See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Server-side Request Forgery (SSRF)CVE-2026-21293
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Cross-site Scripting (XSS)CVE-2026-21292
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- H
Incorrect AuthorizationCVE-2026-21289
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Incorrect AuthorizationCVE-2026-21285
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-21290
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-21284
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Incorrect AuthorizationCVE-2026-21286
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Cross-site Scripting (XSS)CVE-2026-32612
Affects statamic/cms | Versions >=6.0.0-alpha.1, <6.6.2
Has fix
ComposerPublished 16 Mar 2026
- M
Missing AuthorizationCVE-2026-3906
Affects johnpbloch/wordpress-core | Versions >=6.9.0, <6.9.2
Has fix
ComposerPublished 15 Mar 2026
- M
Incorrect AuthorizationCVE-2026-21297
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 15 Mar 2026
- H
Improper Validation of Integrity Check ValueCVE-2026-32600
Affects simplesamlphp/xml-security | Versions <2.3.1
Has fix
ComposerPublished 15 Mar 2026
- M
Improper Validation of Integrity Check ValueCVE-2026-32313
Affects robrichards/xmlseclibs | Versions <3.1.5
Has fix
ComposerPublished 15 Mar 2026
- H
SQL InjectionCVE-2025-56421
Affects limesurvey/limesurvey | Versions <6.15.4
Has fix
ComposerPublished 13 Mar 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-27591
Affects winter/wn-backend-module | Versions <1.2.12
Has fix
ComposerPublished 13 Mar 2026
- M
Information ExposureCVE-2026-31888
Affects shopware/core | Versions <6.6.10.15>=6.7.0.0, <6.7.8.1
Has fix
ComposerPublished 13 Mar 2026
- H
Incorrect AuthorizationCVE-2026-31887
Affects shopware/core | Versions <6.6.10.15>=6.7.0.0, <6.7.8.1
Has fix
ComposerPublished 13 Mar 2026
- H
User ImpersonationCVE-2026-31889
Affects shopware/platform | Versions <6.6.10.15>=6.7.0.0, <6.7.8.1
Has fix
ComposerPublished 13 Mar 2026
- H
User ImpersonationCVE-2026-31889
Affects shopware/core | Versions <6.6.10.15>=6.7.0.0, <6.7.8.1
Has fix
ComposerPublished 13 Mar 2026
- H
Unverified OwnershipCVE-2026-29788
Affects miraheze/ts-portal | Versions <30.0.0
Has fix
ComposerPublished 12 Mar 2026
- M
Open RedirectCVE-2026-31819
Affects sylius/sylius | Versions <1.9.12>=1.10.0-alpha.1, <1.10.16>=1.11.0-alpha.1, <1.11.17>=1.12.0-alpha.1, <1.12.23>=1.13.0-alpha.1, <1.13.15>=1.14.0-alpha.1, <1.14.18>=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
- H
Authorization Bypass Through User-Controlled KeyCVE-2026-31820
Affects sylius/sylius | Versions >=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
Affects sylius/sylius | Versions <1.9.12>=1.10.0-alpha.1, <1.10.16>=1.11.0-alpha.1, <1.11.17>=1.12.0-alpha.1, <1.12.23>=1.13.0-alpha.1, <1.13.15>=1.14.0-alpha.1, <1.14.18>=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
- M
Cross-site Scripting (XSS)CVE-2026-31823
Affects sylius/sylius | Versions >=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
- H
Time-of-check Time-of-use (TOCTOU) Race ConditionCVE-2026-31824
Affects sylius/sylius | Versions <1.9.12>=1.10.0-alpha.1, <1.10.16>=1.11.0-alpha.1, <1.11.17>=1.12.0-alpha.1, <1.12.23>=1.13.0-alpha.1, <1.13.15>=1.14.0-alpha.1, <1.14.18>=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
- M
Cross-site Scripting (XSS)CVE-2026-31822
Affects sylius/sylius | Versions >=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
- M
Missing AuthorizationCVE-2026-31821
Affects sylius/sylius | Versions >=2.0.0-alpha.1, <2.0.16>=2.1.0, <2.1.12>=2.2.0, <2.2.3
Has fix
ComposerPublished 11 Mar 2026
Affects grumpydictator/firefly-iii | Versions >=6.4.23, <6.5.4
Has fix
ComposerPublished 11 Mar 2026
Affects azuracast/azuracast | Versions <0.23.4
Has fix
ComposerPublished 11 Mar 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-30927
Affects admidio/admidio | Versions <5.0.6
Has fix
ComposerPublished 11 Mar 2026
- M
Cross-site Scripting (XSS)CVE-2026-30913
Affects flarum/nicknames | Versions <1.8.3
Has fix
ComposerPublished 11 Mar 2026