See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Directory TraversalCVE-2026-39973
Affects org.apktool:apktool-lib | Versions [3.0.1,3.0.2)
Has fix
MavenPublished 5 May 2026
- H
Improper Encoding or Escaping of OutputCVE-2026-35582
Affects gov.nsa.emissary:emissary | Versions [,8.43.0)
Has fix
MavenPublished 5 May 2026
- H
Incorrect AuthorizationCVE-2026-39852
Affects io.quarkus:quarkus-vertx-http | Versions [,3.20.6.1)[3.21.0,3.27.3.1)[3.28.0,3.33.1.1)[3.34.0.CR1,3.34.7)[3.35.0.CR1,3.35.1)
Has fix
MavenPublished 5 May 2026
- H
Incorrect AuthorizationCVE-2026-39852
Affects io.quarkus:quarkus-undertow | Versions [,3.20.6.1)[3.21.0,3.27.3.1)[3.28.0,3.33.1.1)[3.34.0.CR1,3.34.7)[3.35.0.CR1,3.35.1)
Has fix
MavenPublished 5 May 2026
- H
Incorrect AuthorizationCVE-2026-39852
Affects io.quarkus:quarkus-oidc | Versions [,3.20.6.1)[3.21.0,3.27.3.1)[3.28.0,3.33.1.1)[3.34.0.CR1,3.34.7)[3.35.0.CR1,3.35.1)
Has fix
MavenPublished 5 May 2026
- H
Incorrect AuthorizationCVE-2026-39852
Affects io.quarkus:quarkus-keycloak-authorization | Versions [,3.20.6.1)[3.21.0,3.27.3.1)[3.28.0,3.33.1.1)[3.34.0.CR1,3.34.7)[3.35.0.CR1,3.35.1)
Has fix
MavenPublished 5 May 2026
- H
XML External Entity (XXE) InjectionCVE-2026-40682
Affects org.apache.opennlp:opennlp-runtime | Versions [3.0.0-M1,3.0.0-M3)
Has fix
MavenPublished 5 May 2026
- H
XML External Entity (XXE) InjectionCVE-2026-40682
Affects org.apache.opennlp:opennlp-tools | Versions [,2.5.9)
Has fix
MavenPublished 5 May 2026
- H
Unsafe ReflectionCVE-2026-42027
Affects org.apache.opennlp:opennlp-api | Versions [3.0.0-M1,3.0.0-M3)
Has fix
MavenPublished 5 May 2026
- H
Unsafe ReflectionCVE-2026-42027
Affects org.apache.opennlp:opennlp-tools | Versions [,2.5.9)
Has fix
MavenPublished 5 May 2026
- C
Expression Language InjectionCVE-2026-41901
Affects org.thymeleaf:thymeleaf-spring5 | Versions [,3.1.5.RELEASE)
Has fix
MavenPublished 5 May 2026
- C
Expression Language InjectionCVE-2026-41901
Affects org.thymeleaf:thymeleaf-spring6 | Versions [,3.1.5.RELEASE)
Has fix
MavenPublished 5 May 2026
- C
Prototype PollutionCVE-2026-42264
Affects org.webjars.npm:axios | Versions [1.0.0,1.15.2)
Has fix
MavenPublished 5 May 2026
- C
Arbitrary Code InjectionCVE-2026-3960
Affects ai.h2o:h2o-core | Versions [,3.46.0.10)
Has fix
MavenPublished 4 May 2026
- M
Open RedirectCVE-2026-42525
Affects org.jenkins-ci.plugins:azure-ad | Versions [,667.v4c5827a_e74a_0)
Has fix
MavenPublished 4 May 2026
- C
Deserialization of Untrusted DataCVE-2026-42779
Affects org.apache.mina:mina-core | Versions [2.1.0,2.1.12)[2.2.0,2.2.7)
Has fix
MavenPublished 3 May 2026
- C
Deserialization of Untrusted DataCVE-2026-42778
Affects org.apache.mina:mina-core | Versions [2.1.0,2.1.12)[2.2.0,2.2.7)
Has fix
MavenPublished 3 May 2026
- H
Infinite loopCVE-2026-42403
Affects org.apache.neethi:neethi | Versions [,3.2.2)
Has fix
MavenPublished 3 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-42404
Affects org.apache.neethi:neethi | Versions [,3.2.2)
Has fix
MavenPublished 3 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-42402
Affects org.apache.neethi:neethi | Versions [,3.2.2)
Has fix
MavenPublished 3 May 2026
- L
Improper Certificate ValidationCVE-2026-6856
Affects org.keycloak:keycloak-services | Versions [0,]
Has fix
MavenPublished 3 May 2026
- M
Forced BrowsingCVE-2026-7500
Affects org.keycloak:keycloak-services | Versions [0,]
Has fix
MavenPublished 3 May 2026
- M
Uncontrolled RecursionCVE-2026-22021
Affects org.graalvm.sdk:graal-sdk | Versions [, 17.0.18)[21.0.0, 21.0.10)
Has fix
MavenPublished 3 May 2026
- H
Infinite loopCVE-2026-34282
Affects org.graalvm.sdk:graal-sdk | Versions [, 17.0.18)[21.0.0, 21.0.10)
Has fix
MavenPublished 3 May 2026
- H
Memory Allocation with Excessive Size ValueCVE-2026-33524
Affects io.github.ndsev:zserio-runtime | Versions [,2.18.1)
Has fix
MavenPublished 3 May 2026
- H
Integer Overflow or WraparoundCVE-2026-33666
Affects io.github.ndsev:zserio-runtime | Versions [,2.18.1)
Has fix
MavenPublished 3 May 2026
- C
Cross-site Scripting (XSS)CVE-2026-42523
Affects com.coravy.hudson.plugins.github:github | Versions [,1.46.0.1)
Has fix
MavenPublished 3 May 2026
- M
Deserialization of Untrusted DataCVE-2025-62233
Affects org.apache.dolphinscheduler:dolphinscheduler-extract-base | Versions [,3.3.1)
Has fix
MavenPublished 30 Apr 2026
- H
Arbitrary Code InjectionCVE-2026-41044
Affects org.apache.activemq:activemq-broker | Versions [,5.19.6)[6.0.0,6.2.5)
Has fix
MavenPublished 30 Apr 2026
- H
Arbitrary Code InjectionCVE-2026-40466
Affects org.apache.activemq:activemq-broker | Versions [,5.19.6)[6.0.0,6.2.5)
Has fix
MavenPublished 30 Apr 2026