See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-8466
Affects cowboy | Versions >=2.0.0 <2.15.0
Has fix
hexPublished 15 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-8468
Affects plug | Versions >=1.4.0-rc.0 <1.15.4>=1.16.0 <1.16.3>=1.17.0 <1.17.1>=1.18.0 <1.18.2>=1.19.0 <1.19.2
Has fix
hexPublished 15 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-39803
Affects bandit | Versions >=1.4.0 <1.11.1
Has fix
hexPublished 14 May 2026
- H
Infinite loopCVE-2026-39806
Affects bandit | Versions >=1.6.1 <1.11.1
Has fix
hexPublished 14 May 2026
- H
SQL InjectionCVE-2026-40906
Affects electric | Versions >=1.1.12 <1.5.0
Has fix
hexPublished 11 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-32689
Affects phoenix | Versions >=1.7.0 <1.7.22>=1.8.0 <1.8.6
Has fix
hexPublished 6 May 2026
- M
Reliance on Untrusted Inputs in a Security DecisionCVE-2026-39807
Affects bandit | Versions >=1.0.0 <1.11.0
Has fix
hexPublished 3 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-39804
Affects bandit | Versions >=0.5.9 <1.11.0
Has fix
hexPublished 3 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-42786
Affects bandit | Versions >=0.5.1 <1.11.0
Has fix
hexPublished 3 May 2026
- M
Allocation of Resources Without Limits or ThrottlingCVE-2026-42788
Affects bandit | Versions >=3.0.0 <1.11.0
Has fix
hexPublished 3 May 2026
- M
HTTP Request SmugglingCVE-2026-39805
Affects bandit | Versions >=0.6.4 <1.11.0
Has fix
hexPublished 3 May 2026
- C
Allocation of Resources Without Limits or ThrottlingCVE-2026-34593
Affects ash | Versions <3.22.0
Has fix
hexPublished 7 Apr 2026
- M
Improper Verification of Cryptographic SignatureCVE-2025-68113
Affects altcha | Versions <1.0.0
Has fix
hexPublished 17 Dec 2025
- H
Incorrect AuthorizationCVE-2025-48044
Affects ash | Versions >=3.6.3 <3.7.1
Has fix
hexPublished 20 Oct 2025
- H
Incorrect AuthorizationCVE-2025-48043
Affects ash | Versions <3.6.2
Has fix
hexPublished 13 Oct 2025
- H
Incorrect AuthorizationCVE-2025-48042
Affects ash | Versions <3.5.39
Has fix
hexPublished 15 Sept 2025
- L
Missing Release of Resource after Effective LifetimeCVE-2025-3864
Affects hackney | Versions <1.24.0
Has fix
hexPublished 29 May 2025
- M
Missing Authentication for Critical FunctionCVE-2025-32782
Affects ash_authentication | Versions <4.7.0
Has fix
hexPublished 21 Apr 2025
- M
Improper Privilege ManagementCVE-2025-25202
Affects ash_authentication | Versions >=4.1.0 <4.4.9
Has fix
hexPublished 13 Feb 2025
- M
Server-side Request Forgery (SSRF)CVE-2025-1211
Affects hackney | Versions <1.21.0
Has fix
hexPublished 10 Feb 2025
- M
Files or Directories Accessible to External PartiesCVE-2024-49756
Affects ash_postgres | Versions <2.4.10
Has fix
hexPublished 24 Oct 2024
- H
Insufficient Verification of Data AuthenticityCVE-2019-1000013
Affects hex_core | Versions <0.4.0
Has fix
hexPublished 2 May 2024
- M
Origin Validation ErrorCVE-2022-42975
Affects phoenix | Versions <1.6.14
Has fix
hexPublished 9 Apr 2024
- H
Denial of Service (DoS)CVE-2019-11287
Affects rabbit_common | Versions >=3.7.0 <3.7.21>=3.8.0 <3.8.1
Has fix
hexPublished 9 Apr 2024
- M
Affects oidcc | Versions >=3.0.0 <3.0.2>=3.1.0 <3.1.2>=3.2.0-beta.1 <3.2.0-beta.3
Has fix
hexPublished 5 Apr 2024
- M
Insufficient Session ExpirationCVE-2024-25718
Affects samly | Versions <1.4.0
Has fix
hexPublished 12 Feb 2024
- M
Denial of Service (DoS)CVE-2023-46118
Affects rabbit_common | Versions <3.11.24>=3.12.0-rc.1 <3.12.7
Has fix
hexPublished 20 Nov 2023