@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +27 more potentially affected by unknown CVE via @tanstack/start-server-core (>=1.121.0-alpha.28 <=1.167.3)

@tanstack/start-server-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.0.14, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.121.0-alpha.28, =1.97.4, =1.111.10, =1.121.0-alpha.28, =1.169.18 and more Source cves: unknown CVE Source...

@alivault/pico (>=0.1.0 <=0.1.2), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +121 more potentially affected by unknown CVE via @tanstack/start-storage-context (>=1.121.0-alpha.28 <=1.166.4)

@tanstack/start-storage-context NPM version =1.121.0-alpha.28, =0.1.0, =1.0.0, =0.0.1, =0.5.2, =0.1.1, =0.0.4, =1.0.0, =0.2.0, =0.2.0, =0.1.1, =0.2.0, =0.2.0, =0.1.14, =0.1.0, =0.1.38 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3492...

@alivault/pico (>=0.1.0 <=0.1.2), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +92 more potentially affected by unknown CVE via @tanstack/react-start-server (>=1.121.0-alpha.28 <=1.166.52)

@tanstack/react-start-server NPM version =1.121.0-alpha.28, =0.1.0, =1.0.0, =0.0.1, =0.5.2, =0.1.1, =0.0.4, =1.0.0, =0.2.0, =0.2.0, =0.1.1, =0.2.0, =0.2.0, =0.1.14, =0.1.0, =0.1.38 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3471...