See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Server-side Request Forgery (SSRF)CVE-2026-34084
Affects phpoffice/phpspreadsheet | Versions <1.30.3>=2.0.0, <2.1.15>=2.2.0, <2.4.4>=3.3.0, <3.10.4>=4.0.0, <5.6.0
Has fix
ComposerPublished 3 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-40863
Affects phpoffice/phpspreadsheet | Versions <1.30.4>=2.0.0, <2.1.16>=2.2.0, <2.4.5>=3.3.0, <3.10.5>=4.0.0, <5.7.0
Has fix
ComposerPublished 3 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-40902
Affects phpoffice/phpspreadsheet | Versions <1.30.4>=2.0.0, <2.1.16>=2.2.0, <2.4.5>=3.3.0, <3.10.5>=4.0.0, <5.7.0
Has fix
ComposerPublished 3 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-35453
Affects phpoffice/phpspreadsheet | Versions <1.30.4>=2.0.0, <2.1.16>=2.2.0, <2.4.5>=3.3.0, <3.10.5>=4.0.0, <5.7.0
Has fix
ComposerPublished 3 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-40296
Affects phpoffice/phpspreadsheet | Versions <1.30.4>=2.0.0, <2.1.16>=2.2.0, <2.4.5>=3.3.0, <3.10.5>=4.0.0, <5.7.0
Has fix
ComposerPublished 3 May 2026
Affects cockpit-hq/cockpit | Versions >=2.13.0, <2.14.0
Has fix
ComposerPublished 3 May 2026
- H
SQL InjectionCVE-2026-5394
Affects pimcore/pimcore | Versions >=12.3.3
Has fix
ComposerPublished 3 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-5362
Affects pimcore/pimcore | Versions >=12.3.3
Has fix
ComposerPublished 3 May 2026
- H
Directory TraversalCVE-2026-38993
Affects cockpit-hq/cockpit | Versions <2.14.0
Has fix
ComposerPublished 3 May 2026
- C
Embedded Malicious CodeCVE-2026-44484
Affects intercom/intercom-php | Versions =5.0.2
Has fix
ComposerPublished 1 May 2026
- H
Directory TraversalCVE-2026-41655
Affects admidio/admidio | Versions <5.0.9
Has fix
ComposerPublished 30 Apr 2026
- H
Improper Verification of Cryptographic SignatureCVE-2026-41669
Affects admidio/admidio | Versions <5.0.9
Has fix
ComposerPublished 30 Apr 2026
- M
Directory TraversalCVE-2026-41656
Affects admidio/admidio | Versions <5.0.9
Has fix
ComposerPublished 30 Apr 2026
- H
Open RedirectCVE-2026-41670
Affects admidio/admidio | Versions <5.0.9
Has fix
ComposerPublished 30 Apr 2026
- M
Information ExposureCVE-2026-41659
Affects admidio/admidio | Versions <5.0.9
Has fix
ComposerPublished 30 Apr 2026
- M
Cross-site Scripting (XSS)CVE-2026-41661
Affects admidio/admidio | Versions <5.0.9
Has fix
ComposerPublished 30 Apr 2026
- M
Cross-site Request Forgery (CSRF)CVE-2026-41663
Affects admidio/admidio | Versions <5.0.9
Has fix
ComposerPublished 30 Apr 2026
- M
Improper Check for Unusual or Exceptional ConditionsCVE-2026-41662
Affects admidio/admidio | Versions <5.0.9
Has fix
ComposerPublished 30 Apr 2026
- H
Missing AuthorizationCVE-2026-41658
Affects admidio/admidio | Versions <5.0.9
Has fix
ComposerPublished 30 Apr 2026
- M
Incorrect AuthorizationCVE-2026-41657
Affects admidio/admidio | Versions <5.0.9
Has fix
ComposerPublished 30 Apr 2026
- H
Improper AuthenticationCVE-2026-41671
Affects admidio/admidio | Versions <5.0.9
Has fix
ComposerPublished 30 Apr 2026
- H
Incorrect AuthorizationCVE-2026-41660
Affects admidio/admidio | Versions <5.0.9
Has fix
ComposerPublished 30 Apr 2026
- H
Arbitrary File UploadCVE-2026-40488
Affects openmage/magento-lts | Versions <20.17.0
Has fix
ComposerPublished 28 Apr 2026
- M
SQL InjectionCVE-2026-6982
Affects showdoc/showdoc | Versions >=2.5.3, <3.8.1
Has fix
ComposerPublished 27 Apr 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-41887
Affects flarum/core | Versions <1.8.16>=2.0.0-beta.1, <2.0.0-rc.1
Has fix
ComposerPublished 27 Apr 2026
- C
Deserialization of Untrusted DataCVE-2026-25524
Affects openmage/magento-lts | Versions <20.17.0
Has fix
ComposerPublished 27 Apr 2026
- H
CRLF InjectionCVE-2026-41570
Affects phpunit/phpunit | Versions >=12.5.21, <12.5.22>=13.1.5, <13.1.6
Has fix
ComposerPublished 27 Apr 2026
- M
Missing AuthorizationCVE-2026-40098
Affects openmage/magento-lts | Versions <20.17.0
Has fix
ComposerPublished 27 Apr 2026
- H
Directory TraversalCVE-2026-25525
Affects openmage/magento-lts | Versions <20.17.0
Has fix
ComposerPublished 27 Apr 2026
- H
Incorrect AuthorizationCVE-2026-41325
Affects getkirby/cms | Versions <4.9.0>=5.0.0-alpha.1, <5.4.0
Has fix
ComposerPublished 27 Apr 2026