See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Insufficient Session ExpirationCVE-2026-22706
Affects @strapi/plugin-users-permissions | Versions <5.33.3
Has fix
npmPublished 14 May 2026
- M
Insufficient Session ExpirationCVE-2026-22706
Affects @strapi/admin | Versions <5.33.3
Has fix
npmPublished 14 May 2026
- M
Brute ForceCVE-2025-64526
Affects @strapi/plugin-users-permissions | Versions <5.45.0
Has fix
npmPublished 14 May 2026
- H
Command InjectionCVE-2026-44724
Affects systeminformation | Versions >=4.17.0 <5.31.6
Has fix
npmPublished 14 May 2026
- C
Arbitrary Code InjectionCVE-2026-45411
Affects vm2 | Versions <3.11.3
Has fix
npmPublished 14 May 2026
- H
Arbitrary Code InjectionCVE-2026-44295
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 14 May 2026
- H
Arbitrary Code InjectionCVE-2026-44295
Affects protobufjs-cli | Versions <1.2.1>=2.0.0-experimental <2.0.2
Has fix
npmPublished 14 May 2026
- H
Deserialization of Untrusted DataCVE-2026-45134
Affects langsmith | Versions <0.6.0
Has fix
npmPublished 14 May 2026
- M
Uncontrolled RecursionCVE-2026-45740
Affects protobufjs | Versions <7.5.8>=8.0.0 <8.2.0
Has fix
npmPublished 14 May 2026
- H
Command InjectionCVE-2026-42290
Affects protobufjs-cli | Versions <1.2.1>=2.0.0-experimental <2.0.2
Has fix
npmPublished 14 May 2026
- H
Arbitrary Code InjectionCVE-2026-44293
Affects @protobufjs/utf8 | Versions <1.1.1
Has fix
npmPublished 14 May 2026
- H
Arbitrary Code InjectionCVE-2026-44293
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 14 May 2026
- M
Prototype PollutionCVE-2026-44290
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 14 May 2026
- M
Prototype PollutionCVE-2026-44292
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 13 May 2026
- H
Prototype PollutionCVE-2026-44291
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 13 May 2026
- M
Improper Check for Unusual or Exceptional ConditionsCVE-2026-44294
Affects @protobufjs/codegen | Versions <2.0.5
Has fix
npmPublished 13 May 2026
- M
Improper Check for Unusual or Exceptional ConditionsCVE-2026-44294
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 13 May 2026
- H
Uncontrolled RecursionCVE-2026-44289
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2
Has fix
npmPublished 13 May 2026
- H
Uncontrolled RecursionCVE-2026-44289
Affects protobufjs-cli | Versions <1.2.1>=2.0.0-experimental <2.0.2
Has fix
npmPublished 13 May 2026
- L
Reusing a Nonce, Key Pair in EncryptionCVE-2026-45028
Affects astro | Versions <6.1.10
Has fix
npmPublished 13 May 2026
- M
Improper Handling of Unicode EncodingCVE-2026-44288
Affects protobufjs | Versions <7.5.6>=8.0.0-experimental <8.0.2>=8.0.3-experimental <8.0.3>=8.0.4-experimental <8.2.0
Has fix
npmPublished 13 May 2026
- M
Improper Handling of Unicode EncodingCVE-2026-44288
Affects @protobufjs/utf8 | Versions <1.1.1
Has fix
npmPublished 13 May 2026
- M
Improper AuthenticationCVE-2026-8305
Affects @openclaw/bluebubbles | Versions <2026.2.12
Has fix
npmPublished 13 May 2026
- M
Improper AuthenticationCVE-2026-8305
Affects openclaw | Versions <2026.2.12
Has fix
npmPublished 13 May 2026
- M
Command InjectionCVE-2026-7443
Affects @burtthecoder/mcp-dnstwist | Versions *
No fix available
npmPublished 12 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-7417
Affects xhs-mcp | Versions *
No fix available
npmPublished 12 May 2026
- H
Directory TraversalCVE-2026-6321
Affects fast-uri | Versions <3.1.1
Has fix
npmPublished 12 May 2026