See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Uncontrolled RecursionCVE-2026-44844
Affects eml-parser | Versions [,3.0.1)
Has fix
pipPublished 11 May 2026
- L
Insecure RandomnessCVE-2026-7847
Affects langchain-chatchat | Versions [0,]
Has fix
pipPublished 11 May 2026
Affects homeassistant-cli | Versions [,1.0.0)
Has fix
pipPublished 11 May 2026
Affects banks | Versions [,2.4.2)
Has fix
pipPublished 11 May 2026
Affects potato-annotation | Versions [2.0.0,2.4.5)
Has fix
pipPublished 11 May 2026
- M
Access Control BypassCVE-2026-7711
Affects mindsdb | Versions [,26.1.0rc1)
Has fix
pipPublished 11 May 2026
- L
Server-side Request Forgery (SSRF)CVE-2026-44661
Affects utcp-http | Versions [,1.1.3)
Has fix
pipPublished 11 May 2026
Affects netbox-data-flows | Versions [,1.5.1)
Has fix
pipPublished 11 May 2026
- H
External Control of File Name or PathCVE-2026-44641
Affects apm-cli | Versions [,0.8.12)
Has fix
pipPublished 11 May 2026
- M
Deserialization of Untrusted DataCVE-2026-7597
Affects mem0ai | Versions [,2.0.0b2)
Has fix
pipPublished 11 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-44520
Affects docling-graph | Versions [,1.5.1)
Has fix
pipPublished 11 May 2026
- M
Use of Hard-coded PasswordCVE-2026-7579
Affects astrbot | Versions [,4.17.6)
Has fix
pipPublished 11 May 2026
- H
Unsafe Dependency ResolutionCVE-2026-43003
Affects ironic-python-agent | Versions [1.0.0,]
Has fix
pipPublished 11 May 2026
- H
Authorization Bypass Through User-Controlled KeyCVE-2026-44504
Affects aegra-api | Versions [0.9.0,0.9.7)
Has fix
pipPublished 11 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-44439
Affects playwrightcapture | Versions [,1.39.6)
Has fix
pipPublished 11 May 2026
Affects axonflow | Versions [,6.7.0)
Has fix
pipPublished 11 May 2026
- M
Directory TraversalCVE-2026-7404
Affects mcpo-simple-server | Versions [0,]
Has fix
pipPublished 11 May 2026
- H
Arbitrary Code InjectionCVE-2026-44334
Affects praisonai | Versions [4.5.139,4.6.32)
Has fix
pipPublished 11 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-44363
Affects misp-modules | Versions [0,]
Has fix
pipPublished 11 May 2026
- C
Cross-site Request Forgery (CSRF)CVE-2026-44364
Affects misp-modules | Versions [0,]
Has fix
pipPublished 11 May 2026
- H
Uncaught ExceptionCVE-2026-42544
Affects granian | Versions [,2.7.4)
Has fix
pipPublished 11 May 2026
- H
Improper Handling of Exceptional ConditionsCVE-2026-42545
Affects granian | Versions [,2.7.4)
Has fix
pipPublished 11 May 2026
- H
Unsafe Dependency ResolutionCVE-2026-42510
Affects ironic | Versions [,26.1.6)[27.0.0,29.0.5)[30.0.0,32.0.1)[33.0.0,35.0.1)
Has fix
pipPublished 11 May 2026
- H
XML External Entity (XXE) InjectionCVE-2026-41895
Affects changedetection.io | Versions [,0.55.1)
Has fix
pipPublished 11 May 2026
- H
Arbitrary Code InjectionCVE-2026-42301
Affects pyp2spec | Versions [,0.14.1)
Has fix
pipPublished 11 May 2026
Affects gmaps-mcp | Versions [,0.1.3)
Has fix
pipPublished 11 May 2026
- M
Directory TraversalCVE-2026-7159
Affects mkdocs-mcp-plugin | Versions [0,]
Has fix
pipPublished 11 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-7150
Affects auto-favicon | Versions [0,]
Has fix
pipPublished 11 May 2026