@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.5.5) +207 more potentially affected by CVE-2026-39407 via hono (>=4.0.0 <=4.12.10)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =2026.4.4, =1.0.2, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =1.0.1-beta.0, =1.0.1-beta.7 and more Source cves: CVE-2026-39407 Source advisory: SNYK:JS-HONO-15928824...

@activepieces/piece-ai (>=0.3.1 <=0.3.4), @aikotools/repo-maintenance (>=1.0.2 <=1.7.0) +253 more potentially affected by CVE-2026-39406 via @hono/node-server (>=1.0.2 <=1.19.12)

@hono/node-server NPM version =1.0.2, =0.3.1, =1.0.2, =1.0.25-beta.0, =0.0.1, =0.36.0, =0.0.1, =0.0.1-experimental.1, =0.0.3, =1.0.1, =1.3.2, =0.2.305, =0.21.2-4.1, =0.0.0-beta-20241019152753, =0.13.0 and more Source cves: CVE-2026-39406 Source advisory: SNYK:JS-HONONODESERVER-15928840...

@activepieces/piece-ai (>=0.3.1 <=0.3.4), @aikotools/repo-maintenance (>=1.0.2 <=1.7.0) +260 more potentially affected by CVE-2026-39406 via @hono/node-server (>=0.2.4 <=1.19.12)

@hono/node-server NPM version =0.2.4, =0.3.1, =1.0.2, =1.0.25-beta.0, =0.0.1, =0.29.3, =0.36.0, =0.0.1, =0.0.1-experimental.1, =0.0.3, =1.0.1, =1.3.2, =0.2.305, =1.0.0 - @bojanrajkovic/mcp-paprika =1.1.0 and more Source cves: CVE-2026-39406 Source advisory: OSV:GHSA-92PP-H63X-V22M...

alastria-auth (>=0.0.3 <=0.0.17), alastria-identity (>=0.2.0 <=0.4.0) +61 more potentially affected by CVE-2026-39373 via jwcrypto (>=0.4.0 <=1.5.6)

jwcrypto PYPI version =0.4.0, =0.0.3, =0.2.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.11.0rc1, =0.4.0a0, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0.2, =0.1.0.8 and more Source cves: CVE-2026-39373 Source advisory: OSV:GHSA-FJRM-76X2-C4Q4...

aleph-client (>=1.0.0 <=1.9.3), aleph-sdk-python (>=1.0.0 <=2.3.4) +43 more potentially affected by CVE-2024-28102 +1 more via jwcrypto (>=1.0.0 <=1.5.6)

jwcrypto PYPI version =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.11.0rc1, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =3.41.0, =0.0.0.1, =0.1.7, =2.5.0, =3.0.0 and more Source cves: CVE-2024-28102, CVE-2026-39373 Source advisory: SNYK:PYTHON-JWCRYPTO-15928841...

0xble (>=21.4.1 <=22.1.2), 5e-srd-tools (>=0.0.4 <=0.0.34) +2122 more potentially affected by CVE-2026-39356 via drizzle-orm (>=0.11.6 <=0.45.1)

drizzle-orm NPM version =0.11.6, =21.4.1, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =1.0.10, =0.22.5, =0.1.0, =1.16.47, =1.16.47, =0.19.0, =1.0.0, =1.0.0, =0.0.6, =1.1.1-0 - @aeriondyseti/mcp-memory =0.1.0 and more Source cves: CVE-2026-39356 Source advisory: OSV:GHSA-GPJ5-G38J-94V9...

0xble (>=21.4.1 <=22.1.2), @10xsai/ts-serverless (>=0.1.0 <=0.1.1) +1509 more potentially affected by CVE-2026-39356 via drizzle-orm (>=0.37.0 <=0.45.1)

drizzle-orm NPM version =0.37.0, =21.4.1, =0.1.0, =0.1.0, =1.0.10, =0.22.5, =0.1.0, =1.16.47, =1.16.47, =0.19.0, =1.0.0, =0.0.6, =0.1.0, =0.4.2, =0.2.0, =0.14.5 and more Source cves: CVE-2026-39356 Source advisory: SNYK:JS-DRIZZLEORM-16000009...

@openinc/parse-server-opendash (>=4.0.0 <=4.0.11) potentially affected by CVE-2026-39381 via parse-server (>=9.6.0-alpha.37 <=9.7.0)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.11 Source cves: CVE-2026-39381 Source advisory: SNYK:JS-PARSESERVER-15928862...

parse-server-otp-auth-adapter (>=1.0.0 <=1.0.1), parse-server-siwe-auth-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2026-39381 via parse-server (=7.5.4)

parse-server NPM version =7.5.4 is affected by a known vulnerability. The following packages have a transitive dependency on parse-server and may be impacted: - parse-server-otp-auth-adapter =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2026-39381 Source advisory: SNYK:JS-PARSESERVER-15928862...

@openinc/parse-server-opendash (>=4.0.0 <=4.0.11) potentially affected by CVE-2026-39381 via parse-server (>=9.6.0-alpha.37 <=9.7.0)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.11 Source cves: CVE-2026-39381 Source advisory: OSV:GHSA-G4V2-QX3Q-4P64...

parse-server-otp-auth-adapter (>=1.0.0 <=1.0.1), parse-server-siwe-auth-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2026-39381 via parse-server (=7.5.4)

parse-server NPM version =7.5.4 is affected by a known vulnerability. The following packages have a transitive dependency on parse-server and may be impacted: - parse-server-otp-auth-adapter =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2026-39381 Source advisory: OSV:GHSA-G4V2-QX3Q-4P64...

@openinc/parse-server-opendash (>=4.0.0 <=4.0.11) potentially affected by CVE-2026-39321 via parse-server (>=9.6.0-alpha.37 <=9.7.0)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.11 Source cves: CVE-2026-39321 Source advisory: SNYK:JS-PARSESERVER-15928859...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-39321 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-39321 Source advisory: OSV:GHSA-MMPQ-5HCV-HF2V...

@openinc/parse-server-opendash (>=4.0.0 <=4.0.11) potentially affected by CVE-2026-39321 via parse-server (>=9.6.0-alpha.37 <=9.7.0)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.11 Source cves: CVE-2026-39321 Source advisory: OSV:GHSA-MMPQ-5HCV-HF2V...

article-extractor (=0.5.8) potentially affected by unknown CVE via justhtml (=1.13.0)

justhtml PYPI version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on justhtml and may be impacted: - article-extractor =0.5.8 Source cves: unknown CVE Source advisory: SNYK:PYTHON-JUSTHTML-15928878...

article-extractor (=0.5.8) potentially affected by unknown CVE via justhtml (=1.13.0)

justhtml PYPI version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on justhtml and may be impacted: - article-extractor =0.5.8 Source cves: unknown CVE Source advisory: OSV:GHSA-R758-8HXW-4845...

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +753 more potentially affected by unknown CVE via litellm (>=0.1.400 <=1.82.6)

litellm PYPI version =0.1.400, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-69X8-HRGQ-FJJ8...

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +734 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.82.6)

litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-15928842...

org.sonatype.nexus.assemblies:nexus-base-overlay (>=3.60.0-02 <=3.70.1-02), org.sonatype.nexus.assemblies:nexus-base-template (>=3.4.0-02 <=3.70.1-02) +39 more potentially affected by CVE-2026-3438 via org.sonatype.nexus:nexus-repository (>=3.0.0-03 <=3.8.0-02)

org.sonatype.nexus:nexus-repository MAVEN version =3.0.0-03, =3.60.0-02, =3.4.0-02, =3.0.0-03, =3.5.0-02, =3.4.0-02, =0.0.1, =3.17.0-01, =0.0.2, =0.0.2, =3.19.0-01, =0.0.3, =1.0.0, =0.0.4, =0.0.2, =0.0.7 and more Source cves: CVE-2026-3438 Source advisory: SNYK:JAVA-ORGSONATYPENEXUS-164...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +57 more potentially affected by unknown CVE via monai (>=0.4.0 <=1.5.1)

monai PYPI version =0.4.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =0.1.0, =1.0.12, =1.2.7 - dicom2hdf =0.9.9 - disjoint-generation =1.0.0 - edge-research-pipeline =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-89GG-P5R5-Q6R4...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +134 more potentially affected by unknown CVE via monai (>=1.0.0 <=1.5.2)

monai PYPI version =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =11.1.0, =0.9.0, =1.0.0, =1.1.0, =0.1.0, =0.0.1, =0.1.0, =2.0.1, =2.2.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-MONAI-15928871...

alastria-auth (>=0.0.3 <=0.0.17), alastria-identity (>=0.2.0 <=0.4.0) +61 more potentially affected by CVE-2026-39373 via jwcrypto (>=0.4.0 <=1.5.6)

jwcrypto PYPI version =0.4.0, =0.0.3, =0.2.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.11.0rc1, =0.4.0a0, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0.2, =0.1.0.8 and more Source cves: CVE-2026-39373 Source advisory: OSV:PYSEC-2026-70...

ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6), ai.telosforge:kimaira-starter-agentic-factory (>=1.2.4 <=1.2.6) +394 more potentially affected by CVE-2026-35568 via io.modelcontextprotocol.sdk:mcp-core (>=0.13.0 <=0.17.2)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =0.13.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.0.1, =0.1.0, =0.3.0, =2.0.0-beta.7, =1.1.0.0, =1.1.0.0, =2.0.0-M1.1 and more Source cves: CVE-2026-35568 Source advisory: SNYK:JAVA-IOMODELCONTEXTPROTOCOLSDK-15928845...

ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6), ai.telosforge:kimaira-starter-agentic-factory (>=1.2.4 <=1.2.6) +447 more potentially affected by CVE-2026-35568 via io.modelcontextprotocol.sdk:mcp-core (>=0.13.0 <=1.0.0-RC3)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =0.13.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.0.1, =0.1.0, =0.3.0, =2.0.0-beta.7, =1.1.0.0, =1.1.0.0, =2.0.0-M1.1 and more Source cves: CVE-2026-35568 Source advisory: OSV:GHSA-8JXR-PR72-R468...

tech.powerjob:powerjob-server-starter (>=4.3.1 <=5.1.1) potentially affected by CVE-2026-5739 via tech.powerjob:powerjob-server-core (>=4.3.1 <=5.1.1)

tech.powerjob:powerjob-server-core MAVEN version =4.3.1, =4.3.1, =5.1.1 Source cves: CVE-2026-5739 Source advisory: SNYK:JAVA-TECHPOWERJOB-15928844...

com.instaclustr:cassandra-ldap-4.1.0 (=1.0.0), com.instaclustr:ic-sstable-tools-4.1.0 (=1.0.0) +12 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=4.1.0 <=4.1.10)

org.apache.cassandra:cassandra-all MAVEN version =4.1.0, =4.1.0, =4.1.0, =4.1.0, =1.0-Beta3, =3.15, =3.15, =4.2 - org.odpi.egeria:open-metadata-assemblies =3.15 Source cves: CVE-2026-32588 Source advisory: OSV:GHSA-QFFM-GF3J-6MVG...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.0 (=3.1.3), com.instaclustr:cassandra-4 (=1.0) +28 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.2)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =1.1.1 - com.instaclustr:ttl-remover-cassandra-4.0.0 =1.0 - com.netflix.priam:priam =4.0.0-alpha9 - com.netflix.priam:priam-cass-extensions =4.0.0-alpha9 - com.netflix.priam:priam-dse-extensions...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.0 (=3.1.3), com.instaclustr:cassandra-4 (=1.0) +28 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.2)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =1.1.1 - com.instaclustr:ttl-remover-cassandra-4.0.0 =1.0 - com.netflix.priam:priam =4.0.0-alpha9 - com.netflix.priam:priam-cass-extensions =4.0.0-alpha9 - com.netflix.priam:priam-dse-extensions...

com.instaclustr:cassandra-ldap-4.1.0 (=1.0.0), com.instaclustr:ic-sstable-tools-4.1.0 (=1.0.0) +12 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=4.1.0 <=4.1.10)

org.apache.cassandra:cassandra-all MAVEN version =4.1.0, =4.1.0, =4.1.0, =4.1.0, =1.0-Beta3, =3.15, =3.15, =4.2 - org.odpi.egeria:open-metadata-assemblies =3.15 Source cves: CVE-2026-32588 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-15954234...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.4), com.instaclustr:ic-sstable-tools-5.0.6 (=1.0.0) +3 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.6)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =5.0.4.0, =5.0.4.0, =3.0.2, =3.0.4 Source cves: CVE-2026-32588 Source advisory: OSV:GHSA-QFFM-GF3J-6MVG...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.4), com.instaclustr:ic-sstable-tools-5.0.6 (=1.0.0) +3 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.6)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =5.0.4.0, =5.0.4.0, =3.0.2, =3.0.4 Source cves: CVE-2026-32588 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-15954234...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.4), com.instaclustr:ic-sstable-tools-5.0.6 (=1.0.0) +3 more potentially affected by CVE-2026-27314 via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.6)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =5.0.4.0, =5.0.4.0, =3.0.2, =3.0.4 Source cves: CVE-2026-27314 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-15954242...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.0 (=3.1.3), com.instaclustr:cassandra-4 (=1.0) +28 more potentially affected by CVE-2026-27315 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.2)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =1.1.1 - com.instaclustr:ttl-remover-cassandra-4.0.0 =1.0 - com.netflix.priam:priam =4.0.0-alpha9 - com.netflix.priam:priam-cass-extensions =4.0.0-alpha9 - com.netflix.priam:priam-dse-extensions...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.4), com.instaclustr:ic-sstable-tools-5.0.6 (=1.0.0) +3 more potentially affected by CVE-2026-27314 via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.6)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =5.0.4.0, =5.0.4.0, =3.0.2, =3.0.4 Source cves: CVE-2026-27314 Source advisory: OSV:GHSA-QXPC-96FQ-WWMG...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +16 more potentially affected by CVE-2026-41407 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.11 and more Source cves: CVE-2026-41407 Source advisory: SNYK:JS-OPENCLAW-15929055...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +16 more potentially affected by CVE-2026-41372 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.11 and more Source cves: CVE-2026-41372 Source advisory: SNYK:JS-OPENCLAW-15928881...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +16 more potentially affected by CVE-2026-41360 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.11 and more Source cves: CVE-2026-41360 Source advisory: SNYK:JS-OPENCLAW-15928882...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +16 more potentially affected by CVE-2026-34426 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.11 and more Source cves: CVE-2026-34426 Source advisory: SNYK:JS-OPENCLAW-15928884...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +16 more potentially affected by CVE-2026-41339 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.11 and more Source cves: CVE-2026-41339 Source advisory: SNYK:JS-OPENCLAW-15928883...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +16 more potentially affected by CVE-2026-41295 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.11 and more Source cves: CVE-2026-41295 Source advisory: SNYK:JS-OPENCLAW-15928887...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +16 more potentially affected by CVE-2026-41298 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.11 and more Source cves: CVE-2026-41298 Source advisory: SNYK:JS-OPENCLAW-15928888...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +16 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.11 and more Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15928885...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.28)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: unknown CVE Source advisory: OSV:GHSA-FQRJ-M88P-QF3V...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by CVE-2026-41346 via openclaw (>=2026.3.22 <=2026.3.28)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-41346 Source advisory: SNYK:JS-OPENCLAW-15929057...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by CVE-2026-41346 via openclaw (>=2026.3.22 <=2026.3.28)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-41346 Source advisory: OSV:GHSA-WWFP-W96M-C6X8...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by CVE-2026-41301 via openclaw (>=2026.3.22 <=2026.3.28)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-41301 Source advisory: OSV:GHSA-H43V-27WG-5MF9...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.28)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15928880...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +14 more potentially affected by CVE-2026-41392 via openclaw (>=0.0.1 <=2026.3.28)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 and more Source cves: CVE-2026-41392 Source advisory: OSV:GHSA-WPC6-37G7-8Q4W...

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2026-24175 via nvidia-pytriton (=0.7.0)

nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2026-24175 Source advisory:...

antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2026-24173 via nvidia-pytriton (=0.7.0)

nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2026-24173 Source advisory:...