Vulnerability DB | Snyk

See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].

Find out if you have vulnerabilities that put you at risk

Test your applications

All Vulnerabilities

APPLICATION

Cargo | Rust
Objective-C, CocoaPods | Swift
Composer | PHP
Conan | C/C++
GitHub | Go
Hex | Elixir / Erlang
Maven | Java
npm | JavaScript
NuGet | C#/F#/VB
Pypi | Python
pub | Dart, Flutter
RubyGems | Ruby
Swift Packages | Swift
C/C++

OPERATING SYSTEM

All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi

Report a new vulnerability

C

Malicious Package

Affects @0xengine/xmlrpc | Versions *

No fix available

npmPublished 28 Nov 2024

C

Malicious Package

Affects 1libxmljs2 | Versions *

No fix available

npmPublished 18 Nov 2025

C

Malicious Package

Affects afruitmaliciousxmlparser | Versions *

No fix available

npmPublished 12 Dec 2025

C

Malicious Package

Affects bfruitmaliciousxmlparser | Versions *

No fix available

npmPublished 12 Dec 2025

H

Prototype PollutionCVE-2021-3666

Affects body-parser-xml | Versions <2.0.3

Has fix

npmPublished 12 Sept 2021

C

Malicious Package

Affects body-parse-xml | Versions *

No fix available

npmPublished 1 Sept 2019

C

Malicious Package

Affects cfruitmaliciousxmlparser | Versions *

No fix available

npmPublished 12 Dec 2025

C

Embedded Malicious Code

Affects @clausehq/flows-step-jsontoxml | Versions =0.1.14

Has fix

npmPublished 24 Nov 2025

C

Malicious Package

Affects core-xml | Versions *

No fix available

npmPublished 29 Jun 2023

C

Malicious Package

Affects ctfxmlflgcheck | Versions *

No fix available

npmPublished 19 Dec 2025

C

Malicious Package

Affects dfruitmaliciousxmlparser | Versions *

No fix available

npmPublished 12 Dec 2025

C

Malicious Package

Affects efruitmaliciousxmlparser | Versions *

No fix available

npmPublished 12 Dec 2025

C

Malicious Package

Affects express-xmlrequest | Versions *

No fix available

npmPublished 16 Oct 2025

C

Malicious Package

Affects ext-simplexml | Versions *

No fix available

npmPublished 28 Mar 2022

M

XML External Entity (XXE) InjectionCVE-2026-44665

Affects fast-xml-builder | Versions <1.1.7

Has fix

npmPublished 8 May 2026

M

XML InjectionCVE-2026-44664

Affects fast-xml-builder | Versions >=1.1.5 <1.1.6

Has fix

npmPublished 8 May 2026

M

XML InjectionCVE-2026-41650

Affects fast-xml-builder | Versions <1.1.5

Has fix

npmPublished 23 Apr 2026

H

Improper Validation of Specified Quantity in InputCVE-2026-33349

Affects fast-xml-parser | Versions >=4.0.0-beta.3 <5.5.7

Has fix

npmPublished 20 Mar 2026

H

XML Entity ExpansionCVE-2026-33036

Affects fast-xml-parser | Versions >=4.0.0-beta.0 <5.5.6

Has fix

npmPublished 18 Mar 2026

M

Buffer OverflowCVE-2026-27942

Affects fast-xml-parser | Versions <4.5.4>=5.0.0 <5.3.8

Has fix

npmPublished 26 Feb 2026

H

Incorrect Regular ExpressionCVE-2026-25896

Affects fast-xml-parser | Versions >=4.1.3 <4.5.4>=5.0.0 <5.3.5

Has fix

npmPublished 20 Feb 2026

H

XML Entity ExpansionCVE-2026-26278

Affects fast-xml-parser | Versions >=4.1.3 <4.5.4>=5.0.0 <5.3.6

Has fix

npmPublished 18 Feb 2026

H

Uncaught ExceptionCVE-2026-25128

Affects fast-xml-parser | Versions >=5.0.9 <5.3.4

Has fix

npmPublished 30 Jan 2026

M

Regular Expression Denial of Service (ReDoS)CVE-2024-41818

Affects fast-xml-parser | Versions <4.4.1

Has fix

npmPublished 30 Jul 2024

L

Regular Expression Denial of Service (ReDoS)

Affects fast-xml-parser | Versions >=4.2.4 <4.2.5

Has fix

npmPublished 17 Jul 2023

H

Regular Expression Denial of Service (ReDoS)CVE-2023-34104

Affects fast-xml-parser | Versions <4.2.4

Has fix

npmPublished 7 Jun 2023

M

Prototype PollutionCVE-2023-26920

Affects fast-xml-parser | Versions <4.1.2

Has fix

npmPublished 19 Feb 2023

C

Malicious Package

Affects ffruitmaliciousxmlparser | Versions *

No fix available

npmPublished 12 Dec 2025

C

Malicious Package

Affects fruit-malicious-xml-parser | Versions *

No fix available

npmPublished 12 Dec 2025

C

Malicious Package

Affects gfruitmaliciousxmlparser | Versions *

No fix available

npmPublished 12 Dec 2025

Product

Partners
Developers & Devops Features
Enterprise Features
Pricing
Test with GitHub
Test with CLI
API status

Resources

Vulnerability DB
Blog
Documentation
FAQs

Company

About
Jobs
Contact
Legal terms
Privacy
Press kit
Events

Contact us

Support
Report a new vuln

Find us online

Track our development

© 2026 Snyk Ltd.