See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
Affects webonyx/graphql-php | Versions <15.32.2
Has fix
ComposerPublished 6 May 2026
- H
Deserialization of Untrusted DataCVE-2026-44167
Affects phpseclib/phpseclib | Versions >=0.0.11, <1.0.29>=2.0.0, <2.0.54>=3.0.0, <3.0.52
Has fix
ComposerPublished 6 May 2026
- M
Open RedirectCVE-2026-42207
Affects openmage/magento-lts | Versions <20.18.0
Has fix
ComposerPublished 6 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-42194
Affects admidio/admidio | Versions <5.0.9
Has fix
ComposerPublished 6 May 2026
- M
CSV InjectionCVE-2026-42267
Affects kimai/kimai | Versions >=2.27.0, <2.54.0
Has fix
ComposerPublished 6 May 2026
Affects openmage/magento-lts | Versions <20.18.0
Has fix
ComposerPublished 6 May 2026
- H
Arbitrary Code InjectionCVE-2026-42607
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- H
Incorrect AuthorizationCVE-2026-42610
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-42841
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-42612
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- H
Deserialization of Untrusted DataCVE-2026-7317
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- C
Directory TraversalCVE-2026-42608
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-42842
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- C
Improper Input ValidationCVE-2026-42613
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-42611
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- H
Improper Enforcement of a Single, Unique ActionCVE-2026-42609
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- C
Directory TraversalCVE-2026-42608
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- L
Authorization Bypass Through User-Controlled KeyCVE-2026-43883
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-43884
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- M
Missing Authentication for Critical FunctionCVE-2026-43881
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- H
Missing AuthorizationCVE-2026-43885
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- M
CRLF InjectionCVE-2026-43882
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-43879
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- M
Arbitrary Code InjectionCVE-2026-43874
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-43876
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- H
Use of GET Request Method With Sensitive Query StringsCVE-2026-43875
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-43878
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026