Vulnerability DB | Snyk

See the full list of npm packages compromised in the "Antv Supply Chain Compromise - May 2026" [View compromised packages].

Find out if you have vulnerabilities that put you at risk

Test your applications

All Vulnerabilities

APPLICATION

Cargo | Rust
Objective-C, CocoaPods | Swift
Composer | PHP
Conan | C/C++
GitHub | Go
Hex | Elixir / Erlang
Maven | Java
npm | JavaScript
NuGet | C#/F#/VB
Pypi | Python
pub | Dart, Flutter
RubyGems | Ruby
Swift Packages | Swift
C/C++

OPERATING SYSTEM

All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi

Report a new vulnerability

M

Cross-site Scripting (XSS)CVE-2026-45106

Affects weblate | Versions [,2026.5)

Has fix

pipPublished 17 May 2026

H

Arbitrary Code InjectionCVE-2026-45374

Affects deepseek-tui | Versions <0.8.26

Has fix

CargoPublished 17 May 2026

H

Server-side Request Forgery (SSRF)CVE-2026-45373

Affects deepseek-tui | Versions <0.8.26

Has fix

CargoPublished 17 May 2026

H

Server-side Request Forgery (SSRF)CVE-2026-45373

Affects deepseek-tui | Versions <0.8.26

Has fix

npmPublished 17 May 2026

H

Arbitrary Code InjectionCVE-2026-45311

Affects deepseek-tui | Versions <0.8.23

Has fix

npmPublished 17 May 2026

H

Arbitrary Code InjectionCVE-2026-45311

Affects deepseek-tui | Versions >=0.3.0 <0.8.23

Has fix

CargoPublished 17 May 2026

H

Server-side Request Forgery (SSRF)CVE-2026-45310

Affects deepseek-tui | Versions <0.8.22

Has fix

npmPublished 17 May 2026

H

Server-side Request Forgery (SSRF)CVE-2026-45310

Affects deepseek-tui | Versions <0.8.22

Has fix

CargoPublished 17 May 2026

L

Server-side Request Forgery (SSRF)CVE-2026-45366

Affects @utcp/http | Versions <1.1.2

Has fix

npmPublished 17 May 2026

C

User Impersonation

Affects @samanhappy/mcphub | Versions <0.12.17

Has fix

npmPublished 17 May 2026

M

Use of Password Hash With Insufficient Computational EffortCVE-2026-45787

Affects electerm | Versions <3.9.5

Has fix

npmPublished 17 May 2026

C

Improper Verification of Source of a Communication ChannelCVE-2026-45353

Affects electerm | Versions >=3.0.6 <3.9.5

Has fix

npmPublished 17 May 2026

H

Improperly Controlled Modification of Dynamically-Determined Object AttributesCVE-2026-46477

Affects flowise | Versions <3.1.2

Has fix

npmPublished 17 May 2026

H

Improperly Controlled Modification of Dynamically-Determined Object AttributesCVE-2026-46475

Affects flowise | Versions <3.1.2

Has fix

npmPublished 17 May 2026

H

Improperly Controlled Modification of Dynamically-Determined Object AttributesCVE-2026-46479

Affects flowise | Versions <3.1.2

Has fix

npmPublished 17 May 2026

H

Improperly Controlled Modification of Dynamically-Determined Object AttributesCVE-2026-46476

Affects flowise | Versions <3.1.2

Has fix

npmPublished 17 May 2026

H

Improperly Controlled Modification of Dynamically-Determined Object AttributesCVE-2026-46480

Affects flowise | Versions <3.1.2

Has fix

npmPublished 17 May 2026

H

Incomplete List of Disallowed Inputs

Affects flowise | Versions <3.1.2

Has fix

npmPublished 17 May 2026

H

Incomplete List of Disallowed Inputs

Affects flowise-components | Versions <3.1.2

Has fix

npmPublished 17 May 2026

M

Improper AuthorizationCVE-2026-45365

Affects open-webui | Versions [,0.8.11)

Has fix

pipPublished 17 May 2026

M

Missing AuthorizationCVE-2026-45667

Affects open-webui | Versions [,0.8.0)

Has fix

pipPublished 17 May 2026

H

Missing AuthorizationCVE-2026-45399

Affects open-webui | Versions [,0.9.0)

Has fix

pipPublished 17 May 2026

H

Incorrect AuthorizationCVE-2026-45672

Affects open-webui | Versions [,0.8.12)

Has fix

pipPublished 17 May 2026

H

Authorization Bypass Through User-Controlled KeyCVE-2026-45671

Affects open-webui | Versions [,0.9.0)

Has fix

pipPublished 17 May 2026

H

Authorization Bypass Through User-Controlled KeyCVE-2026-45349

Affects open-webui | Versions [,0.9.0)

Has fix

pipPublished 17 May 2026

H

Reliance on File Name or Extension of Externally-Supplied FileCVE-2026-45315

Affects open-webui | Versions [,0.9.3)

Has fix

pipPublished 17 May 2026

M

Cross-site Scripting (XSS)CVE-2026-45318

Affects open-webui | Versions [,0.9.3)

Has fix

pipPublished 17 May 2026

M

Server-side Request Forgery (SSRF)CVE-2026-45347

Affects open-webui | Versions [,0.5.11)

Has fix

pipPublished 17 May 2026

H

Cross-site Scripting (XSS)CVE-2026-45665

Affects open-webui | Versions [,0.8.0)

Has fix

pipPublished 17 May 2026

H

Authorization Bypass Through User-Controlled KeyCVE-2026-45666

Affects open-webui | Versions [,0.8.11)

Has fix

pipPublished 17 May 2026

Product

Partners
Developers & Devops Features
Enterprise Features
Pricing
Test with GitHub
Test with CLI
API status

Resources

Vulnerability DB
Blog
Documentation
FAQs

Company

About
Jobs
Contact
Legal terms
Privacy
Press kit
Events

Contact us

Support
Report a new vuln

Find us online

Track our development

© 2026 Snyk Ltd.