See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Open RedirectCVE-2026-44503
Affects microsoft-kiota-http | Versions [,1.9.9)
Has fix
pipPublished 15 May 2026
- C
Arbitrary File Write via Archive Extraction (Zip Slip)CVE-2025-15036
Affects mlflow-skinny | Versions [,3.9.0rc0)
Has fix
pipPublished 15 May 2026
- H
Directory TraversalCVE-2025-15031
Affects mlflow-skinny | Versions [,3.9.0rc0)
Has fix
pipPublished 15 May 2026
- H
Command InjectionCVE-2025-14287
Affects mlflow-skinny | Versions [,3.8.0rc0)
Has fix
pipPublished 15 May 2026
- H
Directory TraversalCVE-2026-2033
Affects mlflow-skinny | Versions [,3.8.0rc0)
Has fix
pipPublished 15 May 2026
- C
Use of Default CredentialsCVE-2026-2635
Affects mlflow-skinny | Versions [2.3.2,]
Has fix
pipPublished 15 May 2026
- H
Authentication Bypass by Primary WeaknessCVE-2026-2652
Affects mlflow | Versions [,3.10.0)
Has fix
pipPublished 15 May 2026
- H
Authentication Bypass by Primary WeaknessCVE-2026-2652
Affects mlflow-skinny | Versions [,3.10.0)
Has fix
pipPublished 15 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-44899
Affects mistune | Versions [,3.2.1)
Has fix
pipPublished 15 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-44898
Affects mistune | Versions [,3.2.1)
Has fix
pipPublished 15 May 2026
Affects wger | Versions [0,]
Has fix
pipPublished 14 May 2026
Affects open-webui | Versions [,0.3.33)
Has fix
pipPublished 14 May 2026
- H
Directory TraversalCVE-2026-44565
Affects open-webui | Versions [,0.6.10)
Has fix
pipPublished 14 May 2026
- M
Missing AuthorizationCVE-2026-44794
Affects nautobot | Versions [,2.4.33)[3.0.0a2,3.1.2)
Has fix
pipPublished 14 May 2026
- H
Regular Expression Denial of Service (ReDoS)CVE-2026-44796
Affects nautobot | Versions [,2.4.33)[3.0.0a2,3.1.2)
Has fix
pipPublished 14 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-44797
Affects nautobot | Versions [,2.4.33)[3.0.0a2,3.1.2)
Has fix
pipPublished 14 May 2026
- H
Exposed Dangerous Method or FunctionCVE-2026-44798
Affects nautobot | Versions [,2.4.33)[3.0.0a2,3.1.2)
Has fix
pipPublished 14 May 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-44570
Affects open-webui | Versions [,0.6.19)
Has fix
pipPublished 14 May 2026
- H
Missing AuthorizationCVE-2026-44569
Affects open-webui | Versions [,0.6.19)
Has fix
pipPublished 14 May 2026
- H
Deserialization of Untrusted DataCVE-2026-45134
Affects langchain-classic | Versions [,1.0.7)
Has fix
pipPublished 14 May 2026
- H
Deserialization of Untrusted DataCVE-2026-45134
Affects langsmith | Versions [,0.8.0)
Has fix
pipPublished 14 May 2026
- H
Deserialization of Untrusted DataCVE-2026-45134
Affects langchain | Versions [,0.3.30)
Has fix
pipPublished 14 May 2026
- H
Directory TraversalCVE-2026-2614
Affects mlflow-skinny | Versions [, 3.10.0)
Has fix
pipPublished 13 May 2026
- H
Directory TraversalCVE-2026-2614
Affects mlflow | Versions [, 3.10.0)
Has fix
pipPublished 13 May 2026
- H
Missing Release of Memory after Effective LifetimeCVE-2026-44660
Affects ujson | Versions [,5.12.1)
Has fix
pipPublished 13 May 2026
- C
Deserialization of Untrusted DataCVE-2026-31221
Affects pytorch-lightning | Versions [,2.6.1)
Has fix
pipPublished 13 May 2026
- C
Deserialization of Untrusted DataCVE-2026-31221
Affects lightning | Versions [,2.6.1)
Has fix
pipPublished 13 May 2026
- M
Incorrect AuthorizationCVE-2026-44681
Affects authlib | Versions [,1.6.12)[1.7.0, 1.7.1)
Has fix
pipPublished 13 May 2026
- H
Command InjectionCVE-2026-44345
Affects bentoml | Versions [,1.4.39)
Has fix
pipPublished 12 May 2026
- H
Arbitrary Code InjectionCVE-2026-44346
Affects bentoml | Versions [,1.4.39)
Has fix
pipPublished 12 May 2026