See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Missing Authentication for Critical FunctionCVE-2026-32266
Affects craftcms/google-cloud | Versions >=2.0.0-beta.1, <2.2.1
Has fix
ComposerPublished 18 Mar 2026
- H
Missing AuthorizationCVE-2026-32268
Affects craftcms/azure-blob | Versions >=2.0.0-beta.1, <2.1.1
Has fix
ComposerPublished 18 Mar 2026
- M
Cross-site Scripting (XSS)CVE-2026-32757
Affects admidio/admidio | Versions <5.0.7
Has fix
ComposerPublished 18 Mar 2026
- M
Cross-site Request Forgery (CSRF)CVE-2026-32755
Affects admidio/admidio | Versions <5.0.7
Has fix
ComposerPublished 18 Mar 2026
- H
Missing AuthorizationCVE-2026-32818
Affects admidio/admidio | Versions >=5.0-Beta.1, <5.0.7
Has fix
ComposerPublished 18 Mar 2026
- H
Missing AuthorizationCVE-2026-32817
Affects admidio/admidio | Versions >=5.0-Beta.1, <5.0.7
Has fix
ComposerPublished 18 Mar 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-32812
Affects admidio/admidio | Versions >=5.0-Beta.1, <5.0.7
Has fix
ComposerPublished 18 Mar 2026
- H
Arbitrary File UploadCVE-2026-32756
Affects admidio/admidio | Versions <5.0.7
Has fix
ComposerPublished 18 Mar 2026
- H
SQL InjectionCVE-2026-32813
Affects admidio/admidio | Versions <5.0.7
Has fix
ComposerPublished 18 Mar 2026
- M
Cross-site Request Forgery (CSRF)CVE-2026-32816
Affects admidio/admidio | Versions >=5.0-Beta.1, <5.0.7
Has fix
ComposerPublished 18 Mar 2026
- H
SQL InjectionCVE-2026-31891
Affects cockpit-hq/cockpit | Versions <2.13.5
Has fix
ComposerPublished 18 Mar 2026
- M
Cross-site Scripting (XSS)CVE-2026-33035
Affects wwbn/avideo | Versions <26.0
Has fix
ComposerPublished 18 Mar 2026
- H
Permissive Cross-domain Policy with Untrusted DomainsCVE-2026-33043
Affects wwbn/avideo | Versions <26.0
Has fix
ComposerPublished 18 Mar 2026
- C
Missing Authentication for Critical FunctionCVE-2026-33038
Affects wwbn/avideo | Versions <26.0
Has fix
ComposerPublished 18 Mar 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-33039
Affects wwbn/avideo | Versions <26.0
Has fix
ComposerPublished 18 Mar 2026
- M
Information ExposureCVE-2026-33041
Affects wwbn/avideo | Versions <26.0
Has fix
ComposerPublished 18 Mar 2026
Affects craftcms/cms | Versions >=3.4.22, <4.17.5>=5.0.0-alpha.1, <5.9.11
Has fix
ComposerPublished 17 Mar 2026
Affects craftcms/cms | Versions >=5.6.0, <5.9.11
Has fix
ComposerPublished 17 Mar 2026
- C
Incorrect AuthorizationCVE-2026-32267
Affects craftcms/cms | Versions >=3.6.0-RC3, <4.17.6>=5.0.0-alpha.1, <5.9.12
Has fix
ComposerPublished 17 Mar 2026
- M
Directory TraversalCVE-2026-32262
Affects craftcms/cms | Versions >=3.0.0-beta.1, <4.17.5>=5.0.0-alpha.1, <5.9.11
Has fix
ComposerPublished 17 Mar 2026
- C
Deserialization of Untrusted DataCVE-2025-56422
Affects limesurvey/limesurvey | Versions <6.15.0
Has fix
ComposerPublished 16 Mar 2026
- L
Open RedirectCVE-2026-21295
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Incorrect AuthorizationCVE-2026-21296
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- L
Incorrect AuthorizationCVE-2026-21359
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- H
Incorrect AuthorizationCVE-2026-21309
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Improper Input ValidationCVE-2026-21310
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-21361
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Directory TraversalCVE-2026-21360
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-21294
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-21311
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026