@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +27 more potentially affected by unknown CVE via @tanstack/start-server-core (>=1.121.0-alpha.28 <=1.167.3)

@tanstack/start-server-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.0.14, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.121.0-alpha.28, =1.97.4, =1.111.10, =1.121.0-alpha.28, =1.169.18 and more Source cves: unknown CVE Source...

Malicious code in @tanstack/solid-start-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4905d7bb1a4d6f69ec73fe4cc8fa958262fcab1397fed5725ac39db447f6239a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/solid-start-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9f623ce85c893266087d3eeb9812938d0f3eea0ddb33cd735589c104dafb8e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@solidjs-email/dev-server (=2.0.0) potentially affected by unknown CVE via @tanstack/solid-start (=1.167.62)

@tanstack/solid-start NPM version =1.167.62 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/solid-start and may be impacted: - @solidjs-email/dev-server =2.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3484...

MAL-2026-3484 Malicious code in @tanstack/solid-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1309e41e89af050fba691af97aead540f282665981835c46aeb4abc3180f0c94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/solid-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1309e41e89af050fba691af97aead540f282665981835c46aeb4abc3180f0c94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@solidjs-email/dev-server (=2.0.0) potentially affected by CVE-2026-45321 via @tanstack/solid-start (=1.167.62)

@tanstack/solid-start NPM version =1.167.62 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/solid-start and may be impacted: - @solidjs-email/dev-server =2.0.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSOLIDSTART-16640237...

@abysslabs/cli (=0.0.2), @analogjs/vite-plugin-nitro (>=2.4.0-alpha.2 <=3.0.0-alpha.1) +26 more potentially affected by CVE-2026-33490 via h3 (>=2.0.1-rc.11 <=2.0.1-rc.16)

h3 NPM version =2.0.1-rc.11, =2.4.0-alpha.2, =3.23.1-20260131-121433-34f631e, =0.15.0, =1.154.7, =0.0.1, =1.154.7, =1.154.7, =1.154.7, =2.0.0-beta.17 and more Source cves: CVE-2026-33490 Source advisory: SNYK:JS-H3-15745916...