See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
Affects chain-promised-await | Versions *
No fix available
npmPublished 24 Apr 2026
- M
Cross-site Scripting (XSS)CVE-2026-41305
Affects postcss | Versions <8.5.10
Has fix
npmPublished 24 Apr 2026
- C
Remote Code Execution (RCE)CVE-2026-6951
Affects simple-git | Versions <3.36.0
Has fix
npmPublished 24 Apr 2026
Affects @bitwarden/cli | Versions =2026.4.0
Has fix
npmPublished 23 Apr 2026
- H
XML InjectionCVE-2026-41675
Affects @xmldom/xmldom | Versions <0.8.13>=0.9.0 <0.9.10
Has fix
npmPublished 23 Apr 2026
- H
XML InjectionCVE-2026-41674
Affects @xmldom/xmldom | Versions <0.8.13>=0.9.0 <0.9.10
Has fix
npmPublished 23 Apr 2026
- H
Uncontrolled RecursionCVE-2026-41673
Affects @xmldom/xmldom | Versions <0.8.13>=0.9.0 <0.9.10
Has fix
npmPublished 23 Apr 2026
- H
Uncontrolled RecursionCVE-2026-41673
Affects xmldom | Versions *
No fix available
npmPublished 23 Apr 2026
Affects @nklkas/hyperliquid | Versions *
No fix available
npmPublished 23 Apr 2026
Affects changelog-utils-structured-logger | Versions *
No fix available
npmPublished 23 Apr 2026
Affects changelog-cli-logger | Versions *
No fix available
npmPublished 23 Apr 2026
Affects @amsterdam-local/forms-component-library | Versions *
No fix available
npmPublished 23 Apr 2026
Affects rollup-plugin-polyfill-route | Versions *
No fix available
npmPublished 23 Apr 2026
- M
XML InjectionCVE-2026-41650
Affects fast-xml-builder | Versions <1.1.5
Has fix
npmPublished 23 Apr 2026