See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Insufficient Session ExpirationCVE-2026-40934
Affects jupyter-server | Versions [,2.18.0)
Has fix
pipPublished 6 May 2026
- M
Improper Enforcement of Behavioral WorkflowCVE-2026-42303
Affects ethyca-fides | Versions [2.75.0,2.83.2rc3)
Has fix
pipPublished 6 May 2026
- H
Directory TraversalCVE-2026-42048
Affects langflow | Versions [,1.9.2)
Has fix
pipPublished 6 May 2026
- H
Inefficient Algorithmic ComplexityCVE-2026-42304
Affects twisted | Versions [,26.4.0rc2)
Has fix
pipPublished 6 May 2026
- M
Directory TraversalCVE-2026-42078
Affects pptagent | Versions [,1.1.36)
Has fix
pipPublished 6 May 2026
- M
Directory TraversalCVE-2026-42080
Affects pptagent | Versions [,1.1.36)
Has fix
pipPublished 6 May 2026
- C
Command InjectionCVE-2026-41497
Affects praisonai | Versions [,4.5.149)
Has fix
pipPublished 5 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-42352
Affects pygeoapi | Versions [0.23.0,0.23.3)
Has fix
pipPublished 5 May 2026
- H
Directory TraversalCVE-2026-42351
Affects pygeoapi | Versions [0.23.0,0.23.3)
Has fix
pipPublished 5 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-35401
Affects saleor | Versions [0,]
Has fix
pipPublished 5 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-33756
Affects saleor | Versions [0,]
Has fix
pipPublished 5 May 2026
- M
Improper Isolation or CompartmentalizationCVE-2026-5600
Affects pretix | Versions [2025.10.0,2026.1.2)[2026.2.0,2026.2.1)[2026.3.0,2026.3.1)
Has fix
pipPublished 5 May 2026
- M
Heap-based Buffer OverflowCVE-2026-42309
Affects pillow | Versions [11.2.1,12.2.0)
Has fix
pipPublished 5 May 2026
- M
Integer Overflow or WraparoundCVE-2026-42308
Affects pillow | Versions [,12.2.0)
Has fix
pipPublished 5 May 2026
- M
Infinite loopCVE-2026-42310
Affects pillow | Versions [4.2.0,12.2.0)
Has fix
pipPublished 5 May 2026
- H
Out-of-bounds WriteCVE-2026-42311
Affects pillow | Versions [10.3.0,12.2.0)
Has fix
pipPublished 5 May 2026
- H
Directory TraversalCVE-2026-40258
Affects gramps-webapi | Versions [1.6.0,3.11.1)
Has fix
pipPublished 4 May 2026
- H
Directory TraversalCVE-2026-40576
Affects excel-mcp-server | Versions [,0.1.8)
Has fix
pipPublished 4 May 2026
- H
Execution with Unnecessary PrivilegesCVE-2026-42088
Affects openc3 | Versions [,7.0.0rc3)
Has fix
pipPublished 4 May 2026
- M
Relative Path TraversalCVE-2026-42085
Affects openc3 | Versions [,6.10.5)[7.0.0rc2, 7.0.0rc3)
Has fix
pipPublished 4 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-42052
Affects beets | Versions [,2.10.0)
Has fix
pipPublished 4 May 2026
- C
SQL InjectionCVE-2026-42087
Affects openc3 | Versions [6.7.0, 7.0.0rc3)
Has fix
pipPublished 4 May 2026
- M
Insufficient Session ExpirationCVE-2026-41519
Affects weblate | Versions [,5.17.1)
Has fix
pipPublished 4 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-41654
Affects weblate | Versions [4.14, 5.17.1)
Has fix
pipPublished 4 May 2026
- C
User ImpersonationCVE-2026-42354
Affects sentry | Versions [21.12.0,]
Has fix
pipPublished 4 May 2026
- L
Arbitrary Argument InjectionCVE-2026-7725
Affects prefect | Versions [,3.6.25.dev7)
Has fix
pipPublished 4 May 2026