See the full list of npm packages compromised in the "TanStack Supply Chain Compromise - May 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Remote Code Execution (RCE)CVE-2022-46648
Affects git | Versions >=1.2.0, <1.13.0
Has fix
RubyGemsPublished 10 Jan 2023
- L
Cross-site Scripting (XSS)CVE-2020-36644
Affects inline_svg | Versions <1.7.2
Has fix
RubyGemsPublished 8 Jan 2023
- M
Information ExposureCVE-2023-22626
Affects pghero | Versions >=0.1.1, <3.1.0
Has fix
RubyGemsPublished 5 Jan 2023
- M
External Control of Assumed-Immutable Web ParameterCVE-2024-22049
Affects httparty | Versions <0.21.0
Has fix
RubyGemsPublished 4 Jan 2023
- L
Cross-site Scripting (XSS)CVE-2017-20159
Affects keynote | Versions <1.0.0
Has fix
RubyGemsPublished 1 Jan 2023
- C
Arbitrary Command InjectionCVE-2017-20156
Affects printer | Versions >=0.1.0
Has fix
RubyGemsPublished 1 Jan 2023
- L
Cross-site Scripting (XSS)CVE-2019-25088
Affects oxidized-web | Versions <0.14.0
Has fix
RubyGemsPublished 28 Dec 2022
- M
Incorrect Privilege AssignmentCVE-2020-36624
Affects text_helpers | Versions <1.1.0
Has fix
RubyGemsPublished 22 Dec 2022
- L
Regular Expression Denial of Service (ReDoS)CVE-2021-4250
Affects active_attr | Versions <0.15.3
Has fix
RubyGemsPublished 19 Dec 2022
- H
Uncontrolled RecursionCVE-2022-23516
Affects loofah | Versions >=2.2.0, <2.19.1
Has fix
RubyGemsPublished 14 Dec 2022
- M
Cross-site Scripting (XSS)CVE-2022-23519
Affects rails-html-sanitizer | Versions <1.4.4
Has fix
RubyGemsPublished 14 Dec 2022
- M
Cross-site Scripting (XSS)CVE-2022-23518
Affects rails-html-sanitizer | Versions >=1.0.3, <1.4.4
Has fix
RubyGemsPublished 14 Dec 2022
- H
Regular Expression Denial of Service (ReDoS)CVE-2022-23517
Affects rails-html-sanitizer | Versions <1.4.4
Has fix
RubyGemsPublished 14 Dec 2022
- H
Regular Expression Denial of Service (ReDoS)CVE-2022-23514
Affects loofah | Versions <2.19.1
Has fix
RubyGemsPublished 14 Dec 2022
- M
Cross-site Scripting (XSS)CVE-2022-23520
Affects rails-html-sanitizer | Versions <1.4.4
Has fix
RubyGemsPublished 14 Dec 2022
- M
Cross-site Scripting (XSS)CVE-2022-23515
Affects loofah | Versions >=2.1.0, <2.19.1
Has fix
RubyGemsPublished 14 Dec 2022
- H
Denial of Service (DoS)CVE-2022-3510
Affects google-protobuf | Versions >=3.16.0, <3.19.6>=3.20.0-rc-1, <3.20.3>=3.21.0-rc-1, <3.21.7
Has fix
RubyGemsPublished 13 Dec 2022
- H
Unchecked Return ValueCVE-2022-23476
Affects nokogiri | Versions >=1.13.8, <1.13.10
Has fix
RubyGemsPublished 8 Dec 2022
- H
Resources Downloaded over Insecure ProtocolCVE-2022-45442
Affects sinatra | Versions <2.2.3>=3.0.0, <3.0.4
Has fix
RubyGemsPublished 29 Nov 2022
- H
Improper Input ValidationCVE-2021-33621
Affects cgi | Versions <0.1.0.2>=0.2.1, <0.2.2>=0.3.3, <0.3.5
Has fix
RubyGemsPublished 20 Nov 2022
- L
Improper NeutralizationCVE-2022-4064
Affects dalli | Versions <3.2.3
Has fix
RubyGemsPublished 20 Nov 2022
- C
Integer Overflow or WraparoundCVE-2022-37454
Affects sha3 | Versions <1.0.5
Has fix
RubyGemsPublished 6 Nov 2022
- L
Information ExposureCVE-2022-39379
Affects fluentd | Versions >=1.13.2, <1.15.3
Has fix
RubyGemsPublished 2 Nov 2022
Affects sqlite3 | Versions >=1.5.0, <1.5.1
Has fix
RubyGemsPublished 19 Oct 2022
- H
Privilege EscalationCVE-2022-42717
Affects vagrant | Versions >=0.0.0, <2.4.4
Has fix
RubyGemsPublished 12 Oct 2022
- M
Denial of Service (DoS)CVE-2022-39281
Affects fat_free_crm | Versions <0.20.1
Has fix
RubyGemsPublished 9 Oct 2022
- M
Denial of Service (DoS)CVE-2022-3171
Affects google-protobuf | Versions <3.16.3>=3.17.0.rc.1, <3.19.6>=3.20.0.rc.1, <3.20.3>=3.21.0.rc.1, <3.21.7
Has fix
RubyGemsPublished 5 Oct 2022
- M
Heap-based Buffer OverflowCVE-2016-2338
Affects psych | Versions <2.0.17
Has fix
RubyGemsPublished 29 Sept 2022