Lucene search
K

20 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/05/27 12:0 a.m.19 views

VulnCheck KEV: CVE-2026-45321

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...

9.6CVSS7.5AI score0.02342EPSS
In wildExploits3References5
GithubExploit
GithubExploit
added 2026/05/25 3:34 p.m.93 views

Exploit for Embedded Malicious Code in Tanstack Tanstack\/Arktype-Adapter

Simulasi Supply Chain Attack — CVE-2026-45321 TanStack Ed...

9.6CVSS7.7AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/12 12:12 a.m.8 views

@tanstack/react-start (=1.166.4), @tanstack/react-start-client (=1.166.4) +11 more potentially affected by CVE-2026-45321 via @tanstack/start-storage-context (=1.166.4)

@tanstack/start-storage-context NPM version =1.166.4 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/start-storage-context and may be impacted: - @tanstack/react-start =1.166.4 - @tanstack/react-start-client =1.166.4 -...

9.6CVSS8AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/12 12:12 a.m.7 views

@tanstack/router-devtools (=1.166.2) potentially affected by CVE-2026-45321 via @tanstack/react-router-devtools (=1.166.2)

@tanstack/react-router-devtools NPM version =1.166.2 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/react-router-devtools and may be impacted: - @tanstack/router-devtools =1.166.2 Source cves: CVE-2026-45321 Source advisory:...

9.6CVSS8AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/12 12:12 a.m.7 views

@tanstack/react-start (>=1.167.5 <=1.167.6), @tanstack/router-vite-plugin (=1.166.19) +3 more potentially affected by CVE-2026-45321 via @tanstack/router-plugin (=1.167.4)

@tanstack/router-plugin NPM version =1.167.4 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/router-plugin and may be impacted: - @tanstack/react-start =1.167.5, =1.167.5, =1.167.8, =1.167.5, =1.167.6 Source cves: CVE-2026-45321 Source...

9.6CVSS8AI score0.02342EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2026/05/12 12:12 a.m.6 views

CVE-2026-45321

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...

9.6CVSS5.8AI score0.02342EPSS
Exploits3References3Affected Software42
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.9 views

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +23 more potentially affected by CVE-2026-45321 via @tanstack/start-plugin-core (>=1.121.0-alpha.28 <=1.169.20)

@tanstack/start-plugin-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.1, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.97.4, =1.111.10, =1.141.0, =0.3.0, =0.7.0 and more Source cves: CVE-2026-45321 Source advisory:...

9.6CVSS7.5AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.10 views

@tanstack/solid-start (>=1.121.0-alpha.28 <=1.167.62) potentially affected by CVE-2026-45321 via @tanstack/solid-start-client (>=1.121.0-alpha.28 <=1.166.5)

@tanstack/solid-start-client NPM version =1.121.0-alpha.28, =1.121.0-alpha.28, =1.167.62 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSOLIDSTARTCLIENT-16640233...

9.6CVSS8AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.10 views

@env-hopper/frontend-build-vite (=2.0.1-alpha.0), @graphprotocol/hypergraph-cli (>=0.0.0-alpha.7 <=0.0.0-alpha.22) +9 more potentially affected by CVE-2026-45321 via @tanstack/react-router-devtools (>=1.120.20 <=1.166.13)

@tanstack/react-router-devtools NPM version =1.120.20, =0.0.0-alpha.7, =0.7.5, =0.4.2, =0.0.1, =1.121.0-alpha.28, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTROUTERDEVTOOLS-16640206...

9.6CVSS7.5AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.10 views

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +26 more potentially affected by CVE-2026-45321 via @tanstack/virtual-file-routes (>=1.121.0-alpha.28 <=1.154.7)

@tanstack/virtual-file-routes NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.0, =1.20.3-alpha.1, =1.111.10, =1.130.0, =1.121.0-alpha.28, =1.121.0-alpha.28, =1.121.0-alpha.28, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.114.29, =1.130.0, =1.97.4, =1.120.20 and more Source cves: CVE-2026-45321 Sour...

9.6CVSS7.4AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.10 views

@antidrawapp/runtime (>=0.1.0 <=0.1.1), @baseplate-dev/create-project (>=0.6.2 <=0.6.9) +88 more potentially affected by CVE-2026-45321 via @tanstack/react-router (>=1.0.0 <=1.169.2)

@tanstack/react-router NPM version =1.0.0, =0.1.0, =0.6.2, =0.6.2, =0.1.1, =0.1.1, =0.6.2, =0.2.2, =0.3.0, =0.6.0, =0.2.2, =0.1.1, =0.1.0-fork.2e294b1, =0.1.0-fork.2e294b1, =0.1.1, =1.0.9, =1.4.2 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTROUTER-16640208...

9.6CVSS7.5AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.7 views

modern-web-swiss-army-knife (>=2.7.2 <=2.7.4) potentially affected by CVE-2026-45321 via @tanstack/router-devtools (>=1.105.0 <=1.106.0)

@tanstack/router-devtools NPM version =1.105.0, =2.7.2, =2.7.4 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERDEVTOOLS-16640220...

9.6CVSS8AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.10 views

@d-trattner/pidex (>=0.1.1 <=0.1.3), @tanstack/react-start (>=1.167.21 <=1.167.65) +1 more potentially affected by CVE-2026-45321 via @tanstack/react-start-rsc (>=0.0.1 <=0.0.5)

@tanstack/react-start-rsc NPM version =0.0.1, =0.1.1, =1.167.21, =0.1.0, =0.7.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTSTARTRSC-16640211...

9.6CVSS7.5AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.10 views

@nativescript/tanstack-router (>=0.1.0 <=0.1.2), @tanstack/solid-start (>=1.121.0-alpha.28 <=1.167.62) +2 more potentially affected by CVE-2026-45321 via @tanstack/solid-router (>=1.121.0-alpha.28 <=1.169.2)

@tanstack/solid-router NPM version =1.121.0-alpha.28, =0.1.0, =1.121.0-alpha.28, =1.121.0-alpha.28, =1.121.0-alpha.28, =1.166.51 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSOLIDROUTER-16640230...

9.6CVSS8AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.10 views

@tanstack/vue-start (>=1.141.0 <=1.167.58), @tanstack/vue-start-client (>=1.141.0 <=1.166.43) +1 more potentially affected by CVE-2026-45321 via @tanstack/vue-router (>=1.141.0 <=1.169.2)

@tanstack/vue-router NPM version =1.141.0, =1.141.0, =1.141.0, =1.141.0, =1.166.47 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKVUEROUTER-16640252...

9.6CVSS7.4AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.10 views

@d-trattner/pidex (>=0.1.1 <=0.1.3), @tanstack/react-start (>=1.121.0-alpha.28 <=1.167.65) +3 more potentially affected by CVE-2026-45321 via @tanstack/react-start-server (>=1.121.0-alpha.28 <=1.166.52)

@tanstack/react-start-server NPM version =1.121.0-alpha.28, =0.1.1, =1.121.0-alpha.28, =0.0.1, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTSTARTSERVER-16640213...

9.6CVSS7.5AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.9 views

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +31 more potentially affected by CVE-2026-45321 via @tanstack/start-server-core (>=1.121.0-alpha.28 <=1.167.30)

@tanstack/start-server-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.1, =0.0.14, =0.3.0, =0.3.0, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.121.0-alpha.28, =2.0.0-alpha.9 and more Source cves: CVE-2026-45321 Source...

9.6CVSS8AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.10 views

@d-trattner/pidex (>=0.1.1 <=0.1.3), @tanstack/react-start (>=1.121.0-alpha.28 <=1.167.65) +2 more potentially affected by CVE-2026-45321 via @tanstack/react-start-client (>=1.121.0-alpha.28 <=1.166.48)

@tanstack/react-start-client NPM version =1.121.0-alpha.28, =0.1.1, =1.121.0-alpha.28, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTSTARTCLIENT-16640209...

9.6CVSS7.5AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.9 views

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @brendonovich/solidjs__start (>=0.0.0 <=0.0.3) +39 more potentially affected by CVE-2026-45321 via @tanstack/router-utils (>=1.121.0-alpha.28 <=1.158.0)

@tanstack/router-utils NPM version =1.121.0-alpha.28, =1.0.0, =0.0.0, =1.0.0, =1.0.0, =1.0.11, =0.1.0, =1.1.0, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.111.10, =1.20.3-alpha.1, =1.111.10, =1.111.10, =1.121.0-alpha.28, =1.161.3 and more Source cves: CVE-2026-45321 Source advisory:...

9.6CVSS7.5AI score0.02342EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.11 views

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +39 more potentially affected by CVE-2026-45321 via @tanstack/start-storage-context (>=1.121.0-alpha.28 <=1.166.4)

@tanstack/start-storage-context NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.1, =0.0.1, =0.0.1, =1.20.3-alpha.1, =1.121.0-alpha.28, =1.111.10, =1.129.0, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.121.0-alpha.28, =1.114.29, =1.129.0, =1.131.50 and more Source cves: CVE-2026-45321 Source...

9.6CVSS8AI score0.02342EPSS
Exploits3
Rows per page
Query Builder