Security Vulnerability : They Hit TanStack. 518 Million Downloads. And the Security Cert Was Real

Mozzi · May 20, 2026, 6:22am

A recently discovered security vulnerability was discovered in GitHub!

Essentially, the risk stems from the ability for hackers to inject a vulnerability into a PR, enabling them to take all your keys.

This is a beyond concerning.

As a safety measure, everyone should wait for a period of at least 24 hours before installing any NPM packages in order to flag possible security risks.

They Hit TanStack. 518 Million Downloads. And the Security Cert Was Real.

Hyperbytes · May 20, 2026, 3:17pm

I believe there have been some serious vulnerabilities found on cPanel also. Patched then re-patched.

Security: CVE-2026-41940 - cPanel & WHM / WP2 Security Update 04/28/2026 – cPanel https://share.google/OJMerSjhWfr4oS0xF

Cheese · May 20, 2026, 3:20pm

NGINX too..

https://cybernews.com/security/nginx-vulnerability-exposes-millions-of-websites/