See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Incorrect AuthorizationCVE-2026-42610
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-42841
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-42612
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- H
Deserialization of Untrusted DataCVE-2026-7317
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- C
Directory TraversalCVE-2026-42608
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-42842
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- C
Improper Input ValidationCVE-2026-42613
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-42611
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- H
Improper Enforcement of a Single, Unique ActionCVE-2026-42609
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- C
Directory TraversalCVE-2026-42608
Affects getgrav/grav | Versions <2.0.0-beta.2
Has fix
ComposerPublished 6 May 2026
- L
Authorization Bypass Through User-Controlled KeyCVE-2026-43883
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-43884
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- M
Missing Authentication for Critical FunctionCVE-2026-43881
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- H
Missing AuthorizationCVE-2026-43885
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- M
CRLF InjectionCVE-2026-43882
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-43879
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- M
Arbitrary Code InjectionCVE-2026-43874
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-43876
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- H
Use of GET Request Method With Sensitive Query StringsCVE-2026-43875
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-43878
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- M
Cross-site Request Forgery (CSRF)CVE-2026-43877
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
- H
Information ExposureCVE-2026-43873
Affects wwbn/avideo | Versions >=0.0.0
Has fix
ComposerPublished 6 May 2026
Affects webonyx/graphql-php | Versions <15.32.3
Has fix
ComposerPublished 6 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-6745
Affects bagisto/bagisto | Versions >=0.0.0
Has fix
ComposerPublished 5 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-6744
Affects bagisto/bagisto | Versions >=0.0.0
Has fix
ComposerPublished 5 May 2026
Affects mckenziearts/livewire-markdown-editor | Versions <1.3
Has fix
ComposerPublished 5 May 2026
Affects azuracast/azuracast | Versions <0.23.6
Has fix
ComposerPublished 5 May 2026