CVE-2026-45321

Warnung

Medienbericht

Exploit

EPSS 2.34%
Veröffentlicht 12.05.2026 01:16:46
Zuletzt bearbeitet 29.05.2026 19:41:37
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 10

NVD 259 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mistral ≫ Mistralai Version2.4.6 SwPlatformpython

Mistral ≫ Mistralai/mistralai Version2.2.3 SwPlatformnode.js

Mistral ≫ Mistralai/mistralai Version2.2.4 SwPlatformnode.js

Mistral ≫ Mistralai/mistralai-azure Version1.7.2 SwPlatformnode.js

Mistral ≫ Mistralai/mistralai-azure Version1.7.3 SwPlatformnode.js

Mistral ≫ Mistralai/mistralai-gcp Version1.7.2 SwPlatformnode.js

Mistral ≫ Mistralai/mistralai-gcp Version1.7.3 SwPlatformnode.js

Antoinebcx ≫ Ml-toolkit-ts Version1.0.4 SwPlatformnode.js

Antoinebcx ≫ Ml-toolkit-ts Version1.0.5 SwPlatformnode.js

Antoinebcx ≫ Ml-toolkit-ts/preprocessing Version1.0.2 SwPlatformnode.js

Antoinebcx ≫ Ml-toolkit-ts/preprocessing Version1.0.3 SwPlatformnode.js

Antoinebcx ≫ Ml-toolkit-ts/xgboost Version1.0.3 SwPlatformnode.js

Antoinebcx ≫ Ml-toolkit-ts/xgboost Version1.0.4 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.2 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.3 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.4 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.5 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.6 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.7 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.8 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.9 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.10 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.11 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.12 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.13 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.14 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.15 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.16 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.17 SwPlatformnode.js

Beproduct ≫ Beproduct/nestjs-auth Version0.1.19 SwPlatformnode.js

Christianalares ≫ Git-git-git Version1.0.8 SwPlatformnode.js

Christianalares ≫ Git-git-git Version1.0.9 SwPlatformnode.js

Christianalares ≫ Git-git-git Version1.0.10 SwPlatformnode.js

Christianalares ≫ Git-git-git Version1.0.12 SwPlatformnode.js

Christianalares ≫ Git Branch Selector Version1.3.3 SwPlatformnode.js

Christianalares ≫ Git Branch Selector Version1.3.4 SwPlatformnode.js

Christianalares ≫ Git Branch Selector Version1.3.5 SwPlatformnode.js

Christianalares ≫ Git Branch Selector Version1.3.7 SwPlatformnode.js

Christianalares ≫ Nextmove-mcp Version0.1.3 SwPlatformnode.js

Christianalares ≫ Nextmove-mcp Version0.1.4 SwPlatformnode.js

Christianalares ≫ Nextmove-mcp Version0.1.5 SwPlatformnode.js

Christianalares ≫ Nextmove-mcp Version0.1.7 SwPlatformnode.js

Christianalares ≫ Tolka/cli Version1.0.2 SwPlatformnode.js

Christianalares ≫ Tolka/cli Version1.0.3 SwPlatformnode.js

Christianalares ≫ Tolka/cli Version1.0.4 SwPlatformnode.js

Christianalares ≫ Tolka/cli Version1.0.6 SwPlatformnode.js

Multiagentcognition ≫ Cmux-agent-mcp Version0.1.3 SwPlatformnode.js

Multiagentcognition ≫ Cmux-agent-mcp Version0.1.4 SwPlatformnode.js

Multiagentcognition ≫ Cmux-agent-mcp Version0.1.5 SwPlatformnode.js

Multiagentcognition ≫ Cmux-agent-mcp Version0.1.6 SwPlatformnode.js

Multiagentcognition ≫ Cmux-agent-mcp Version0.1.7 SwPlatformnode.js

Multiagentcognition ≫ Cmux-agent-mcp Version0.1.8 SwPlatformnode.js

Abhishake1 ≫ Supersurkhet/cli Version0.0.2 SwPlatformnode.js

Abhishake1 ≫ Supersurkhet/cli Version0.0.3 SwPlatformnode.js

Abhishake1 ≫ Supersurkhet/cli Version0.0.4 SwPlatformnode.js

Abhishake1 ≫ Supersurkhet/cli Version0.0.5 SwPlatformnode.js

Abhishake1 ≫ Supersurkhet/cli Version0.0.6 SwPlatformnode.js

Abhishake1 ≫ Supersurkhet/cli Version0.0.7 SwPlatformnode.js

Abhishake1 ≫ Supersurkhet/sdk Version0.0.2 SwPlatformnode.js

Abhishake1 ≫ Supersurkhet/sdk Version0.0.3 SwPlatformnode.js

Abhishake1 ≫ Supersurkhet/sdk Version0.0.4 SwPlatformnode.js

Abhishake1 ≫ Supersurkhet/sdk Version0.0.5 SwPlatformnode.js

Abhishake1 ≫ Supersurkhet/sdk Version0.0.6 SwPlatformnode.js

Abhishake1 ≫ Supersurkhet/sdk Version0.0.7 SwPlatformnode.js

Abhishake1 ≫ Taskflow-corp/cli Version0.1.24 SwPlatformnode.js

Abhishake1 ≫ Taskflow-corp/cli Version0.1.25 SwPlatformnode.js

Abhishake1 ≫ Taskflow-corp/cli Version0.1.26 SwPlatformnode.js

Abhishake1 ≫ Taskflow-corp/cli Version0.1.27 SwPlatformnode.js

Abhishake1 ≫ Taskflow-corp/cli Version0.1.28 SwPlatformnode.js

Abhishake1 ≫ Taskflow-corp/cli Version0.1.29 SwPlatformnode.js

Kilbot ≫ Tallyui/components Version1.0.1 SwPlatformnode.js

Kilbot ≫ Tallyui/components Version1.0.2 SwPlatformnode.js

Kilbot ≫ Tallyui/components Version1.0.3 SwPlatformnode.js

Kilbot ≫ Tallyui/connector-medusa Version1.0.1 SwPlatformnode.js

Kilbot ≫ Tallyui/connector-medusa Version1.0.2 SwPlatformnode.js

Kilbot ≫ Tallyui/connector-medusa Version1.0.3 SwPlatformnode.js

Kilbot ≫ Tallyui/connector-shopify Version1.0.1 SwPlatformnode.js

Kilbot ≫ Tallyui/connector-shopify Version1.0.2 SwPlatformnode.js

Kilbot ≫ Tallyui/connector-shopify Version1.0.3 SwPlatformnode.js

Kilbot ≫ Tallyui/connector-vendure Version1.0.1 SwPlatformnode.js

Kilbot ≫ Tallyui/connector-vendure Version1.0.2 SwPlatformnode.js

Kilbot ≫ Tallyui/connector-vendure Version1.0.3 SwPlatformnode.js

Kilbot ≫ Tallyui/connector-woocommerce Version1.0.1 SwPlatformnode.js

Kilbot ≫ Tallyui/connector-woocommerce Version1.0.2 SwPlatformnode.js

Kilbot ≫ Tallyui/connector-woocommerce Version1.0.3 SwPlatformnode.js

Kilbot ≫ Tallyui/core Version0.2.1 SwPlatformnode.js

Kilbot ≫ Tallyui/core Version0.2.2 SwPlatformnode.js

Kilbot ≫ Tallyui/core Version0.2.3 SwPlatformnode.js

Kilbot ≫ Tallyui/database Version1.0.1 SwPlatformnode.js

Kilbot ≫ Tallyui/database Version1.0.2 SwPlatformnode.js

Kilbot ≫ Tallyui/database Version1.0.3 SwPlatformnode.js

Kilbot ≫ Tallyui/pos Version0.1.1 SwPlatformnode.js

Kilbot ≫ Tallyui/pos Version0.1.2 SwPlatformnode.js

Kilbot ≫ Tallyui/pos Version0.1.3 SwPlatformnode.js

Kilbot ≫ Tallyui/storage-sqlite Version0.2.1 SwPlatformnode.js

Kilbot ≫ Tallyui/storage-sqlite Version0.2.2 SwPlatformnode.js

Kilbot ≫ Tallyui/storage-sqlite Version0.2.3 SwPlatformnode.js

Kilbot ≫ Tallyui/theme Version0.2.1 SwPlatformnode.js

Kilbot ≫ Tallyui/theme Version0.2.2 SwPlatformnode.js

Kilbot ≫ Tallyui/theme Version0.2.3 SwPlatformnode.js

Matheuspergoli ≫ Draftauth/client Version0.2.1 SwPlatformnode.js

Matheuspergoli ≫ Draftauth/client Version0.2.2 SwPlatformnode.js

Matheuspergoli ≫ Draftauth/core Version0.13.1 SwPlatformnode.js

Matheuspergoli ≫ Draftauth/core Version0.13.2 SwPlatformnode.js

Matheuspergoli ≫ Draftlab/auth Version0.24.1 SwPlatformnode.js

Matheuspergoli ≫ Draftlab/auth Version0.24.2 SwPlatformnode.js

Matheuspergoli ≫ Draftlab/auth-router Version0.5.1 SwPlatformnode.js

Matheuspergoli ≫ Draftlab/auth-router Version0.5.2 SwPlatformnode.js

Matheuspergoli ≫ Draftlab/db Version0.16.1 SwPlatformnode.js

Matheuspergoli ≫ Draftlab/db Version0.16.2 SwPlatformnode.js

Matheuspergoli ≫ Simple Type-safe Actions Version0.8.3 SwPlatformnode.js

Matheuspergoli ≫ Simple Type-safe Actions Version0.8.4 SwPlatformnode.js

Neilcochran ≫ Cross-stitch Version1.1.3 SwPlatformnode.js

Neilcochran ≫ Cross-stitch Version1.1.4 SwPlatformnode.js

Neilcochran ≫ Cross-stitch Version1.1.6 SwPlatformnode.js

Neilcochran ≫ Squawk/airports Version0.6.2 SwPlatformnode.js

Neilcochran ≫ Squawk/airports Version0.6.3 SwPlatformnode.js

Neilcochran ≫ Squawk/airports Version0.6.5 SwPlatformnode.js

Neilcochran ≫ Squawk/airspace Version0.8.1 SwPlatformnode.js

Neilcochran ≫ Squawk/airspace Version0.8.2 SwPlatformnode.js

Neilcochran ≫ Squawk/airspace Version0.8.4 SwPlatformnode.js

Neilcochran ≫ Squawk/airspace-data Version0.5.3 SwPlatformnode.js

Neilcochran ≫ Squawk/airspace-data Version0.5.4 SwPlatformnode.js

Neilcochran ≫ Squawk/airspace-data Version0.5.6 SwPlatformnode.js

Neilcochran ≫ Squawk/airway-data Version0.5.4 SwPlatformnode.js

Neilcochran ≫ Squawk/airway-data Version0.5.5 SwPlatformnode.js

Neilcochran ≫ Squawk/airway-data Version0.5.7 SwPlatformnode.js

Neilcochran ≫ Squawk/airways Version0.4.2 SwPlatformnode.js

Neilcochran ≫ Squawk/airways Version0.4.3 SwPlatformnode.js

Neilcochran ≫ Squawk/airways Version0.4.5 SwPlatformnode.js

Neilcochran ≫ Squawk/fix-data Version0.6.4 SwPlatformnode.js

Neilcochran ≫ Squawk/fix-data Version0.6.5 SwPlatformnode.js

Neilcochran ≫ Squawk/fix-data Version0.6.7 SwPlatformnode.js

Neilcochran ≫ Squawk/fixes Version0.3.2 SwPlatformnode.js

Neilcochran ≫ Squawk/fixes Version0.3.3 SwPlatformnode.js

Neilcochran ≫ Squawk/fixes Version0.3.5 SwPlatformnode.js

Neilcochran ≫ Squawk/flight-math Version0.5.4 SwPlatformnode.js

Neilcochran ≫ Squawk/flight-math Version0.5.5 SwPlatformnode.js

Neilcochran ≫ Squawk/flight-math Version0.5.7 SwPlatformnode.js

Neilcochran ≫ Squawk/flightplan Version0.5.2 SwPlatformnode.js

Neilcochran ≫ Squawk/flightplan Version0.5.3 SwPlatformnode.js

Neilcochran ≫ Squawk/flightplan Version0.5.5 SwPlatformnode.js

Neilcochran ≫ Squawk/geo Version0.4.4 SwPlatformnode.js

Neilcochran ≫ Squawk/geo Version0.4.5 SwPlatformnode.js

Neilcochran ≫ Squawk/geo Version0.4.7 SwPlatformnode.js

Neilcochran ≫ Squawk/icao-registry Version0.5.2 SwPlatformnode.js

Neilcochran ≫ Squawk/icao-registry Version0.5.3 SwPlatformnode.js

Neilcochran ≫ Squawk/icao-registry Version0.5.5 SwPlatformnode.js

Neilcochran ≫ Squawk/icao-registry-data Version0.8.4 SwPlatformnode.js

Neilcochran ≫ Squawk/icao-registry-data Version0.8.5 SwPlatformnode.js

Neilcochran ≫ Squawk/icao-registry-data Version0.8.7 SwPlatformnode.js

Neilcochran ≫ Squawk/mcp Version0.9.1 SwPlatformnode.js

Neilcochran ≫ Squawk/mcp Version0.9.2 SwPlatformnode.js

Neilcochran ≫ Squawk/mcp Version0.9.4 SwPlatformnode.js

Neilcochran ≫ Squawk/navaid-data Version0.6.4 SwPlatformnode.js

Neilcochran ≫ Squawk/navaid-data Version0.6.5 SwPlatformnode.js

Neilcochran ≫ Squawk/navaid-data Version0.6.7 SwPlatformnode.js

Neilcochran ≫ Squawk/navaids Version0.4.2 SwPlatformnode.js

Neilcochran ≫ Squawk/navaids Version0.4.3 SwPlatformnode.js

Neilcochran ≫ Squawk/navaids Version0.4.5 SwPlatformnode.js

Neilcochran ≫ Squawk/notams Version0.3.6 SwPlatformnode.js

Neilcochran ≫ Squawk/notams Version0.3.7 SwPlatformnode.js

Neilcochran ≫ Squawk/notams Version0.3.9 SwPlatformnode.js

Neilcochran ≫ Squawk/procedure-data Version0.7.3 SwPlatformnode.js

Neilcochran ≫ Squawk/procedure-data Version0.7.4 SwPlatformnode.js

Neilcochran ≫ Squawk/procedure-data Version0.7.6 SwPlatformnode.js

Neilcochran ≫ Squawk/procedures Version0.5.2 SwPlatformnode.js

Neilcochran ≫ Squawk/procedures Version0.5.3 SwPlatformnode.js

Neilcochran ≫ Squawk/procedures Version0.5.5 SwPlatformnode.js

Neilcochran ≫ Squawk/types Version0.8.1 SwPlatformnode.js

Neilcochran ≫ Squawk/types Version0.8.2 SwPlatformnode.js

Neilcochran ≫ Squawk/types Version0.8.4 SwPlatformnode.js

Neilcochran ≫ Squawk/units Version0.4.3 SwPlatformnode.js

Neilcochran ≫ Squawk/units Version0.4.4 SwPlatformnode.js

Neilcochran ≫ Squawk/units Version0.4.6 SwPlatformnode.js

Neilcochran ≫ Squawk/weather Version0.5.6 SwPlatformnode.js

Neilcochran ≫ Squawk/weather Version0.5.7 SwPlatformnode.js

Neilcochran ≫ Squawk/weather Version0.5.9 SwPlatformnode.js

Neilcochran ≫ Ts-dna Version3.0.1 SwPlatformnode.js

Neilcochran ≫ Ts-dna Version3.0.2 SwPlatformnode.js

Neilcochran ≫ Ts-dna Version3.0.4 SwPlatformnode.js

Neilcochran ≫ Wot-api Version0.8.1 SwPlatformnode.js

Neilcochran ≫ Wot-api Version0.8.2 SwPlatformnode.js

Neilcochran ≫ Wot-api Version0.8.4 SwPlatformnode.js

Agentworkhq ≫ Agentwork-cli Version0.1.4 SwPlatformnode.js

Agentworkhq ≫ Agentwork-cli Version0.1.5 SwPlatformnode.js

Dirigible ≫ Dirigible-ai/sdk Version0.6.2 SwPlatformnode.js

Dirigible ≫ Dirigible-ai/sdk Version0.6.3 SwPlatformnode.js

Guardrailsai ≫ Guardrails Ai Version0.10.1 SwPlatformpython

Linuxfoundation ≫ Opensearch Version3.6.2 SwPlatformnode.js

Mesa ≫ Mesadev/rest Version0.28.3 SwPlatformnode.js

Mesa ≫ Mesadev/saguaro Version0.4.22 SwPlatformnode.js

Mesa ≫ Mesadev/sdk Version0.28.3 SwPlatformnode.js

Uipath ≫ Uipath/access-policy-sdk Version0.3.1 SwPlatformnode.js

Uipath ≫ Uipath/access-policy-tool Version0.3.1 SwPlatformnode.js

Uipath ≫ Uipath/admin-tool Version0.1.1 SwPlatformnode.js

Uipath ≫ Uipath/agent-sdk Version1.0.2 SwPlatformnode.js

Uipath ≫ Uipath/agent-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/agent.Sdk Version0.0.18 SwPlatformnode.js

Uipath ≫ Uipath/aops-policy-tool Version0.3.1 SwPlatformnode.js

Uipath ≫ Uipath/ap-chat Version1.5.7 SwPlatformnode.js

Uipath ≫ Uipath/api-workflow-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/apollo-core Version5.9.2 SwPlatformnode.js

Uipath ≫ Uipath/apollo-react Version4.24.5 SwPlatformnode.js

Uipath ≫ Uipath/apollo-wind Version2.16.2 SwPlatformnode.js

Uipath ≫ Uipath/auth Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/case-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/cli Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/codedagent-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/codedagents-tool Version0.1.12 SwPlatformnode.js

Uipath ≫ Uipath/codedapp-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/common Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/context-grounding-tool Version0.1.1 SwPlatformnode.js

Uipath ≫ Uipath/data-fabric-tool Version1.0.2 SwPlatformnode.js

Uipath ≫ Uipath/docsai-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/filesystem Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/flow-tool Version1.0.2 SwPlatformnode.js

Uipath ≫ Uipath/functions-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/gov-tool Version0.3.1 SwPlatformnode.js

Uipath ≫ Uipath/identity-tool Version0.1.1 SwPlatformnode.js

Uipath ≫ Uipath/insights-sdk Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/insights-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/integrationservice-sdk Version1.0.2 SwPlatformnode.js

Uipath ≫ Uipath/integrationservice-tool Version1.0.2 SwPlatformnode.js

Uipath ≫ Uipath/llmgw-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/maestro-sdk Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/maestro-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/orchestrator-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/packager-tool-apiworkflow Version0.0.19 SwPlatformnode.js

Uipath ≫ Uipath/packager-tool-bpmn Version0.0.9 SwPlatformnode.js

Uipath ≫ Uipath/packager-tool-case Version0.0.9 SwPlatformnode.js

Uipath ≫ Uipath/packager-tool-connector Version0.0.19 SwPlatformnode.js

Uipath ≫ Uipath/packager-tool-flow Version0.0.19 SwPlatformnode.js

Uipath ≫ Uipath/packager-tool-functions Version0.1.1 SwPlatformnode.js

Uipath ≫ Uipath/packager-tool-webapp Version1.0.6 SwPlatformnode.js

Uipath ≫ Uipath/packager-tool-workflowcompiler Version0.0.16 SwPlatformnode.js

Uipath ≫ Uipath/packager-tool-workflowcompiler-browser Version0.0.34 SwPlatformnode.js

Uipath ≫ Uipath/platform-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/project-packager Version1.1.16 SwPlatformnode.js

Uipath ≫ Uipath/resource-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/resourcecatalog-tool Version0.1.1 SwPlatformnode.js

Uipath ≫ Uipath/resources-tool Version0.1.11 SwPlatformnode.js

Uipath ≫ Uipath/robot Version1.3.4 SwPlatformnode.js

Uipath ≫ Uipath/rpa-legacy-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/rpa-tool Version0.9.5 SwPlatformnode.js

Uipath ≫ Uipath/solution-packager Version0.0.35 SwPlatformnode.js

Uipath ≫ Uipath/solution-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/solutionpackager-sdk Version1.0.11 SwPlatformnode.js

Uipath ≫ Uipath/solutionpackager-tool-core Version0.0.34 SwPlatformnode.js

Uipath ≫ Uipath/tasks-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/telemetry Version0.0.7 SwPlatformnode.js

Uipath ≫ Uipath/test-manager-tool Version1.0.2 SwPlatformnode.js

Uipath ≫ Uipath/tool-workflowcompiler Version0.0.12 SwPlatformnode.js

Uipath ≫ Uipath/traces-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/ui-widgets-multi-file-upload Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/uipath-python-bridge Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/vertical-solutions-tool Version1.0.1 SwPlatformnode.js

Uipath ≫ Uipath/vss Version0.1.6 SwPlatformnode.js

Uipath ≫ Uipath/widget.Sdk Version1.2.3 SwPlatformnode.js

27.05.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

TanStack Unspecified Vulnerability

Schwachstelle

TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.34%	0.814

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	9.6	2.8	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-506 Embedded Malicious Code

The product contains code that appears to be malicious in nature.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

05.06.2026 12:46

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

12.05.2026 11:04

https://github.com/TanStack/router/issues/7383

Issue Tracking

https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx

Vendor Advisory

Mitigation

https://tanstack.com/blog/npm-supply-chain-compromise-postmortem

Vendor Advisory

Exploit

https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem

Third Party Advisory

Exploit

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45321

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2026-45321

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-45321

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-45321

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-45321

27.05.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog