See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Directory TraversalCVE-2026-40982
Affects org.springframework.cloud:spring-cloud-config-server | Versions [,4.3.3)[5.0.0-M1,5.0.3)
Has fix
MavenPublished 7 May 2026
- M
Insertion of Sensitive Information into Log FileCVE-2026-41004
Affects org.springframework.cloud:spring-cloud-config-server | Versions [,4.3.3)[5.0.0-M1,5.0.3)
Has fix
MavenPublished 7 May 2026
- M
Empty Password in Configuration FileCVE-2026-40981
Affects org.springframework.cloud:spring-cloud-config-server | Versions [,4.3.3)[5.0.0-M1,5.0.3)
Has fix
MavenPublished 7 May 2026
- M
Allocation of Resources Without Limits or ThrottlingCVE-2026-44248
Affects io.netty:netty-codec-mqtt | Versions [,4.1.133.Final)[4.2.0.Alpha1,4.2.13.Final)
Has fix
MavenPublished 7 May 2026
- H
Symlink AttackCVE-2026-43998
Affects org.webjars.npm:vm2 | Versions [0,]
Has fix
MavenPublished 7 May 2026
- M
Improper Isolation or CompartmentalizationCVE-2026-44003
Affects org.webjars.npm:vm2 | Versions [0,]
Has fix
MavenPublished 7 May 2026
- M
Improper Isolation or CompartmentalizationCVE-2026-44000
Affects org.webjars.npm:vm2 | Versions [0,]
Has fix
MavenPublished 7 May 2026
- M
Information ExposureCVE-2026-44002
Affects org.webjars.npm:vm2 | Versions [0,]
Has fix
MavenPublished 7 May 2026
- H
CRLF InjectionCVE-2026-42586
Affects io.netty:netty-codec-redis | Versions [,4.1.133.Final)[4.2.0.Alpha1,4.2.13.Final)
Has fix
MavenPublished 7 May 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2025-9263
Affects com.xuxueli:xxl-job-admin | Versions [,3.2.0)
Has fix
MavenPublished 7 May 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2025-9264
Affects com.xuxueli:xxl-job | Versions [,3.2.0)
Has fix
MavenPublished 7 May 2026
- H
Memory Allocation with Excessive Size ValueCVE-2026-42582
Affects io.netty:netty-codec-http3 | Versions [,4.2.13.Final)
Has fix
MavenPublished 7 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-44004
Affects org.webjars.npm:vm2 | Versions [0,]
Has fix
MavenPublished 7 May 2026
- C
Arbitrary Code InjectionCVE-2026-43999
Affects org.webjars.npm:vm2 | Versions [3.9.19,]
Has fix
MavenPublished 7 May 2026
- C
Arbitrary Code InjectionCVE-2026-44005
Affects org.webjars.npm:vm2 | Versions [0,]
Has fix
MavenPublished 7 May 2026
- C
Uncaught ExceptionCVE-2026-44001
Affects org.webjars.npm:vm2 | Versions [0,]
Has fix
MavenPublished 7 May 2026
- H
Directory TraversalCVE-2026-24457
Affects org.glassfish.mq:mqbroker-core | Versions [,6.9.0)
Has fix
MavenPublished 7 May 2026
- H
Null Byte Interaction Error (Poison Null Byte)CVE-2026-42579
Affects io.netty:netty-codec-dns | Versions [,4.1.133.Final)[4.2.0.Alpha1,4.2.13.Final)
Has fix
MavenPublished 7 May 2026
- H
Missing Release of Resource after Effective LifetimeCVE-2026-42577
Affects io.netty:netty-transport-classes-epoll | Versions [4.2.0.Alpha1,4.2.13.Final)
Has fix
MavenPublished 7 May 2026
- M
CRLF InjectionCVE-2026-42578
Affects io.netty:netty-handler-proxy | Versions [,4.1.133.Final)[4.2.0.Alpha1,4.2.13.Final)
Has fix
MavenPublished 7 May 2026
- M
HTTP Request SmugglingCVE-2026-42581
Affects io.netty:netty-codec-http | Versions [,4.1.133.Final)[4.2.0.Alpha1,4.2.13.Final)
Has fix
MavenPublished 7 May 2026
Affects io.netty:netty-codec-compression | Versions [,4.2.13.Final)
Has fix
MavenPublished 7 May 2026
Affects io.netty:netty-codec | Versions [,4.1.133.Final)
Has fix
MavenPublished 7 May 2026
Affects io.netty:netty-codec-http2 | Versions [,4.1.133.Final)[4.2.0.Alpha1,4.2.13.Final)
Has fix
MavenPublished 7 May 2026
- C
Arbitrary Code InjectionCVE-2026-44006
Affects org.webjars.npm:vm2 | Versions [0,]
Has fix
MavenPublished 7 May 2026
- C
Arbitrary Code InjectionCVE-2026-43997
Affects org.webjars.npm:vm2 | Versions [0,]
Has fix
MavenPublished 7 May 2026
- M
HTTP Request SmugglingCVE-2026-42580
Affects io.netty:netty-codec-http | Versions [,4.1.133.Final)[4.2.0.Alpha1,4.2.13.Final)
Has fix
MavenPublished 7 May 2026
- M
HTTP Request SmugglingCVE-2026-42584
Affects io.netty:netty-codec-http | Versions [,4.1.133.Final)[4.2.0.Alpha1,4.2.13.Final)
Has fix
MavenPublished 7 May 2026
- M
HTTP Request SmugglingCVE-2026-42585
Affects io.netty:netty-codec-http | Versions [,4.1.133.Final)[4.2.0.Alpha1,4.2.13.Final)
Has fix
MavenPublished 7 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-42583
Affects io.netty:netty-codec-compression | Versions [,4.2.13.Final)
Has fix
MavenPublished 7 May 2026