See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Missing Release of Resource after Effective LifetimeCVE-2026-39830
Affects golang.org/x/crypto/ssh | Versions <0.52.0
Has fix
GoPublished 22 May 2026
Affects github.com/containerd/containerd/v2 | Versions >=2.0.4 <2.0.9>=2.1.0-beta.0 <2.2.4>=2.3.0-beta.0 <2.3.1
Has fix
GoPublished 22 May 2026
Affects github.com/containerd/containerd/oci | Versions >=1.7.27 <1.7.32>=2.0.4 <2.0.9>=2.1.0-beta.0 <2.2.4>=2.3.0-beta.0 <2.3.1
Has fix
GoPublished 22 May 2026
- H
Improper AuthenticationCVE-2026-39831
Affects github.com/golang/crypto/ssh | Versions <0.52.0
Has fix
GoPublished 22 May 2026
- H
Improper AuthenticationCVE-2026-39831
Affects golang.org/x/crypto/ssh | Versions <0.52.0
Has fix
GoPublished 22 May 2026
- H
Missing Release of Resource after Effective LifetimeCVE-2026-39827
Affects github.com/golang/crypto/ssh | Versions <0.52.0
Has fix
GoPublished 22 May 2026
- H
Missing Release of Resource after Effective LifetimeCVE-2026-39827
Affects golang.org/x/crypto/ssh | Versions <0.52.0
Has fix
GoPublished 22 May 2026
- M
Integer Overflow or WraparoundCVE-2026-39834
Affects github.com/golang/crypto/ssh | Versions <0.52.0
Has fix
GoPublished 22 May 2026
- M
Integer Overflow or WraparoundCVE-2026-39834
Affects golang.org/x/crypto/ssh | Versions <0.52.0
Has fix
GoPublished 22 May 2026
- M
Allocation of Resources Without Limits or ThrottlingCVE-2026-39829
Affects github.com/golang/crypto/ssh | Versions <0.52.0
Has fix
GoPublished 22 May 2026
- M
Allocation of Resources Without Limits or ThrottlingCVE-2026-39829
Affects golang.org/x/crypto/ssh | Versions <0.52.0
Has fix
GoPublished 22 May 2026
- M
Incorrect AuthorizationCVE-2026-6863
Affects www.velocidex.com/golang/velociraptor/api | Versions <0.76.4
Has fix
GoPublished 21 May 2026
- M
Symlink AttackCVE-2026-46703
Affects github.com/boxlite-ai/boxlite/sdks/go | Versions <0.9.0
Has fix
GoPublished 21 May 2026
- H
Improper Isolation or CompartmentalizationCVE-2026-46695
Affects github.com/boxlite-ai/boxlite/sdks/go | Versions <0.9.0
Has fix
GoPublished 21 May 2026
- M
Missing Authentication for Critical FunctionCVE-2026-42283
Affects github.com/loft-sh/devspace/pkg/devspace/server | Versions >=6.3.20 <6.3.21
Has fix
GoPublished 21 May 2026
- M
Incorrect AuthorizationCVE-2026-6863
Affects github.com/velocidex/velociraptor/api | Versions <0.76.4
Has fix
GoPublished 21 May 2026
- H
Insertion of Sensitive Information into Log FileCVE-2026-6347
Affects github.com/mattermost/mattermost-plugin-calls/server | Versions <1.11.2
Has fix
GoPublished 20 May 2026
- M
Incorrect AuthorizationCVE-2026-6342
Affects github.com/mattermost/mattermost-plugin-msteams-devsecops/server | Versions >=0.0.0
Has fix
GoPublished 20 May 2026
- M
Incorrect AuthorizationCVE-2026-4273
Affects github.com/mattermost/mattermost/server/v8/platform/services/remotecluster | Versions >=10.11.0-rc1 <10.11.14-rc1>=11.5.0-rc1 <11.5.2-rc1
Has fix
GoPublished 20 May 2026
- M
Memory Allocation with Excessive Size ValueCVE-2026-6340
Affects github.com/mattermost/mattermost/server/v8/platform/services/docextractor | Versions >=10.11.0-rc1 <10.11.14-rc1>=11.4.0-rc1 <11.4.4>=11.5.0-rc1 <11.5.2-rc3>=11.6.0-rc1 <11.6.0-rc3
Has fix
GoPublished 20 May 2026
Affects github.com/cloudnativelabs/kube-router/v2/pkg/controllers/routing | Versions <2.9.0
Has fix
GoPublished 20 May 2026
Affects github.com/cloudnativelabs/kube-router/v2/pkg/options | Versions <2.9.0
Has fix
GoPublished 20 May 2026
Affects github.com/cloudnativelabs/kube-router/pkg/options | Versions <2.9.0
Has fix
GoPublished 20 May 2026
Affects github.com/cloudnativelabs/kube-router/pkg/controllers/routing | Versions <2.9.0
Has fix
GoPublished 20 May 2026
- M
Incorrect AuthorizationCVE-2026-6341
Affects github.com/mattermost/mattermost-plugin-gitlab/server | Versions <1.12.1-rc1
Has fix
GoPublished 20 May 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-42572
Affects github.com/hatchet-dev/hatchet/api/v1/server/handlers/v1/tasks | Versions <0.83.39
Has fix
GoPublished 20 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-3495
Affects github.com/mattermost/mattermost/server/channels/utils | Versions >=10.11.0-rc1 <10.11.14-rc1>=11.5.0-rc1 <11.5.2-rc1
Has fix
GoPublished 20 May 2026
- H
Improper Certificate ValidationCVE-2025-71261
Affects github.com/harvester/harvester/pkg/controller/master/setting | Versions <1.8.0
Has fix
GoPublished 20 May 2026
- H
Improper Certificate ValidationCVE-2025-71261
Affects github.com/harvester/harvester/pkg/settings | Versions <1.8.0
Has fix
GoPublished 20 May 2026
- L
Authentication Bypass by Primary WeaknessCVE-2026-6334
Affects github.com/mattermost/mattermost/server/channels/app | Versions >=10.11.0-rc1 <10.11.14-rc1>=11.5.0-rc1 <11.5.2-rc1
Has fix
GoPublished 20 May 2026