See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Cross-site Request Forgery (CSRF)CVE-2026-34383
Affects admidio/admidio | Versions <5.0.8
Has fix
ComposerPublished 1 Apr 2026
- H
Access Control BypassCVE-2026-34381
Affects admidio/admidio | Versions >=5.0-Beta.1, <5.0.8
Has fix
ComposerPublished 1 Apr 2026
- H
PHP Remote File InclusionCVE-2026-34036
Affects dolibarr/dolibarr | Versions <23.0.0
Has fix
ComposerPublished 31 Mar 2026
- M
Incorrect AuthorizationCVE-2026-33884
Affects statamic/cms | Versions <5.73.16>=6.0.0-alpha.1, <6.7.2
Has fix
ComposerPublished 31 Mar 2026
- M
Open RedirectCVE-2026-33885
Affects statamic/cms | Versions <5.73.16>=6.0.0.alpha.1, <6.7.2
Has fix
ComposerPublished 31 Mar 2026
- H
Incorrect AuthorizationCVE-2026-33882
Affects statamic/cms | Versions <5.73.16>=6.0.0-alpha.1, <6.7.2
Has fix
ComposerPublished 31 Mar 2026
- M
Incorrect AuthorizationCVE-2026-33886
Affects statamic/cms | Versions >=5.73.12, <5.73.16>=6.5.0, <6.7.2
Has fix
ComposerPublished 31 Mar 2026
- M
Missing AuthorizationCVE-2026-33887
Affects statamic/cms | Versions <5.73.16>=6.0.0-alpha.1, <6.7.2
Has fix
ComposerPublished 31 Mar 2026
Affects craftcms/cms | Versions >=4.0.0-RC1, <4.17.8>=5.0.0-RC1, <5.9.14
Has fix
ComposerPublished 31 Mar 2026
- H
Command InjectionCVE-2026-30877
Affects baserproject/baser-core | Versions <5.2.3
Has fix
ComposerPublished 31 Mar 2026
- M
Cross-site Scripting (XSS)CVE-2026-33883
Affects statamic/cms | Versions <5.73.16>=6.0.0-alpha.1, <6.7.2
Has fix
ComposerPublished 31 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-34375
Affects wwbn/avideo | Versions <29.0
Has fix
ComposerPublished 30 Mar 2026
- M
Missing AuthorizationCVE-2026-34369
Affects wwbn/avideo | Versions <29.0
Has fix
ComposerPublished 30 Mar 2026
- M
Incorrect AuthorizationCVE-2026-34364
Affects wwbn/avideo | Versions <29.0
Has fix
ComposerPublished 30 Mar 2026
- M
Race ConditionCVE-2026-34368
Affects wwbn/avideo | Versions <29.0
Has fix
ComposerPublished 30 Mar 2026
- M
Insufficient Session ExpirationCVE-2026-34362
Affects wwbn/avideo | Versions <29.0
Has fix
ComposerPublished 30 Mar 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-33541
Affects miraheze/ts-portal | Versions <34.0
Has fix
ComposerPublished 30 Mar 2026
- M
Missing AuthorizationCVE-2026-34247
Affects wwbn/avideo | Versions <29.0
Has fix
ComposerPublished 30 Mar 2026
- M
Missing AuthorizationCVE-2026-34245
Affects wwbn/avideo | Versions <29.0
Has fix
ComposerPublished 30 Mar 2026
- H
SQL InjectionCVE-2024-58341
Affects opencart/opencart | Versions >=4.0.2.3, <4.1.0.0
Has fix
ComposerPublished 28 Mar 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-33182
Affects saloonphp/saloon | Versions <4.0.0
Has fix
ComposerPublished 28 Mar 2026
- M
Directory TraversalCVE-2026-33183
Affects saloonphp/saloon | Versions <4.0.0
Has fix
ComposerPublished 28 Mar 2026
- C
Deserialization of Untrusted DataCVE-2026-33942
Affects saloonphp/saloon | Versions <4.0.0
Has fix
ComposerPublished 28 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-33673
Affects prestashop/prestashop | Versions <8.2.5>=9.0.0-alpha.1, <9.1.0
Has fix
ComposerPublished 28 Mar 2026
- L
Improper Use of Validation FrameworkCVE-2026-33674
Affects prestashop/prestashop | Versions <8.2.5>=9.0.0-alpha.1, <9.1.0
Has fix
ComposerPublished 28 Mar 2026
- H
User ImpersonationCVE-2026-33661
Affects yansongda/pay | Versions <3.7.20
Has fix
ComposerPublished 28 Mar 2026
- H
Improper Check for Unusual or Exceptional ConditionsCVE-2026-29905
Affects getkirby/cms | Versions <5.2.0-rc.1
Has fix
ComposerPublished 28 Mar 2026
- C
Cleartext Storage of Sensitive InformationCVE-2026-33867
Affects wwbn/avideo | Versions <29.0
Has fix
ComposerPublished 27 Mar 2026
- M
Missing AuthorizationCVE-2026-33761
Affects wwbn/avideo | Versions <29.0
Has fix
ComposerPublished 27 Mar 2026