See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
Affects @automagik/genie | Versions >=4.260421.33 <=4.260421.39
Has fix
npmPublished 22 Apr 2026
Affects pgserve | Versions >=1.1.11 <=1.1.14
Has fix
npmPublished 22 Apr 2026
Affects @usealloy/api-contract | Versions *
No fix available
npmPublished 22 Apr 2026
Affects flowise | Versions <3.1.0
Has fix
npmPublished 21 Apr 2026
Affects com.tencent.puerts.agent | Versions *
No fix available
npmPublished 21 Apr 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-40346
Affects @nocobase/plugin-workflow-request | Versions <2.0.37
Has fix
npmPublished 21 Apr 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-40346
Affects @nocobase/plugin-ai | Versions <2.0.37
Has fix
npmPublished 21 Apr 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-40346
Affects @nocobase/plugin-action-custom-request | Versions <2.0.37
Has fix
npmPublished 21 Apr 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-40346
Affects @nocobase/utils | Versions <2.0.37
Has fix
npmPublished 21 Apr 2026
- M
Incorrect AuthorizationCVE-2026-40155
Affects @auth0/nextjs-auth0 | Versions >=4.12.0 <4.18.0
Has fix
npmPublished 21 Apr 2026
- M
Cleartext Transmission of Sensitive InformationCVE-2026-41275
Affects flowise | Versions <3.1.0
Has fix
npmPublished 21 Apr 2026
- C
Improper Handling of Missing ValuesCVE-2026-41276
Affects flowise | Versions >=3.0.1 <3.1.0
Has fix
npmPublished 21 Apr 2026
- H
Authorization Bypass Through User-Controlled KeyCVE-2026-41279
Affects flowise | Versions >=3.0.8 <3.1.0
Has fix
npmPublished 21 Apr 2026
- H
Insertion of Sensitive Information Into Sent DataCVE-2026-41278
Affects flowise | Versions >=3.0.5 <3.1.0
Has fix
npmPublished 21 Apr 2026
Affects internal_insights_enabled | Versions *
No fix available
npmPublished 21 Apr 2026
- H
Authorization Bypass Through User-Controlled KeyCVE-2026-41277
Affects flowise | Versions >=1.7.1 <3.1.0
Has fix
npmPublished 21 Apr 2026
Affects flowise-components | Versions <3.1.0
Has fix
npmPublished 21 Apr 2026
- L
Server-side Request Forgery (SSRF)CVE-2026-43995
Affects flowise-components | Versions <3.1.0
Has fix
npmPublished 21 Apr 2026
- H
Missing Authentication for Critical FunctionCVE-2026-41428
Affects @budibase/backend-core | Versions <3.35.10
Has fix
npmPublished 21 Apr 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-41271
Affects flowise-components | Versions <3.1.0
Has fix
npmPublished 21 Apr 2026
- M
Command InjectionCVE-2026-40933
Affects flowise-components | Versions <3.1.0
Has fix
npmPublished 21 Apr 2026
- M
Improper Verification of Cryptographic SignatureCVE-2026-41301
Affects openclaw | Versions <2026.3.31
Has fix
npmPublished 21 Apr 2026
- M
Cleartext Transmission of Sensitive InformationCVE-2026-40045
Affects openclaw | Versions <2026.4.2
Has fix
npmPublished 21 Apr 2026
Affects flowise-components | Versions >=1.4.3 <3.1.0
Has fix
npmPublished 21 Apr 2026
Affects apple-cloudkit-internal | Versions *
No fix available
npmPublished 21 Apr 2026
Affects cktool.core.internal | Versions *
No fix available
npmPublished 21 Apr 2026
Affects ac-sasskit-internal | Versions *
No fix available
npmPublished 21 Apr 2026
Affects apple-internal-security-poc-frank | Versions *
No fix available
npmPublished 21 Apr 2026