-alpha.28 <=1.166.5)

@tanstack/solid-start-client NPM version =1.121.0-alpha.28, =1.121.0-alpha.28, =1.167.62 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSOLIDSTARTCLIENT-16640233...

@squawk/mcp (>=0.4.1 <=0.8.1) potentially affected by unknown CVE via @squawk/airspace-data (>=0.3.2 <=0.4.0)

@squawk/airspace-data NPM version =0.3.2, =0.4.1, =0.8.1 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKAIRSPACEDATA-16640882...

@antidrawapp/runtime (>=0.1.0 <=0.1.1), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +131 more potentially affected by CVE-2026-45321 via @tanstack/router-core (>=1.108.0 <=1.169.2)

@tanstack/router-core NPM version =1.108.0, =0.1.0, =1.0.0, =0.6.2, =0.6.2, =0.1.1, =0.1.1, =0.6.2, =0.2.2, =0.3.0, =0.6.0, =0.2.2, =0.1.1, =0.1.0-fork.2e294b1, =0.1.0-fork.2e294b1, =1.0.0, =1.0.2 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERCORE-16640218...

-fides-amor-et-lux (=1.0.0), -price-checker (>=1.0.0 <=1.0.5) +35810 more potentially affected by CVE-2026-45736 via ws (>=8.0.0 <=8.20.0)

ws NPM version =8.0.0, =1.0.0, =1.0.0, =1.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0-beta.3 - 0g-vibekit =0.1.0 - 0g-zksettlement-client =1.0.0 and more Source cves: CVE-2026-45736 Source advisory: SNYK:JS-WS-16722635...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/fixes (>=0.1.4 <=0.3.1)

@squawk/fixes NPM version =0.1.4, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKFIXES-16640881...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/flight-math (=0.5.3)

@squawk/flight-math NPM version =0.5.3 is affected by a known vulnerability. The following packages have a transitive dependency on @squawk/flight-math and may be impacted: - @squawk/mcp =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKFLIGHTMATH-16640879...

@tanstack/react-router-ssr-query (>=1.121.0-alpha.28 <=1.166.12), @tanstack/solid-router-ssr-query (>=1.133.19 <=2.0.0-beta.20) +3 more potentially affected by CVE-2026-45321 via @tanstack/router-ssr-query-core (>=1.121.0-alpha.28 <=1.168.0)

@tanstack/router-ssr-query-core NPM version =1.121.0-alpha.28, =1.121.0-alpha.28, =1.133.19, =1.140.0, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERSSRQUERYCORE-16640223...

@tanstack/react-start (>=1.142.11 <=1.161.3), @tanstack/react-start-client (>=1.142.11 <=1.161.3) +11 more potentially affected by CVE-2026-45321 via @tanstack/start-fn-stubs (>=1.142.9 <=1.154.7)

@tanstack/start-fn-stubs NPM version =1.142.9, =1.142.11, =1.142.11, =1.142.11, =1.142.11, =1.142.9, =1.142.11, =1.142.9, =1.142.11, =1.142.11, =1.142.10, =1.142.11, =1.142.9, =1.142.11, =1.161.3 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSTARTFNSTUBS-16640239...

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +39 more potentially affected by CVE-2026-45321 via @tanstack/start-client-core (>=1.121.0-alpha.28 <=1.168.2)

@tanstack/start-client-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.1, =0.0.14, =0.0.1, =0.0.1, =1.20.3-alpha.1, =1.121.0-alpha.28, =1.111.10, =1.121.23, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.121.0-alpha.28, =1.114.29, =1.120.20 and more Source cves: CVE-2026-45321 Source...

@squawk/mcp (>=0.4.1 <=0.8.5) potentially affected by unknown CVE via @squawk/icao-registry-data (>=0.3.3 <=0.7.1)

@squawk/icao-registry-data NPM version =0.3.3, =0.4.1, =0.8.5 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKICAOREGISTRYDATA-16640875...

@squawk/airports (>=0.3.1 <=0.6.1), @squawk/airspace (>=0.2.3 <=0.8.0) +4 more potentially affected by unknown CVE via @squawk/geo (>=0.2.1 <=0.4.3)

@squawk/geo NPM version =0.2.1, =0.3.1, =0.2.3, =0.1.3, =0.3.1, =0.2.0, =0.2.3, =0.4.1 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKGEO-16640893...

org.webjars.npm:autobahn (=0.11.2), org.webjars.npm:blockly (>=9.3.2 <=10.4.1) +17 more potentially affected by CVE-2026-45736 via org.webjars.npm:ws (>=8.11.0 <=8.2.3)

org.webjars.npm:ws MAVEN version =8.11.0, =9.3.2, =6.2.1, =6.2.1, =0.19.11, =0.2.11, =21.1.1, =22.1.0 - org.webjars.npm:nestjsplatform-socket.io =9.0.0-next.2 and more Source cves: CVE-2026-45736 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16722636...

@env-hopper/frontend-build-vite (=2.0.1-alpha.0), @ibootz/claude-code-viewer (>=0.7.5 <=0.8.2) +11 more potentially affected by CVE-2026-45321 via @tanstack/router-devtools-core (>=1.120.19 <=1.167.3)

@tanstack/router-devtools-core NPM version =1.120.19, =0.7.5, =0.4.2, =0.0.1, =1.121.0-alpha.28, =1.121.0-alpha.28, =1.121.0-alpha.28, =1.140.0, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERDEVTOOLSCORE-16640219...

@squawk/airport-data (>=0.2.0 <=0.7.9), @squawk/airports (>=0.2.0 <=0.6.1) +16 more potentially affected by unknown CVE via @squawk/types (>=0.3.1 <=0.8.0)

@squawk/types NPM version =0.3.1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.3.5 and more Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKTYPES-16640890...

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +31 more potentially affected by CVE-2026-45321 via @tanstack/router-plugin (>=1.121.0-alpha.28 <=1.167.4)

@tanstack/router-plugin NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.1, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =2.0.0-beta.20 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERPLUGIN-16640...

@tanstack/vue-start (>=1.141.0 <=1.167.58) potentially affected by CVE-2026-45321 via @tanstack/vue-start-client (>=1.141.0 <=1.166.43)

@tanstack/vue-start-client NPM version =1.141.0, =1.141.0, =1.167.58 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKVUESTARTCLIENT-16640254...

@d-trattner/pidex (>=0.1.1 <=0.1.3), @tanstack/react-start (>=1.121.0-alpha.28 <=1.167.65) +2 more potentially affected by CVE-2026-45321 via @tanstack/react-start-client (>=1.121.0-alpha.28 <=1.166.48)

@tanstack/react-start-client NPM version =1.121.0-alpha.28, =0.1.1, =1.121.0-alpha.28, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTSTARTCLIENT-16640209...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airways (>=0.2.3 <=0.4.1)

@squawk/airways NPM version =0.2.3, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKAIRWAYS-16640887...

@tanstack/vue-start (>=1.141.0 <=1.167.58) potentially affected by CVE-2026-45321 via @tanstack/vue-start-server (>=1.141.0 <=1.166.5)

@tanstack/vue-start-server NPM version =1.141.0, =1.141.0, =1.167.58 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKVUESTARTSERVER-16640255...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airspace (>=0.4.1 <=0.8.0)

@squawk/airspace NPM version =0.4.1, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKAIRSPACE-16640892...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/procedure-data (>=0.3.3 <=0.7.2)

@squawk/procedure-data NPM version =0.3.3, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKPROCEDUREDATA-16640883...

@env-hopper/frontend-build-vite (=2.0.1-alpha.0), @graphprotocol/hypergraph-cli (>=0.0.0-alpha.7 <=0.0.0-alpha.22) +9 more potentially affected by CVE-2026-45321 via @tanstack/react-router-devtools (>=1.120.20 <=1.166.13)

@tanstack/react-router-devtools NPM version =1.120.20, =0.0.0-alpha.7, =0.7.5, =0.4.2, =0.0.1, =1.121.0-alpha.28, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTROUTERDEVTOOLS-16640206...

@squawk/mcp (>=0.4.1 <=0.8.1) potentially affected by unknown CVE via @squawk/airport-data (>=0.4.1 <=0.6.1)

@squawk/airport-data NPM version =0.4.1, =0.4.1, =0.8.1 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKAIRPORTDATA-16640876...

@antidrawapp/runtime (>=0.1.0 <=0.1.1), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +99 more potentially affected by CVE-2026-45321 via @tanstack/history (>=1.0.0 <=1.15.13)

@tanstack/history NPM version =1.0.0, =0.1.0, =1.0.0, =0.6.2, =0.6.2, =0.1.1, =0.1.1, =0.6.2, =0.2.2, =0.3.0, =0.6.0, =0.2.2, =1.0.0, =1.0.9, =1.1.0, =1.1.2, =1.6.2 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKHISTORY-16640204...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/icao-registry (>=0.2.3 <=0.5.1)

@squawk/icao-registry NPM version =0.2.3, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKICAOREGISTRY-16640891...

@squawk/mcp (>=0.4.1 <=0.6.0) potentially affected by unknown CVE via @squawk/weather (>=0.3.4 <=0.4.1)

@squawk/weather NPM version =0.3.4, =0.4.1, =0.6.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKWEATHER-16640874...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/procedures (>=0.2.4 <=0.5.1)

@squawk/procedures NPM version =0.2.4, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKPROCEDURES-16640885...

@tanstack/solid-start (>=1.121.0-alpha.28 <=1.167.62) potentially affected by CVE-2026-45321 via @tanstack/solid-start-server (>=1.121.0-alpha.28 <=1.166.51)

@tanstack/solid-start-server NPM version =1.121.0-alpha.28, =1.121.0-alpha.28, =1.167.62 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSOLIDSTARTSERVER-16640235...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airports (>=0.3.2 <=0.6.1)

@squawk/airports NPM version =0.3.2, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKAIRPORTS-16640888...

@squawk/mcp (>=0.4.1 <=0.8.1) potentially affected by unknown CVE via @squawk/navaid-data (>=0.4.1 <=0.5.2)

@squawk/navaid-data NPM version =0.4.1, =0.4.1, =0.8.1 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKNAVAIDDATA-16640894...

@squawk/airports (>=0.2.0 <=0.6.1), @squawk/airspace (>=0.2.3 <=0.8.0) +7 more potentially affected by unknown CVE via @squawk/units (=0.4.2)

@squawk/units NPM version =0.4.2 is affected by a known vulnerability. The following packages have a transitive dependency on @squawk/units and may be impacted: - @squawk/airports =0.2.0, =0.2.3, =0.2.0, =0.1.0, =0.2.0, =0.3.0, =0.2.0, =0.2.0, =0.2.0, =0.4.1 Source cves: unknown CVE Source...

@0xwork/connect (=0.1.8), @a5c-ai/agent-platform (>=5.0.1-staging.40a93c240e7b <=5.0.1-staging.d8bdfcceaf4a) +229 more potentially affected by unknown CVE via @mistralai/mistralai (>=2.1.2 <=2.2.1)

@mistralai/mistralai NPM version =2.1.2, =5.0.1-staging.40a93c240e7b, =5.0.1-staging.40a93c240e7b, =5.0.1-staging.40a93c240e7b, =1.0.0, =0.6.10, =0.1.0, =0.1.1, =0.1.3, =0.1.0, =0.1.13, =0.1.14, =0.1.0-alpha.2, =1.0.0, =1.0.3 and more Source cves: unknown CVE Source advisory:...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/flightplan (>=0.3.3 <=0.5.1)

@squawk/flightplan NPM version =0.3.3, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKFLIGHTPLAN-16640877...

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @brendonovich/solidjs__start (>=0.0.0 <=0.0.3) +39 more potentially affected by CVE-2026-45321 via @tanstack/router-utils (>=1.121.0-alpha.28 <=1.158.0)

@tanstack/router-utils NPM version =1.121.0-alpha.28, =1.0.0, =0.0.0, =1.0.0, =1.0.0-rc.1, =1.0.11, =0.1.0, =1.1.0, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.111.10, =1.20.3-alpha.1, =1.111.10, =1.111.10, =1.121.0-alpha.28, =1.161.3 and more Source cves: CVE-2026-45321 Source advisory:...

@d-trattner/pidex (>=0.1.1 <=0.1.3), @tanstack/react-start (>=1.121.0-alpha.28 <=1.167.65) +3 more potentially affected by CVE-2026-45321 via @tanstack/react-start-server (>=1.121.0-alpha.28 <=1.166.52)

@tanstack/react-start-server NPM version =1.121.0-alpha.28, =0.1.1, =1.121.0-alpha.28, =0.0.1, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTSTARTSERVER-16640213...

@nativescript/tanstack-router (>=0.1.0 <=0.1.2), @tanstack/solid-start (>=1.121.0-alpha.28 <=1.167.62) +2 more potentially affected by CVE-2026-45321 via @tanstack/solid-router (>=1.121.0-alpha.28 <=1.169.2)

@tanstack/solid-router NPM version =1.121.0-alpha.28, =0.1.0, =1.121.0-alpha.28, =1.121.0-alpha.28, =1.121.0-alpha.28, =1.166.51 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSOLIDROUTER-16640230...

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +31 more potentially affected by CVE-2026-45321 via @tanstack/start-server-core (>=1.121.0-alpha.28 <=1.167.30)

@tanstack/start-server-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.1, =0.0.14, =0.3.0, =0.3.0, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.121.0-alpha.28, =2.0.0-alpha.9 and more Source cves: CVE-2026-45321 Source...

@antidrawapp/runtime (>=0.1.0 <=0.1.1), @baseplate-dev/create-project (>=0.6.2 <=0.6.9) +92 more potentially affected by CVE-2026-45321 via @tanstack/react-router (>=1.0.0 <=1.169.2)

@tanstack/react-router NPM version =1.0.0, =0.1.0, =0.6.2, =0.6.2, =0.1.1, =0.1.1, =0.6.2, =0.2.2, =0.3.0, =0.6.0, =0.2.2, =0.1.1, =0.1.0-fork.2e294b1, =0.1.0-fork.2e294b1, =0.1.1, =1.0.9, =1.4.1 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTROUTER-16640208...

@use-pico/client (>=4.0.45 <=4.1.52), @use-pico/common (>=4.0.20 <=4.1.52) +1 more potentially affected by CVE-2026-45321 via @tanstack/zod-adapter (>=1.112.13 <=1.129.2)

@tanstack/zod-adapter NPM version =1.112.13, =4.0.45, =4.0.20, =4.0.16, =4.1.52 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKZODADAPTER-16640257...

@squawk/mcp (=0.4.1) potentially affected by unknown CVE via @squawk/notams (=0.2.3)

@squawk/notams NPM version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on @squawk/notams and may be impacted: - @squawk/mcp =0.4.1 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKNOTAMS-16640886...

@agentionai/agents (>=0.11.0 <=0.12.0-beta), @andreafspeziale/nestjs-search (>=2.0.0 <=2.0.1) +86 more potentially affected by unknown CVE via @opensearch-project/opensearch (>=3.2.0 <=3.6.0)

@opensearch-project/opensearch NPM version =3.2.0, =0.11.0, =2.0.0, =1.8.0, =3.0.17, =1.0.84, =0.1.0, =1.0.0, =1.0.1, =0.1.0, =0.1.0, =0.4.4 and more Source cves: unknown CVE Source advisory: SNYK:JS-OPENSEARCHPROJECTOPENSEARCH-16640915...

@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/navaids (>=0.2.4 <=0.4.1)

@squawk/navaids NPM version =0.2.4, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKNAVAIDS-16640884...

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +39 more potentially affected by CVE-2026-45321 via @tanstack/start-storage-context (>=1.121.0-alpha.28 <=1.166.4)

@tanstack/start-storage-context NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.1, =0.0.1, =0.0.1, =1.20.3-alpha.1, =1.121.0-alpha.28, =1.111.10, =1.129.0, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.121.0-alpha.28, =1.114.29, =1.129.0, =1.131.50 and more Source cves: CVE-2026-45321 Source...

@d-trattner/pidex (>=0.1.1 <=0.1.3), birdclaw (>=0.1.0 <=0.6.0) +1 more potentially affected by CVE-2026-45321 via @tanstack/react-start (>=1.167.2 <=1.167.65)

@tanstack/react-start NPM version =1.167.2, =0.1.1, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTSTART-16640215...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @getnuvo/importer-react (>=3.3.0 <=3.6.2) +19 more potentially affected by CVE-2026-43898 via @nyariv/sandboxjs (>=0.5.3 <=0.8.36)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =3.3.0, =4.0.1, =0.0.12, =2.1.6, =2.1.6, =1.0.5, =1.0.6, =2.1.6, =2.1.6, =2.15.0, =0.2.0, =0.2.2 and more Source cves: CVE-2026-43898 Source advisory: SNYK:JS-NYARIVSANDBOXJS-16642341...

@8btc/excalidraw (>=0.18.0-beta.0 <=0.18.0-beta.4), @airmix/mcp-excalidraw-server (=1.0.6) +256 more potentially affected by CVE-2026-41149 via mermaid (>=0.2.16 <=10.9.5)

mermaid NPM version =0.2.16, =0.18.0-beta.0, =0.17.0-alkemio-1, =1.0.0, =0.18.3, =0.18.0, =0.0.1-BETA, =0.18.1, =1.1.4, =0.0.1, =0.17.1, =0.0.19, =3.0.0, =0.0.12, =2.0.4 and more Source cves: CVE-2026-41149 Source advisory: SNYK:JS-MERMAID-16642050...

a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +946 more potentially affected by CVE-2026-2393 via mlflow (>=0.8.2 <=3.8.1)

mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =1.1.1 - ai-helpers-pytorch-utils =0.1.0a1 - ailine-core =0.5.5 and more Source cves: CVE-2026-2393 Source advisory: OSV:GHSA-65H7-C7C4-MGHX...

data-prep-toolkit-transforms (>=0.2.1 <=0.2.1.dev3), data-prep-toolkit-transforms-ray (>=0.2.1.dev0 <=0.2.1.dev2) +16 more potentially affected by CVE-2026-31248 via docling (>=1.11.0 <=2.55.0)

docling PYPI version =1.11.0, =0.2.1, =0.2.1.dev0, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =0.4.0, =0.1.29, =0.3.1, =0.10.0, =0.2.1, =0.2.6 and more Source cves: CVE-2026-31248 Source advisory: OSV:GHSA-9F4Q-Q82Q-4359...