See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Incorrect Regular ExpressionCVE-2026-45065
Affects symfony/symfony | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.4.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
- H
Incorrect Regular ExpressionCVE-2026-45065
Affects symfony/routing | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.4.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
Affects symfony/yaml | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
- M
Regular Expression Denial of Service (ReDoS)CVE-2026-45305
Affects symfony/yaml | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
- H
Uncontrolled RecursionCVE-2026-45133
Affects symfony/yaml | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
- M
CRLF InjectionCVE-2026-45067
Affects symfony/mime | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
- M
CRLF InjectionCVE-2026-45070
Affects symfony/mime | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 22 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-45072
Affects symfony/symfony | Versions >=6.4.24, <6.4.40>=7.2.9, <7.4.12>=8.0.0, <8.0.12
Has fix
ComposerPublished 22 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-45072
Affects symfony/twig-bridge | Versions >=6.4.24, <6.4.40
Has fix
ComposerPublished 22 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-45072
Affects symfony/web-profiler-bundle | Versions >=7.2.9, <7.4.12>=8.0.0, <8.0.12
Has fix
ComposerPublished 22 May 2026
- M
SQL InjectionCVE-2026-45073
Affects symfony/symfony | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 21 May 2026
- M
SQL InjectionCVE-2026-45073
Affects symfony/cache | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 21 May 2026
- H
Incorrect AuthorizationCVE-2026-45075
Affects symfony/symfony | Versions >=7.4.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 21 May 2026
- H
Incorrect AuthorizationCVE-2026-45075
Affects symfony/security-http | Versions >=7.4.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 21 May 2026
- H
Incorrect AuthorizationCVE-2026-45075
Affects symfony/http-kernel | Versions >=7.4.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 21 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-46627
Affects twig/twig | Versions <3.26.0
Has fix
ComposerPublished 20 May 2026
- L
Incorrect AuthorizationCVE-2026-24425
Affects twig/twig | Versions >=3.9.0, <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Incorrect AuthorizationCVE-2026-46635
Affects twig/twig | Versions <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Incorrect AuthorizationCVE-2026-46639
Affects twig/twig | Versions >=3.24.0, <3.26.0
Has fix
ComposerPublished 20 May 2026
- C
Arbitrary Code InjectionCVE-2026-46640
Affects twig/twig | Versions >=3.15.0, <3.26.0
Has fix
ComposerPublished 20 May 2026
- C
Arbitrary Code InjectionCVE-2026-46633
Affects twig/twig | Versions <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Incorrect AuthorizationCVE-2026-46638
Affects twig/twig | Versions <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Incorrect AuthorizationCVE-2026-46634
Affects twig/twig | Versions >=3.9.0, <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Incorrect AuthorizationCVE-2026-47732
Affects twig/twig | Versions <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-46628
Affects twig/twig | Versions <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-47730
Affects twig/twig | Versions >=3.0.0, <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Allocation of Resources Without Limits or ThrottlingCVE-2026-45802
Affects setasign/fpdi | Versions <2.6.7
Has fix
ComposerPublished 20 May 2026
- M
Missing AuthorizationCVE-2026-46337
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 20 May 2026
- M
Missing AuthorizationCVE-2026-32312
Affects glpi/glpi | Versions >=11.0.0, <11.0.7
Has fix
ComposerPublished 19 May 2026
Affects verbb/formie | Versions <2.2.20>=3.0.0-beta.1, <3.1.24
Has fix
ComposerPublished 19 May 2026