See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Out-of-bounds ReadCVE-2026-42446
Affects M2Team/NanaZip | Versions [5.0.1250.0,6.0.1698.0)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- M
Out-of-bounds WriteCVE-2026-44215
Affects M2Team/NanaZip | Versions [5.0.1250.0,6.0.1698.0)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- M
Division by zeroCVE-2026-42443
Affects M2Team/NanaZip | Versions [5.0.1250.0,6.0.1698.0)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- C
Use After FreeCVE-2026-45185
Affects exim/exim | Versions [,4.99.3)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- M
Buffer Underwrite (Buffer Underflow)CVE-2026-5089
Affects cpan-authors/YAML-Syck | Versions [,1.38)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- H
Out-of-bounds ReadCVE-2026-43916
Affects identd-ng/pam_authnft | Versions [,0.2.0-alpha)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- M
Infinite loopCVE-2026-34962
Affects barebox | Versions [,2026.04.0)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- H
Integer Overflow or WraparoundCVE-2026-34963
Affects barebox | Versions [,2026.04.0)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- H
Protection Mechanism FailureCVE-2026-8401
Affects Firefox | Versions [,150.0.3)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- H
Out-of-BoundsCVE-2026-8391
Affects Firefox | Versions [,150.0.3)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- H
Arbitrary Code InjectionCVE-2026-44295
Affects org.webjars.npm:protobufjs | Versions [0,]
Has fix
MavenPublished 14 May 2026
- H
Arbitrary Code InjectionCVE-2026-44295
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 14 May 2026
- H
Arbitrary Code InjectionCVE-2026-44295
Affects protobufjs-cli | Versions <1.2.1>=2.0.0-experimental <2.0.2
Has fix
npmPublished 14 May 2026
- H
Deserialization of Untrusted DataCVE-2026-45134
Affects langchain-classic | Versions [,1.0.7)
Has fix
pipPublished 14 May 2026
- H
Deserialization of Untrusted DataCVE-2026-45134
Affects langsmith | Versions <0.6.0
Has fix
npmPublished 14 May 2026
- H
Deserialization of Untrusted DataCVE-2026-45134
Affects langsmith | Versions [,0.8.0)
Has fix
pipPublished 14 May 2026
- H
Deserialization of Untrusted DataCVE-2026-45134
Affects langchain | Versions [,0.3.30)
Has fix
pipPublished 14 May 2026
- H
Always-Incorrect Control Flow ImplementationCVE-2026-8389
Affects Firefox | Versions [,150.0.3)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- H
Out-of-BoundsCVE-2026-8388
Affects Firefox | Versions [,150.0.3)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- H
Use After FreeCVE-2026-8390
Affects Firefox | Versions [,150.0.3)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- H
Out-of-bounds ReadCVE-2026-34960
Affects barebox | Versions [,2026.04.0)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- M
Out-of-bounds ReadCVE-2026-34961
Affects barebox | Versions [,2026.04.0)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- C
Arbitrary Code InjectionCVE-2026-37630
Affects quickjs-ng/quickjs | Versions [,0.13.0)
Has fix
Unmanaged (C/C++)Published 14 May 2026
- H
Heap-based Buffer OverflowCVE-2026-42046
Affects cacalabs/libcaca | Versions [0,]
Has fix
Unmanaged (C/C++)Published 14 May 2026
- M
Uncontrolled RecursionCVE-2026-45740
Affects org.webjars.npm:protobufjs | Versions [0,]
Has fix
MavenPublished 14 May 2026
- M
Uncontrolled RecursionCVE-2026-45740
Affects protobufjs | Versions <7.5.8>=8.0.0 <8.2.0
Has fix
npmPublished 14 May 2026
- H
Command InjectionCVE-2026-42290
Affects protobufjs-cli | Versions <1.2.1>=2.0.0-experimental <2.0.2
Has fix
npmPublished 14 May 2026
- H
Arbitrary Code InjectionCVE-2026-44293
Affects org.webjars.npm:protobufjs | Versions [0,]
Has fix
MavenPublished 14 May 2026
- H
Arbitrary Code InjectionCVE-2026-44293
Affects @protobufjs/utf8 | Versions <1.1.1
Has fix
npmPublished 14 May 2026
- H
Arbitrary Code InjectionCVE-2026-44293
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 14 May 2026