See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Cross-site Scripting (XSS)CVE-2026-42877
Affects facturascripts/facturascripts | Versions <2026.1
Has fix
ComposerPublished 10 May 2026
- M
Active Debug CodeCVE-2026-42878
Affects facturascripts/facturascripts | Versions >=2026.0
Has fix
ComposerPublished 10 May 2026
- M
Arbitrary File UploadCVE-2026-42879
Affects facturascripts/facturascripts | Versions <2026.1
Has fix
ComposerPublished 10 May 2026
- C
Access Control BypassCVE-2026-37709
Affects snipe/snipe-it | Versions <8.4.1
Has fix
ComposerPublished 10 May 2026
- H
Incorrect AuthorizationCVE-2026-44832
Affects snipe/snipe-it | Versions <8.4.1
Has fix
ComposerPublished 10 May 2026
- L
Cross-site Scripting (XSS)CVE-2026-44831
Affects snipe/snipe-it | Versions <8.4.1
Has fix
ComposerPublished 10 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-44737
Affects getgrav/grav | Versions <1.7.49.5>1.8.0-beta.1, <1.8.0-beta.5
Has fix
ComposerPublished 10 May 2026
- M
Directory TraversalCVE-2026-44298
Affects kimai/kimai | Versions >=2.32.0, <2.56.0
Has fix
ComposerPublished 10 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-44212
Affects prestashop/prestashop | Versions <8.2.6>=9.0.0-alpha.1, <9.1.1
Has fix
ComposerPublished 10 May 2026
Affects web-auth/webauthn-framework | Versions >=5.3.0, <5.3.1
Has fix
ComposerPublished 10 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-36341
Affects krayin/laravel-crm | Versions >=2.1.5, <2.1.6
Has fix
ComposerPublished 10 May 2026
- M
Cross-site Request Forgery (CSRF)CVE-2025-68604
Affects wp-graphql/wp-graphql | Versions <2.5.4
Has fix
ComposerPublished 10 May 2026
- H
Arbitrary File UploadCVE-2026-42844
Affects getgrav/grav | Versions >=0.0.0
Has fix
ComposerPublished 10 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-42548
Affects flightphp/core | Versions <3.18.1
Has fix
ComposerPublished 10 May 2026
- M
Directory TraversalCVE-2026-42549
Affects flightphp/core | Versions <3.18.1
Has fix
ComposerPublished 10 May 2026
- H
Interpretation ConflictCVE-2026-42551
Affects flightphp/core | Versions <3.18.1
Has fix
ComposerPublished 10 May 2026
- H
Information ExposureCVE-2026-42552
Affects flightphp/core | Versions <3.18.1
Has fix
ComposerPublished 10 May 2026
- H
SQL InjectionCVE-2026-42550
Affects flightphp/core | Versions <3.18.1
Has fix
ComposerPublished 10 May 2026
- M
Insufficient Verification of Data AuthenticityCVE-2026-7689
Affects dolibarr/dolibarr | Versions >=0.0.0
Has fix
ComposerPublished 10 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-42458
Affects openmage/magento-lts | Versions <20.18.0
Has fix
ComposerPublished 10 May 2026
- M
Information ExposureCVE-2026-44306
Affects statamic/cms | Versions <5.73.21>=6.0.0-alpha.1, <6.15.0
Has fix
ComposerPublished 10 May 2026
- H
Incorrect AuthorizationCVE-2026-46362
Affects phpmyfaq/phpmyfaq | Versions <4.1.2
Has fix
ComposerPublished 10 May 2026
- H
Incorrect AuthorizationCVE-2026-46362
Affects thorsten/phpmyfaq | Versions <4.1.2
Has fix
ComposerPublished 10 May 2026
- H
Directory TraversalCVE-2026-45008
Affects thorsten/phpmyfaq | Versions <4.1.2
Has fix
ComposerPublished 10 May 2026
- H
Directory TraversalCVE-2026-45008
Affects phpmyfaq/phpmyfaq | Versions <4.1.2
Has fix
ComposerPublished 10 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-46360
Affects phpmyfaq/phpmyfaq | Versions <4.1.2
Has fix
ComposerPublished 10 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-46360
Affects thorsten/phpmyfaq | Versions <4.1.2
Has fix
ComposerPublished 10 May 2026
- M
Missing AuthorizationCVE-2026-46365
Affects phpmyfaq/phpmyfaq | Versions <4.1.2
Has fix
ComposerPublished 10 May 2026
- M
Missing AuthorizationCVE-2026-46365
Affects thorsten/phpmyfaq | Versions <4.1.2
Has fix
ComposerPublished 10 May 2026
- H
Incorrect AuthorizationCVE-2026-46366
Affects thorsten/phpmyfaq | Versions <4.1.2
Has fix
ComposerPublished 10 May 2026