See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Arbitrary Code InjectionCVE-2026-45719
Affects @budibase/server | Versions <3.38.1
Has fix
npmPublished 19 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-45715
Affects @budibase/backend-core | Versions <3.38.1
Has fix
npmPublished 19 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-45715
Affects @budibase/server | Versions <3.38.1
Has fix
npmPublished 19 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-45548
Affects @budibase/server | Versions <3.34.8
Has fix
npmPublished 19 May 2026
- H
Missing AuthorizationCVE-2026-45717
Affects @budibase/server | Versions <3.38.1
Has fix
npmPublished 19 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-45061
Affects @budibase/server | Versions <3.35.10
Has fix
npmPublished 19 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-45061
Affects @budibase/backend-core | Versions <3.35.10
Has fix
npmPublished 19 May 2026
- H
Improper Handling of Exceptional ConditionsCVE-2026-44902
Affects @opentelemetry/exporter-prometheus | Versions <0.217.0
Has fix
npmPublished 19 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2025-65122
Affects youtube-regex | Versions *
No fix available
npmPublished 19 May 2026
- M
Prototype PollutionCVE-2026-44966
Affects velocityjs | Versions <2.1.6
Has fix
npmPublished 19 May 2026
- H
SQL InjectionCVE-2026-22599
Affects @strapi/content-type-builder | Versions >=5.0.0-beta.6 <5.33.2
Has fix
npmPublished 19 May 2026
- H
SQL InjectionCVE-2026-22599
Affects @strapi/plugin-content-type-builder | Versions >=4.0.0-next.0 <4.26.1
Has fix
npmPublished 19 May 2026
- M
Directory TraversalCVE-2026-44373
Affects nitro | Versions <3.0.260429-beta
Has fix
npmPublished 19 May 2026
- M
Directory TraversalCVE-2026-44373
Affects nitropack | Versions <2.13.4
Has fix
npmPublished 19 May 2026
- M
Open RedirectCVE-2026-44372
Affects nitro | Versions <3.0.260429-beta
Has fix
npmPublished 19 May 2026
- L
Missing AuthorizationCVE-2026-45244
Affects @steipete/summarize | Versions <0.15.0
Has fix
npmPublished 19 May 2026
- H
Missing AuthorizationCVE-2026-45242
Affects @steipete/summarize | Versions <0.15.0
Has fix
npmPublished 19 May 2026
- M
Missing AuthorizationCVE-2026-45243
Affects @steipete/summarize | Versions <0.15.0
Has fix
npmPublished 19 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-45245
Affects @steipete/summarize | Versions <0.15.0
Has fix
npmPublished 19 May 2026
- M
Incorrect Permission Assignment for Critical ResourceCVE-2026-45246
Affects @steipete/summarize | Versions <0.15.0
Has fix
npmPublished 19 May 2026
- M
Incorrect Permission Assignment for Critical ResourceCVE-2026-45222
Affects @steipete/summarize | Versions <0.15.0
Has fix
npmPublished 19 May 2026
- H
Directory TraversalCVE-2026-22810
Affects @joplin/onenote-converter | Versions <3.6.3
Has fix
npmPublished 19 May 2026
- H
Missing Authentication for Critical FunctionCVE-2026-42856
Affects network-ai | Versions <5.1.3
Has fix
npmPublished 19 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-45149
Affects brace-expansion | Versions >=5.0.2 <5.0.6
Has fix
npmPublished 19 May 2026
- M
Directory TraversalCVE-2026-7645
Affects consciousness-explorer | Versions <1.1.2
Has fix
npmPublished 19 May 2026
Affects @antv/g-plugin-svg-picker | Versions =2.2.46=2.1.46
Has fix
npmPublished 19 May 2026