org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2026-41043 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2026-41043 Source advisory: OSV:GHSA-2JP3-2923-9H52...

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2026-41043 via org.apache.activemq:activemq-all (>=4.1.2 <=5.19.5)

org.apache.activemq:activemq-all MAVEN version =4.1.2, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-41043 Source advisory: OSV:GHSA-2JP3-2923-9H52...

com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.3) +5 more potentially affected by CVE-2026-34197 +1 more via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.3)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.3 Source cves: CVE-2026-34197, CVE-2026-40466 Source advisory: OSV:GHSA-W3W2-MPP5-92GM...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.108.0) +102 more potentially affected by CVE-2026-41043 via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.4)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =2.2.0 and more Source cves: CVE-2026-41043 Source advisory: OSV:GHSA-2JP3-2923-9H52...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.108.0) +102 more potentially affected by CVE-2026-41044 via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.4)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =2.2.0 and more Source cves: CVE-2026-41044 Source advisory: OSV:GHSA-MR6M-XJ7V-3CV3...

org.apache.dolphinscheduler:dolphinscheduler-dist (>=3.3.2 <=3.4.0), org.apache.dolphinscheduler:dolphinscheduler-standalone-server (>=3.0.0 <=3.0.6) potentially affected by CVE-2026-23902 via org.apache.dolphinscheduler:dolphinscheduler-api (>=3.0.0-alpha <=3.4.0)

org.apache.dolphinscheduler:dolphinscheduler-api MAVEN version =3.0.0-alpha, =3.3.2, =3.0.0, =3.0.6 Source cves: CVE-2026-23902 Source advisory: SNYK:JAVA-ORGAPACHEDOLPHINSCHEDULER-16431736...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.108.0) +102 more potentially affected by CVE-2026-34197 +1 more via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.4)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =2.2.0 and more Source cves: CVE-2026-34197, CVE-2026-40466 Source advisory: OSV:GHSA-W3W2-MPP5-92GM...

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2026-34197 +1 more via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2026-34197, CVE-2026-40466 Source advisory: OSV:GHSA-W3W2-MPP5-92GM...

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2026-41044 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2026-41044 Source advisory: OSV:GHSA-MR6M-XJ7V-3CV3...

org.apache.dolphinscheduler:dolphinscheduler-alert-server (>=3.0.0 <=3.4.0), org.apache.dolphinscheduler:dolphinscheduler-api (>=3.0.0 <=3.0.6) +11 more potentially affected by CVE-2026-23902 via org.apache.dolphinscheduler:dolphinscheduler-dao (>=3.0.0-alpha <=3.4.0)

org.apache.dolphinscheduler:dolphinscheduler-dao MAVEN version =3.0.0-alpha, =3.0.0, =3.0.0, =3.3.2, =3.0.0, =3.0.0, =3.2.0, =3.1.0, =3.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.6 Source cves: CVE-2026-23902 Source advisory: SNYK:JAVA-ORGAPACHEDOLPHINSCHEDULER-16431737...

com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.3) +5 more potentially affected by CVE-2026-41043 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.3)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.3 Source cves: CVE-2026-41043 Source advisory: OSV:GHSA-2JP3-2923-9H52...

com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.3) +5 more potentially affected by CVE-2026-41044 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.3)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.3 Source cves: CVE-2026-41044 Source advisory: OSV:GHSA-MR6M-XJ7V-3CV3...

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2026-41044 via org.apache.activemq:activemq-all (>=4.1.2 <=5.19.5)

org.apache.activemq:activemq-all MAVEN version =4.1.2, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-41044 Source advisory: OSV:GHSA-MR6M-XJ7V-3CV3...

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2026-34197 +1 more via org.apache.activemq:activemq-all (>=4.1.2 <=5.19.5)

org.apache.activemq:activemq-all MAVEN version =4.1.2, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-34197, CVE-2026-40466 Source advisory: OSV:GHSA-W3W2-MPP5-92GM...

org.apache.dolphinscheduler:dolphinscheduler-alert-server (>=3.2.1 <=3.3.0-alpha), org.apache.dolphinscheduler:dolphinscheduler-extract-alert (>=3.2.1 <=3.3.0-alpha) +13 more potentially affected by CVE-2025-62233 via org.apache.dolphinscheduler:dolphinscheduler-extract-base (>=3.2.1 <=3.3.0-alpha)

org.apache.dolphinscheduler:dolphinscheduler-extract-base MAVEN version =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.3.0-alpha - o...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0111...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0137...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0136...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0134...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0135...

at.chrl:chrl-jms (=1.1.0), at.researchstudio.sat:won-core (>=0.2 <=0.9) +1035 more potentially affected by CVE-2026-41044 via org.apache.activemq:activemq-broker (>=5.10.0 <=5.19.4)

org.apache.activemq:activemq-broker MAVEN version =5.10.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 - at.researchstudio.sat:won-owner-webapp =0.3 and more Source cves: CVE-2026-41044 Source advisory:...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.108.0) +102 more potentially affected by CVE-2026-41044 via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.4)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =2.2.0 and more Source cves: CVE-2026-41044 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-16323331...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.108.0) +102 more potentially affected by CVE-2026-40466 via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.4)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =2.2.0 and more Source cves: CVE-2026-40466 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-16323117...

at.chrl:chrl-jms (=1.1.0), at.researchstudio.sat:won-core (>=0.2 <=0.9) +1035 more potentially affected by CVE-2026-40466 via org.apache.activemq:activemq-broker (>=5.10.0 <=5.19.4)

org.apache.activemq:activemq-broker MAVEN version =5.10.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 - at.researchstudio.sat:won-owner-webapp =0.3 and more Source cves: CVE-2026-40466 Source advisory:...

com.cognifide.aet:cleaner (>=2.0.0 <=3.2.2), com.cognifide.aet:communication (>=2.0.0 <=3.2.2) +125 more potentially affected by CVE-2026-41043 via org.apache.activemq:activemq-web (>=5.0.0 <=5.19.4)

org.apache.activemq:activemq-web MAVEN version =5.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =1.1.0, =2015.12.01, =2015.12.01, =2015.12.01, =2018.9.8 - com.hi3project.vineyard:vineyard-yottacontainer =0.9.0 - com.webtide.hightide:auctiondemo =6.1H.8 -...

org.apache.activemq:activemq-osgi (>=6.0.0 <=6.2.3), org.apache.activemq:activemq-web-console (>=6.0.0 <=6.2.3) +2 more potentially affected by CVE-2026-41043 via org.apache.activemq:activemq-web (>=6.0.0 <=6.2.3)

org.apache.activemq:activemq-web MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.3 Source cves: CVE-2026-41043 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-16323116...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +16 more potentially affected by CVE-2026-41358 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.11 and more Source cves: CVE-2026-41358 Source advisory: SNYK:JS-OPENCLAW-16206250...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +11 more potentially affected by CVE-2026-41355 via openclaw (>=2026.3.22 <=2026.3.24)

openclaw NPM version =2026.3.22, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 Source cves: CVE-2026-41355 Source advisory: SNYK:JS-OPENCLAW-16206422...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +20 more potentially affected by CVE-2026-41909 via openclaw (>=2026.3.22 <=2026.4.2)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 - @xmoxmo/bncr =0.0.8 - morpho-vault-manager =0.1.0 and more Source cves: CVE-2026-41909 Source advisory: SNYK:JS-OPENCLAW-16206119...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +20 more potentially affected by CVE-2026-41908 via openclaw (>=2026.3.22 <=2026.4.2)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 - @xmoxmo/bncr =0.0.8 - morpho-vault-manager =0.1.0 and more Source cves: CVE-2026-41908 Source advisory: SNYK:JS-OPENCLAW-16205967...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.1), ai.h2o:h2o-algos (>=3.0.0.5 <=3.46.0.1) +44 more potentially affected by CVE-2026-3960 via ai.h2o:h2o-core (>=3.0.0.12 <=3.46.0.1)

ai.h2o:h2o-core MAVEN version =3.0.0.12, =3.34.0.1, =3.0.0.5, =3.0.0.5, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.1 and more Source cves: CVE-2026-3960 Source advisory: SNYK:JAVA-AIH2O-16417170...

@anyauth/design-system (>=0.5.0 <=0.5.1), @anyauth/shared-deps (=0.1.0) +21 more potentially affected by CVE-2026-41321 via @astrojs/cloudflare (>=10.4.2 <=12.6.13)

@astrojs/cloudflare NPM version =10.4.2, =0.5.0, =1.0.10, =1.1.0, =4.3.2, =1.11.0, =0.0.0-add-workerconfig-to-context--20250905094004-b98e1fec-20250905074005, =0.1.0, =3.0.0, =1.1.0, =0.1.2, =1.0.1, =1.0.4 and more Source cves: CVE-2026-41321 Source advisory: OSV:GHSA-88GM-J2WX-58H6...

adoc (>=0.1.0 <=0.1.5), adr (>=0.4.0 <=0.4.1) +231 more potentially affected by CVE-2026-41205 via mako (>=1.0.1 <=1.3.10)

mako PYPI version =1.0.1, =0.1.0, =0.4.0, =0.1.0, =1.0.4, =0.0.1, =0.7.0, =1.0.1, =0.1.2, =0.1.0, =0.3.24, =0.1.0, =0.1.1, =0.1.6 and more Source cves: CVE-2026-41205 Source advisory: OSV:PYSEC-2026-88...

companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3), corporateai (=2026.328.0-canary.0) +3 more potentially affected by CVE-2026-41679 via @paperclipai/server (>=2026.318.0-canary.0 <=2026.416.0-canary.1)

@paperclipai/server NPM version =2026.318.0-canary.0, =2026.324.0-canary.0, =2026.3.17-canary.3, =0.6.5, =0.6.6 Source cves: CVE-2026-41679 Source advisory: SNYK:JS-PAPERCLIPAISERVER-16189082...

companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3), corporateai (=2026.328.0-canary.0) +3 more potentially affected by CVE-2026-41208 via @paperclipai/server (>=2026.318.0-canary.0 <=2026.416.0-canary.1)

@paperclipai/server NPM version =2026.318.0-canary.0, =2026.324.0-canary.0, =2026.3.17-canary.3, =0.6.5, =0.6.6 Source cves: CVE-2026-41208 Source advisory: SNYK:JS-PAPERCLIPAISERVER-16323184...

@alialf/cc-switch (>=1.0.0 <=1.0.1), codex-copilot-dx (>=0.1.0 <=0.1.6) potentially affected by CVE-2026-6874 via copilot-api (=0.7.0)

copilot-api NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on copilot-api and may be impacted: - @alialf/cc-switch =1.0.0, =0.1.0, =0.1.6 Source cves: CVE-2026-6874 Source advisory: SNYK:JS-COPILOTAPI-16321518...

@chocolatey-software/astro (=2.7.0), astro-service-worker (=0.0.1) potentially affected by CVE-2026-41322 via @astrojs/node (>=0.1.6 <=10.0.4)

@astrojs/node NPM version =0.1.6, =10.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @astrojs/node and may be impacted: - @chocolatey-software/astro =2.7.0 - astro-service-worker =0.0.1 Source cves: CVE-2026-41322 Source advisory:...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.1), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.1) +44 more potentially affected by CVE-2026-3960 via ai.h2o:h2o-core (>=0.1.9 <=3.46.0.1)

ai.h2o:h2o-core MAVEN version =0.1.9, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.1 and more Source cves: CVE-2026-3960 Source advisory: OSV:GHSA-QMCV-HH7C-3M56...

ADuCM302x (=0.1.0), Icarus-nrf9160-bsp (=0.0.0) +1583 more potentially affected by unknown CVE via bare-metal (>=0.1.3 <=1.0.0)

bare-metal CARGO version =0.1.3, =0.1.0, =0.1.0, =0.1.2 - PY32L020xx-pac =0.1.0 - PY32T020xx-pac =0.1.0 - PY32c610xx-pac =0.1.0 - PY32c611xx-pac =0.1.0 - PY32c640xx-pac =0.1.0 - PY32c641xx-pac =0.1.0 - PY32c670xx-pac =0.1.0 - PY32f001xx-pac =0.1.0 - PY32f002axx-pac =0.1.0 - PY32f002bxx-pac =0.1.0...

org.apache.httpcomponents.client5:httpclient5-cache (=5.6-alpha1), org.apache.httpcomponents.client5:httpclient5-fluent (=5.6-alpha1) +2 more potentially affected by CVE-2026-40542 via org.apache.httpcomponents.client5:httpclient5 (=5.6-alpha1)

org.apache.httpcomponents.client5:httpclient5 MAVEN version =5.6-alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.httpcomponents.client5:httpclient5 and may be impacted: - org.apache.httpcomponents.client5:httpclient5-cache =5.6-alpha1...

trinity-rft (>=0.1.0 <=0.5.2) potentially affected by CVE-2026-6878 via verl (>=0.3.0.post1 <=0.7.1)

verl PYPI version =0.3.0.post1, =0.1.0, =0.5.2 Source cves: CVE-2026-6878 Source advisory: OSV:GHSA-H57C-V2V3-5V3V...

@alialf/cc-switch (>=1.0.0 <=1.0.1), codex-copilot-dx (>=0.1.0 <=0.1.6) potentially affected by CVE-2026-6874 via copilot-api (=0.7.0)

copilot-api NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on copilot-api and may be impacted: - @alialf/cc-switch =1.0.0, =0.1.0, =0.1.6 Source cves: CVE-2026-6874 Source advisory: OSV:GHSA-3VR4-CVMG-7FX4...

trinity-rft (>=0.1.0 <=0.5.2) potentially affected by CVE-2026-6878 via verl (>=0.3.0.post1 <=0.7.1)

verl PYPI version =0.3.0.post1, =0.1.0, =0.5.2 Source cves: CVE-2026-6878 Source advisory: SNYK:PYTHON-VERL-16635277...

ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-boot (>=4.5.0 <=4.6.0) +4976 more potentially affected by CVE-2026-40974 via org.springframework.boot:spring-boot-autoconfigure (>=4.0.0-M1 <=4.0.5)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40974 Source advisory:...

com.jayxu:demo (>=0.10.0 <=0.11.0), com.okta.spring.examples:okta-spring-boot-hosted-code-flow-example (>=3.0.9 <=3.1.0) +8 more potentially affected by CVE-2026-40972 via org.springframework.boot:spring-boot-devtools (>=4.0.1 <=4.0.3)

org.springframework.boot:spring-boot-devtools MAVEN version =4.0.1, =0.10.0, =3.0.9, =3.0.9, =3.0.9, =3.0.9, =2.0.0, =2.1.1 - de.tschuehly:spring-view-component-thymeleaf =0.9.1 - io.stereov.singularity:core =1.10.6 - org.flowable:flowable-app-rest =8.0.0 - se.swedenconnect.bankid:bankid-idp =1.3...

com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-rag-elasticsearch (=2.0.0-M1.1), com.alibaba.cloud.ai:spring-ai-alibaba-rag (=2.0.0-M1.1) +42 more potentially affected by CVE-2026-40970 via org.springframework.boot:spring-boot-elasticsearch (>=4.0.0-M1 <=4.0.5)

org.springframework.boot:spring-boot-elasticsearch MAVEN version =4.0.0-M1, =2.0.0-alpha3, =0.1.0, =2025.12, =2026.04 - io.github.vsvyatski:content-fs-spring-boot-starter =4.0.0 - io.github.vsvyatski:content-jpa-spring-boot-starter =4.0.0 - io.github.vsvyatski:content-mongo-spring-boot-starter...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +20894 more potentially affected by CVE-2026-40975 via org.springframework.boot:spring-boot (>=3.0.0 <=3.5.13)

org.springframework.boot:spring-boot MAVEN version =3.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-boot (>=4.5.0 <=4.6.0) +4976 more potentially affected by CVE-2026-40971 via org.springframework.boot:spring-boot-autoconfigure (>=4.0.0-M1 <=4.0.5)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40971 Source advisory:...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +17814 more potentially affected by CVE-2026-40971 via org.springframework.boot:spring-boot-autoconfigure (>=3.2.0 <=3.5.13)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =3.2.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

br.com.m4rc310:br-com-m4rc310-core-graphql (>=1.0.2 <=1.0.18), br.com.m4rc310:br-com-m4rc310-core-gtim (>=1.0.4 <=1.0.18) +119 more potentially affected by CVE-2026-40972 via org.springframework.boot:spring-boot-devtools (>=3.0.0 <=3.5.11)

org.springframework.boot:spring-boot-devtools MAVEN version =3.0.0, =1.0.2, =1.0.4, =1.0.2, =1.0.16, =1.0.2, =1.0.4, =1.0.2, =1.0.18, =1.0.2, =1.0.2, =1.0.11, =0.0.11, =3.0.0, =4.0.0, =4.0.0-M1 and more Source cves: CVE-2026-40972 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-16191381...