On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Abhishake1 |
|
| Agentworkhq |
|
| Antoinebcx |
|
| Beproduct |
|
| Christianalares |
|
| Dirigible |
|
| Guardrailsai |
|
| Kilbot |
|
| Linuxfoundation |
|
| Matheuspergoli |
|
| Mesa |
|
| Mistral |
|
| Multiagentcognition |
|
| Neilcochran |
|
| Tanstack |
|
| Uipath |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
Configuration 11 [-]
|
Configuration 12 [-]
|
Configuration 13 [-]
|
Configuration 14 [-]
|
Configuration 15 [-]
|
Configuration 16 [-]
|
Configuration 17 [-]
|
Configuration 18 [-]
|
Configuration 19 [-]
|
Configuration 20 [-]
|
Configuration 21 [-]
|
Configuration 22 [-]
|
Configuration 23 [-]
|
Configuration 24 [-]
|
Configuration 25 [-]
|
Configuration 26 [-]
|
Configuration 27 [-]
|
Configuration 28 [-]
|
Configuration 29 [-]
|
Configuration 30 [-]
|
Configuration 31 [-]
|
Configuration 32 [-]
|
Configuration 33 [-]
|
Configuration 34 [-]
|
Configuration 35 [-]
|
Configuration 36 [-]
|
Configuration 37 [-]
|
Configuration 38 [-]
|
Configuration 39 [-]
|
Configuration 40 [-]
|
Configuration 41 [-]
|
Configuration 42 [-]
|
Configuration 43 [-]
|
Configuration 44 [-]
|
Configuration 45 [-]
|
Configuration 46 [-]
|
Configuration 47 [-]
|
Configuration 48 [-]
|
Configuration 49 [-]
|
Configuration 50 [-]
|
Configuration 51 [-]
|
Configuration 52 [-]
|
Configuration 53 [-]
|
No data.
References
History
Fri, 29 May 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Abhishake1
Abhishake1 supersurkhet\/cli Abhishake1 supersurkhet\/sdk Abhishake1 taskflow-corp\/cli Agentworkhq Agentworkhq agentwork-cli Antoinebcx Antoinebcx ml-toolkit-ts Antoinebcx ml-toolkit-ts\/preprocessing Antoinebcx ml-toolkit-ts\/xgboost Beproduct Beproduct beproduct\/nestjs-auth Christianalares Christianalares git-git-git Christianalares git Branch Selector Christianalares nextmove-mcp Christianalares tolka\/cli Dirigible Dirigible dirigible-ai\/sdk Guardrailsai Guardrailsai guardrails Ai Kilbot Kilbot tallyui\/components Kilbot tallyui\/connector-medusa Kilbot tallyui\/connector-shopify Kilbot tallyui\/connector-vendure Kilbot tallyui\/connector-woocommerce Kilbot tallyui\/core Kilbot tallyui\/database Kilbot tallyui\/pos Kilbot tallyui\/storage-sqlite Kilbot tallyui\/theme Linuxfoundation Linuxfoundation opensearch Matheuspergoli Matheuspergoli draftauth\/client Matheuspergoli draftauth\/core Matheuspergoli draftlab\/auth Matheuspergoli draftlab\/auth-router Matheuspergoli draftlab\/db Matheuspergoli simple Type-safe Actions Mesa Mesa mesadev\/rest Mesa mesadev\/saguaro Mesa mesadev\/sdk Mistral Mistral mistralai Mistral mistralai\/mistralai Mistral mistralai\/mistralai-azure Mistral mistralai\/mistralai-gcp Multiagentcognition Multiagentcognition cmux-agent-mcp Neilcochran Neilcochran cross-stitch Neilcochran squawk\/airports Neilcochran squawk\/airspace Neilcochran squawk\/airspace-data Neilcochran squawk\/airway-data Neilcochran squawk\/airways Neilcochran squawk\/fix-data Neilcochran squawk\/fixes Neilcochran squawk\/flight-math Neilcochran squawk\/flightplan Neilcochran squawk\/geo Neilcochran squawk\/icao-registry Neilcochran squawk\/icao-registry-data Neilcochran squawk\/mcp Neilcochran squawk\/navaid-data Neilcochran squawk\/navaids Neilcochran squawk\/notams Neilcochran squawk\/procedure-data Neilcochran squawk\/procedures Neilcochran squawk\/types Neilcochran squawk\/units Neilcochran squawk\/weather Neilcochran ts-dna Neilcochran wot-api Uipath Uipath uipath\/access-policy-sdk Uipath uipath\/access-policy-tool Uipath uipath\/admin-tool Uipath uipath\/agent-sdk Uipath uipath\/agent-tool Uipath uipath\/agent.sdk Uipath uipath\/aops-policy-tool Uipath uipath\/ap-chat Uipath uipath\/api-workflow-tool Uipath uipath\/apollo-core Uipath uipath\/apollo-react Uipath uipath\/apollo-wind Uipath uipath\/auth Uipath uipath\/case-tool Uipath uipath\/cli Uipath uipath\/codedagent-tool Uipath uipath\/codedagents-tool Uipath uipath\/codedapp-tool Uipath uipath\/common Uipath uipath\/context-grounding-tool Uipath uipath\/data-fabric-tool Uipath uipath\/docsai-tool Uipath uipath\/filesystem Uipath uipath\/flow-tool Uipath uipath\/functions-tool Uipath uipath\/gov-tool Uipath uipath\/identity-tool Uipath uipath\/insights-sdk Uipath uipath\/insights-tool Uipath uipath\/integrationservice-sdk Uipath uipath\/integrationservice-tool Uipath uipath\/llmgw-tool Uipath uipath\/maestro-sdk Uipath uipath\/maestro-tool Uipath uipath\/orchestrator-tool Uipath uipath\/packager-tool-apiworkflow Uipath uipath\/packager-tool-bpmn Uipath uipath\/packager-tool-case Uipath uipath\/packager-tool-connector Uipath uipath\/packager-tool-flow Uipath uipath\/packager-tool-functions Uipath uipath\/packager-tool-webapp Uipath uipath\/packager-tool-workflowcompiler Uipath uipath\/packager-tool-workflowcompiler-browser Uipath uipath\/platform-tool Uipath uipath\/project-packager Uipath uipath\/resource-tool Uipath uipath\/resourcecatalog-tool Uipath uipath\/resources-tool Uipath uipath\/robot Uipath uipath\/rpa-legacy-tool Uipath uipath\/rpa-tool Uipath uipath\/solution-packager Uipath uipath\/solution-tool Uipath uipath\/solutionpackager-sdk Uipath uipath\/solutionpackager-tool-core Uipath uipath\/tasks-tool Uipath uipath\/telemetry Uipath uipath\/test-manager-tool Uipath uipath\/tool-workflowcompiler Uipath uipath\/traces-tool Uipath uipath\/ui-widgets-multi-file-upload Uipath uipath\/uipath-python-bridge Uipath uipath\/vertical-solutions-tool Uipath uipath\/vss Uipath uipath\/widget.sdk |
|
| CPEs | cpe:2.3:a:abhishake1:supersurkhet\/cli:0.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:supersurkhet\/cli:0.0.3:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:supersurkhet\/cli:0.0.4:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:supersurkhet\/cli:0.0.5:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:supersurkhet\/cli:0.0.6:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:supersurkhet\/cli:0.0.7:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:supersurkhet\/sdk:0.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:supersurkhet\/sdk:0.0.3:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:supersurkhet\/sdk:0.0.4:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:supersurkhet\/sdk:0.0.5:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:supersurkhet\/sdk:0.0.6:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:supersurkhet\/sdk:0.0.7:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:taskflow-corp\/cli:0.1.24:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:taskflow-corp\/cli:0.1.25:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:taskflow-corp\/cli:0.1.26:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:taskflow-corp\/cli:0.1.27:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:taskflow-corp\/cli:0.1.28:*:*:*:*:node.js:*:* cpe:2.3:a:abhishake1:taskflow-corp\/cli:0.1.29:*:*:*:*:node.js:*:* cpe:2.3:a:agentworkhq:agentwork-cli:0.1.4:*:*:*:*:node.js:*:* cpe:2.3:a:agentworkhq:agentwork-cli:0.1.5:*:*:*:*:node.js:*:* cpe:2.3:a:antoinebcx:ml-toolkit-ts:1.0.4:*:*:*:*:node.js:*:* cpe:2.3:a:antoinebcx:ml-toolkit-ts:1.0.5:*:*:*:*:node.js:*:* cpe:2.3:a:antoinebcx:ml-toolkit-ts\/preprocessing:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:antoinebcx:ml-toolkit-ts\/preprocessing:1.0.3:*:*:*:*:node.js:*:* cpe:2.3:a:antoinebcx:ml-toolkit-ts\/xgboost:1.0.3:*:*:*:*:node.js:*:* cpe:2.3:a:antoinebcx:ml-toolkit-ts\/xgboost:1.0.4:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.10:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.11:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.12:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.13:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.14:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.15:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.16:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.17:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.19:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.2:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.3:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.4:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.5:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.6:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.7:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.8:*:*:*:*:node.js:*:* cpe:2.3:a:beproduct:beproduct\/nestjs-auth:0.1.9:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:git-git-git:1.0.10:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:git-git-git:1.0.12:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:git-git-git:1.0.8:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:git-git-git:1.0.9:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:git_branch_selector:1.3.3:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:git_branch_selector:1.3.4:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:git_branch_selector:1.3.5:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:git_branch_selector:1.3.7:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:nextmove-mcp:0.1.3:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:nextmove-mcp:0.1.4:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:nextmove-mcp:0.1.5:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:nextmove-mcp:0.1.7:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:tolka\/cli:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:tolka\/cli:1.0.3:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:tolka\/cli:1.0.4:*:*:*:*:node.js:*:* cpe:2.3:a:christianalares:tolka\/cli:1.0.6:*:*:*:*:node.js:*:* cpe:2.3:a:dirigible:dirigible-ai\/sdk:0.6.2:*:*:*:*:node.js:*:* cpe:2.3:a:dirigible:dirigible-ai\/sdk:0.6.3:*:*:*:*:node.js:*:* cpe:2.3:a:guardrailsai:guardrails_ai:0.10.1:*:*:*:*:python:*:* cpe:2.3:a:kilbot:tallyui\/components:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/components:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/components:1.0.3:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/connector-medusa:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/connector-medusa:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/connector-medusa:1.0.3:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/connector-shopify:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/connector-shopify:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/connector-shopify:1.0.3:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/connector-vendure:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/connector-vendure:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/connector-vendure:1.0.3:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/connector-woocommerce:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/connector-woocommerce:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/connector-woocommerce:1.0.3:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/core:0.2.1:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/core:0.2.2:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/core:0.2.3:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/database:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/database:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/database:1.0.3:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/pos:0.1.1:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/pos:0.1.2:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/pos:0.1.3:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/storage-sqlite:0.2.1:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/storage-sqlite:0.2.2:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/storage-sqlite:0.2.3:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/theme:0.2.1:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/theme:0.2.2:*:*:*:*:node.js:*:* cpe:2.3:a:kilbot:tallyui\/theme:0.2.3:*:*:*:*:node.js:*:* cpe:2.3:a:linuxfoundation:opensearch:3.6.2:*:*:*:*:node.js:*:* cpe:2.3:a:matheuspergoli:draftauth\/client:0.2.1:*:*:*:*:node.js:*:* cpe:2.3:a:matheuspergoli:draftauth\/client:0.2.2:*:*:*:*:node.js:*:* cpe:2.3:a:matheuspergoli:draftauth\/core:0.13.1:*:*:*:*:node.js:*:* cpe:2.3:a:matheuspergoli:draftauth\/core:0.13.2:*:*:*:*:node.js:*:* cpe:2.3:a:matheuspergoli:draftlab\/auth-router:0.5.1:*:*:*:*:node.js:*:* cpe:2.3:a:matheuspergoli:draftlab\/auth-router:0.5.2:*:*:*:*:node.js:*:* cpe:2.3:a:matheuspergoli:draftlab\/auth:0.24.1:*:*:*:*:node.js:*:* cpe:2.3:a:matheuspergoli:draftlab\/auth:0.24.2:*:*:*:*:node.js:*:* cpe:2.3:a:matheuspergoli:draftlab\/db:0.16.1:*:*:*:*:node.js:*:* cpe:2.3:a:matheuspergoli:draftlab\/db:0.16.2:*:*:*:*:node.js:*:* cpe:2.3:a:matheuspergoli:simple_type-safe_actions:0.8.3:*:*:*:*:node.js:*:* cpe:2.3:a:matheuspergoli:simple_type-safe_actions:0.8.4:*:*:*:*:node.js:*:* cpe:2.3:a:mesa:mesadev\/rest:0.28.3:*:*:*:*:node.js:*:* cpe:2.3:a:mesa:mesadev\/saguaro:0.4.22:*:*:*:*:node.js:*:* cpe:2.3:a:mesa:mesadev\/sdk:0.28.3:*:*:*:*:node.js:*:* cpe:2.3:a:mistral:mistralai:2.4.6:*:*:*:*:python:*:* cpe:2.3:a:mistral:mistralai\/mistralai-azure:1.7.2:*:*:*:*:node.js:*:* cpe:2.3:a:mistral:mistralai\/mistralai-azure:1.7.3:*:*:*:*:node.js:*:* cpe:2.3:a:mistral:mistralai\/mistralai-gcp:1.7.2:*:*:*:*:node.js:*:* cpe:2.3:a:mistral:mistralai\/mistralai-gcp:1.7.3:*:*:*:*:node.js:*:* cpe:2.3:a:mistral:mistralai\/mistralai:2.2.3:*:*:*:*:node.js:*:* cpe:2.3:a:mistral:mistralai\/mistralai:2.2.4:*:*:*:*:node.js:*:* cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.3:*:*:*:*:node.js:*:* cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.4:*:*:*:*:node.js:*:* cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.5:*:*:*:*:node.js:*:* cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.6:*:*:*:*:node.js:*:* cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.7:*:*:*:*:node.js:*:* cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.8:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:cross-stitch:1.1.3:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:cross-stitch:1.1.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:cross-stitch:1.1.6:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airports:0.6.2:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airports:0.6.3:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airports:0.6.5:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airspace-data:0.5.3:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airspace-data:0.5.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airspace-data:0.5.6:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airspace:0.8.1:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airspace:0.8.2:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airspace:0.8.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airway-data:0.5.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airway-data:0.5.5:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airway-data:0.5.7:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airways:0.4.2:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airways:0.4.3:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/airways:0.4.5:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/fix-data:0.6.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/fix-data:0.6.5:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/fix-data:0.6.7:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/fixes:0.3.2:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/fixes:0.3.3:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/fixes:0.3.5:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/flight-math:0.5.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/flight-math:0.5.5:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/flight-math:0.5.7:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/flightplan:0.5.2:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/flightplan:0.5.3:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/flightplan:0.5.5:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/geo:0.4.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/geo:0.4.5:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/geo:0.4.7:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/icao-registry-data:0.8.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/icao-registry-data:0.8.5:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/icao-registry-data:0.8.7:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/icao-registry:0.5.2:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/icao-registry:0.5.3:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/icao-registry:0.5.5:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/mcp:0.9.1:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/mcp:0.9.2:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/mcp:0.9.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/navaid-data:0.6.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/navaid-data:0.6.5:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/navaid-data:0.6.7:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/navaids:0.4.2:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/navaids:0.4.3:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/navaids:0.4.5:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/notams:0.3.6:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/notams:0.3.7:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/notams:0.3.9:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/procedure-data:0.7.3:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/procedure-data:0.7.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/procedure-data:0.7.6:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/procedures:0.5.2:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/procedures:0.5.3:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/procedures:0.5.5:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/types:0.8.1:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/types:0.8.2:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/types:0.8.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/units:0.4.3:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/units:0.4.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/units:0.4.6:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/weather:0.5.6:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/weather:0.5.7:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:squawk\/weather:0.5.9:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:ts-dna:3.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:ts-dna:3.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:ts-dna:3.0.4:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:wot-api:0.8.1:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:wot-api:0.8.2:*:*:*:*:node.js:*:* cpe:2.3:a:neilcochran:wot-api:0.8.4:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/access-policy-sdk:0.3.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/access-policy-tool:0.3.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/admin-tool:0.1.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/agent-sdk:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/agent-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/agent.sdk:0.0.18:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/aops-policy-tool:0.3.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/ap-chat:1.5.7:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/api-workflow-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/apollo-core:5.9.2:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/apollo-react:4.24.5:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/apollo-wind:2.16.2:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/auth:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/case-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/cli:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/codedagent-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/codedagents-tool:0.1.12:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/codedapp-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/common:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/context-grounding-tool:0.1.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/data-fabric-tool:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/docsai-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/filesystem:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/flow-tool:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/functions-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/gov-tool:0.3.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/identity-tool:0.1.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/insights-sdk:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/insights-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/integrationservice-sdk:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/integrationservice-tool:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/llmgw-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/maestro-sdk:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/maestro-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/orchestrator-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/packager-tool-apiworkflow:0.0.19:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/packager-tool-bpmn:0.0.9:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/packager-tool-case:0.0.9:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/packager-tool-connector:0.0.19:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/packager-tool-flow:0.0.19:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/packager-tool-functions:0.1.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/packager-tool-webapp:1.0.6:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/packager-tool-workflowcompiler-browser:0.0.34:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/packager-tool-workflowcompiler:0.0.16:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/platform-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/project-packager:1.1.16:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/resource-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/resourcecatalog-tool:0.1.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/resources-tool:0.1.11:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/robot:1.3.4:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/rpa-legacy-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/rpa-tool:0.9.5:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/solution-packager:0.0.35:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/solution-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/solutionpackager-sdk:1.0.11:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/solutionpackager-tool-core:0.0.34:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/tasks-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/telemetry:0.0.7:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/test-manager-tool:1.0.2:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/tool-workflowcompiler:0.0.12:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/traces-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/ui-widgets-multi-file-upload:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/uipath-python-bridge:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/vertical-solutions-tool:1.0.1:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/vss:0.1.6:*:*:*:*:node.js:*:* cpe:2.3:a:uipath:uipath\/widget.sdk:1.2.3:*:*:*:*:node.js:*:* |
|
| Vendors & Products |
Abhishake1
Abhishake1 supersurkhet\/cli Abhishake1 supersurkhet\/sdk Abhishake1 taskflow-corp\/cli Agentworkhq Agentworkhq agentwork-cli Antoinebcx Antoinebcx ml-toolkit-ts Antoinebcx ml-toolkit-ts\/preprocessing Antoinebcx ml-toolkit-ts\/xgboost Beproduct Beproduct beproduct\/nestjs-auth Christianalares Christianalares git-git-git Christianalares git Branch Selector Christianalares nextmove-mcp Christianalares tolka\/cli Dirigible Dirigible dirigible-ai\/sdk Guardrailsai Guardrailsai guardrails Ai Kilbot Kilbot tallyui\/components Kilbot tallyui\/connector-medusa Kilbot tallyui\/connector-shopify Kilbot tallyui\/connector-vendure Kilbot tallyui\/connector-woocommerce Kilbot tallyui\/core Kilbot tallyui\/database Kilbot tallyui\/pos Kilbot tallyui\/storage-sqlite Kilbot tallyui\/theme Linuxfoundation Linuxfoundation opensearch Matheuspergoli Matheuspergoli draftauth\/client Matheuspergoli draftauth\/core Matheuspergoli draftlab\/auth Matheuspergoli draftlab\/auth-router Matheuspergoli draftlab\/db Matheuspergoli simple Type-safe Actions Mesa Mesa mesadev\/rest Mesa mesadev\/saguaro Mesa mesadev\/sdk Mistral Mistral mistralai Mistral mistralai\/mistralai Mistral mistralai\/mistralai-azure Mistral mistralai\/mistralai-gcp Multiagentcognition Multiagentcognition cmux-agent-mcp Neilcochran Neilcochran cross-stitch Neilcochran squawk\/airports Neilcochran squawk\/airspace Neilcochran squawk\/airspace-data Neilcochran squawk\/airway-data Neilcochran squawk\/airways Neilcochran squawk\/fix-data Neilcochran squawk\/fixes Neilcochran squawk\/flight-math Neilcochran squawk\/flightplan Neilcochran squawk\/geo Neilcochran squawk\/icao-registry Neilcochran squawk\/icao-registry-data Neilcochran squawk\/mcp Neilcochran squawk\/navaid-data Neilcochran squawk\/navaids Neilcochran squawk\/notams Neilcochran squawk\/procedure-data Neilcochran squawk\/procedures Neilcochran squawk\/types Neilcochran squawk\/units Neilcochran squawk\/weather Neilcochran ts-dna Neilcochran wot-api Uipath Uipath uipath\/access-policy-sdk Uipath uipath\/access-policy-tool Uipath uipath\/admin-tool Uipath uipath\/agent-sdk Uipath uipath\/agent-tool Uipath uipath\/agent.sdk Uipath uipath\/aops-policy-tool Uipath uipath\/ap-chat Uipath uipath\/api-workflow-tool Uipath uipath\/apollo-core Uipath uipath\/apollo-react Uipath uipath\/apollo-wind Uipath uipath\/auth Uipath uipath\/case-tool Uipath uipath\/cli Uipath uipath\/codedagent-tool Uipath uipath\/codedagents-tool Uipath uipath\/codedapp-tool Uipath uipath\/common Uipath uipath\/context-grounding-tool Uipath uipath\/data-fabric-tool Uipath uipath\/docsai-tool Uipath uipath\/filesystem Uipath uipath\/flow-tool Uipath uipath\/functions-tool Uipath uipath\/gov-tool Uipath uipath\/identity-tool Uipath uipath\/insights-sdk Uipath uipath\/insights-tool Uipath uipath\/integrationservice-sdk Uipath uipath\/integrationservice-tool Uipath uipath\/llmgw-tool Uipath uipath\/maestro-sdk Uipath uipath\/maestro-tool Uipath uipath\/orchestrator-tool Uipath uipath\/packager-tool-apiworkflow Uipath uipath\/packager-tool-bpmn Uipath uipath\/packager-tool-case Uipath uipath\/packager-tool-connector Uipath uipath\/packager-tool-flow Uipath uipath\/packager-tool-functions Uipath uipath\/packager-tool-webapp Uipath uipath\/packager-tool-workflowcompiler Uipath uipath\/packager-tool-workflowcompiler-browser Uipath uipath\/platform-tool Uipath uipath\/project-packager Uipath uipath\/resource-tool Uipath uipath\/resourcecatalog-tool Uipath uipath\/resources-tool Uipath uipath\/robot Uipath uipath\/rpa-legacy-tool Uipath uipath\/rpa-tool Uipath uipath\/solution-packager Uipath uipath\/solution-tool Uipath uipath\/solutionpackager-sdk Uipath uipath\/solutionpackager-tool-core Uipath uipath\/tasks-tool Uipath uipath\/telemetry Uipath uipath\/test-manager-tool Uipath uipath\/tool-workflowcompiler Uipath uipath\/traces-tool Uipath uipath\/ui-widgets-multi-file-upload Uipath uipath\/uipath-python-bridge Uipath uipath\/vertical-solutions-tool Uipath uipath\/vss Uipath uipath\/widget.sdk |
Wed, 27 May 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
ssvc
|
ssvc
|
Wed, 27 May 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
kev
|
Thu, 14 May 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Tanstack tanstack\/arktype-adapter
Tanstack tanstack\/eslint-plugin-router Tanstack tanstack\/eslint-plugin-start Tanstack tanstack\/history Tanstack tanstack\/nitro-v2-vite-plugin Tanstack tanstack\/react-router Tanstack tanstack\/react-router-devtools Tanstack tanstack\/react-router-ssr-query Tanstack tanstack\/react-start Tanstack tanstack\/react-start-client Tanstack tanstack\/react-start-rsc Tanstack tanstack\/react-start-server Tanstack tanstack\/router-cli Tanstack tanstack\/router-core Tanstack tanstack\/router-devtools Tanstack tanstack\/router-devtools-core Tanstack tanstack\/router-generator Tanstack tanstack\/router-plugin Tanstack tanstack\/router-ssr-query-core Tanstack tanstack\/router-utils Tanstack tanstack\/router-vite-plugin Tanstack tanstack\/solid-router Tanstack tanstack\/solid-router-devtools Tanstack tanstack\/solid-router-ssr-query Tanstack tanstack\/solid-start Tanstack tanstack\/solid-start-client Tanstack tanstack\/solid-start-server Tanstack tanstack\/start-client-core Tanstack tanstack\/start-fn-stubs Tanstack tanstack\/start-plugin-core Tanstack tanstack\/start-server-core Tanstack tanstack\/start-static-server-functions Tanstack tanstack\/start-storage-context Tanstack tanstack\/valibot-adapter Tanstack tanstack\/virtual-file-routes Tanstack tanstack\/vue-router Tanstack tanstack\/vue-router-devtools Tanstack tanstack\/vue-router-ssr-query Tanstack tanstack\/vue-start Tanstack tanstack\/vue-start-client Tanstack tanstack\/vue-start-server Tanstack tanstack\/zod-adapter |
|
| CPEs | cpe:2.3:a:tanstack:tanstack\/arktype-adapter:1.166.12:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/arktype-adapter:1.166.15:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/eslint-plugin-router:1.161.12:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/eslint-plugin-router:1.161.9:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/eslint-plugin-start:0.0.4:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/eslint-plugin-start:0.0.7:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/history:1.161.12:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/history:1.161.9:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/nitro-v2-vite-plugin:1.154.12:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/nitro-v2-vite-plugin:1.154.15:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-router-devtools:1.166.16:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-router-devtools:1.166.19:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-router-ssr-query:1.166.15:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-router-ssr-query:1.166.18:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-router:1.169.5:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-router:1.169.8:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-start-client:1.166.51:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-start-client:1.166.54:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-start-rsc:0.0.47:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-start-rsc:0.0.50:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-start-server:1.166.55:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-start-server:1.166.58:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-start:1.167.68:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/react-start:1.167.71:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-cli:1.166.46:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-cli:1.166.49:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-core:1.169.5:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-core:1.169.8:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-devtools-core:1.167.6:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-devtools-core:1.167.9:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-devtools:1.166.16:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-devtools:1.166.19:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-generator:1.166.45:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-generator:1.166.48:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-plugin:1.167.38:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-plugin:1.167.41:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-ssr-query-core:1.168.3:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-ssr-query-core:1.168.6:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-utils:1.161.11:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-utils:1.161.14:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-vite-plugin:1.166.53:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/router-vite-plugin:1.166.56:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/solid-router-devtools:1.166.16:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/solid-router-devtools:1.166.19:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/solid-router-ssr-query:1.166.15:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/solid-router-ssr-query:1.166.18:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/solid-router:1.169.5:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/solid-router:1.169.8:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/solid-start-client:1.166.50:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/solid-start-client:1.166.53:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/solid-start-server:1.166.54:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/solid-start-server:1.166.57:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/solid-start:1.167.65:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/solid-start:1.167.68:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/start-client-core:1.168.5:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/start-client-core:1.168.8:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/start-fn-stubs:1.161.12:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/start-fn-stubs:1.161.9:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/start-plugin-core:1.169.23:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/start-plugin-core:1.169.26:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/start-server-core:1.167.33:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/start-server-core:1.167.36:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/start-static-server-functions:1.166.44:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/start-static-server-functions:1.166.47:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/start-storage-context:1.166.38:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/start-storage-context:1.166.41:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/valibot-adapter:1.166.12:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/valibot-adapter:1.166.15:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/virtual-file-routes:1.161.10:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/virtual-file-routes:1.161.13:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/vue-router-devtools:1.166.16:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/vue-router-devtools:1.166.19:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/vue-router-ssr-query:1.166.15:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/vue-router-ssr-query:1.166.18:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/vue-router:1.169.5:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/vue-router:1.169.8:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/vue-start-client:1.166.46:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/vue-start-client:1.166.49:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/vue-start-server:1.166.50:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/vue-start-server:1.166.53:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/vue-start:1.167.61:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/vue-start:1.167.64:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/zod-adapter:1.166.12:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:tanstack\/zod-adapter:1.166.15:*:*:*:*:node.js:*:* |
|
| Vendors & Products |
Tanstack tanstack\/arktype-adapter
Tanstack tanstack\/eslint-plugin-router Tanstack tanstack\/eslint-plugin-start Tanstack tanstack\/history Tanstack tanstack\/nitro-v2-vite-plugin Tanstack tanstack\/react-router Tanstack tanstack\/react-router-devtools Tanstack tanstack\/react-router-ssr-query Tanstack tanstack\/react-start Tanstack tanstack\/react-start-client Tanstack tanstack\/react-start-rsc Tanstack tanstack\/react-start-server Tanstack tanstack\/router-cli Tanstack tanstack\/router-core Tanstack tanstack\/router-devtools Tanstack tanstack\/router-devtools-core Tanstack tanstack\/router-generator Tanstack tanstack\/router-plugin Tanstack tanstack\/router-ssr-query-core Tanstack tanstack\/router-utils Tanstack tanstack\/router-vite-plugin Tanstack tanstack\/solid-router Tanstack tanstack\/solid-router-devtools Tanstack tanstack\/solid-router-ssr-query Tanstack tanstack\/solid-start Tanstack tanstack\/solid-start-client Tanstack tanstack\/solid-start-server Tanstack tanstack\/start-client-core Tanstack tanstack\/start-fn-stubs Tanstack tanstack\/start-plugin-core Tanstack tanstack\/start-server-core Tanstack tanstack\/start-static-server-functions Tanstack tanstack\/start-storage-context Tanstack tanstack\/valibot-adapter Tanstack tanstack\/virtual-file-routes Tanstack tanstack\/vue-router Tanstack tanstack\/vue-router-devtools Tanstack tanstack\/vue-router-ssr-query Tanstack tanstack\/vue-start Tanstack tanstack\/vue-start-client Tanstack tanstack\/vue-start-server Tanstack tanstack\/zod-adapter |
Tue, 12 May 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 12 May 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 12 May 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Tanstack
Tanstack arktype-adapter Tanstack eslint-plugin-router Tanstack eslint-plugin-start Tanstack history Tanstack nitro-v2-vite-plugin Tanstack outer-vite-plugin Tanstack react-router Tanstack react-router-devtools Tanstack react-router-ssr-query Tanstack react-start Tanstack react-start-client Tanstack react-start-rsc Tanstack react-start-server Tanstack router-cli Tanstack router-core Tanstack router-devtools Tanstack router-devtools-core Tanstack router-generator Tanstack router-plugin Tanstack router-ssr-query-core Tanstack router-utils Tanstack solid-router Tanstack solid-router-devtools Tanstack solid-router-ssr-query Tanstack solid-start Tanstack solid-start-client Tanstack solid-start-server Tanstack start-client-core Tanstack start-fn-stubs Tanstack start-plugin-core Tanstack start-server-core Tanstack start-static-server-functions Tanstack start-storage-context Tanstack valibot-adapter Tanstack virtual-file-routes Tanstack vue-router Tanstack vue-router-devtools Tanstack vue-router-ssr-query Tanstack vue-start Tanstack vue-start-client Tanstack vue-start-server Tanstack zod-adapter |
|
| Vendors & Products |
Tanstack
Tanstack arktype-adapter Tanstack eslint-plugin-router Tanstack eslint-plugin-start Tanstack history Tanstack nitro-v2-vite-plugin Tanstack outer-vite-plugin Tanstack react-router Tanstack react-router-devtools Tanstack react-router-ssr-query Tanstack react-start Tanstack react-start-client Tanstack react-start-rsc Tanstack react-start-server Tanstack router-cli Tanstack router-core Tanstack router-devtools Tanstack router-devtools-core Tanstack router-generator Tanstack router-plugin Tanstack router-ssr-query-core Tanstack router-utils Tanstack solid-router Tanstack solid-router-devtools Tanstack solid-router-ssr-query Tanstack solid-start Tanstack solid-start-client Tanstack solid-start-server Tanstack start-client-core Tanstack start-fn-stubs Tanstack start-plugin-core Tanstack start-server-core Tanstack start-static-server-functions Tanstack start-storage-context Tanstack valibot-adapter Tanstack virtual-file-routes Tanstack vue-router Tanstack vue-router-devtools Tanstack vue-router-ssr-query Tanstack vue-start Tanstack vue-start-client Tanstack vue-start-server Tanstack zod-adapter |
Tue, 12 May 2026 01:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart. | |
| Title | Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys | |
| Weaknesses | CWE-506 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-05-12T00:12:35.452Z
Updated: 2026-05-28T03:55:26.991Z
Reserved: 2026-05-11T20:50:30.539Z
Link: CVE-2026-45321
Vulnrichment
Updated: 2026-05-12T13:21:29.648Z
NVD
Status : Analyzed
Published: 2026-05-12T01:16:46.820
Modified: 2026-06-17T10:51:54.877
Link: CVE-2026-45321
Redhat
No data.