See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
Affects uuid | Versions <11.1.1>=12.0.0 <14.0.0
Has fix
npmPublished 23 Apr 2026
- M
Cross-site Scripting (XSS)CVE-2026-41238
Affects dompurify | Versions >=3.0.1 <3.4.0
Has fix
npmPublished 23 Apr 2026
- L
Cross-site Scripting (XSS)CVE-2026-41239
Affects dompurify | Versions >=1.0.10 <3.4.0
Has fix
npmPublished 23 Apr 2026
- H
Missing AuthorizationCVE-2026-41266
Affects flowise | Versions <3.1.0
Has fix
npmPublished 22 Apr 2026
Affects kube-health-tools | Versions *
No fix available
npmPublished 22 Apr 2026
- H
Arbitrary File UploadCVE-2026-41269
Affects flowise-components | Versions <3.1.0
Has fix
npmPublished 22 Apr 2026
- H
Arbitrary File UploadCVE-2026-41269
Affects flowise | Versions <3.1.0
Has fix
npmPublished 22 Apr 2026
- H
Missing Authentication for Critical FunctionCVE-2026-41273
Affects flowise | Versions <3.1.0
Has fix
npmPublished 22 Apr 2026
- M
Cross-site Scripting (XSS)CVE-2026-41067
Affects astro | Versions <6.1.6
Has fix
npmPublished 22 Apr 2026
Affects @usealloy/component-library | Versions *
No fix available
npmPublished 22 Apr 2026
Affects @openwebconcept/theme-owc | Versions >=1.0.1 <=1.0.3
Has fix
npmPublished 22 Apr 2026
Affects @openwebconcept/design-tokens | Versions >=1.0.1 <=1.0.3
Has fix
npmPublished 22 Apr 2026
Affects @automagik/genie | Versions >=4.260421.33 <=4.260421.39
Has fix
npmPublished 22 Apr 2026