See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Server-side Request Forgery (SSRF)CVE-2026-6119
Affects astrbot | Versions [0,]
Has fix
pipPublished 6 May 2026
- H
Arbitrary Code InjectionCVE-2026-6117
Affects astrbot | Versions [0,]
Has fix
pipPublished 6 May 2026
- M
Cross-site Request Forgery (CSRF)CVE-2026-40864
Affects jupyterhub | Versions [4.1.0,5.4.5)
Has fix
pipPublished 6 May 2026
- H
Client-Side Enforcement of Server-Side SecurityCVE-2026-42266
Affects jupyterlab | Versions [,4.5.7)[4.6.0a4, 4.6.0a5)
Has fix
pipPublished 6 May 2026
- M
Insufficient Granularity of Access ControlCVE-2026-38743
Affects apache-airflow-core | Versions [,3.2.1rc1)
Has fix
pipPublished 6 May 2026
- M
Insufficient Granularity of Access ControlCVE-2026-40690
Affects apache-airflow-core | Versions [,3.2.1rc1)
Has fix
pipPublished 6 May 2026
- H
Incorrect AuthorizationCVE-2026-42312
Affects pyload-ng | Versions [0,0.5.0b3.dev100)
Has fix
pipPublished 6 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-42313
Affects pyload-ng | Versions [0,0.5.0b3.dev100)
Has fix
pipPublished 6 May 2026
- H
Directory TraversalCVE-2026-42315
Affects pyload-ng | Versions [0,0.5.0b3.dev100)
Has fix
pipPublished 6 May 2026
- H
Directory TraversalCVE-2026-42314
Affects pyload-ng | Versions [0,0.5.0b3.dev100)
Has fix
pipPublished 6 May 2026
- M
Arbitrary Code InjectionCVE-2026-5970
Affects metagpt | Versions [0,]
Has fix
pipPublished 6 May 2026
- C
Directory TraversalCVE-2026-42196
Affects django-s3file | Versions [,7.0.2)
Has fix
pipPublished 6 May 2026
- H
Incorrect AuthorizationCVE-2026-42032
Affects ckan | Versions [,2.10.10)[2.11.0, 2.11.5)
Has fix
pipPublished 6 May 2026
- H
Improper Validation of Array IndexCVE-2026-44222
Affects vllm | Versions [0.6.1, 0.20.0)
Has fix
pipPublished 6 May 2026
- L
Use of a Broken or Risky Cryptographic AlgorithmCVE-2026-44405
Affects paramiko | Versions [0,5.0.0)
Has fix
pipPublished 6 May 2026
- M
Improper Handling of Length Parameter InconsistencyCVE-2026-5766
Affects django | Versions [5.2a1,5.2.14)[6.0a1,6.0.5)
Has fix
pipPublished 6 May 2026
- L
Use of Cache Containing Sensitive InformationCVE-2026-6907
Affects django | Versions [5.2a1,5.2.14)[6.0a1,6.0.5)
Has fix
pipPublished 6 May 2026
- H
Regular Expression without AnchorsCVE-2026-40110
Affects jupyter-server | Versions [,2.18.0)
Has fix
pipPublished 6 May 2026
- C
Directory TraversalCVE-2026-35397
Affects jupyter-server | Versions [,2.18.0)
Has fix
pipPublished 6 May 2026
- M
Open RedirectCVE-2025-61669
Affects jupyter-server | Versions [,2.18.0)
Has fix
pipPublished 6 May 2026
- H
Insufficient Session ExpirationCVE-2026-40934
Affects jupyter-server | Versions [,2.18.0)
Has fix
pipPublished 6 May 2026
- M
Improper Enforcement of Behavioral WorkflowCVE-2026-42303
Affects ethyca-fides | Versions [2.75.0,2.83.2rc3)
Has fix
pipPublished 6 May 2026
- H
Directory TraversalCVE-2026-42048
Affects langflow | Versions [,1.9.2)
Has fix
pipPublished 6 May 2026
- H
Inefficient Algorithmic ComplexityCVE-2026-42304
Affects twisted | Versions [,26.4.0rc2)
Has fix
pipPublished 6 May 2026
- M
Directory TraversalCVE-2026-42078
Affects pptagent | Versions [,1.1.36)
Has fix
pipPublished 6 May 2026
- M
Directory TraversalCVE-2026-42080
Affects pptagent | Versions [,1.1.36)
Has fix
pipPublished 6 May 2026