Malicious code in @tanstack/router-vite-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59c369975f931e9f8a4ca499e887c2ec41f7d1dbfcdcb83fa9e6ec9717ea4910 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3480 Malicious code in @tanstack/router-vite-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59c369975f931e9f8a4ca499e887c2ec41f7d1dbfcdcb83fa9e6ec9717ea4910 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/router-ssr-query-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 388949e6add086eda74454a083d7f720fe77716c9c3f18746ba90206a5ebbab5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/router-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44bca8f9294a1b6c949228c6741851305336a0b694ce00617c6fcd4b220c30a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3479 Malicious code in @tanstack/router-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44bca8f9294a1b6c949228c6741851305336a0b694ce00617c6fcd4b220c30a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3478 Malicious code in @tanstack/router-ssr-query-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 388949e6add086eda74454a083d7f720fe77716c9c3f18746ba90206a5ebbab5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@tanstack/react-start (>=1.167.5 <=1.167.6), @tanstack/router-vite-plugin (=1.166.19) +3 more potentially affected by CVE-2026-45321 via @tanstack/router-plugin (=1.167.4)

@tanstack/router-plugin NPM version =1.167.4 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/router-plugin and may be impacted: - @tanstack/react-start =1.167.5, =1.167.5, =1.167.8, =1.167.5, =1.167.6 Source cves: CVE-2026-45321 Source...

@tanstack/router-devtools (=1.166.2) potentially affected by CVE-2026-45321 via @tanstack/react-router-devtools (=1.166.2)

@tanstack/react-router-devtools NPM version =1.166.2 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/react-router-devtools and may be impacted: - @tanstack/router-devtools =1.166.2 Source cves: CVE-2026-45321 Source advisory:...

Malicious code in @tanstack/router-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd6f7a2fea608220d5d0783a4762813d4200689bc99a551bca4304e2b681022 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3477 Malicious code in @tanstack/router-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd6f7a2fea608220d5d0783a4762813d4200689bc99a551bca4304e2b681022 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3476 Malicious code in @tanstack/router-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1a01dce92fa9c8e2cf4d6107c13ae7ebadbf664d1b135b7075f050c32446b26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/router-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1a01dce92fa9c8e2cf4d6107c13ae7ebadbf664d1b135b7075f050c32446b26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b5f287de4737a3fc1c486fabad70d3ad833e85ba2ebfa8d0712052da9fca9ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3474 Malicious code in @tanstack/router-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b5f287de4737a3fc1c486fabad70d3ad833e85ba2ebfa8d0712052da9fca9ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3475 Malicious code in @tanstack/router-devtools-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb87d1d0c584c5a4a5081a2823f9791c367b90702417bfee06d31e57856c1535 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3473 Malicious code in @tanstack/router-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe10ec33a8ef57cbee1293be08884f598f604cc51b69f3eed2d17217efd462d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3472 Malicious code in @tanstack/router-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a4625c6f00a64d5f9c4d9fe41182c90a5d06c2a6cf72046d9a1e76d65295444 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

modern-web-swiss-army-knife (>=2.7.2 <=2.7.4) potentially affected by CVE-2026-45321 via @tanstack/router-devtools (>=1.105.0 <=1.106.0)

@tanstack/router-devtools NPM version =1.105.0, =2.7.2, =2.7.4 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERDEVTOOLS-16640220...

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +31 more potentially affected by CVE-2026-45321 via @tanstack/router-plugin (>=1.121.0-alpha.28 <=1.167.4)

@tanstack/router-plugin NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.1.1, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =2.0.0-beta.20 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERPLUGIN-16640...

@antidrawapp/runtime (>=0.1.0 <=0.1.1), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +131 more potentially affected by CVE-2026-45321 via @tanstack/router-core (>=1.108.0 <=1.169.2)

@tanstack/router-core NPM version =1.108.0, =0.1.0, =1.0.0, =0.6.2, =0.6.2, =0.1.1, =0.1.1, =0.6.2, =0.2.2, =0.3.0, =0.6.0, =0.2.2, =0.1.1, =0.1.0-fork.2e294b1, =0.1.0-fork.2e294b1, =1.0.0, =1.0.2 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERCORE-16640218...