See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- C
Prototype PollutionCVE-2026-44791
Affects n8n-nodes-base | Versions <2.20.4>=2.21.0 <2.21.1
Has fix
npmPublished 17 May 2026
- H
Arbitrary Argument InjectionCVE-2026-44790
Affects n8n-nodes-base | Versions <1.121.29>=2.0.0-rc.0 <2.20.4>=2.21.0 <2.21.1
Has fix
npmPublished 17 May 2026
Affects github.com/nhost/nhost/services/auth/go/controller | Versions <0.50.1
Has fix
GoPublished 17 May 2026
Affects github.com/nhost/nhost/services/auth/go/sql | Versions <0.50.1
Has fix
GoPublished 17 May 2026
Affects github.com/nhost/nhost/services/auth/go/api | Versions <0.50.1
Has fix
GoPublished 17 May 2026
- H
Improper Verification of Cryptographic SignatureCVE-2026-44714
Affects org.bitcoinj:bitcoinj-core | Versions [0.15,0.17.1)
Has fix
MavenPublished 17 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-44541
Affects ethyca-fides | Versions [2.33.0,2.84.5rc0)
Has fix
pipPublished 17 May 2026
- H
Improper Privilege ManagementCVE-2026-43978
Affects wger | Versions [0,]
Has fix
pipPublished 17 May 2026
- H
SQL InjectionCVE-2026-44792
Affects @n8n/api-types | Versions <1.20.1>=1.21.0 <1.21.1
Has fix
npmPublished 17 May 2026
- C
Improper Handling of Case SensitivityCVE-2026-45062
Affects github.com/dunglas/frankenphp/caddy | Versions >=1.11.2 <1.12.3
Has fix
GoPublished 17 May 2026
- M
XML External Entity (XXE) InjectionCVE-2023-42344
Affects org.opencms:opencms-core | Versions [,10.5.1)
Has fix
MavenPublished 17 May 2026
- M
Cross-site Scripting (XSS)CVE-2023-42343
Affects org.opencms:opencms-core | Versions [,10.5.1)
Has fix
MavenPublished 17 May 2026
- H
XML External Entity (XXE) InjectionCVE-2023-42346
Affects org.opencms:opencms-core | Versions [,16.0)
Has fix
MavenPublished 17 May 2026
- M
Cross-site Scripting (XSS)CVE-2023-42345
Affects org.opencms:opencms-core | Versions [,16.0)
Has fix
MavenPublished 17 May 2026
- H
Asymmetric Resource Consumption (Amplification)CVE-2026-45078
Affects matrix-synapse | Versions [,1.152.1)
Has fix
pipPublished 17 May 2026
- M
Improper Check for Unusual or Exceptional ConditionsCVE-2026-45076
Affects matrix-synapse | Versions [,1.152.1)
Has fix
pipPublished 17 May 2026
- H
External Control of File Name or PathCVE-2026-44353
Affects streamlink | Versions [,8.4.0)
Has fix
pipPublished 17 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-45106
Affects weblate | Versions [,2026.5)
Has fix
pipPublished 17 May 2026
- H
Arbitrary Code InjectionCVE-2026-45374
Affects deepseek-tui | Versions <0.8.26
Has fix
CargoPublished 17 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-45373
Affects deepseek-tui | Versions <0.8.26
Has fix
CargoPublished 17 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-45373
Affects deepseek-tui | Versions <0.8.26
Has fix
npmPublished 17 May 2026
- H
Arbitrary Code InjectionCVE-2026-45311
Affects deepseek-tui | Versions <0.8.23
Has fix
npmPublished 17 May 2026
- H
Arbitrary Code InjectionCVE-2026-45311
Affects deepseek-tui | Versions >=0.3.0 <0.8.23
Has fix
CargoPublished 17 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-45310
Affects deepseek-tui | Versions <0.8.22
Has fix
npmPublished 17 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-45310
Affects deepseek-tui | Versions <0.8.22
Has fix
CargoPublished 17 May 2026
- L
Server-side Request Forgery (SSRF)CVE-2026-45366
Affects @utcp/http | Versions <1.1.2
Has fix
npmPublished 17 May 2026