See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
Affects node-ipc | Versions =9.1.6=9.2.3=12.0.1
Has fix
npmPublished 15 May 2026
Affects marginfi-v2-ui-state | Versions *
No fix available
npmPublished 15 May 2026
Affects deltaprime-primeloans | Versions *
No fix available
npmPublished 15 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-44652
Affects sillytavern | Versions <1.18.0
Has fix
npmPublished 14 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-44651
Affects sillytavern | Versions <1.18.0
Has fix
npmPublished 14 May 2026
- H
Insufficient Session ExpirationCVE-2026-44648
Affects sillytavern | Versions <1.18.0
Has fix
npmPublished 14 May 2026
- M
Arbitrary File UploadCVE-2026-22707
Affects @strapi/upload | Versions <5.33.3
Has fix
npmPublished 14 May 2026
- C
Reliance on Untrusted Inputs in a Security DecisionCVE-2026-44649
Affects sillytavern | Versions <1.18.0
Has fix
npmPublished 14 May 2026
- M
HTTP Response SplittingCVE-2026-44214
Affects eventsource-encoder | Versions <1.0.2
Has fix
npmPublished 14 May 2026
- M
Improper Verification of Cryptographic SignatureCVE-2026-44720
Affects openlearnx | Versions <2.0.4
Has fix
npmPublished 14 May 2026
- H
Arbitrary Code InjectionCVE-2026-45136
Affects claude-code-cache-fix | Versions >=3.5.0 <3.5.2
Has fix
npmPublished 14 May 2026
- H
Directory TraversalCVE-2026-44650
Affects sillytavern | Versions <1.18.0
Has fix
npmPublished 14 May 2026
- M
Directory TraversalCVE-2026-8115
Affects short-video-maker | Versions *
No fix available
npmPublished 14 May 2026
- H
Permissive Cross-domain Policy with Untrusted DomainsCVE-2026-44895
Affects @yoda.digital/gitlab-mcp-server | Versions <0.6.0
Has fix
npmPublished 14 May 2026
Affects @profullstack/mcp-server | Versions *
No fix available
npmPublished 14 May 2026
Affects @strapi/strapi | Versions >=4.0.0 <5.37.0
Has fix
npmPublished 14 May 2026