See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Arbitrary Code InjectionCVE-2026-44513
Affects diffusers | Versions [,0.38.0)
Has fix
pipPublished 7 May 2026
- M
Incorrect Type Conversion or CastCVE-2026-44223
Affects vllm | Versions [0.18.0, 0.20.0)
Has fix
pipPublished 7 May 2026
- M
Directory TraversalCVE-2026-42448
Affects magic-wormhole | Versions [,0.24.0)
Has fix
pipPublished 7 May 2026
- H
Arbitrary Code InjectionCVE-2026-44244
Affects gitpython | Versions [,3.1.49)
Has fix
pipPublished 7 May 2026
- H
Directory TraversalCVE-2026-44243
Affects gitpython | Versions [,3.1.48)
Has fix
pipPublished 7 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-42561
Affects python-multipart | Versions [,0.0.27)
Has fix
pipPublished 7 May 2026
- H
Regular Expression Denial of Service (ReDoS)CVE-2026-33079
Affects mistune | Versions [3.0.0a1, 3.2.1)
Has fix
pipPublished 7 May 2026
- H
Memory Allocation with Excessive Size ValueCVE-2026-24146
Affects nvidia-pytriton | Versions [0,]
Has fix
pipPublished 6 May 2026
- H
External Control of File Name or PathCVE-2026-43891
Affects changedetection.io | Versions [,0.55.1)
Has fix
pipPublished 6 May 2026
Affects astrbot | Versions [,4.24.4)
Has fix
pipPublished 6 May 2026
- M
Improper Encoding or Escaping of OutputCVE-2026-41426
Affects pretalx | Versions [,2026.1.0)
Has fix
pipPublished 6 May 2026
- C
User ImpersonationCVE-2026-40177
Affects ajenti.plugin.core | Versions [,0.112)
Has fix
pipPublished 6 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-42175
Affects requests-hardened | Versions [,1.2.1)
Has fix
pipPublished 6 May 2026
- C
Race ConditionCVE-2026-40178
Affects ajenti.plugin.core | Versions [,0.112)
Has fix
pipPublished 6 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-42864
Affects firefighter-incident | Versions [,0.0.54)
Has fix
pipPublished 6 May 2026
- M
HTTP Response SplittingCVE-2026-42874
Affects microdot | Versions [,2.6.1)
Has fix
pipPublished 6 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-42860
Affects edx-enterprise | Versions [7.0.2, 7.0.6)
Has fix
pipPublished 6 May 2026
- H
Incorrect AuthorizationCVE-2026-25660
Affects codechecker | Versions [,6.28.0)
Has fix
pipPublished 6 May 2026
Affects ogham-mcp | Versions [0.6.3, 0.11.1)
Has fix
pipPublished 6 May 2026
- C
Arbitrary Argument InjectionCVE-2026-42601
Affects archivebox | Versions [0,0.9.31rc1)
Has fix
pipPublished 6 May 2026
- H
Directory TraversalCVE-2026-43901
Affects wireshark-mcp | Versions [0,]
Has fix
pipPublished 6 May 2026
Affects ciguard | Versions [,0.8.2)
Has fix
pipPublished 6 May 2026
- M
Allocation of Resources Without Limits or ThrottlingCVE-2026-44219
Affects ciguard | Versions [0.6.0, 0.8.2)
Has fix
pipPublished 6 May 2026
- L
Execution with Unnecessary PrivilegesCVE-2026-44218
Affects ciguard | Versions [,0.8.2)
Has fix
pipPublished 6 May 2026
- L
Symlink AttackCVE-2026-44220
Affects ciguard | Versions [0.8.1,0.8.2)
Has fix
pipPublished 6 May 2026
- H
Arbitrary Code InjectionCVE-2026-6118
Affects astrbot | Versions [0,]
Has fix
pipPublished 6 May 2026