Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/12 12:1 a.m.5 views

Malicious code in @tanstack/start-static-server-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb21ff47aa0e512d1f67b02a37d160b475e32fcaa76bea381298a976c3bdd673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/12 12:0 a.m.5 views

Malicious code in @tanstack/virtual-file-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c95e413c2e182a7d35b0ec3ba9f2a979d63c77c1a7f20a6204059f7b66b433bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/11 11:52 p.m.6 views

Malicious code in @tanstack/react-start-rsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54678e0e02befdbc43f928e36fa9a25991d3eb222775849d4225eab0480904f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
Snyk
Snykadded 2026/05/11 9:0 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snykadded 2026/05/11 9:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.17051EPSS
Exploits3References2
OSV
OSVadded 2026/04/29 10:44 p.m.0 views

MAL-2026-3190 Malicious code in tanstack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7028347dbae61f876b9cca30a5d444da26b4ceab8364f00f8f2be35ff6baa2c4 The package tanstack was found to contain malicious code. Source: ghsa-malware a87082b3e2d555f184ce24de123d5e2d03b84521e22903e21e17d0222ab4b5e9 Any...

5.5AI score
Exploits0References1
Snyk
Snykadded 2026/04/29 10:44 p.m.1 views

Embedded Malicious Code

Overview tanstack is a TanStack Player — A developer-first, universal Video Player SDK built on Video.js with headless hooks, plugin architecture, and React-first DX Affected versions of this package are vulnerable to Embedded Malicious Code that exfiltrates environment variables from developers'...

9.8CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder