CVE-2026-45321
Description
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@tanstack/arktype-adapternpm | >= 1.166.12, < 1.166.16 | 1.166.16 |
@tanstack/eslint-plugin-routernpm | >= 1.161.9, < 1.161.13 | 1.161.13 |
@tanstack/eslint-plugin-startnpm | >= 0.0.4, < 0.0.8 | 0.0.8 |
@tanstack/historynpm | >= 1.161.9, < 1.161.13 | 1.161.13 |
@tanstack/nitro-v2-vite-pluginnpm | >= 1.154.12, < 1.154.16 | 1.154.16 |
@tanstack/react-routernpm | >= 1.169.5, < 1.169.9 | 1.169.9 |
@tanstack/react-router-devtoolsnpm | >= 1.166.16, < 1.166.20 | 1.166.20 |
@tanstack/react-router-ssr-querynpm | >= 1.166.15, < 1.166.19 | 1.166.19 |
@tanstack/react-startnpm | >= 1.167.68, < 1.167.72 | 1.167.72 |
@tanstack/react-start-clientnpm | >= 1.166.51, < 1.166.55 | 1.166.55 |
@tanstack/react-start-rscnpm | >= 0.0.47, < 0.0.51 | 0.0.51 |
@tanstack/react-start-servernpm | >= 1.166.55, < 1.166.59 | 1.166.59 |
@tanstack/router-clinpm | >= 1.166.46, < 1.166.50 | 1.166.50 |
@tanstack/router-corenpm | >= 1.169.5, < 1.169.9 | 1.169.9 |
@tanstack/router-devtoolsnpm | >= 1.166.16, < 1.166.20 | 1.166.20 |
@tanstack/router-devtools-corenpm | >= 1.167.6, < 1.167.10 | 1.167.10 |
@tanstack/router-generatornpm | >= 1.166.45, < 1.166.49 | 1.166.49 |
@tanstack/router-pluginnpm | >= 1.167.38, < 1.167.42 | 1.167.42 |
@tanstack/router-ssr-query-corenpm | >= 1.168.3, < 1.168.7 | 1.168.7 |
@tanstack/router-utilsnpm | >= 1.161.11, < 1.161.15 | 1.161.15 |
@tanstack/router-vite-pluginnpm | >= 1.166.53, < 1.166.57 | 1.166.57 |
@tanstack/solid-routernpm | >= 1.169.5, < 1.169.9 | 1.169.9 |
@tanstack/solid-router-devtoolsnpm | >= 1.166.16, < 1.166.20 | 1.166.20 |
@tanstack/solid-router-ssr-querynpm | >= 1.166.15, < 1.166.19 | 1.166.19 |
@tanstack/solid-startnpm | >= 1.167.65, < 1.167.69 | 1.167.69 |
@tanstack/solid-start-clientnpm | >= 1.166.50, < 1.166.54 | 1.166.54 |
@tanstack/solid-start-servernpm | >= 1.166.54, < 1.166.58 | 1.166.58 |
@tanstack/start-client-corenpm | >= 1.168.5, < 1.168.9 | 1.168.9 |
@tanstack/start-fn-stubsnpm | >= 1.161.9, < 1.161.13 | 1.161.13 |
@tanstack/start-plugin-corenpm | >= 1.169.23, < 1.169.27 | 1.169.27 |
@tanstack/start-server-corenpm | >= 1.167.33, < 1.167.37 | 1.167.37 |
@tanstack/start-static-server-functionsnpm | >= 1.166.44, < 1.166.48 | 1.166.48 |
@tanstack/start-storage-contextnpm | >= 1.166.38, < 1.166.42 | 1.166.42 |
@tanstack/valibot-adapternpm | >= 1.166.12, < 1.166.16 | 1.166.16 |
@tanstack/virtual-file-routesnpm | >= 1.161.10, < 1.161.14 | 1.161.14 |
@tanstack/vue-routernpm | >= 1.169.5, < 1.169.9 | 1.169.9 |
@tanstack/vue-router-devtoolsnpm | >= 1.166.16, < 1.166.20 | 1.166.20 |
@tanstack/vue-router-ssr-querynpm | >= 1.166.15, < 1.166.19 | 1.166.19 |
@tanstack/vue-startnpm | >= 1.167.61, < 1.167.65 | 1.167.65 |
@tanstack/vue-start-clientnpm | >= 1.166.46, < 1.166.50 | 1.166.50 |
@tanstack/vue-start-servernpm | >= 1.166.50, < 1.166.54 | 1.166.54 |
@tanstack/zod-adapternpm | >= 1.166.12, < 1.166.16 | 1.166.16 |
@tanstack/arktype-adapternpm | >= 1.166.15, < 1.166.16 | 1.166.16 |
@tanstack/eslint-plugin-routernpm | >= 1.161.12, < 1.161.13 | 1.161.13 |
@tanstack/eslint-plugin-startnpm | >= 0.0.7, < 0.0.8 | 0.0.8 |
@tanstack/historynpm | >= 1.161.12, < 1.161.13 | 1.161.13 |
@tanstack/nitro-v2-vite-pluginnpm | >= 1.154.15, < 1.154.16 | 1.154.16 |
@tanstack/react-routernpm | >= 1.169.8, < 1.169.9 | 1.169.9 |
@tanstack/react-router-devtoolsnpm | >= 1.166.19, < 1.166.20 | 1.166.20 |
@tanstack/react-router-ssr-querynpm | >= 1.166.18, < 1.166.19 | 1.166.19 |
@tanstack/react-startnpm | >= 1.167.71, < 1.167.72 | 1.167.72 |
@tanstack/react-start-clientnpm | >= 1.166.54, < 1.166.55 | 1.166.55 |
@tanstack/react-start-rscnpm | >= 0.0.50, < 0.0.51 | 0.0.51 |
@tanstack/react-start-servernpm | >= 1.166.58, < 1.166.59 | 1.166.59 |
@tanstack/router-clinpm | >= 1.166.49, < 1.166.50 | 1.166.50 |
@tanstack/router-corenpm | >= 1.169.8, < 1.169.9 | 1.169.9 |
@tanstack/router-devtoolsnpm | >= 1.166.19, < 1.166.20 | 1.166.20 |
@tanstack/router-devtools-corenpm | >= 1.167.9, < 1.167.10 | 1.167.10 |
@tanstack/router-generatornpm | >= 1.166.48, < 1.166.49 | 1.166.49 |
@tanstack/router-pluginnpm | >= 1.167.41, < 1.167.42 | 1.167.42 |
@tanstack/router-ssr-query-corenpm | >= 1.168.6, < 1.168.7 | 1.168.7 |
@tanstack/router-utilsnpm | >= 1.161.14, < 1.161.15 | 1.161.15 |
@tanstack/router-vite-pluginnpm | >= 1.166.56, < 1.166.57 | 1.166.57 |
@tanstack/solid-routernpm | >= 1.169.8, < 1.169.9 | 1.169.9 |
@tanstack/solid-router-devtoolsnpm | >= 1.166.19, < 1.166.20 | 1.166.20 |
@tanstack/solid-router-ssr-querynpm | >= 1.166.18, < 1.166.19 | 1.166.19 |
@tanstack/solid-startnpm | >= 1.167.68, < 1.167.69 | 1.167.69 |
@tanstack/solid-start-clientnpm | >= 1.166.53, < 1.166.54 | 1.166.54 |
@tanstack/solid-start-servernpm | >= 1.166.57, < 1.166.58 | 1.166.58 |
@tanstack/start-client-corenpm | >= 1.168.8, < 1.168.9 | 1.168.9 |
@tanstack/start-fn-stubsnpm | >= 1.161.12, < 1.161.13 | 1.161.13 |
@tanstack/start-plugin-corenpm | >= 1.169.26, < 1.169.27 | 1.169.27 |
@tanstack/start-server-corenpm | >= 1.167.36, < 1.167.37 | 1.167.37 |
@tanstack/start-static-server-functionsnpm | >= 1.166.47, < 1.166.48 | 1.166.48 |
@tanstack/start-storage-contextnpm | >= 1.166.41, < 1.166.42 | 1.166.42 |
@tanstack/valibot-adapternpm | >= 1.166.15, < 1.166.16 | 1.166.16 |
@tanstack/virtual-file-routesnpm | >= 1.161.13, < 1.161.14 | 1.161.14 |
@tanstack/vue-routernpm | >= 1.169.8, < 1.169.9 | 1.169.9 |
@tanstack/vue-router-devtoolsnpm | >= 1.166.19, < 1.166.20 | 1.166.20 |
@tanstack/vue-router-ssr-querynpm | >= 1.166.18, < 1.166.19 | 1.166.19 |
@tanstack/vue-startnpm | >= 1.167.64, < 1.167.65 | 1.167.65 |
@tanstack/vue-start-clientnpm | >= 1.166.49, < 1.166.50 | 1.166.50 |
@tanstack/vue-start-servernpm | >= 1.166.53, < 1.166.54 | 1.166.54 |
@tanstack/zod-adapternpm | >= 1.166.15, < 1.166.16 | 1.166.16 |
Affected products
386cpe:2.3:a:abhishake1:supersurkhet\/cli:0.0.2:*:*:*:*:node.js:*:*+ 5 more
- cpe:2.3:a:abhishake1:supersurkhet\/cli:0.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:supersurkhet\/cli:0.0.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:supersurkhet\/cli:0.0.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:supersurkhet\/cli:0.0.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:supersurkhet\/cli:0.0.6:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:supersurkhet\/cli:0.0.7:*:*:*:*:node.js:*:*
cpe:2.3:a:abhishake1:supersurkhet\/sdk:0.0.2:*:*:*:*:node.js:*:*+ 5 more
- cpe:2.3:a:abhishake1:supersurkhet\/sdk:0.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:supersurkhet\/sdk:0.0.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:supersurkhet\/sdk:0.0.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:supersurkhet\/sdk:0.0.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:supersurkhet\/sdk:0.0.6:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:supersurkhet\/sdk:0.0.7:*:*:*:*:node.js:*:*
cpe:2.3:a:abhishake1:taskflow-corp\/cli:0.1.24:*:*:*:*:node.js:*:*+ 5 more
- cpe:2.3:a:abhishake1:taskflow-corp\/cli:0.1.24:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:taskflow-corp\/cli:0.1.25:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:taskflow-corp\/cli:0.1.26:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:taskflow-corp\/cli:0.1.27:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:taskflow-corp\/cli:0.1.28:*:*:*:*:node.js:*:*
- cpe:2.3:a:abhishake1:taskflow-corp\/cli:0.1.29:*:*:*:*:node.js:*:*
cpe:2.3:a:agentworkhq:agentwork-cli:0.1.4:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:agentworkhq:agentwork-cli:0.1.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:agentworkhq:agentwork-cli:0.1.5:*:*:*:*:node.js:*:*
cpe:2.3:a:antoinebcx:ml-toolkit-ts:1.0.4:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:antoinebcx:ml-toolkit-ts:1.0.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:antoinebcx:ml-toolkit-ts:1.0.5:*:*:*:*:node.js:*:*
cpe:2.3:a:antoinebcx:ml-toolkit-ts\/preprocessing:1.0.2:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:antoinebcx:ml-toolkit-ts\/preprocessing:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:antoinebcx:ml-toolkit-ts\/preprocessing:1.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:antoinebcx:ml-toolkit-ts\/xgboost:1.0.3:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:antoinebcx:ml-toolkit-ts\/xgboost:1.0.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:antoinebcx:ml-toolkit-ts\/xgboost:1.0.4:*:*:*:*:node.js:*:*
cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.10:*:*:*:*:node.js:*:*+ 16 more
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.10:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.11:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.12:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.13:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.14:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.15:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.16:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.17:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.19:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.6:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.7:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.8:*:*:*:*:node.js:*:*
- cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.9:*:*:*:*:node.js:*:*
cpe:2.3:a:christianalares:git_branch_selector:1.3.3:*:*:*:*:node.js:*:*+ 3 more
- cpe:2.3:a:christianalares:git_branch_selector:1.3.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:christianalares:git_branch_selector:1.3.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:christianalares:git_branch_selector:1.3.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:christianalares:git_branch_selector:1.3.7:*:*:*:*:node.js:*:*
cpe:2.3:a:christianalares:git-git-git:1.0.10:*:*:*:*:node.js:*:*+ 3 more
- cpe:2.3:a:christianalares:git-git-git:1.0.10:*:*:*:*:node.js:*:*
- cpe:2.3:a:christianalares:git-git-git:1.0.12:*:*:*:*:node.js:*:*
- cpe:2.3:a:christianalares:git-git-git:1.0.8:*:*:*:*:node.js:*:*
- cpe:2.3:a:christianalares:git-git-git:1.0.9:*:*:*:*:node.js:*:*
cpe:2.3:a:christianalares:nextmove-mcp:0.1.3:*:*:*:*:node.js:*:*+ 3 more
- cpe:2.3:a:christianalares:nextmove-mcp:0.1.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:christianalares:nextmove-mcp:0.1.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:christianalares:nextmove-mcp:0.1.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:christianalares:nextmove-mcp:0.1.7:*:*:*:*:node.js:*:*
cpe:2.3:a:christianalares:tolka\/cli:1.0.2:*:*:*:*:node.js:*:*+ 3 more
- cpe:2.3:a:christianalares:tolka\/cli:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:christianalares:tolka\/cli:1.0.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:christianalares:tolka\/cli:1.0.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:christianalares:tolka\/cli:1.0.6:*:*:*:*:node.js:*:*
cpe:2.3:a:dirigible:dirigible-ai\/sdk:0.6.2:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:dirigible:dirigible-ai\/sdk:0.6.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:dirigible:dirigible-ai\/sdk:0.6.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:guardrailsai:guardrails_ai:0.10.1:*:*:*:*:python:*:*
cpe:2.3:a:kilbot:tallyui\/components:1.0.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:kilbot:tallyui\/components:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/components:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/components:1.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:kilbot:tallyui\/connector-medusa:1.0.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:kilbot:tallyui\/connector-medusa:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/connector-medusa:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/connector-medusa:1.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:kilbot:tallyui\/connector-shopify:1.0.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:kilbot:tallyui\/connector-shopify:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/connector-shopify:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/connector-shopify:1.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:kilbot:tallyui\/connector-vendure:1.0.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:kilbot:tallyui\/connector-vendure:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/connector-vendure:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/connector-vendure:1.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:kilbot:tallyui\/connector-woocommerce:1.0.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:kilbot:tallyui\/connector-woocommerce:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/connector-woocommerce:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/connector-woocommerce:1.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:kilbot:tallyui\/core:0.2.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:kilbot:tallyui\/core:0.2.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/core:0.2.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/core:0.2.3:*:*:*:*:node.js:*:*
cpe:2.3:a:kilbot:tallyui\/database:1.0.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:kilbot:tallyui\/database:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/database:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/database:1.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:kilbot:tallyui\/pos:0.1.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:kilbot:tallyui\/pos:0.1.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/pos:0.1.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/pos:0.1.3:*:*:*:*:node.js:*:*
cpe:2.3:a:kilbot:tallyui\/storage-sqlite:0.2.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:kilbot:tallyui\/storage-sqlite:0.2.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/storage-sqlite:0.2.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/storage-sqlite:0.2.3:*:*:*:*:node.js:*:*
cpe:2.3:a:kilbot:tallyui\/theme:0.2.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:kilbot:tallyui\/theme:0.2.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/theme:0.2.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:kilbot:tallyui\/theme:0.2.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:linuxfoundation:opensearch:3.6.2:*:*:*:*:node.js:*:*
cpe:2.3:a:matheuspergoli:draftauth\/client:0.2.1:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:matheuspergoli:draftauth\/client:0.2.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:matheuspergoli:draftauth\/client:0.2.2:*:*:*:*:node.js:*:*
cpe:2.3:a:matheuspergoli:draftauth\/core:0.13.1:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:matheuspergoli:draftauth\/core:0.13.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:matheuspergoli:draftauth\/core:0.13.2:*:*:*:*:node.js:*:*
cpe:2.3:a:matheuspergoli:draftlab\/auth:0.24.1:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:matheuspergoli:draftlab\/auth:0.24.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:matheuspergoli:draftlab\/auth:0.24.2:*:*:*:*:node.js:*:*
cpe:2.3:a:matheuspergoli:draftlab\/auth-router:0.5.1:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:matheuspergoli:draftlab\/auth-router:0.5.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:matheuspergoli:draftlab\/auth-router:0.5.2:*:*:*:*:node.js:*:*
cpe:2.3:a:matheuspergoli:draftlab\/db:0.16.1:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:matheuspergoli:draftlab\/db:0.16.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:matheuspergoli:draftlab\/db:0.16.2:*:*:*:*:node.js:*:*
cpe:2.3:a:matheuspergoli:simple_type-safe_actions:0.8.3:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:matheuspergoli:simple_type-safe_actions:0.8.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:matheuspergoli:simple_type-safe_actions:0.8.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:mesa:mesadev\/rest:0.28.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:mesa:mesadev\/saguaro:0.4.22:*:*:*:*:node.js:*:*
- cpe:2.3:a:mesa:mesadev\/sdk:0.28.3:*:*:*:*:node.js:*:*
cpe:2.3:a:mistral:mistralai:2.4.6:*:*:*:*:python:*:*+ 2 more
- cpe:2.3:a:mistral:mistralai:2.4.6:*:*:*:*:python:*:*
- cpe:2.3:a:mistral:mistralai\/mistralai:2.2.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:mistral:mistralai\/mistralai:2.2.4:*:*:*:*:node.js:*:*
cpe:2.3:a:mistral:mistralai\/mistralai-azure:1.7.2:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:mistral:mistralai\/mistralai-azure:1.7.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:mistral:mistralai\/mistralai-azure:1.7.3:*:*:*:*:node.js:*:*
cpe:2.3:a:mistral:mistralai\/mistralai-gcp:1.7.2:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:mistral:mistralai\/mistralai-gcp:1.7.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:mistral:mistralai\/mistralai-gcp:1.7.3:*:*:*:*:node.js:*:*
cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.3:*:*:*:*:node.js:*:*+ 5 more
- cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.6:*:*:*:*:node.js:*:*
- cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.7:*:*:*:*:node.js:*:*
- cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.8:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:cross-stitch:1.1.3:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:cross-stitch:1.1.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:cross-stitch:1.1.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:cross-stitch:1.1.6:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/airports:0.6.2:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/airports:0.6.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/airports:0.6.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/airports:0.6.5:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/airspace:0.8.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/airspace:0.8.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/airspace:0.8.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/airspace:0.8.4:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/airspace-data:0.5.3:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/airspace-data:0.5.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/airspace-data:0.5.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/airspace-data:0.5.6:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/airway-data:0.5.4:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/airway-data:0.5.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/airway-data:0.5.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/airway-data:0.5.7:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/airways:0.4.2:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/airways:0.4.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/airways:0.4.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/airways:0.4.5:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/fix-data:0.6.4:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/fix-data:0.6.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/fix-data:0.6.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/fix-data:0.6.7:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/fixes:0.3.2:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/fixes:0.3.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/fixes:0.3.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/fixes:0.3.5:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/flight-math:0.5.4:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/flight-math:0.5.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/flight-math:0.5.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/flight-math:0.5.7:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/flightplan:0.5.2:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/flightplan:0.5.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/flightplan:0.5.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/flightplan:0.5.5:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/geo:0.4.4:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/geo:0.4.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/geo:0.4.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/geo:0.4.7:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/icao-registry:0.5.2:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/icao-registry:0.5.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/icao-registry:0.5.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/icao-registry:0.5.5:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/icao-registry-data:0.8.4:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/icao-registry-data:0.8.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/icao-registry-data:0.8.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/icao-registry-data:0.8.7:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/mcp:0.9.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/mcp:0.9.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/mcp:0.9.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/mcp:0.9.4:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/navaid-data:0.6.4:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/navaid-data:0.6.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/navaid-data:0.6.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/navaid-data:0.6.7:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/navaids:0.4.2:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/navaids:0.4.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/navaids:0.4.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/navaids:0.4.5:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/notams:0.3.6:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/notams:0.3.6:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/notams:0.3.7:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/notams:0.3.9:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/procedure-data:0.7.3:*:*:*:*:node.js:*:*+ 5 more
- cpe:2.3:a:neilcochran:squawk\/procedure-data:0.7.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/procedure-data:0.7.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/procedure-data:0.7.6:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/procedures:0.5.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/procedures:0.5.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/procedures:0.5.5:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/types:0.8.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/types:0.8.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/types:0.8.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/types:0.8.4:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/units:0.4.3:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/units:0.4.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/units:0.4.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/units:0.4.6:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:squawk\/weather:0.5.6:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:squawk\/weather:0.5.6:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/weather:0.5.7:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:squawk\/weather:0.5.9:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:ts-dna:3.0.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:ts-dna:3.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:ts-dna:3.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:ts-dna:3.0.4:*:*:*:*:node.js:*:*
cpe:2.3:a:neilcochran:wot-api:0.8.1:*:*:*:*:node.js:*:*+ 2 more
- cpe:2.3:a:neilcochran:wot-api:0.8.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:wot-api:0.8.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:neilcochran:wot-api:0.8.4:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/arktype-adapter:1.166.12:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/arktype-adapter:1.166.12:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/arktype-adapter:1.166.15:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-router:1.161.12:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/eslint-plugin-router:1.161.12:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/eslint-plugin-router:1.161.9:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-start:0.0.4:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/eslint-plugin-start:0.0.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/eslint-plugin-start:0.0.7:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/history:1.161.12:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/history:1.161.12:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/history:1.161.9:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/nitro-v2-vite-plugin:1.154.12:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/nitro-v2-vite-plugin:1.154.12:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/nitro-v2-vite-plugin:1.154.15:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/react-router:1.169.5:*:*:*:*:node.js:*:*+ 3 more
- cpe:2.3:a:tanstack:tanstack\/react-router:1.169.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/react-router:1.169.8:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/react-router-devtools:1.166.16:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/react-router-devtools:1.166.19:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/react-router-ssr-query:1.166.15:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/react-router-ssr-query:1.166.15:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/react-router-ssr-query:1.166.18:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/react-start:1.167.68:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/react-start:1.167.68:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/react-start:1.167.71:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/react-start-client:1.166.51:*:*:*:*:node.js:*:*+ 3 more
- cpe:2.3:a:tanstack:tanstack\/react-start-client:1.166.51:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/react-start-client:1.166.54:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/solid-start-client:1.166.50:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/solid-start-client:1.166.53:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/react-start-rsc:0.0.47:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/react-start-rsc:0.0.47:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/react-start-rsc:0.0.50:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/react-start-server:1.166.55:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/react-start-server:1.166.55:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/react-start-server:1.166.58:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/router-cli:1.166.46:*:*:*:*:node.js:*:*+ 3 more
- cpe:2.3:a:tanstack:tanstack\/router-cli:1.166.46:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/router-cli:1.166.49:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/router-core:1.169.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/router-core:1.169.8:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/router-devtools:1.166.16:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/router-devtools:1.166.16:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/router-devtools:1.166.19:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/router-devtools-core:1.167.6:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/router-devtools-core:1.167.6:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/router-devtools-core:1.167.9:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/router-generator:1.166.45:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/router-generator:1.166.45:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/router-generator:1.166.48:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/router-plugin:1.167.38:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/router-plugin:1.167.38:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/router-plugin:1.167.41:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/router-ssr-query-core:1.168.3:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/router-ssr-query-core:1.168.3:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/router-ssr-query-core:1.168.6:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/router-utils:1.161.11:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/router-utils:1.161.11:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/router-utils:1.161.14:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/router-vite-plugin:1.166.53:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/router-vite-plugin:1.166.53:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/router-vite-plugin:1.166.56:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/solid-router:1.169.5:*:*:*:*:node.js:*:*+ 3 more
- cpe:2.3:a:tanstack:tanstack\/solid-router:1.169.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/solid-router:1.169.8:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/solid-router-devtools:1.166.16:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/solid-router-devtools:1.166.19:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/solid-router-ssr-query:1.166.15:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/solid-router-ssr-query:1.166.15:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/solid-router-ssr-query:1.166.18:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/solid-start:1.167.65:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/solid-start:1.167.65:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/solid-start:1.167.68:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/solid-start-server:1.166.54:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/solid-start-server:1.166.54:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/solid-start-server:1.166.57:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/start-client-core:1.168.5:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/start-client-core:1.168.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/start-client-core:1.168.8:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/start-fn-stubs:1.161.12:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/start-fn-stubs:1.161.12:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/start-fn-stubs:1.161.9:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/start-plugin-core:1.169.23:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/start-plugin-core:1.169.23:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/start-plugin-core:1.169.26:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/start-server-core:1.167.33:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/start-server-core:1.167.33:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/start-server-core:1.167.36:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/start-static-server-functions:1.166.44:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/start-static-server-functions:1.166.44:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/start-static-server-functions:1.166.47:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/start-storage-context:1.166.38:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/start-storage-context:1.166.38:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/start-storage-context:1.166.41:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/valibot-adapter:1.166.12:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/valibot-adapter:1.166.12:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/valibot-adapter:1.166.15:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/virtual-file-routes:1.161.10:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/virtual-file-routes:1.161.10:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/virtual-file-routes:1.161.13:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/vue-router:1.169.5:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/vue-router:1.169.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/vue-router:1.169.8:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/vue-router-devtools:1.166.16:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/vue-router-devtools:1.166.16:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/vue-router-devtools:1.166.19:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/vue-router-ssr-query:1.166.15:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/vue-router-ssr-query:1.166.15:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/vue-router-ssr-query:1.166.18:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/vue-start:1.167.61:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/vue-start:1.167.61:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/vue-start:1.167.64:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/vue-start-client:1.166.46:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/vue-start-client:1.166.46:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/vue-start-client:1.166.49:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/vue-start-server:1.166.50:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/vue-start-server:1.166.50:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/vue-start-server:1.166.53:*:*:*:*:node.js:*:*
cpe:2.3:a:tanstack:tanstack\/zod-adapter:1.166.12:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:tanstack:tanstack\/zod-adapter:1.166.12:*:*:*:*:node.js:*:*
- cpe:2.3:a:tanstack:tanstack\/zod-adapter:1.166.15:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/access-policy-sdk:0.3.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/access-policy-tool:0.3.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/admin-tool:0.1.1:*:*:*:*:node.js:*:*
cpe:2.3:a:uipath:uipath\/agent.sdk:0.0.18:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:uipath:uipath\/agent.sdk:0.0.18:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/agent-sdk:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/agent-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/aops-policy-tool:0.3.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/ap-chat:1.5.7:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/api-workflow-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/apollo-core:5.9.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/apollo-react:4.24.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/apollo-wind:2.16.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/auth:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/case-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/cli:1.0.1:*:*:*:*:node.js:*:*
cpe:2.3:a:uipath:uipath\/codedagents-tool:0.1.12:*:*:*:*:node.js:*:*+ 1 more
- cpe:2.3:a:uipath:uipath\/codedagents-tool:0.1.12:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/codedagent-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/codedapp-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/common:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/context-grounding-tool:0.1.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/data-fabric-tool:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/docsai-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/filesystem:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/flow-tool:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/functions-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/gov-tool:0.3.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/identity-tool:0.1.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/insights-sdk:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/insights-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/integrationservice-sdk:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/integrationservice-tool:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/llmgw-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/maestro-sdk:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/maestro-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/orchestrator-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/packager-tool-apiworkflow:0.0.19:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/packager-tool-bpmn:0.0.9:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/packager-tool-case:0.0.9:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/packager-tool-connector:0.0.19:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/packager-tool-flow:0.0.19:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/packager-tool-functions:0.1.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/packager-tool-webapp:1.0.6:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/packager-tool-workflowcompiler:0.0.16:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/packager-tool-workflowcompiler-browser:0.0.34:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/platform-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/project-packager:1.1.16:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/resourcecatalog-tool:0.1.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/resources-tool:0.1.11:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/resource-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/robot:1.3.4:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/rpa-legacy-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/rpa-tool:0.9.5:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/solution-packager:0.0.35:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/solutionpackager-sdk:1.0.11:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/solutionpackager-tool-core:0.0.34:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/solution-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/tasks-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/telemetry:0.0.7:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/test-manager-tool:1.0.2:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/tool-workflowcompiler:0.0.12:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/traces-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/uipath-python-bridge:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/ui-widgets-multi-file-upload:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/vertical-solutions-tool:1.0.1:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/vss:0.1.6:*:*:*:*:node.js:*:*
- cpe:2.3:a:uipath:uipath\/widget.sdk:1.2.3:*:*:*:*:node.js:*:*
- ghsa-coords42 versionspkg:npm/%40tanstack/arktype-adapterpkg:npm/%40tanstack/eslint-plugin-routerpkg:npm/%40tanstack/eslint-plugin-startpkg:npm/%40tanstack/historypkg:npm/%40tanstack/nitro-v2-vite-pluginpkg:npm/%40tanstack/react-routerpkg:npm/%40tanstack/react-router-devtoolspkg:npm/%40tanstack/react-router-ssr-querypkg:npm/%40tanstack/react-startpkg:npm/%40tanstack/react-start-clientpkg:npm/%40tanstack/react-start-rscpkg:npm/%40tanstack/react-start-serverpkg:npm/%40tanstack/router-clipkg:npm/%40tanstack/router-corepkg:npm/%40tanstack/router-devtoolspkg:npm/%40tanstack/router-devtools-corepkg:npm/%40tanstack/router-generatorpkg:npm/%40tanstack/router-pluginpkg:npm/%40tanstack/router-ssr-query-corepkg:npm/%40tanstack/router-utilspkg:npm/%40tanstack/router-vite-pluginpkg:npm/%40tanstack/solid-routerpkg:npm/%40tanstack/solid-router-devtoolspkg:npm/%40tanstack/solid-router-ssr-querypkg:npm/%40tanstack/solid-startpkg:npm/%40tanstack/solid-start-clientpkg:npm/%40tanstack/solid-start-serverpkg:npm/%40tanstack/start-client-corepkg:npm/%40tanstack/start-fn-stubspkg:npm/%40tanstack/start-plugin-corepkg:npm/%40tanstack/start-server-corepkg:npm/%40tanstack/start-static-server-functionspkg:npm/%40tanstack/start-storage-contextpkg:npm/%40tanstack/valibot-adapterpkg:npm/%40tanstack/virtual-file-routespkg:npm/%40tanstack/vue-routerpkg:npm/%40tanstack/vue-router-devtoolspkg:npm/%40tanstack/vue-router-ssr-querypkg:npm/%40tanstack/vue-startpkg:npm/%40tanstack/vue-start-clientpkg:npm/%40tanstack/vue-start-serverpkg:npm/%40tanstack/zod-adapter
>= 1.166.12, < 1.166.16+ 41 more
- (no CPE)range: >= 1.166.12, < 1.166.16
- (no CPE)range: >= 1.161.9, < 1.161.13
- (no CPE)range: >= 0.0.4, < 0.0.8
- (no CPE)range: >= 1.161.9, < 1.161.13
- (no CPE)range: >= 1.154.12, < 1.154.16
- (no CPE)range: >= 1.169.5, < 1.169.9
- (no CPE)range: >= 1.166.16, < 1.166.20
- (no CPE)range: >= 1.166.15, < 1.166.19
- (no CPE)range: >= 1.167.68, < 1.167.72
- (no CPE)range: >= 1.166.51, < 1.166.55
- (no CPE)range: >= 0.0.47, < 0.0.51
- (no CPE)range: >= 1.166.55, < 1.166.59
- (no CPE)range: >= 1.166.46, < 1.166.50
- (no CPE)range: >= 1.169.5, < 1.169.9
- (no CPE)range: >= 1.166.16, < 1.166.20
- (no CPE)range: >= 1.167.6, < 1.167.10
- (no CPE)range: >= 1.166.45, < 1.166.49
- (no CPE)range: >= 1.167.38, < 1.167.42
- (no CPE)range: >= 1.168.3, < 1.168.7
- (no CPE)range: >= 1.161.11, < 1.161.15
- (no CPE)range: >= 1.166.53, < 1.166.57
- (no CPE)range: >= 1.169.5, < 1.169.9
- (no CPE)range: >= 1.166.16, < 1.166.20
- (no CPE)range: >= 1.166.15, < 1.166.19
- (no CPE)range: >= 1.167.65, < 1.167.69
- (no CPE)range: >= 1.166.50, < 1.166.54
- (no CPE)range: >= 1.166.54, < 1.166.58
- (no CPE)range: >= 1.168.5, < 1.168.9
- (no CPE)range: >= 1.161.9, < 1.161.13
- (no CPE)range: >= 1.169.23, < 1.169.27
- (no CPE)range: >= 1.167.33, < 1.167.37
- (no CPE)range: >= 1.166.44, < 1.166.48
- (no CPE)range: >= 1.166.38, < 1.166.42
- (no CPE)range: >= 1.166.12, < 1.166.16
- (no CPE)range: >= 1.161.10, < 1.161.14
- (no CPE)range: >= 1.169.5, < 1.169.9
- (no CPE)range: >= 1.166.16, < 1.166.20
- (no CPE)range: >= 1.166.15, < 1.166.19
- (no CPE)range: >= 1.167.61, < 1.167.65
- (no CPE)range: >= 1.166.46, < 1.166.50
- (no CPE)range: >= 1.166.50, < 1.166.54
- (no CPE)range: >= 1.166.12, < 1.166.16
Patches
Vulnerability mechanics
References
8- tanstack.com/blog/npm-supply-chain-compromise-postmortemnvdExploitVendor AdvisoryWEB
- www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystemnvdExploitThird Party AdvisoryWEB
- github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpxnvdMitigationVendor AdvisoryWEB
- github.com/advisories/GHSA-g7cv-rxg3-hmpxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-45321ghsaADVISORY
- github.com/TanStack/router/issues/7383nvdIssue TrackingWEB
- socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attackghsaWEB
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government ResourceWEB
News mentions
4- Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaignTenable Blog · May 21, 2026
- Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More PackagesThe Hacker News · May 12, 2026
- TanStack CVE-2026-45321 Added to CISA KEV Under Active Ransomware ExploitationVypr Intelligence · May 12, 2026
- CISA Adds Three Known Exploited Vulnerabilities to CatalogCISA Alerts