OR
          *cpe:2.3:a:abhishake1:supersurkhet/cli:0.0.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:supersurkhet/cli:0.0.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:supersurkhet/cli:0.0.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:supersurkhet/cli:0.0.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:supersurkhet/cli:0.0.6:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:supersurkhet/cli:0.0.7:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:supersurkhet/sdk:0.0.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:supersurkhet/sdk:0.0.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:supersurkhet/sdk:0.0.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:supersurkhet/sdk:0.0.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:supersurkhet/sdk:0.0.6:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:supersurkhet/sdk:0.0.7:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:taskflow-corp/cli:0.1.24:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:taskflow-corp/cli:0.1.25:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:taskflow-corp/cli:0.1.26:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:taskflow-corp/cli:0.1.27:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:taskflow-corp/cli:0.1.28:*:*:*:*:node.js:*:*
          *cpe:2.3:a:abhishake1:taskflow-corp/cli:0.1.29:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:agentworkhq:agentwork-cli:0.1.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:agentworkhq:agentwork-cli:0.1.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:dirigible:dirigible-ai/sdk:0.6.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:dirigible:dirigible-ai/sdk:0.6.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:guardrailsai:guardrails_ai:0.10.1:*:*:*:*:python:*:*
          *cpe:2.3:a:linuxfoundation:opensearch:3.6.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:mesa:mesadev/rest:0.28.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:mesa:mesadev/saguaro:0.4.22:*:*:*:*:node.js:*:*
          *cpe:2.3:a:mesa:mesadev/sdk:0.28.3:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:antoinebcx:ml-toolkit-ts:1.0.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:antoinebcx:ml-toolkit-ts:1.0.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:antoinebcx:ml-toolkit-ts/preprocessing:1.0.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:antoinebcx:ml-toolkit-ts/preprocessing:1.0.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:antoinebcx:ml-toolkit-ts/xgboost:1.0.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:antoinebcx:ml-toolkit-ts/xgboost:1.0.4:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.10:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.11:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.12:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.13:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.14:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.15:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.16:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.17:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.19:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.6:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.7:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.8:*:*:*:*:node.js:*:*
          *cpe:2.3:a:beproduct:beproduct/nestjs-auth:0.1.9:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:christianalares:git-git-git:1.0.10:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:git-git-git:1.0.12:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:git-git-git:1.0.8:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:git-git-git:1.0.9:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:git_branch_selector:1.3.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:git_branch_selector:1.3.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:git_branch_selector:1.3.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:git_branch_selector:1.3.7:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:nextmove-mcp:0.1.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:nextmove-mcp:0.1.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:nextmove-mcp:0.1.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:nextmove-mcp:0.1.7:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:tolka/cli:1.0.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:tolka/cli:1.0.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:tolka/cli:1.0.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:christianalares:tolka/cli:1.0.6:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:kilbot:tallyui/components:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/components:1.0.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/components:1.0.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/connector-medusa:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/connector-medusa:1.0.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/connector-medusa:1.0.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/connector-shopify:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/connector-shopify:1.0.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/connector-shopify:1.0.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/connector-vendure:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/connector-vendure:1.0.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/connector-vendure:1.0.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/connector-woocommerce:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/connector-woocommerce:1.0.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/connector-woocommerce:1.0.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/core:0.2.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/core:0.2.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/core:0.2.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/database:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/database:1.0.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/database:1.0.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/pos:0.1.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/pos:0.1.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/pos:0.1.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/storage-sqlite:0.2.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/storage-sqlite:0.2.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:kilbot:tallyui/storage-sqlite:0.2.3:*:*:*:*:node.js:*:*
          *cpe

OR
          *cpe:2.3:a:matheuspergoli:draftauth/client:0.2.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:matheuspergoli:draftauth/client:0.2.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:matheuspergoli:draftauth/core:0.13.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:matheuspergoli:draftauth/core:0.13.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:matheuspergoli:draftlab/auth:0.24.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:matheuspergoli:draftlab/auth:0.24.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:matheuspergoli:draftlab/auth-router:0.5.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:matheuspergoli:draftlab/auth-router:0.5.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:matheuspergoli:draftlab/db:0.16.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:matheuspergoli:draftlab/db:0.16.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:matheuspergoli:simple_type-safe_actions:0.8.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:matheuspergoli:simple_type-safe_actions:0.8.4:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:mistral:mistralai:2.4.6:*:*:*:*:python:*:*
          *cpe:2.3:a:mistral:mistralai/mistralai:2.2.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:mistral:mistralai/mistralai:2.2.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:mistral:mistralai/mistralai-azure:1.7.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:mistral:mistralai/mistralai-azure:1.7.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:mistral:mistralai/mistralai-gcp:1.7.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:mistral:mistralai/mistralai-gcp:1.7.3:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.6:*:*:*:*:node.js:*:*
          *cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.7:*:*:*:*:node.js:*:*
          *cpe:2.3:a:multiagentcognition:cmux-agent-mcp:0.1.8:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:neilcochran:cross-stitch:1.1.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:cross-stitch:1.1.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:cross-stitch:1.1.6:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airports:0.6.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airports:0.6.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airports:0.6.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airspace:0.8.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airspace:0.8.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airspace:0.8.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airspace-data:0.5.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airspace-data:0.5.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airspace-data:0.5.6:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airway-data:0.5.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airway-data:0.5.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airway-data:0.5.7:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airways:0.4.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airways:0.4.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/airways:0.4.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/fix-data:0.6.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/fix-data:0.6.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/fix-data:0.6.7:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/fixes:0.3.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/fixes:0.3.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/fixes:0.3.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/flight-math:0.5.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/flight-math:0.5.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:neilcochran:squawk/flight-math:0.5.7:*:*:*:*:node.js:*:*
        

OR
          *cpe:2.3:a:uipath:uipath/access-policy-sdk:0.3.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/access-policy-tool:0.3.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/admin-tool:0.1.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/agent-sdk:1.0.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/agent-tool:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/agent.sdk:0.0.18:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/aops-policy-tool:0.3.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/ap-chat:1.5.7:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/api-workflow-tool:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/apollo-core:5.9.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/apollo-react:4.24.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/apollo-wind:2.16.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/auth:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/case-tool:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/cli:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/codedagent-tool:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/codedagents-tool:0.1.12:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/codedapp-tool:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/common:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/context-grounding-tool:0.1.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/data-fabric-tool:1.0.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/docsai-tool:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/filesystem:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/flow-tool:1.0.2:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/functions-tool:1.0.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/gov-tool:0.3.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/identity-tool:0.1.1:*:*:*:*:node.js:*:*
          *cpe:2.3:a:uipath:uipath/insights-sdk:1.0

CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45321 Types: US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45321

2026-05-27

2026-05-27

2026-05-27

2026-05-27

OR
          *cpe:2.3:a:tanstack:tanstack/arktype-adapter:1.166.12:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/arktype-adapter:1.166.15:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/eslint-plugin-router:1.161.12:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/eslint-plugin-router:1.161.9:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/eslint-plugin-start:0.0.4:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/eslint-plugin-start:0.0.7:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/history:1.161.12:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/history:1.161.9:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/nitro-v2-vite-plugin:1.154.12:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/nitro-v2-vite-plugin:1.154.15:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/react-router-devtools:1.166.16:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/react-router-devtools:1.166.19:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/react-router-ssr-query:1.166.15:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/react-router-ssr-query:1.166.18:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/react-router:1.169.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/react-router:1.169.8:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/react-start-client:1.166.51:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/react-start-client:1.166.54:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/react-start-rsc:0.0.47:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/react-start-rsc:0.0.50:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/react-start-server:1.166.55:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/react-start-server:1.166.58:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/react-start:1.167.68:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/react-start:1.167.71:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/router-cli:1.166.46:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/router-cli:1.166.49:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/router-core:1.169.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/router-core:1.169.8:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/router-devtools-core:1.167.6:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/router-devtools-core:1.167.9:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/router-devtools:1.166.16:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/router-devtools:1.166.19:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/router-generator:1.166.45:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/router-generator:1.166.48:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/router-plugin:1.167.38:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/router-plugin:1.167.41:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/router-ssr-query-core:1.168.3:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/router-ssr-query-core:1.168.6:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/router-utils:1.161.11:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/router-utils:1.161.14:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/router-vite-plugin:1.166.53:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/router-vite-plugin:1.166.56:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/solid-router-devtools:1.166.16:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/solid-router-devtools:1.166.19:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/solid-router-ssr-query:1.166.15:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/solid-router-ssr-query:1.166.18:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/solid-router:1.169.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/solid-router:1.169.8:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/solid-start-client:1.166.50:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/solid-start-client:1.166.53:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/solid-start-server:1.166.54:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/solid-start-server:1.166.57:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/solid-start:1.167.65:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/solid-start:1.167.68:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/start-client-core:1.168.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/start-client-core:1.168.8:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/start-fn-stubs:1.161.12:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/start-fn-stubs:1.161.9:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/start-plugin-core:1.169.23:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/start-plugin-core:1.169.26:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/start-server-core:1.167.33:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/start-server-core:1.167.36:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/start-static-server-functions:1.166.44:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/start-static-server-functions:1.166.47:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/start-storage-context:1.166.38:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/start-storage-context:1.166.41:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/valibot-adapter:1.166.12:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/valibot-adapter:1.166.15:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/virtual-file-routes:1.161.10:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/virtual-file-routes:1.161.13:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/vue-router-devtools:1.166.16:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/vue-router-devtools:1.166.19:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/vue-router-ssr-query:1.166.15:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/vue-router-ssr-query:1.166.18:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/vue-router:1.169.5:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/vue-router:1.169.8:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/vue-start-client:1.166.46:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/vue-start-client:1.166.49:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/vue-start-server:1.166.50:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/vue-start-server:1.166.53:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/vue-start:1.167.61:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/vue-start:1.167.64:*:*:*:*:node.js:*:*

OR
          *cpe:2.3:a:tanstack:tanstack/zod-adapter:1.166.12:*:*:*:*:node.js:*:*
          *cpe:2.3:a:tanstack:tanstack/zod-adapter:1.166.15:*:*:*:*:node.js:*:*

GitHub, Inc.: https://github.com/TanStack/router/issues/7383 Types: Issue Tracking

GitHub, Inc.: https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx Types: Mitigation, Vendor Advisory

GitHub, Inc.: https://tanstack.com/blog/npm-supply-chain-compromise-postmortem Types: Exploit, Vendor Advisory

GitHub, Inc.: https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem Types: Exploit, Third Party Advisory

https://tanstack.com/blog/npm-supply-chain-compromise-postmortem

https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-506

https://github.com/TanStack/router/issues/7383

https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx