@leeforge/fusion (=0.1.0), @nativescript/tanstack-router (>=0.0.1 <=0.1.2) +6 more potentially affected by unknown CVE via @tanstack/solid-router (>=1.121.0-alpha.28 <=1.169.2)

@tanstack/solid-router NPM version =1.121.0-alpha.28, =0.0.1, =1.20.3-alpha.1, =1.20.3-alpha.1, =1.20.3-alpha.1, =0.1.0, =1.0.15 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3481...

@adobe-apimesh/mesh-builder (=1.4.0-beta.5), @akylas/nativescript-cli (>=8.7.2 <=8.8.2) +328 more potentially affected by CVE-2026-27904 via minimatch (>=7.0.0 <=7.4.6)

minimatch NPM version =7.0.0, =8.7.2, =5.5.0-682, =0.0.5, =0.0.6, =3.6.0, =2.6.0, =2.5.0, =3.6.0, =4.6.0, =1.11.0, =4.0.0, =2.0.7, =2.0.4, =1.2.1, =1.3.1 and more Source cves: CVE-2026-27904 Source advisory: OSV:GHSA-23C5-XMQV-RM74...

Malicious code in @nativescript-community/ui-document-picker (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 46d11dbb6f2ddb5b46be5e63a827af98e3f887baac9c3df11be485d8326089b2 This package was compromised by the Shai-Hulud NPM worm. The malicious payload steal...

Malicious code in @nativescript-community/ui-label (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a815032f1d690295898b5c01bd4d17cb73044eebda75187b2877e8299ded777a This package was compromised by the Shai-Hulud NPM worm. The malicious payload steal...

MAL-2025-47156 Malicious code in @nativescript-community/ui-material-bottomsheet (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 648e72c71fe8677b6476210b34e01790ad107148f5b133254b3f9752b837fc32 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @nativescript-community/ui-material-bottomsheet (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 648e72c71fe8677b6476210b34e01790ad107148f5b133254b3f9752b837fc32 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47153 Malicious code in @nativescript-community/ui-collectionview (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 337737895f40e9bb6a3ceade1add7134f43ef138029b408eb08597176f412b34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @nativescript-community/ui-collectionview (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 337737895f40e9bb6a3ceade1add7134f43ef138029b408eb08597176f412b34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@nativescript-community/ui-collectionview-alignedflowlayout (>=6.0.0 <=6.0.20), @nativescript-community/ui-collectionview-swipemenu (>=6.0.0 <=6.0.20) +1 more potentially affected by unknown CVE via @nativescript-community/ui-collectionview (=6.0.20)

@nativescript-community/ui-collectionview NPM version =6.0.20 is affected by a known vulnerability. The following packages have a transitive dependency on @nativescript-community/ui-collectionview and may be impacted: - @nativescript-community/ui-collectionview-alignedflowlayout =6.0.0, =6.0.0,...

Malicious code in @nativescript-community/sentry (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac70fd6ee04f2650c317de593d4341b084f7a1564e4bf36fed85c72971ce9878 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47155 Malicious code in @nativescript-community/ui-image (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e0f3449039a2352fc57480496becd92f22e7c723fa82f23ea58051945133a68 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @nativescript-community/ui-drawer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 654a91a470f375a9cb4e947721e019c839d4da439a16ad0308c6d183ada0bb55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47154 Malicious code in @nativescript-community/ui-drawer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 654a91a470f375a9cb4e947721e019c839d4da439a16ad0308c6d183ada0bb55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @nativescript-community/ui-material-core-tabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e43f7ab3687acb4775d0c018af848b2f959bafdfaa3556f42b4c67778254450 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47158 Malicious code in @nativescript-community/ui-material-core-tabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e43f7ab3687acb4775d0c018af848b2f959bafdfaa3556f42b4c67778254450 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @nativescript-community/ui-pulltorefresh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 650cf81e4420b496c9854a80da4f8ba77516648b74a4b352e7099c04ecc4f026 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47161 Malicious code in @nativescript-community/ui-pulltorefresh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 650cf81e4420b496c9854a80da4f8ba77516648b74a4b352e7099c04ecc4f026 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47160 Malicious code in @nativescript-community/ui-pager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afb9d30cb2322dc8acbeb63463faf85b0a58a8d761ce7bab042f690f894830f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @nativescript-community/ui-pager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afb9d30cb2322dc8acbeb63463faf85b0a58a8d761ce7bab042f690f894830f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47152 Malicious code in @nativescript-community/typeorm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f52d32f97f0c022f47383943d101a89ef5465d96aece46233bc2005a4c14d6a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...