See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Prototype PollutionCVE-2026-44290
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 14 May 2026
- M
Prototype PollutionCVE-2026-44292
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 13 May 2026
- H
Prototype PollutionCVE-2026-44291
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 13 May 2026
- M
Improper Check for Unusual or Exceptional ConditionsCVE-2026-44294
Affects @protobufjs/codegen | Versions <2.0.5
Has fix
npmPublished 13 May 2026
- M
Improper Check for Unusual or Exceptional ConditionsCVE-2026-44294
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 13 May 2026
- H
Uncontrolled RecursionCVE-2026-44289
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 13 May 2026
- H
Uncontrolled RecursionCVE-2026-44289
Affects protobufjs-cli | Versions <1.2.1>=2.0.0-experimental <2.0.2
Has fix
npmPublished 13 May 2026
- L
Reusing a Nonce, Key Pair in EncryptionCVE-2026-45028
Affects astro | Versions <6.1.10
Has fix
npmPublished 13 May 2026
- M
Improper Handling of Unicode EncodingCVE-2026-44288
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2>=8.0.3-experimental <8.0.3>=8.0.4-experimental <8.2.0
Has fix
npmPublished 13 May 2026
- M
Improper Handling of Unicode EncodingCVE-2026-44288
Affects @protobufjs/utf8 | Versions <1.1.1
Has fix
npmPublished 13 May 2026
- M
Improper AuthenticationCVE-2026-8305
Affects @openclaw/bluebubbles | Versions <2026.2.12
Has fix
npmPublished 13 May 2026
- M
Improper AuthenticationCVE-2026-8305
Affects openclaw | Versions <2026.2.12
Has fix
npmPublished 13 May 2026
- M
Command InjectionCVE-2026-7443
Affects @burtthecoder/mcp-dnstwist | Versions *
No fix available
npmPublished 12 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-7417
Affects xhs-mcp | Versions *
No fix available
npmPublished 12 May 2026
- H
Directory TraversalCVE-2026-6321
Affects fast-uri | Versions <3.1.1
Has fix
npmPublished 12 May 2026
- H
Interpretation ConflictCVE-2026-6322
Affects fast-uri | Versions <3.1.2
Has fix
npmPublished 12 May 2026
- C
Arbitrary Code InjectionCVE-2026-43898
Affects @nyariv/sandboxjs | Versions <0.9.6
Has fix
npmPublished 12 May 2026
- C
Eval InjectionCVE-2026-44643
Affects angular-expressions | Versions <1.5.2
Has fix
npmPublished 12 May 2026
- M
Insufficiently Protected CredentialsCVE-2026-7038
Affects ssh-mcp | Versions *
No fix available
npmPublished 12 May 2026
- H
Arbitrary Command InjectionCVE-2026-7039
Affects ssh-mcp | Versions *
No fix available
npmPublished 12 May 2026
- M
Command InjectionCVE-2026-7062
Affects @context-sync/server | Versions *
No fix available
npmPublished 12 May 2026
- H
Incorrect Behavior OrderCVE-2026-45033
Affects @github/copilot | Versions <1.0.43
Has fix
npmPublished 12 May 2026
- C
Command InjectionCVE-2026-25244
Affects @wdio/browserstack-service | Versions <9.23.3
Has fix
npmPublished 12 May 2026
- H
SQL InjectionCVE-2026-44635
Affects kysely | Versions >=0.26.0 <0.28.17
Has fix
npmPublished 12 May 2026
- M
Exposed Dangerous Method or FunctionCVE-2026-6402
Affects webpack-dev-server | Versions <5.2.4
Has fix
npmPublished 12 May 2026
- M
Arbitrary Code InjectionCVE-2026-41159
Affects mermaid | Versions <10.9.6>=11.0.0-alpha.1 <11.15.0
Has fix
npmPublished 12 May 2026
- M
Arbitrary Code InjectionCVE-2026-41149
Affects mermaid | Versions >=0.0.0 <10.9.6>=11.0.0-alpha.1 <11.15.0
Has fix
npmPublished 12 May 2026
- M
Arbitrary Code InjectionCVE-2026-41148
Affects mermaid | Versions <10.9.6>=11.0.0-alpha.1 <11.15.0
Has fix
npmPublished 12 May 2026