See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Improper AuthenticationCVE-2026-45363
Affects jwt | Versions <3.2.0
Has fix
RubyGemsPublished 19 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-33637
Affects faraday | Versions >=2.0.0.alpha-1, <2.14.2
Has fix
RubyGemsPublished 19 May 2026
Affects knot-simple-formatter | Versions >=0.0.0
Has fix
RubyGemsPublished 14 May 2026
Affects knot-rails-assets-pipeline | Versions >=0.0.0
Has fix
RubyGemsPublished 14 May 2026
Affects knot-date-utils-rb | Versions >=0.0.0
Has fix
RubyGemsPublished 14 May 2026
Affects knot-rspec-formatter-json | Versions >=0.0.0
Has fix
RubyGemsPublished 14 May 2026
Affects knot-rack-session-store | Versions >=0.0.0
Has fix
RubyGemsPublished 14 May 2026
Affects knot-devise-jwt-helper | Versions >=0.0.0
Has fix
RubyGemsPublished 14 May 2026
Affects knot-activesupport-logger | Versions >=0.0.0
Has fix
RubyGemsPublished 14 May 2026
- C
Protection Mechanism FailureCVE-2026-41316
Affects erb | Versions <4.0.3.1>=4.0.0, <4.0.4>=5.0.0, <6.0.1.1>=6.0.2, <6.0.4
Has fix
RubyGemsPublished 11 May 2026
- M
Unsafe Dependency ResolutionCVE-2026-44312
Affects css_parser | Versions <1.22.0>=2.0.0, <2.1.0
Has fix
RubyGemsPublished 10 May 2026
- M
Cross-site Scripting (XSS)CVE-2025-67202
Affects sidekiq-cron | Versions <2.4.0
Has fix
RubyGemsPublished 10 May 2026
- C
Insufficient Session ExpirationCVE-2026-44511
Affects katalyst-koi | Versions <4.20.0>=5.0.0.alpha.1, <5.6.0
Has fix
RubyGemsPublished 10 May 2026
- H
Insecure Inherited PermissionsCVE-2026-44836
Affects view_component | Versions >=3.0.0, <4.9.0
Has fix
RubyGemsPublished 10 May 2026
- M
Directory TraversalCVE-2026-44837
Affects view_component | Versions >=3.0.0, <4.9.0
Has fix
RubyGemsPublished 10 May 2026
Affects nokogiri | Versions <1.19.3
Has fix
RubyGemsPublished 7 May 2026
Affects nokogiri | Versions <1.19.3
Has fix
RubyGemsPublished 7 May 2026
Affects graphql | Versions >=2.3.1, <2.3.23>=2.4.0, <2.4.18>=2.5.0, <2.5.26>=2.6.0, <2.6.1
Has fix
RubyGemsPublished 6 May 2026
- H
Improper Enforcement of Behavioral WorkflowCVE-2026-42246
Affects net-imap | Versions <0.3.10>=0.4.0, <0.4.24>=0.5.0, <0.5.14>=0.6.0, <0.6.4
Has fix
RubyGemsPublished 6 May 2026
- M
Inefficient Algorithmic ComplexityCVE-2026-42245
Affects net-imap | Versions <0.4.24>=0.5.0, <0.5.14>=0.6.0, <0.6.4
Has fix
RubyGemsPublished 6 May 2026
Affects net-imap | Versions >=0.4.0, <0.4.24>=0.5.0, <0.5.14>=0.6.0, <0.6.4
Has fix
RubyGemsPublished 6 May 2026
- H
CRLF InjectionCVE-2026-42258
Affects net-imap | Versions <0.4.24>=0.5.0, <0.5.14>=0.6.0, <0.6.4
Has fix
RubyGemsPublished 6 May 2026
- H
CRLF InjectionCVE-2026-42257
Affects net-imap | Versions <0.4.24>=0.5.0, <0.5.14>=0.6.0, <0.6.4
Has fix
RubyGemsPublished 6 May 2026
- H
Execution with Unnecessary PrivilegesCVE-2026-42088
Affects openc3 | Versions <7.0.0-rc3
Has fix
RubyGemsPublished 4 May 2026
- M
Relative Path TraversalCVE-2026-42085
Affects openc3 | Versions <6.10.5>=7.0.0.pre.rc1, <7.0.0-rc3
Has fix
RubyGemsPublished 4 May 2026
- H
Unverified Password ChangeCVE-2026-42084
Affects openc3 | Versions <6.10.5>=7.0.0.pre.rc1, <7.0.0-rc3
Has fix
RubyGemsPublished 4 May 2026
- C
SQL InjectionCVE-2026-42087
Affects openc3 | Versions >=6.7.0, <6.10.6>=7.0.0.pre.rc1, <7.0.0-rc3
Has fix
RubyGemsPublished 4 May 2026
- H
Authorization Bypass Through User-Controlled KeyCVE-2026-42205
Affects avo | Versions <3.31.1
Has fix
RubyGemsPublished 27 Apr 2026
- H
Missing AuthorizationCVE-2026-40870
Affects decidim-comments | Versions <0.30.5>=0.30.0.rc1, <0.31.1
Has fix
RubyGemsPublished 22 Apr 2026