See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Cross-site Scripting (XSS)CVE-2026-44742
Affects postorius | Versions [0,]
Has fix
pipPublished 11 May 2026
- C
Missing Authentication for Critical FunctionCVE-2026-42796
Affects arelle-release | Versions [,2.39.10)
Has fix
pipPublished 11 May 2026
- M
Deserialization of Untrusted DataCVE-2026-7712
Affects mindsdb | Versions [0,]
Has fix
pipPublished 11 May 2026
- C
Deserialization of Untrusted DataCVE-2026-26210
Affects ktransformers | Versions [0,]
Has fix
pipPublished 11 May 2026
- C
Arbitrary Code InjectionCVE-2026-38361
Affects dash-uploader | Versions [0,]
Has fix
pipPublished 11 May 2026
- H
Directory TraversalCVE-2026-38360
Affects dash-uploader | Versions [0,]
Has fix
pipPublished 11 May 2026
- L
Race ConditionCVE-2026-7846
Affects langchain-chatchat | Versions [0,]
Has fix
pipPublished 11 May 2026
- L
Use of a Broken or Risky Cryptographic AlgorithmCVE-2026-7845
Affects langchain-chatchat | Versions [0,]
Has fix
pipPublished 11 May 2026
- H
Incorrect Resource Transfer Between SpheresCVE-2026-42997
Affects ironic | Versions [,26.1.6)[27.0.0,29.0.5)[30.0.0,32.0.1)[33.0.0,35.0.1)
Has fix
pipPublished 11 May 2026
- M
Uncontrolled RecursionCVE-2026-44844
Affects eml-parser | Versions [,3.0.1)
Has fix
pipPublished 11 May 2026
- L
Insecure RandomnessCVE-2026-7847
Affects langchain-chatchat | Versions [0,]
Has fix
pipPublished 11 May 2026
Affects homeassistant-cli | Versions [,1.0.0)
Has fix
pipPublished 11 May 2026
Affects banks | Versions [,2.4.2)
Has fix
pipPublished 11 May 2026
Affects potato-annotation | Versions [2.0.0,2.4.5)
Has fix
pipPublished 11 May 2026
- M
Access Control BypassCVE-2026-7711
Affects mindsdb | Versions [,26.1.0rc1)
Has fix
pipPublished 11 May 2026
- L
Server-side Request Forgery (SSRF)CVE-2026-44661
Affects utcp-http | Versions [,1.1.3)
Has fix
pipPublished 11 May 2026
Affects netbox-data-flows | Versions [,1.5.1)
Has fix
pipPublished 11 May 2026
- H
External Control of File Name or PathCVE-2026-44641
Affects apm-cli | Versions [,0.8.12)
Has fix
pipPublished 11 May 2026
- M
Deserialization of Untrusted DataCVE-2026-7597
Affects mem0ai | Versions [,2.0.0b2)
Has fix
pipPublished 11 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-44520
Affects docling-graph | Versions [,1.5.1)
Has fix
pipPublished 11 May 2026
- M
Use of Hard-coded PasswordCVE-2026-7579
Affects astrbot | Versions [,4.17.6)
Has fix
pipPublished 11 May 2026
- H
Unsafe Dependency ResolutionCVE-2026-43003
Affects ironic-python-agent | Versions [1.0.0,]
Has fix
pipPublished 11 May 2026
- H
Authorization Bypass Through User-Controlled KeyCVE-2026-44504
Affects aegra-api | Versions [0.9.0,0.9.7)
Has fix
pipPublished 11 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-44439
Affects playwrightcapture | Versions [,1.39.6)
Has fix
pipPublished 11 May 2026
Affects axonflow | Versions [,6.7.0)
Has fix
pipPublished 11 May 2026
- M
Directory TraversalCVE-2026-7404
Affects mcpo-simple-server | Versions [0,]
Has fix
pipPublished 11 May 2026
- H
Arbitrary Code InjectionCVE-2026-44334
Affects praisonai | Versions [4.5.139,4.6.32)
Has fix
pipPublished 11 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-44363
Affects misp-modules | Versions [0,]
Has fix
pipPublished 11 May 2026
- C
Cross-site Request Forgery (CSRF)CVE-2026-44364
Affects misp-modules | Versions [0,]
Has fix
pipPublished 11 May 2026