CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Redos•added 2026/05/20 12:0 a.m.•8 views

ROS-20260520-73-0007

A vulnerability in the WebGL component of Google Chrome and Microsoft Edge browsers is related to reading outside of the allowed range in memory. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality, integrity and availability of protected...

8.8CVSS6AI score0.00324EPSS

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in @antv/g-webgl (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Exploits0References5

Malicious code in @antv/g-webgl-compute (npm)

OSV•added 2026/05/19 12:0 a.m.•7 views

Exploits0References4

MAL-2026-3956 Malicious code in @antv/g-plugin-webgl-renderer (npm)

OSV•added 2026/05/19 12:0 a.m.•7 views

Exploits0References4

MAL-2026-3965 Malicious code in @antv/g-webgl (npm)

OSV•added 2026/05/19 12:0 a.m.•5 views

Exploits0References5

MAL-2026-3966 Malicious code in @antv/g-webgl-compute (npm)

vulnersOsv•added 2026/05/18 9:0 p.m.•5 views

Exploits0References4

@antv/g-canvas (>=2.0.0 <=2.0.52), @antv/g-canvaskit (>=1.0.0 <=1.0.51) +15 more potentially affected by unknown CVE via @antv/g-plugin-image-loader (>=2.0.0 <=2.3.1)

@antv/g-plugin-image-loader NPM version =2.0.0, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.56 - @antv/g6 =5.0.46 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINIMAGELOADER-16754818...

Snyk•added 2026/05/18 9:0 p.m.•9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score

Exploits0References2

Snyk•added 2026/05/18 9:0 p.m.•7 views

Embedded Malicious Code

9.8CVSS5.9AI score

Exploits0References3

vulnersOsv•added 2026/05/18 9:0 p.m.•4 views

@antv/g-web-components (>=2.0.0 <=2.1.1), @antv/g6-extension-3d (>=0.1.0 <=0.1.23) +1 more potentially affected by unknown CVE via @antv/g-webgl (>=2.0.0 <=2.1.1)

@antv/g-webgl NPM version =2.0.0, =2.0.0, =0.1.0, =1.0.2, =1.0.8 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGWEBGL-16755014...

vulnersOsv•added 2026/05/18 9:0 p.m.•4 views

@antv/g-web-components (>=2.0.0 <=2.1.1), @antv/g6-extension-3d (>=0.1.0 <=0.1.23) +1 more potentially affected by unknown CVE via @antv/g-webgl (>=2.0.0 <=2.1.1)

@antv/g-webgl NPM version =2.0.0, =2.0.0, =0.1.0, =1.0.2, =1.0.8 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGWEBGL-16754845...

@antv/g-canvas (>=2.0.0 <=2.0.52), @antv/g-canvaskit (>=1.0.0 <=1.0.51) +9 more potentially affected by unknown CVE via @antv/g-plugin-html-renderer (>=2.0.0 <=2.3.1)

@antv/g-plugin-html-renderer NPM version =2.0.0, =2.0.0, =1.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.56 - @antv/g6 =5.0.46 - @antv/g6-extension-3d =0.1.20 - @antv/s2 =2.4.12-alpha.1 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINHTMLRENDERER-16754947...

Snyk•added 2026/05/18 9:0 p.m.•14 views

Embedded Malicious Code

9.8CVSS5.9AI score

Exploits0References2

@antv/g-mobile-canvas (>=1.0.0 <=1.0.49), @antv/g-mobile-svg (>=1.0.0 <=1.0.46) +1 more potentially affected by unknown CVE via @antv/g-plugin-mobile-interaction (>=1.0.0 <=1.0.9)

@antv/g-plugin-mobile-interaction NPM version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.56 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINMOBILEINTERACTION-16754986...

@antv/g-mobile-webgl (>=1.0.0 <=1.1.1), @antv/g-plugin-3d (>=2.0.0 <=2.1.1) +6 more potentially affected by unknown CVE via @antv/g-plugin-device-renderer (>=2.0.0 <=2.6.1)

@antv/g-plugin-device-renderer NPM version =2.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.2.0, =0.1.0, =1.0.2, =1.0.8 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINDEVICERENDERER-16754932...

@antv/g-mobile-canvas (>=1.0.0 <=1.1.1), @antv/g-mobile-svg (>=1.0.0 <=1.1.1) +1 more potentially affected by unknown CVE via @antv/g-plugin-gesture (>=2.0.0 <=2.1.1)

@antv/g-plugin-gesture NPM version =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINGESTURE-16754438...

@antv/g-mobile-webgl (>=0.0.2 <=0.0.4-alpha.16), @antv/g-plugin-3d (>=1.0.0-alpha.1 <=1.0.24-alpha.16) +1 more potentially affected by unknown CVE via @antv/g-plugin-webgl-renderer (=1.0.26)

@antv/g-plugin-webgl-renderer NPM version =1.0.26 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-plugin-webgl-renderer and may be impacted: - @antv/g-mobile-webgl =0.0.2, =1.0.0-alpha.1, =1.0.0-alpha.0, =1.0.26-alpha.16 Source cves: unknown CV...

vulnersOsv•added 2026/05/18 9:0 p.m.•8 views

@antv/g-mobile-canvas (>=1.0.0 <=1.0.49), @antv/g-mobile-svg (>=1.0.0 <=1.0.46) +1 more potentially affected by unknown CVE via @antv/g-plugin-mobile-interaction (>=1.0.0 <=1.0.9)

@antv/g-plugin-mobile-interaction NPM version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.56 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINMOBILEINTERACTION-16754817...