@8btc/finance-assistant-mcp (>=0.0.1 <=0.0.69), @8btc/office-assistant-mcp (>=0.0.1 <=0.0.26-beta.1) +506 more potentially affected by unknown CVE via @tanstack/router-core (>=1.108.0 <=1.169.2)

@tanstack/router-core NPM version =1.108.0, =0.0.1, =0.0.1, =1.0.1, =1.87.15, =0.1.0, =0.2.0, =1.0.0, =0.0.1-alpha.14, =0.1.0, =0.0.2-canary.11, =0.1.0, =1.0.0, =1.0.0, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3473...

Malicious code in @tanstack/router-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe10ec33a8ef57cbee1293be08884f598f604cc51b69f3eed2d17217efd462d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3473 Malicious code in @tanstack/router-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe10ec33a8ef57cbee1293be08884f598f604cc51b69f3eed2d17217efd462d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@8btc/finance-assistant-mcp (>=0.0.1 <=0.0.69), @8btc/office-assistant-mcp (>=0.0.1 <=0.0.26-beta.1) +506 more potentially affected by CVE-2026-45321 via @tanstack/router-core (>=1.108.0 <=1.169.2)

@tanstack/router-core NPM version =1.108.0, =0.0.1, =0.0.1, =1.0.1, =1.87.15, =0.1.0, =0.2.0, =1.0.0, =0.0.1-alpha.14, =0.1.0, =0.0.2-canary.11, =0.1.0, =1.0.0, =1.0.0, =1.0.3 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERCORE-16640218...

CVE-2025-64347

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

CVE-2025-64173

Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...

CVE-2025-64347

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

CVE-2025-64347 Apollo Router Improperly Enforces Renamed Access Control Directives

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

Apollo Router Core 访问控制错误漏洞

Apollo Router Core is a router core application for the Apollo community. An access control error vulnerability exists in Apollo Router Core versions 1.61.12-rc.0 and earlier and 2.8.1-rc.0, which stems from not enforcing renamed access control commands, which could lead to bypassing element-leve...

CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types

Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...

CVE-2025-64173

CVE-2025-64173 affects Apollo Router Core (Rust) in versions 1.61.11 and earlier and 2.0.0-alpha.0 through 2.8.1-rc.0. The vulnerability stems from incorrect handling of access control directives on interface types/fields and their implementing object types/fields, causing unauthenticated queries...

CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types

Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...

CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types

Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...

Apollo Router Core 安全漏洞

Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core versions prior to 1.61.11 and versions 2.0.0-alpha.0 through 2.8.1-rc.0, which stems from mishandling of access control commands and could lead to unauthenticated querie...

PT-2025-45381

Name of the Vulnerable Software and Affected Versions Apollo Router Core versions 1.61.12-rc.0 through 1.61.12 and 2.8.1-rc.0 through 2.8.1 Description Apollo Router Core, a Rust graph router for Apollo Federation 2, had a flaw where access control directives—specifically @authenticated,...

PT-2025-45376

Name of the Vulnerable Software and Affected Versions Apollo Router Core versions 1.61.11 and earlier Apollo Router Core versions 2.0.0-alpha.0 through 2.8.1-rc.0 Description Apollo Router Core, a configurable graph router written in Rust for Apollo Federation 2, had an access control issue. The...

EUVD-2025-10285

Malicious code in bioql PyPI...

CVE-2025-32033

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter...

Apollo Router Core 安全漏洞

Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core that stems from a query validation that could lead to resource consumption and denial of service...

CVE-2025-32033 Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter...