See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Cross-site Request Forgery (CSRF)CVE-2016-20054
Affects khodakhah/nodcms | Versions >=0.0.0
Has fix
ComposerPublished 19 Apr 2026
- H
PHP Remote File InclusionCVE-2026-41228
Affects froxlor/froxlor | Versions <2.3.6
Has fix
ComposerPublished 19 Apr 2026
- M
Incorrect AuthorizationCVE-2026-41232
Affects froxlor/froxlor | Versions <2.3.6
Has fix
ComposerPublished 19 Apr 2026
- H
Symlink AttackCVE-2026-41231
Affects froxlor/froxlor | Versions <2.3.6
Has fix
ComposerPublished 19 Apr 2026
- M
Incorrect AuthorizationCVE-2026-41233
Affects froxlor/froxlor | Versions <2.3.6
Has fix
ComposerPublished 19 Apr 2026
- H
CRLF InjectionCVE-2026-41230
Affects froxlor/froxlor | Versions <2.3.6
Has fix
ComposerPublished 19 Apr 2026
- H
Arbitrary Code InjectionCVE-2026-41229
Affects froxlor/froxlor | Versions <2.3.6
Has fix
ComposerPublished 19 Apr 2026
- H
Command InjectionCVE-2026-41304
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 19 Apr 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-40500
Affects processwire/processwire | Versions >=0.0.0
Has fix
ComposerPublished 19 Apr 2026
- M
Cross-site Scripting (XSS)CVE-2026-40479
Affects kimai/kimai | Versions <2.53.0
Has fix
ComposerPublished 19 Apr 2026
Affects kimai/kimai | Versions <2.53.0
Has fix
ComposerPublished 19 Apr 2026
Affects pocketmine/pocketmine-mp | Versions <5.42.1
Has fix
ComposerPublished 19 Apr 2026
- M
Cross-site Scripting (XSS)CVE-2026-41063
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 19 Apr 2026
- H
Command InjectionCVE-2026-41064
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 19 Apr 2026
- M
Directory TraversalCVE-2026-41058
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 19 Apr 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-41055
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 19 Apr 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-41130
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.17.9>=5.0.0-RC1, <5.9.15
Has fix
ComposerPublished 19 Apr 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-41129
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.17.9>=5.0.0-RC1, <5.9.15
Has fix
ComposerPublished 19 Apr 2026
- M
Missing AuthorizationCVE-2026-41128
Affects craftcms/cms | Versions >=5.6.0, <5.9.15
Has fix
ComposerPublished 19 Apr 2026
- M
HTTP Response SplittingCVE-2026-39971
Affects s9y/serendipity | Versions <2.6.0
Has fix
ComposerPublished 19 Apr 2026
Affects s9y/serendipity | Versions <2.6.0
Has fix
ComposerPublished 19 Apr 2026
- M
Incorrect AuthorizationCVE-2026-24749
Affects silverstripe/assets | Versions <2.4.5>=3.0.0-alpha1, <3.1.3
Has fix
ComposerPublished 19 Apr 2026
- H
Directory TraversalCVE-2026-41062
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 15 Apr 2026
- M
Cross-site Scripting (XSS)CVE-2026-41061
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 15 Apr 2026
- M
Cross-site Request Forgery (CSRF)CVE-2026-40928
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 15 Apr 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-41060
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 15 Apr 2026
- H
Permissive Cross-domain Policy with Untrusted DomainsCVE-2026-41056
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 15 Apr 2026
- H
Origin Validation ErrorCVE-2026-41057
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 15 Apr 2026
- H
Cross-site Request Forgery (CSRF)CVE-2026-40925
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 15 Apr 2026
- H
Directory TraversalCVE-2026-40909
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 15 Apr 2026