MAL-2026-3475 Malicious code in @tanstack/router-devtools-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb87d1d0c584c5a4a5081a2823f9791c367b90702417bfee06d31e57856c1535 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@alivault/pico (>=0.1.0 <=0.1.2), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +92 more potentially affected by unknown CVE via @tanstack/react-start-server (>=1.121.0-alpha.28 <=1.166.52)

@tanstack/react-start-server NPM version =1.121.0-alpha.28, =0.1.0, =1.0.0, =0.0.1, =0.5.2, =0.1.1, =0.0.4, =1.0.0, =0.2.0, =0.2.0, =0.1.1, =0.2.0, =0.2.0, =0.1.14, =0.1.0, =0.1.38 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3471...

Malicious code in @tanstack/react-router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2583e447a99e68ab9e3a7562a7a9693e1c09de387a824f47a07f325e3b5b4d39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@8btc/finance-assistant-mcp (>=0.0.1 <=0.0.69), @8btc/office-assistant-mcp (>=0.0.1 <=0.0.26-beta.1) +101 more potentially affected by unknown CVE via @tanstack/react-router-devtools (>=1.120.20 <=1.166.13)

@tanstack/react-router-devtools NPM version =1.120.20, =0.0.1, =0.0.1, =0.0.1-alpha.14, =0.1.0, =0.0.4, =0.1.0, =0.2.0, =0.2.0, =1.0.0, =0.1.0, =2.0.1-alpha-20260224145405, =2.0.1-alpha.6 - @ezshare/cli =0.0.0 - @ezshare/lib =0.0.0 - @ezshare/web =0.0.0 and more Source cves: unknown CVE Source...

MAL-2026-3466 Malicious code in @tanstack/react-router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2583e447a99e68ab9e3a7562a7a9693e1c09de387a824f47a07f325e3b5b4d39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@8btc/finance-assistant-mcp (>=0.0.1 <=0.0.69), @8btc/office-assistant-mcp (>=0.0.1 <=0.0.26-beta.1) +106 more potentially affected by CVE-2026-45321 via @tanstack/router-devtools-core (>=1.120.19 <=1.167.3)

@tanstack/router-devtools-core NPM version =1.120.19, =0.0.1, =0.0.1, =0.0.1-alpha.14, =0.1.0, =0.0.4, =0.1.0, =0.2.0, =0.2.0, =1.0.0, =0.1.0, =2.0.1-alpha-20260224145405, =2.0.1-alpha.6 - @ezshare/cli =0.0.0 - @ezshare/lib =0.0.0 - @ezshare/web =0.0.0 and more Source cves: CVE-2026-45321 Source...

@genesisailab/admin-package (=0.0.1), @genesisailab/create-admin-package (>=0.0.1 <=0.0.5) +30 more potentially affected by CVE-2026-45321 via @tanstack/router-devtools (>=1.105.0 <=1.166.13)

@tanstack/router-devtools NPM version =1.105.0, =0.0.1, =1.0.0, =3.5.5, =1.0.0, =0.0.0, =0.19.0, =0.22.13, =1.0.8, =0.0.0-alpha.3, =3.2.0, =3.5.2, =3.5.7 - app-start-pw =1.0.0 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERDEVTOOLS-16640220...

@8btc/finance-assistant-mcp (>=0.0.1 <=0.0.69), @8btc/office-assistant-mcp (>=0.0.1 <=0.0.26-beta.1) +101 more potentially affected by CVE-2026-45321 via @tanstack/react-router-devtools (>=1.120.20 <=1.166.13)

@tanstack/react-router-devtools NPM version =1.120.20, =0.0.1, =0.0.1, =0.0.1-alpha.14, =0.1.0, =0.0.4, =0.1.0, =0.2.0, =0.2.0, =1.0.0, =0.1.0, =2.0.1-alpha-20260224145405, =2.0.1-alpha.6 - @ezshare/cli =0.0.0 - @ezshare/lib =0.0.0 - @ezshare/web =0.0.0 and more Source cves: CVE-2026-45321 Source...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @getnuvo/importer-react (>=3.3.0 <=3.6.2) +20 more potentially affected by CVE-2026-43898 via @nyariv/sandboxjs (>=0.5.3 <=0.8.36)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =3.3.0, =4.0.1, =0.0.12, =2.1.6, =2.1.6, =1.0.5, =1.0.6, =2.1.6, =2.1.6, =2.15.0, =0.2.0, =0.2.2 and more Source cves: CVE-2026-43898 Source advisory: SNYK:JS-NYARIVSANDBOXJS-16642341...

Chromium: CVE-2026-7913 Insufficient policy enforcement in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7915 Insufficient data validation in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA91027 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of...

CVE-2026-8008

An inappropriate implementation flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496426191...

CVE-2026-8006

An insufficient policy enforcement flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496373088...

CVE-2026-8004

An insufficient policy enforcement flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496189510...

CVE-2026-7975

An use after free flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497735587...

CVE-2026-7965

An insufficient validation of untrusted input flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497255035...

CVE-2026-7937

An insufficient policy enforcement flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=491766258...

CVE-2026-7915

An insufficient data validation flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498454478...

CVE-2026-7913

An insufficient policy enforcement flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497936728...