npm package
@tanstack/vue-router-ssr-query
pkg:npm/%40tanstack/vue-router-ssr-query
Malware
2 malicious versions on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- MAL-2026-3497Malicious code in @tanstack/vue-router-ssr-query (npm)May 11, 2026
- GHSA-8rxr-9xrf-66wvMalware in @tanstack/vue-router-ssr-queryMay 11, 2026
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-45321 | Cri | 9.6 | KEV | >= 1.166.15, < 1.166.19 | 1.166.19 | May 12, 2026 | On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publis |
- affected >= 1.166.15, < 1.166.19fixed 1.166.19
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publis