See the full list of npm packages compromised in the "Node-gyp Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Incorrect AuthorizationCVE-2026-46638
Affects twig/twig | Versions <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Incorrect AuthorizationCVE-2026-46634
Affects twig/twig | Versions >=3.9.0, <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Incorrect AuthorizationCVE-2026-47732
Affects twig/twig | Versions <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-46628
Affects twig/twig | Versions <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-47730
Affects twig/twig | Versions >=3.0.0, <3.26.0
Has fix
ComposerPublished 20 May 2026
- M
Allocation of Resources Without Limits or ThrottlingCVE-2026-45802
Affects setasign/fpdi | Versions <2.6.7
Has fix
ComposerPublished 20 May 2026
- M
Missing AuthorizationCVE-2026-46337
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 20 May 2026
- M
Missing AuthorizationCVE-2026-32312
Affects glpi/glpi | Versions >=11.0.0, <11.0.7
Has fix
ComposerPublished 19 May 2026
Affects verbb/formie | Versions <2.2.20>=3.0.0-beta.1, <3.1.24
Has fix
ComposerPublished 19 May 2026
- M
Use of a Broken or Risky Cryptographic AlgorithmCVE-2026-45701
Affects sulu/sulu | Versions <2.6.23>=3.0.0-alpha1, <3.0.6
Has fix
ComposerPublished 19 May 2026
Affects sulu/sulu | Versions <2.6.23>=3.0.0-alpha1, <3.0.6
Has fix
ComposerPublished 19 May 2026
- H
External Control of File Name or PathCVE-2026-45139
Affects ci4-cms-erp/ci4ms | Versions <0.31.9.0
Has fix
ComposerPublished 19 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-45270
Affects ci4-cms-erp/ci4ms | Versions <0.31.9.0
Has fix
ComposerPublished 19 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-45138
Affects ci4-cms-erp/ci4ms | Versions <0.31.9.0
Has fix
ComposerPublished 19 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-45660
Affects statamic/cms | Versions <5.73.22>=6.0.0-alpha.1, <6.18.1
Has fix
ComposerPublished 19 May 2026
- M
Directory TraversalCVE-2026-45731
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 19 May 2026
- M
Improper AuthorizationCVE-2026-45620
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 19 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-23695
Affects cockpit-hq/cockpit | Versions >=0.0.0
Has fix
ComposerPublished 17 May 2026
- H
Command InjectionCVE-2026-45578
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 15 May 2026
- M
Cross-site Request Forgery (CSRF)CVE-2026-45610
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 15 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-45580
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 15 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-45619
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 15 May 2026
- H
Authorization Bypass Through User-Controlled KeyCVE-2026-44692
Affects code16/sharp | Versions <9.22.0
Has fix
ComposerPublished 15 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-41147
Affects nukeviet/nukeviet | Versions <4.5.08
Has fix
ComposerPublished 15 May 2026
- H
Directory TraversalCVE-2026-46491
Affects simplesamlphp/simplesamlphp-module-casserver | Versions <7.0.3
Has fix
ComposerPublished 15 May 2026
- M
Open RedirectCVE-2025-65954
Affects simplesamlphp/simplesamlphp-module-casserver | Versions <6.3.1>=7.0.0-rc1, <7.0.0
Has fix
ComposerPublished 15 May 2026
- H
Affects composer/composer | Versions <1.10.28>=2.0.0, <2.2.28>=2.3.0, <2.9.8
Has fix
ComposerPublished 15 May 2026
- H
Incorrect AuthorizationCVE-2026-34645
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Denial of Service (DoS)CVE-2026-34649
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026