See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Cross-site Scripting (XSS)CVE-2026-30974
Affects copyparty | Versions [,1.20.11)
Has fix
pipPublished 12 Mar 2026
- M
Parameter InjectionCVE-2026-35536
Affects tornado | Versions [,6.5.5)
Has fix
pipPublished 12 Mar 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-31958
Affects tornado | Versions [,6.5.5)
Has fix
pipPublished 12 Mar 2026
- M
Allocation of Resources Without Limits or ThrottlingCVE-2026-31826
Affects pypdf | Versions [,6.8.0)
Has fix
pipPublished 11 Mar 2026
- L
Directory TraversalCVE-2026-29790
Affects dbt-common | Versions [,1.34.2)[1.35.0, 1.37.3)
Has fix
pipPublished 10 Mar 2026
- H
Origin Validation ErrorCVE-2026-25604
Affects apache-airflow-providers-amazon | Versions [8.0.0,9.22.0rc1)
Has fix
pipPublished 10 Mar 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-25960
Affects vllm | Versions [0.14.1,0.17.0)
Has fix
pipPublished 10 Mar 2026
- H
Relative Path TraversalCVE-2026-29778
Affects pyload-ng | Versions [,0.5.0b3.dev97)
Has fix
pipPublished 9 Mar 2026
- H
Improper Control of Dynamically-Managed Code ResourcesCVE-2025-69219
Affects apache-airflow-providers-http | Versions [5.1.0,6.0.0rc1)
Has fix
pipPublished 9 Mar 2026
- M
Information ExposureCVE-2026-29787
Affects mcp-memory-service | Versions [,10.21.0)
Has fix
pipPublished 8 Mar 2026
- M
Directory TraversalCVE-2026-29780
Affects eml-parser | Versions [,2.0.1)
Has fix
pipPublished 8 Mar 2026
- C
Directory TraversalCVE-2026-29065
Affects changedetection.io | Versions [,0.54.4)
Has fix
pipPublished 8 Mar 2026
- H
Directory TraversalCVE-2026-28518
Affects openviking | Versions [,0.2.1)
Has fix
pipPublished 8 Mar 2026
- C
Arbitrary Code InjectionCVE-2026-29039
Affects changedetection.io | Versions [,0.54.4)
Has fix
pipPublished 8 Mar 2026
- M
Cross-site Scripting (XSS)CVE-2026-29038
Affects changedetection.io | Versions [,0.54.4)
Has fix
pipPublished 8 Mar 2026
- H
Server-side Request Forgery (SSRF)CVE-2025-45691
Affects ragas | Versions [0.2.3,0.3.0rc2)
Has fix
pipPublished 8 Mar 2026
- M
Arbitrary Command InjectionCVE-2026-2256
Affects ms-agent | Versions [0,1.6.0)
Has fix
pipPublished 8 Mar 2026
Affects fickling | Versions [,0.1.9)
Has fix
pipPublished 6 Mar 2026
Affects fickling | Versions [,0.1.9)
Has fix
pipPublished 6 Mar 2026
Affects picklescan | Versions [,1.0.4)
Has fix
pipPublished 6 Mar 2026
Affects picklescan | Versions [,1.0.4)
Has fix
pipPublished 6 Mar 2026
Affects picklescan | Versions [,1.0.4)
Has fix
pipPublished 6 Mar 2026
- H
Open RedirectCVE-2026-28681
Affects irrd | Versions [4.4.0,4.4.5)[4.5.0,4.5.1)
Has fix
pipPublished 6 Mar 2026
- C
SQL InjectionCVE-2026-28438
Affects cocoindex | Versions [0.3.28,0.3.34)
Has fix
pipPublished 6 Mar 2026
- M
Open RedirectCVE-2026-28413
Affects products.isurlinportal | Versions [,2.1.0)[3.0.0,3.1.0)[4.0.0a1,4.0.0)
Has fix
pipPublished 6 Mar 2026
- H
Uncontrolled RecursionCVE-2026-25048
Affects xgrammar | Versions [0.1.31,0.1.32)
Has fix
pipPublished 6 Mar 2026
- H
Deserialization of Untrusted DataCVE-2026-28277
Affects langgraph | Versions [,1.0.10rc1)
Has fix
pipPublished 6 Mar 2026