See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Weak Password Recovery Mechanism for Forgotten PasswordCVE-2026-42606
Affects azuracast/azuracast | Versions <0.23.6
Has fix
ComposerPublished 5 May 2026
- H
Directory TraversalCVE-2026-42605
Affects azuracast/azuracast | Versions <0.23.6
Has fix
ComposerPublished 5 May 2026
Affects azuracast/azuracast | Versions <0.23.6
Has fix
ComposerPublished 5 May 2026
Affects azuracast/azuracast | Versions <0.23.6
Has fix
ComposerPublished 5 May 2026
- H
Arbitrary File UploadCVE-2026-38751
Affects devcode-it/openstamanager | Versions >=0.0.0
Has fix
ComposerPublished 5 May 2026
- M
Improper Input ValidationCVE-2026-41890
Affects ci4-cms-erp/ci4ms | Versions >=0.31.1.0, <0.31.8.0
Has fix
ComposerPublished 5 May 2026
- M
Insufficient Session ExpirationCVE-2026-41891
Affects ci4-cms-erp/ci4ms | Versions >=0.26.0, <0.31.8.0
Has fix
ComposerPublished 5 May 2026
- M
Missing AuthorizationCVE-2026-42051
Affects getkirby/cms | Versions <4.9.0>=5.0.0, <5.4.0
Has fix
ComposerPublished 5 May 2026
- M
Missing AuthorizationCVE-2026-42174
Affects getkirby/cms | Versions <4.9.0>=5.0.0, <5.4.0
Has fix
ComposerPublished 5 May 2026
- H
Missing AuthorizationCVE-2026-42069
Affects getkirby/cms | Versions <4.9.0>=5.0.0, <5.4.0
Has fix
ComposerPublished 5 May 2026
- M
Arbitrary File UploadCVE-2026-7733
Affects funadmin/funadmin | Versions >=7.1.0-rc1
Has fix
ComposerPublished 5 May 2026
- C
Weak Password Recovery Mechanism for Forgotten PasswordCVE-2026-29199
Affects phpbb/phpbb | Versions >=3.0.0, <3.3.16-RC1
Has fix
ComposerPublished 4 May 2026
- H
Improper AuthorizationCVE-2026-42202
Affects almirhodzic/nova-toggle-5 | Versions <1.3.0
Has fix
ComposerPublished 4 May 2026
- L
Missing AuthorizationCVE-2026-41498
Affects kimai/kimai | Versions <2.54.0
Has fix
ComposerPublished 4 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-6983
Affects pagekit/pagekit | Versions >=0.0.0
Has fix
ComposerPublished 4 May 2026
- M
Access Control BypassCVE-2026-32699
Affects facturascripts/facturascripts | Versions >=0.0.0
Has fix
ComposerPublished 4 May 2026
- C
Arbitrary Code InjectionCVE-2026-38992
Affects cockpit-hq/cockpit | Versions <2.14.0
Has fix
ComposerPublished 4 May 2026
- H
Arbitrary File UploadCVE-2026-38991
Affects cockpit-hq/cockpit | Versions <2.14.0
Has fix
ComposerPublished 4 May 2026
- H
Insufficient Verification of Data AuthenticityCVE-2026-42206
Affects roadiz/openid | Versions <2.3.43>=2.5.0, <2.5.45>=2.6.0, <2.6.31>=2.7.0, <2.7.18
Has fix
ComposerPublished 4 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-42224
Affects ipl/web | Versions <0.13.1
Has fix
ComposerPublished 4 May 2026
- C
Arbitrary Code InjectionCVE-2026-36340
Affects krayin/laravel-crm | Versions >=2.1.5, <2.1.6
Has fix
ComposerPublished 4 May 2026
Affects prestashop/ps_checkout | Versions <5.3.0
Has fix
ComposerPublished 4 May 2026
- H
Incorrect AuthorizationCVE-2026-42137
Affects getkirby/cms | Versions <4.9.0>=5.0.0, <5.4.0
Has fix
ComposerPublished 4 May 2026
- H
Arbitrary File UploadCVE-2026-41587
Affects ci4-cms-erp/ci4ms | Versions >=0.26.0.0, <0.31.7.0
Has fix
ComposerPublished 3 May 2026
- C
Deserialization of Untrusted DataCVE-2026-42473
Affects mix/mix | Versions >=2.0.0
Has fix
ComposerPublished 3 May 2026
- C
Deserialization of Untrusted DataCVE-2026-42472
Affects mix/mix | Versions >=2.0.0
Has fix
ComposerPublished 3 May 2026
- C
Deserialization of Untrusted DataCVE-2026-42471
Affects mix/mix | Versions >=2.0.0
Has fix
ComposerPublished 3 May 2026
- H
Deserialization of Untrusted DataCVE-2026-37552
Affects mix/mix | Versions >=2.0.0
Has fix
ComposerPublished 3 May 2026