See the full list of npm packages compromised in the “Node-gyp Supply Chain Compromise - June 2026” [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-46721
Affects evoweb/sf-register | Versions <13.2.4>=14.0.0, <14.0.2
Has fix
ComposerPublished 26 May 2026
- H
SQL InjectionCVE-2026-8726
Affects georgringer/news | Versions <9.4.1>=10.0.0, <10.0.4>=11.0.0, <11.4.4>=12.0.0, <12.3.2>=13.0.0, <13.0.2>=14.0.0, <14.0.3
Has fix
ComposerPublished 26 May 2026
- M
Directory TraversalCVE-2026-46724
Affects tpwd/ke_search | Versions <5.6.2>=6.0.0, <6.6.1>=7.0.0, <7.0.1
Has fix
ComposerPublished 26 May 2026
- M
XML External Entity (XXE) InjectionCVE-2026-46722
Affects tpwd/ke_search | Versions <5.6.2>=6.0.0, <6.6.1>=7.0.0, <7.0.1
Has fix
ComposerPublished 26 May 2026
- M
XML External Entity (XXE) InjectionCVE-2026-46723
Affects tpwd/ke_search | Versions <5.6.2>=6.0.0, <6.6.1>=7.0.0, <7.0.1
Has fix
ComposerPublished 26 May 2026
- M
Allocation of Resources Without Limits or ThrottlingCVE-2026-46629
Affects twig/intl-extra | Versions <3.26.0
Has fix
ComposerPublished 26 May 2026
- M
Improper Encoding or Escaping of OutputCVE-2026-46637
Affects twig/markdown-extra | Versions <3.26.0
Has fix
ComposerPublished 26 May 2026
- M
Improper Encoding or Escaping of OutputCVE-2026-46637
Affects twig/cssinliner-extra | Versions <3.26.0
Has fix
ComposerPublished 26 May 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-8337
Affects concrete5/concrete5 | Versions <9.5.1
Has fix
ComposerPublished 26 May 2026
- C
SQL InjectionCVE-2026-46670
Affects yeswiki/yeswiki | Versions <4.6.4
Has fix
ComposerPublished 26 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-46683
Affects knplabs/knp-snappy | Versions <1.7.0
Has fix
ComposerPublished 26 May 2026
- H
Command InjectionCVE-2026-46643
Affects knplabs/knp-snappy | Versions <1.7.1
Has fix
ComposerPublished 26 May 2026
- C
SQL InjectionCVE-2026-9082
Affects drupal/core | Versions >=8.9.0-beta1, <10.4.10>=10.5.0-beta1, <10.5.10>=10.6.0-beta1, <10.6.9>=11.0.0-alpha1, <11.1.10>=11.2.0-alpha1, <11.2.12>=11.3.0-alpha1, <11.3.10
Has fix
ComposerPublished 25 May 2026
- H
Missing AuthorizationCVE-2026-35671
Affects thorsten/phpmyfaq | Versions <4.1.3
Has fix
ComposerPublished 25 May 2026
- H
Missing AuthorizationCVE-2026-35671
Affects phpmyfaq/phpmyfaq | Versions <4.1.3
Has fix
ComposerPublished 25 May 2026
- H
Insecure Default Initialization of ResourceCVE-2026-35672
Affects thorsten/phpmyfaq | Versions <4.1.3
Has fix
ComposerPublished 25 May 2026
- H
Insecure Default Initialization of ResourceCVE-2026-35672
Affects phpmyfaq/phpmyfaq | Versions <4.1.3
Has fix
ComposerPublished 25 May 2026
- H
Weak Password Recovery Mechanism for Forgotten PasswordCVE-2026-35676
Affects thorsten/phpmyfaq | Versions <4.1.3
Has fix
ComposerPublished 25 May 2026
- H
Weak Password Recovery Mechanism for Forgotten PasswordCVE-2026-35676
Affects phpmyfaq/phpmyfaq | Versions <4.1.3
Has fix
ComposerPublished 25 May 2026
- H
Weak Password Recovery Mechanism for Forgotten PasswordCVE-2026-35675
Affects thorsten/phpmyfaq | Versions <4.1.3
Has fix
ComposerPublished 25 May 2026
- H
Weak Password Recovery Mechanism for Forgotten PasswordCVE-2026-35675
Affects phpmyfaq/phpmyfaq | Versions <4.1.3
Has fix
ComposerPublished 25 May 2026
- C
Deserialization of Untrusted DataCVE-2026-45077
Affects symfony/monolog-bridge | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 24 May 2026
- M
Missing Authentication for Critical FunctionCVE-2026-47212
Affects symfony/twilio-notifier | Versions >=6.4.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 24 May 2026
- M
Missing Authentication for Critical FunctionCVE-2026-45755
Affects symfony/mailtrap-mailer | Versions <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 24 May 2026
- C
Arbitrary Argument InjectionCVE-2026-45068
Affects symfony/mailer | Versions <5.4.52>=6.0.0-BETA1, <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 24 May 2026
- M
Missing Authentication for Critical FunctionCVE-2026-45754
Affects symfony/lox24-notifier | Versions >=6.4, <6.4.40>=7.0, <7.4.12>=8.0, <8.0.12
Has fix
ComposerPublished 24 May 2026
- M
Regular Expression Denial of Service (ReDoS)CVE-2026-45756
Affects symfony/json-path | Versions <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 24 May 2026
- M
Interpretation ConflictCVE-2026-45066
Affects symfony/html-sanitizer | Versions <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 24 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-45753
Affects symfony/html-sanitizer | Versions <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 24 May 2026
Affects symfony/html-sanitizer | Versions <6.4.40>=7.0.0-BETA1, <7.4.12>=8.0.0-BETA1, <8.0.12
Has fix
ComposerPublished 24 May 2026