@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +27 more potentially affected by unknown CVE via @tanstack/start-server-core (>=1.121.0-alpha.28 <=1.167.3)

@tanstack/start-server-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.0.14, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.121.0-alpha.28, =1.97.4, =1.111.10, =1.121.0-alpha.28, =1.169.18 and more Source cves: unknown CVE Source...

Malicious code in @tanstack/solid-start-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4905d7bb1a4d6f69ec73fe4cc8fa958262fcab1397fed5725ac39db447f6239a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/solid-router-ssr-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8693692b7ab31b63eb7411750d5b8798beec7ab29dddc1adea60186d354f4ed8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/solid-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79e1b5cf7bf19cbf81420be17e5aad851d9f2e2943848f3a4b295e2ed7a8ed2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3481 Malicious code in @tanstack/solid-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79e1b5cf7bf19cbf81420be17e5aad851d9f2e2943848f3a4b295e2ed7a8ed2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3486 Malicious code in @tanstack/solid-start-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9f623ce85c893266087d3eeb9812938d0f3eea0ddb33cd735589c104dafb8e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/solid-start-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9f623ce85c893266087d3eeb9812938d0f3eea0ddb33cd735589c104dafb8e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@solidjs-email/dev-server (=2.0.0) potentially affected by unknown CVE via @tanstack/solid-start (=1.167.62)

@tanstack/solid-start NPM version =1.167.62 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/solid-start and may be impacted: - @solidjs-email/dev-server =2.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3484...

MAL-2026-3484 Malicious code in @tanstack/solid-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1309e41e89af050fba691af97aead540f282665981835c46aeb4abc3180f0c94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/solid-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1309e41e89af050fba691af97aead540f282665981835c46aeb4abc3180f0c94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@leeforge/fusion (=0.1.0), @nativescript/tanstack-router (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2026-45321 via @tanstack/solid-router (>=1.121.0-alpha.28 <=1.169.2)

@tanstack/solid-router NPM version =1.121.0-alpha.28, =0.0.1, =1.20.3-alpha.1, =1.20.3-alpha.1, =1.20.3-alpha.1, =0.1.0, =1.0.15 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSOLIDROUTER-16640230...

@solidjs-email/dev-server (=2.0.0) potentially affected by CVE-2026-45321 via @tanstack/solid-start (=1.167.62)

@tanstack/solid-start NPM version =1.167.62 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/solid-start and may be impacted: - @solidjs-email/dev-server =2.0.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSOLIDSTART-16640237...

@alivault/pico (>=0.1.0 <=0.1.2), @argus-vrt/web (=0.1.0) +29 more potentially affected by CVE-2026-45321 via @tanstack/router-ssr-query-core (>=1.121.0-alpha.28 <=1.168.0)

@tanstack/router-ssr-query-core NPM version =1.121.0-alpha.28, =0.1.0, =0.0.4, =1.0.0, =0.1.0, =1.121.0-alpha.28, =1.133.19, =1.140.0, =0.2.4, =0.0.1, =0.1.0-alpha.1, =0.1.0-alpha.2 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERSSRQUERYCORE-16640223...

@abysslabs/cli (=0.0.2), @analogjs/vite-plugin-nitro (>=2.4.0-alpha.2 <=3.0.0-alpha.1) +26 more potentially affected by CVE-2026-33490 via h3 (>=2.0.1-rc.11 <=2.0.1-rc.16)

h3 NPM version =2.0.1-rc.11, =2.4.0-alpha.2, =3.23.1-20260131-121433-34f631e, =0.15.0, =1.154.7, =0.0.1, =1.154.7, =1.154.7, =1.154.7, =2.0.0-beta.17 and more Source cves: CVE-2026-33490 Source advisory: SNYK:JS-H3-15745916...