Malicious code in @tanstack/start-client-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5561f0a3c6cc70a2aee56f25476fadbba6cc833f55c0dde246737b99f38c9e8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3487 Malicious code in @tanstack/start-client-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5561f0a3c6cc70a2aee56f25476fadbba6cc833f55c0dde246737b99f38c9e8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-fn-stubs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e25d3624c39cfe3dae76a5630525e72d3f0fe2f8eb1bbb44a0ff17c3a39d4fe2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3488 Malicious code in @tanstack/start-fn-stubs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e25d3624c39cfe3dae76a5630525e72d3f0fe2f8eb1bbb44a0ff17c3a39d4fe2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-plugin-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49b587e79343875d24fc89fcc4df1fd24b25a111762b0a043ae2d01c30e34db5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3489 Malicious code in @tanstack/start-plugin-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49b587e79343875d24fc89fcc4df1fd24b25a111762b0a043ae2d01c30e34db5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-server-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7db0631bb410a51551790c0b55b574d53aea5d7a677439e6f3cf877503317658 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3490 Malicious code in @tanstack/start-server-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7db0631bb410a51551790c0b55b574d53aea5d7a677439e6f3cf877503317658 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-static-server-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb21ff47aa0e512d1f67b02a37d160b475e32fcaa76bea381298a976c3bdd673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3491 Malicious code in @tanstack/start-static-server-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb21ff47aa0e512d1f67b02a37d160b475e32fcaa76bea381298a976c3bdd673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/start-storage-context (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7021ac6b47d0f973f936ca9d15cd26f43a01b1151ce691ec8b10be5001be2bb This version of @tanstack/start-storage-context belongs to the @tanstack/ package family that was compromised via CI cache poisoning, with 42 package...

MAL-2026-3492 Malicious code in @tanstack/start-storage-context (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7021ac6b47d0f973f936ca9d15cd26f43a01b1151ce691ec8b10be5001be2bb This version of @tanstack/start-storage-context belongs to the @tanstack/ package family that was compromised via CI cache poisoning, with 42 package...

Malicious code in @tanstack/valibot-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25062244509cace2232407aaa71ca13d0ca2cf2c113e8e1dd19280694a3475cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3493 Malicious code in @tanstack/valibot-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25062244509cace2232407aaa71ca13d0ca2cf2c113e8e1dd19280694a3475cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3494 Malicious code in @tanstack/virtual-file-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c95e413c2e182a7d35b0ec3ba9f2a979d63c77c1a7f20a6204059f7b66b433bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/vue-router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f7c609f55255a1ab5f7fc348536514f317d138538af5ec61ef4efc5a18b9014 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3496 Malicious code in @tanstack/vue-router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f7c609f55255a1ab5f7fc348536514f317d138538af5ec61ef4efc5a18b9014 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

FluentCMS 跨站脚本漏洞

FluentCMS is an open-source content management system developed by FluentCMS. Version 1.2.3 of FluentCMS has a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site script in the file management module. It allows authenticated administrators to upload...

Malicious code in @tanstack/router-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd6f7a2fea608220d5d0783a4762813d4200689bc99a551bca4304e2b681022 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3477 Malicious code in @tanstack/router-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd6f7a2fea608220d5d0783a4762813d4200689bc99a551bca4304e2b681022 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...