See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Arbitrary Argument InjectionCVE-2026-43893
Affects exiftool-vendored | Versions <35.19.0
Has fix
npmPublished 11 May 2026
- M
Command InjectionCVE-2026-42045
Affects @lobehub/lobehub | Versions >=0.0.0
Has fix
npmPublished 11 May 2026
Affects inngest | Versions >=3.22.0 <3.54.0
Has fix
npmPublished 11 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-44694
Affects n8n-mcp | Versions >=2.18.7 <2.50.2
Has fix
npmPublished 11 May 2026
Affects @cyclonedx/cdxgen | Versions >=9.9.5 <12.3.3
Has fix
npmPublished 11 May 2026
- H
SQL InjectionCVE-2026-44680
Affects @mikro-orm/sql | Versions <7.0.14
Has fix
npmPublished 10 May 2026
- H
SQL InjectionCVE-2026-44680
Affects @mikro-orm/knex | Versions <6.6.14
Has fix
npmPublished 10 May 2026
- M
Directory TraversalCVE-2026-7738
Affects @puchunjie/doc-tools-mcp | Versions >=0.0.0
Has fix
npmPublished 10 May 2026
- M
Directory TraversalCVE-2026-7645
Affects sublinear-time-solver | Versions >=0.0.0
Has fix
npmPublished 10 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-40201
Affects @diplodoc/search-extension | Versions >=1.0.0 <3.0.5
Has fix
npmPublished 10 May 2026
- M
Arbitrary Command InjectionCVE-2026-7446
Affects mcp-server-semgrep | Versions <1.0.1
Has fix
npmPublished 10 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-7223
Affects @dadigua/hyperchat | Versions >=0.0.0
Has fix
npmPublished 10 May 2026
Affects n8n-mcp | Versions <2.50.1
Has fix
npmPublished 10 May 2026
- C
Server-side Request Forgery (SSRF)CVE-2026-42281
Affects magicmirror | Versions <2.36.0
Has fix
npmPublished 10 May 2026
- C
Arbitrary Code InjectionCVE-2026-44009
Affects vm2 | Versions >=3.11.0 <3.11.2
Has fix
npmPublished 10 May 2026
- H
Type ConfusionCVE-2026-44728
Affects @babel/plugin-transform-modules-systemjs | Versions >=7.12.0 <7.29.4>=8.0.0-alpha.0
Has fix
npmPublished 10 May 2026
- M
Use of Cache Containing Sensitive InformationCVE-2026-44457
Affects hono | Versions >=2.0.3 <4.12.18
Has fix
npmPublished 10 May 2026
- M
Improper Validation of Specified Quantity in InputCVE-2026-44459
Affects hono | Versions >=1.1.0 <4.12.18
Has fix
npmPublished 10 May 2026
- M
Improper Encoding or Escaping of OutputCVE-2026-44458
Affects hono | Versions >=4.3.0 <4.12.18
Has fix
npmPublished 10 May 2026
- C
Arbitrary Code InjectionCVE-2026-44008
Affects vm2 | Versions <3.11.2
Has fix
npmPublished 10 May 2026
Affects vm2 | Versions <3.11.2
Has fix
npmPublished 10 May 2026
- C
Unsafe Dependency ResolutionCVE-2026-43940
Affects electerm | Versions <3.7.16
Has fix
npmPublished 9 May 2026
- C
Unsafe Dependency ResolutionCVE-2026-43944
Affects electerm | Versions >=3.0.6 <3.8.15
Has fix
npmPublished 9 May 2026
- H
Cleartext Storage of Sensitive InformationCVE-2026-43942
Affects electerm | Versions <3.9.5
Has fix
npmPublished 9 May 2026
- H
Arbitrary Argument InjectionCVE-2026-43943
Affects electerm | Versions <3.7.9
Has fix
npmPublished 9 May 2026
- M
XML External Entity (XXE) InjectionCVE-2026-44665
Affects fast-xml-builder | Versions <1.1.7
Has fix
npmPublished 8 May 2026
- M
XML InjectionCVE-2026-44664
Affects fast-xml-builder | Versions >=1.1.5 <1.1.6
Has fix
npmPublished 8 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-44589
Affects nuxt-og-image | Versions >=6.2.5 <6.4.9
Has fix
npmPublished 8 May 2026