VYPR
Vendor

Beproduct

Products
3
CVEs
2
Across products
2
Status
Private

Products

3

Recent CVEs

2
  • CVE-2026-45321CriKEVMay 12, 2026
    risk 0.82cvss 9.6epss 0.02

    On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the…

  • CVE-2026-46412criMay 19, 2026
    risk 0.59cvss epss 0.00

    ## Summary Between 2026-05-11 20:19 UTC and 22:56 UTC, an attacker used a compromised npm publish token to publish 18 malicious versions of `@beproduct/nestjs-auth` (0.1.2 through 0.1.19). The packages contained payloads from the **Mini Shai-Hulud** npm supply-chain worm…