See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Server-side Request Forgery (SSRF)CVE-2026-7417
Affects xhs-mcp | Versions *
No fix available
npmPublished 12 May 2026
- H
Directory TraversalCVE-2026-6321
Affects fast-uri | Versions <3.1.1
Has fix
npmPublished 12 May 2026
- H
Interpretation ConflictCVE-2026-6322
Affects fast-uri | Versions <3.1.2
Has fix
npmPublished 12 May 2026
- C
Arbitrary Code InjectionCVE-2026-43898
Affects @nyariv/sandboxjs | Versions <0.9.6
Has fix
npmPublished 12 May 2026
- C
Eval InjectionCVE-2026-44643
Affects angular-expressions | Versions <1.5.2
Has fix
npmPublished 12 May 2026
- M
Insufficiently Protected CredentialsCVE-2026-7038
Affects ssh-mcp | Versions *
No fix available
npmPublished 12 May 2026
- H
Arbitrary Command InjectionCVE-2026-7039
Affects ssh-mcp | Versions *
No fix available
npmPublished 12 May 2026
- M
Command InjectionCVE-2026-7062
Affects @context-sync/server | Versions *
No fix available
npmPublished 12 May 2026
- H
Incorrect Behavior OrderCVE-2026-45033
Affects @github/copilot | Versions <1.0.43
Has fix
npmPublished 12 May 2026
- C
Command InjectionCVE-2026-25244
Affects @wdio/browserstack-service | Versions <9.23.3
Has fix
npmPublished 12 May 2026
- H
SQL InjectionCVE-2026-44635
Affects kysely | Versions >=0.26.0 <0.28.17
Has fix
npmPublished 12 May 2026
- M
Exposed Dangerous Method or FunctionCVE-2026-6402
Affects webpack-dev-server | Versions <5.2.4
Has fix
npmPublished 12 May 2026
- M
Arbitrary Code InjectionCVE-2026-41159
Affects mermaid | Versions <10.9.6>=11.0.0-alpha.1 <11.15.0
Has fix
npmPublished 12 May 2026
- M
Arbitrary Code InjectionCVE-2026-41149
Affects mermaid | Versions >=0.0.0 <10.9.6>=11.0.0-alpha.1 <11.15.0
Has fix
npmPublished 12 May 2026
- M
Arbitrary Code InjectionCVE-2026-41148
Affects mermaid | Versions <10.9.6>=11.0.0-alpha.1 <11.15.0
Has fix
npmPublished 12 May 2026
- M
Infinite loopCVE-2026-41150
Affects mermaid | Versions <10.9.6>=11.0.0-alpha.1 <11.15.0
Has fix
npmPublished 12 May 2026
Affects @opensearch-project/opensearch | Versions =3.5.3=3.6.2=3.7.0=3.8.0
Has fix
npmPublished 12 May 2026
Affects @uipath/agent.sdk | Versions =0.0.18
Has fix
npmPublished 12 May 2026
Affects @uipath/apollo-react | Versions =4.24.5
Has fix
npmPublished 12 May 2026
Affects @mesadev/saguaro | Versions =0.4.22
Has fix
npmPublished 12 May 2026
Affects @mistralai/mistralai-gcp | Versions =1.7.3=1.7.1=1.7.2
Has fix
npmPublished 12 May 2026
Affects @mistralai/mistralai-azure | Versions =1.7.3=1.7.1=1.7.2
Has fix
npmPublished 12 May 2026
Affects @tallyui/core | Versions =0.2.3=0.2.2=0.2.1
Has fix
npmPublished 12 May 2026
Affects @tallyui/connector-medusa | Versions =1.0.3=1.0.2=1.0.1
Has fix
npmPublished 12 May 2026
Affects @tallyui/database | Versions =1.0.3=1.0.2=1.0.1
Has fix
npmPublished 12 May 2026
Affects @tallyui/connector-woocommerce | Versions =1.0.3=1.0.2=1.0.1
Has fix
npmPublished 12 May 2026