See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Missing AuthorizationCVE-2026-44569
Affects open-webui | Versions [,0.6.19)
Has fix
pipPublished 14 May 2026
- H
Deserialization of Untrusted DataCVE-2026-45134
Affects langchain-classic | Versions [,1.0.7)
Has fix
pipPublished 14 May 2026
- H
Deserialization of Untrusted DataCVE-2026-45134
Affects langsmith | Versions [,0.8.0)
Has fix
pipPublished 14 May 2026
- H
Deserialization of Untrusted DataCVE-2026-45134
Affects langchain | Versions [,0.3.30)
Has fix
pipPublished 14 May 2026
- H
Directory TraversalCVE-2026-2614
Affects mlflow-skinny | Versions [, 3.10.0)
Has fix
pipPublished 13 May 2026
- H
Directory TraversalCVE-2026-2614
Affects mlflow | Versions [, 3.10.0)
Has fix
pipPublished 13 May 2026
- H
Missing Release of Memory after Effective LifetimeCVE-2026-44660
Affects ujson | Versions [,5.12.1)
Has fix
pipPublished 13 May 2026
- C
Deserialization of Untrusted DataCVE-2026-31221
Affects pytorch-lightning | Versions [,2.6.1)
Has fix
pipPublished 13 May 2026
- C
Deserialization of Untrusted DataCVE-2026-31221
Affects lightning | Versions [,2.6.1)
Has fix
pipPublished 13 May 2026
- M
Incorrect AuthorizationCVE-2026-44681
Affects authlib | Versions [,1.6.12)[1.7.0, 1.7.1)
Has fix
pipPublished 13 May 2026
- H
Command InjectionCVE-2026-44345
Affects bentoml | Versions [,1.4.39)
Has fix
pipPublished 12 May 2026
- H
Arbitrary Code InjectionCVE-2026-44346
Affects bentoml | Versions [,1.4.39)
Has fix
pipPublished 12 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-2393
Affects mlflow-skinny | Versions [,3.10.0)
Has fix
pipPublished 12 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-2393
Affects mlflow | Versions [,3.10.0)
Has fix
pipPublished 12 May 2026
- H
Decompression BombCVE-2026-44432
Affects urllib3 | Versions [2.6.0,2.7.0)
Has fix
pipPublished 12 May 2026
- H
Insertion of Sensitive Information Into Sent DataCVE-2026-44431
Affects urllib3 | Versions [1.23,2.7.0)
Has fix
pipPublished 12 May 2026
- H
Missing AuthorizationCVE-2026-44571
Affects open-webui | Versions [,0.8.6)
Has fix
pipPublished 11 May 2026
- H
Out-of-bounds ReadCVE-2026-24189
Affects cudaq | Versions [,0.14.0)
Has fix
pipPublished 11 May 2026
- H
Out-of-bounds ReadCVE-2026-24189
Affects cuda-quantum | Versions [0,]
Has fix
pipPublished 11 May 2026
- H
Insertion of Sensitive Information into Log FileCVE-2026-41018
Affects apache-airflow-providers-elasticsearch | Versions [,6.5.3rc1)
Has fix
pipPublished 11 May 2026
- H
Insertion of Sensitive Information into Log FileCVE-2026-43826
Affects apache-airflow-providers-opensearch | Versions [1.5.0rc1,1.9.1rc1)
Has fix
pipPublished 11 May 2026
- H
Directory TraversalCVE-2026-44340
Affects praisonai | Versions [,4.6.37)
Has fix
pipPublished 11 May 2026
Affects praisonai | Versions [,4.6.37)
Has fix
pipPublished 11 May 2026
Affects praisonaiagents | Versions [,1.6.37)
Has fix
pipPublished 11 May 2026
- C
Directory TraversalCVE-2026-44336
Affects praisonai | Versions [,4.6.34)
Has fix
pipPublished 11 May 2026
- M
Missing Authentication for Critical FunctionCVE-2026-44338
Affects praisonai | Versions [2.5.6,4.6.34)
Has fix
pipPublished 11 May 2026