See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Missing Authentication for Critical FunctionCVE-2026-28352
Affects indico | Versions [3.3.10,3.3.11)
Has fix
pipPublished 2 Mar 2026
- H
Directory TraversalCVE-2026-28414
Affects gradio | Versions [,6.7.0)
Has fix
pipPublished 2 Mar 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-28416
Affects gradio | Versions [,6.6.0)
Has fix
pipPublished 2 Mar 2026
- H
Use of Hard-coded CredentialsCVE-2026-27167
Affects gradio | Versions [,6.6.0)
Has fix
pipPublished 2 Mar 2026
- H
Permissive Cross-domain Policy with Untrusted DomainsCVE-2026-25478
Affects litestar | Versions [,2.20.0)
Has fix
pipPublished 2 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-25736
Affects rucio-webui | Versions [,35.8.3)[36.0.0rc1,38.5.4)[39.0.0rc1,39.3.1)
Has fix
pipPublished 2 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-25136
Affects rucio-webui | Versions [,35.8.3)[36.0.0rc1,38.5.4)[39.0.0rc1,39.3.1)
Has fix
pipPublished 2 Mar 2026
- M
Cross-site Scripting (XSS)CVE-2026-27948
Affects copyparty | Versions [,1.20.9)
Has fix
pipPublished 2 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-25735
Affects rucio-webui | Versions [,35.8.3)[36.0.0rc1,38.5.4)[39.0.0rc1,39.3.1)
Has fix
pipPublished 2 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-25734
Affects rucio-webui | Versions [,35.8.3)[36.0.0rc1,38.5.4)[39.0.0rc1,39.3.1)
Has fix
pipPublished 2 Mar 2026
- H
Sensitive Cookie Without "HttpOnly" FlagCVE-2026-25733
Affects rucio-webui | Versions [,35.8.3)[36.0.0rc1,38.5.4)[39.0.0rc1,39.3.1)
Has fix
pipPublished 1 Mar 2026
- M
Information ExposureCVE-2026-25138
Affects rucio-webui | Versions [,35.8.3)[36.0.0rc1,38.5.4)[39.0.0rc1,39.3.1)
Has fix
pipPublished 1 Mar 2026
- M
Allocation of Resources Without Limits or ThrottlingCVE-2026-28351
Affects pypdf | Versions [,6.7.4)
Has fix
pipPublished 1 Mar 2026
- C
Server-side Request Forgery (SSRF)CVE-2026-27696
Affects changedetection.io | Versions [,0.54.1)
Has fix
pipPublished 1 Mar 2026
- M
Cross-site Scripting (XSS)CVE-2026-27645
Affects changedetection.io | Versions [,0.54.1)
Has fix
pipPublished 1 Mar 2026
Affects awscli | Versions [1.13.0,1.44.37)
Has fix
pipPublished 27 Feb 2026
Affects flask-reuploaded | Versions [,1.5.0)
Has fix
pipPublished 27 Feb 2026
- M
Cross-site Scripting (XSS)CVE-2026-27469
Affects isso | Versions [,0.13.2)
Has fix
pipPublished 27 Feb 2026
- H
Directory TraversalCVE-2026-27483
Affects mindsdb | Versions [,25.9.1.1)
Has fix
pipPublished 27 Feb 2026
- L
Authorization Bypass Through User-Controlled KeyCVE-2026-27838
Affects wger | Versions [0,]
Has fix
pipPublished 27 Feb 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-27839
Affects wger | Versions [0,]
Has fix
pipPublished 27 Feb 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-27835
Affects wger | Versions [0,]
Has fix
pipPublished 27 Feb 2026
- M
Directory TraversalCVE-2026-27735
Affects mcp-server-git | Versions [,2026.1.14)
Has fix
pipPublished 27 Feb 2026
- H
Deserialization of Untrusted DataCVE-2026-2970
Affects datapizza-ai-cache-redis | Versions [0,]
Has fix
pipPublished 27 Feb 2026
Affects datapizza-ai-core | Versions [0,0.0.7)
Has fix
pipPublished 27 Feb 2026
- M
Missing AuthorizationCVE-2026-27457
Affects weblate | Versions [,5.16.1)
Has fix
pipPublished 27 Feb 2026
Affects fickling | Versions [,0.1.8)
Has fix
pipPublished 26 Feb 2026
- M
SQL InjectionCVE-2026-23980
Affects apache-superset | Versions [,6.0.0)
Has fix
pipPublished 26 Feb 2026