Vulnerability DB | Snyk

See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].

Find out if you have vulnerabilities that put you at risk

Test your applications

All Vulnerabilities

APPLICATION

Cargo | Rust
Objective-C, CocoaPods | Swift
Composer | PHP
Conan | C/C++
GitHub | Go
Hex | Elixir / Erlang
Maven | Java
npm | JavaScript
NuGet | C#/F#/VB
Pypi | Python
pub | Dart, Flutter
RubyGems | Ruby
Swift Packages | Swift
C/C++

OPERATING SYSTEM

All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi

Report a new vulnerability

C

Remote Code Execution (RCE)CVE-2026-6951

Affects org.webjars.npm:simple-git | Versions [0,]

Has fix

MavenPublished 27 Apr 2026

M

Server-side Request Forgery (SSRF)CVE-2026-42038

Affects org.webjars.npm:axios | Versions [,1.15.1)

Has fix

MavenPublished 27 Apr 2026

M

Incomplete List of Disallowed InputsCVE-2026-42043

Affects org.webjars.npm:axios | Versions [1.15.0,1.15.1)

Has fix

MavenPublished 27 Apr 2026

M

Improper Encoding or Escaping of OutputCVE-2026-42040

Affects org.webjars.npm:axios | Versions [,1.15.1)

Has fix

MavenPublished 27 Apr 2026

C

HTTP Response SplittingCVE-2026-42035

Affects org.webjars.npm:axios | Versions [,1.15.1)

Has fix

MavenPublished 27 Apr 2026

M

Allocation of Resources Without Limits or ThrottlingCVE-2026-42034

Affects org.webjars.npm:axios | Versions [,1.15.1)

Has fix

MavenPublished 27 Apr 2026

M

Allocation of Resources Without Limits or ThrottlingCVE-2026-42036

Affects org.webjars.npm:axios | Versions [,1.15.1)

Has fix

MavenPublished 27 Apr 2026

M

Insertion of Sensitive Information Into Sent DataCVE-2026-42042

Affects org.webjars.npm:axios | Versions [,1.15.1)

Has fix

MavenPublished 27 Apr 2026

M

CRLF InjectionCVE-2026-42037

Affects org.webjars.npm:axios | Versions [1.3.0,1.15.1)

Has fix

MavenPublished 27 Apr 2026

C

Prototype PollutionCVE-2026-42033

Affects org.webjars.npm:axios | Versions [,1.15.1)

Has fix

MavenPublished 27 Apr 2026

H

Improperly Controlled Modification of Dynamically-Determined Object AttributesCVE-2026-42044

Affects org.webjars.npm:axios | Versions [1.0.0,1.15.2)

Has fix

MavenPublished 27 Apr 2026

H

Uncontrolled RecursionCVE-2026-42039

Affects org.webjars.npm:axios | Versions [,1.15.1)

Has fix

MavenPublished 27 Apr 2026

M

Prototype PollutionCVE-2026-42041

Affects org.webjars.npm:axios | Versions [,1.15.1)

Has fix

MavenPublished 27 Apr 2026

H

Insertion of Sensitive Information into Log FileCVE-2026-33558

Affects org.apache.kafka:kafka-clients | Versions [0.11.0,3.9.2)[4.0.0,4.0.1)

Has fix

MavenPublished 26 Apr 2026

H

Allocation of Resources Without Limits or ThrottlingCVE-2026-41680

Affects org.webjars.npm:marked | Versions [18.0.0,18.0.2)

Has fix

MavenPublished 26 Apr 2026

M

Cross-site Scripting (XSS)CVE-2026-30139

Affects org.silverpeas.core:silverpeas-core-war | Versions [,6.4.6)

Has fix

MavenPublished 24 Apr 2026

C

Improper Validation of Specified Index, Position, or Offset in InputCVE-2026-33557

Affects org.apache.kafka:kafka-clients | Versions [4.1.0,4.1.2)

Has fix

MavenPublished 24 Apr 2026

M

Symlink AttackCVE-2026-40977

Affects org.springframework.boot:spring-boot | Versions [,3.5.14)[4.0.0-M1,4.0.6)

Has fix

MavenPublished 24 Apr 2026

C

Improper Validation of Certificate with Host MismatchCVE-2026-40971

Affects org.springframework.boot:spring-boot-autoconfigure | Versions [3.2.0,3.5.14)[4.0.0-M1,4.0.6)

Has fix

MavenPublished 24 Apr 2026

H

Insecure Temporary FileCVE-2026-40973

Affects org.springframework.boot:spring-boot | Versions [,3.5.14)[4.0.0-M1,4.0.6)

Has fix

MavenPublished 24 Apr 2026

L

Improper Validation of Certificate with Host MismatchCVE-2026-40970

Affects org.springframework.boot:spring-boot-elasticsearch | Versions [,4.0.6)

Has fix

MavenPublished 24 Apr 2026

C

Missing AuthorizationCVE-2026-40976

Affects org.springframework.boot:spring-boot-security | Versions [,4.0.6)

Has fix

MavenPublished 24 Apr 2026

H

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)CVE-2026-40975

Affects org.springframework.boot:spring-boot | Versions [,3.5.14)[4.0.0-M1,4.0.6)

Has fix

MavenPublished 24 Apr 2026

H

Timing AttackCVE-2026-40972

Affects org.springframework.boot:spring-boot-devtools | Versions [,3.5.14)[4.0.0-M1,4.0.6)

Has fix

MavenPublished 24 Apr 2026

C

Improper Validation of Certificate with Host MismatchCVE-2026-40974

Affects org.springframework.boot:spring-boot-autoconfigure | Versions [,3.5.14)[4.0.0-M1,4.0.6)

Has fix

MavenPublished 24 Apr 2026

M

Cross-site Scripting (XSS)CVE-2026-41305

Affects org.webjars.npm:postcss | Versions [,8.5.10)

Has fix

MavenPublished 24 Apr 2026

M

Information ExposureCVE-2025-62188

Affects org.apache.dolphinscheduler:dolphinscheduler-master | Versions [3.1.0,3.2.0)

Has fix

MavenPublished 23 Apr 2026

M

Information ExposureCVE-2025-62188

Affects org.apache.dolphinscheduler:dolphinscheduler-standalone-server | Versions [3.1.0,3.2.0)

Has fix

MavenPublished 23 Apr 2026

M

Information ExposureCVE-2025-62188

Affects org.apache.dolphinscheduler:dolphinscheduler-api | Versions [3.1.0,3.2.0)

Has fix

MavenPublished 23 Apr 2026

M

Information ExposureCVE-2025-62188

Affects org.apache.dolphinscheduler:dolphinscheduler-worker | Versions [3.1.0,3.2.0)

Has fix

MavenPublished 23 Apr 2026

Product

Partners
Developers & Devops Features
Enterprise Features
Pricing
Test with GitHub
Test with CLI
API status

Resources

Vulnerability DB
Blog
Documentation
FAQs

Company

About
Jobs
Contact
Legal terms
Privacy
Press kit
Events

Contact us

Support
Report a new vuln

Find us online

Track our development

© 2026 Snyk Ltd.