製品・ソフトウェアに関する情報

JVN脆弱性詳細

TanStackの@tanstack/arktype-adapter等の複数製品における埋め込まれた悪意のあるコードに関する脆弱性

タイトル	TanStackの@tanstack/arktype-adapter等の複数製品における埋め込まれた悪意のあるコードに関する脆弱性
概要	2026年5月11日、約19時20分から19時26分（UTC）の間に、42の@tanstack/*パッケージにわたって合計84の悪意あるバージョンがnpmレジストリに公開されました。公開は正当なGitHub ActionsのOIDC信頼済みパブリッシャーバインディングを通じてTanStack/router向けに認証されましたが、公開ワークフロー自体は変更されていませんでした。攻撃者は3つの既知の脆弱性クラス（pull_request_targetの「Pwn Request」誤設定、フォークとベースの信頼境界を跨ぐGitHub Actionsキャッシュ汚染、およびActionsランナープロセスからのOIDCトークンの実行時メモリ抽出）を連鎖的に悪用して、信頼されたIDの下で認証情報を盗むマルウェアを公開しました。影響を受けた各パッケージにはちょうど2つの悪意あるバージョンが数分おきに公開されました。
想定される影響	当該ソフトウェアが扱う全ての情報が外部に漏れる可能性があります。また、当該ソフトウェアが扱う全ての情報が書き換えられる可能性があります。さらに、当該ソフトウェアが完全に停止する可能性があります。そして、この脆弱性を悪用した攻撃により、他のソフトウェアにも影響が及ぶ可能性があります。
対策	正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2026年5月12日0:00
登録日	2026年5月18日12:06
最終更新日	2026年5月18日12:06

CVSS3.0 : 緊急
スコア	9.6
ベクター	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

影響を受けるシステム

TanStack

@tanstack/arktype-adapter 1.166.12

@tanstack/arktype-adapter 1.166.15

@tanstack/eslint-plugin-router 1.161.12

@tanstack/eslint-plugin-router 1.161.9

@tanstack/eslint-plugin-start 0.0.4

@tanstack/eslint-plugin-start 0.0.7

@tanstack/history 1.161.12

@tanstack/history 1.161.9

@tanstack/nitro-v2-vite-plugin 1.154.12

@tanstack/nitro-v2-vite-plugin 1.154.15

@tanstack/react-router 1.169.5

@tanstack/react-router 1.169.8

@tanstack/react-router-devtools 1.166.16

@tanstack/react-router-devtools 1.166.19

@tanstack/react-router-ssr-query 1.166.15

@tanstack/react-router-ssr-query 1.166.18

@tanstack/react-start 1.167.68

@tanstack/react-start 1.167.71

@tanstack/react-start-client 1.166.51

@tanstack/react-start-client 1.166.54

@tanstack/react-start-rsc 0.0.47

@tanstack/react-start-rsc 0.0.50

@tanstack/react-start-server 1.166.55

@tanstack/react-start-server 1.166.58

@tanstack/router-cli 1.166.46

@tanstack/router-cli 1.166.49

@tanstack/router-core 1.169.5

@tanstack/router-core 1.169.8

@tanstack/router-devtools 1.166.16

@tanstack/router-devtools 1.166.19

@tanstack/router-devtools-core 1.167.6

@tanstack/router-devtools-core 1.167.9

@tanstack/router-generator 1.166.45

@tanstack/router-generator 1.166.48

@tanstack/router-plugin 1.167.38

@tanstack/router-plugin 1.167.41

@tanstack/router-ssr-query-core 1.168.3

@tanstack/router-ssr-query-core 1.168.6

@tanstack/router-utils 1.161.11

@tanstack/router-utils 1.161.14

@tanstack/router-vite-plugin 1.166.53

@tanstack/router-vite-plugin 1.166.56

@tanstack/solid-router 1.169.5

@tanstack/solid-router 1.169.8

@tanstack/solid-router-devtools 1.166.16

@tanstack/solid-router-devtools 1.166.19

@tanstack/solid-router-ssr-query 1.166.15

@tanstack/solid-router-ssr-query 1.166.18

@tanstack/solid-start 1.167.65

@tanstack/solid-start 1.167.68

@tanstack/solid-start-client 1.166.50

@tanstack/solid-start-client 1.166.53

@tanstack/solid-start-server 1.166.54

@tanstack/solid-start-server 1.166.57

@tanstack/start-client-core 1.168.5

@tanstack/start-client-core 1.168.8

@tanstack/start-fn-stubs 1.161.12

@tanstack/start-fn-stubs 1.161.9

@tanstack/start-plugin-core 1.169.23

@tanstack/start-plugin-core 1.169.26

@tanstack/start-server-core 1.167.33

@tanstack/start-server-core 1.167.36

@tanstack/start-static-server-functions 1.166.44

@tanstack/start-static-server-functions 1.166.47

@tanstack/start-storage-context 1.166.38

@tanstack/start-storage-context 1.166.41

@tanstack/valibot-adapter 1.166.12

@tanstack/valibot-adapter 1.166.15

@tanstack/virtual-file-routes 1.161.10

@tanstack/virtual-file-routes 1.161.13

@tanstack/vue-router 1.169.5

@tanstack/vue-router 1.169.8

@tanstack/vue-router-devtools 1.166.16

@tanstack/vue-router-devtools 1.166.19

@tanstack/vue-router-ssr-query 1.166.15

@tanstack/vue-router-ssr-query 1.166.18

@tanstack/vue-start 1.167.61

@tanstack/vue-start 1.167.64

@tanstack/vue-start-client 1.166.46

@tanstack/vue-start-client 1.166.49

@tanstack/vue-start-server 1.166.50

@tanstack/vue-start-server 1.166.53

@tanstack/zod-adapter 1.166.12

@tanstack/zod-adapter 1.166.15

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2026-45321	https://www.cve.org/CVERecord?id=CVE-2026-45321
National Vulnerability Database (NVD)
2	CVE-2026-45321	https://nvd.nist.gov/vuln/detail/CVE-2026-45321

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-506	https://cwe.mitre.org/data/definitions/506.html

ベンダー情報

No	名前	URL
GitHub
1	Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys Advisory TanStack/router GitHub	https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx
StepSecurity
2	TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages - StepSecurity	https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem
TanStack
3	Postmortem: TanStack npm supply-chain compromise \| TanStack Blog	https://tanstack.com/blog/npm-supply-chain-compromise-postmortem

その他

No	名前	URL
関連文書
1	Several npm latest releases were compromised Issue #7383 TanStack/router	https://github.com/TanStack/router/issues/7383

変更履歴

No	変更内容	変更日
1	[2026年05月18日] 掲載	2026年5月18日12:06

NVD脆弱性情報

CVE-2026-45321

概要	On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
公表日	2026年5月12日10:16
登録日	2026年5月13日4:11
最終更新日	2026年5月15日2:05

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:tanstack:tanstack\/arktype-adapter:1.166.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/arktype-adapter:1.166.15:::::node.js::
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-router:1.161.9:::::node.js::
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-router:1.161.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-start:0.0.4:::::node.js::
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-start:0.0.7:::::node.js::
cpe:2.3:a:tanstack:tanstack\/history:1.161.9:::::node.js::
cpe:2.3:a:tanstack:tanstack\/history:1.161.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/nitro-v2-vite-plugin:1.154.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/nitro-v2-vite-plugin:1.154.15:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-router:1.169.5:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-router:1.169.8:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-router-devtools:1.166.16:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-router-devtools:1.166.19:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-router-ssr-query:1.166.15:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-router-ssr-query:1.166.18:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start:1.167.68:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start:1.167.71:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start-client:1.166.51:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start-client:1.166.54:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start-rsc:0.0.47:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start-rsc:0.0.50:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start-server:1.166.55:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start-server:1.166.58:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-cli:1.166.46:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-cli:1.166.49:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-core:1.169.5:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-core:1.169.8:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-devtools:1.166.16:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-devtools:1.166.19:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-devtools-core:1.167.6:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-devtools-core:1.167.9:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-generator:1.166.45:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-generator:1.166.48:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-plugin:1.167.38:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-plugin:1.167.41:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-ssr-query-core:1.168.3:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-ssr-query-core:1.168.6:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-utils:1.161.11:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-utils:1.161.14:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-vite-plugin:1.166.53:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-vite-plugin:1.166.56:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-router:1.169.5:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-router:1.169.8:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-router-devtools:1.166.16:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-router-devtools:1.166.19:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-router-ssr-query:1.166.15:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-router-ssr-query:1.166.18:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-start:1.167.65:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-start:1.167.68:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-start-client:1.166.50:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-start-client:1.166.53:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-start-server:1.166.54:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-start-server:1.166.57:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-client-core:1.168.5:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-client-core:1.168.8:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-fn-stubs:1.161.9:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-fn-stubs:1.161.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-plugin-core:1.169.23:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-plugin-core:1.169.26:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-server-core:1.167.33:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-server-core:1.167.36:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-static-server-functions:1.166.44:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-static-server-functions:1.166.47:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-storage-context:1.166.38:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-storage-context:1.166.41:::::node.js::
cpe:2.3:a:tanstack:tanstack\/valibot-adapter:1.166.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/valibot-adapter:1.166.15:::::node.js::
cpe:2.3:a:tanstack:tanstack\/virtual-file-routes:1.161.10:::::node.js::
cpe:2.3:a:tanstack:tanstack\/virtual-file-routes:1.161.13:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-router:1.169.5:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-router:1.169.8:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-router-devtools:1.166.16:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-router-devtools:1.166.19:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-router-ssr-query:1.166.15:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-router-ssr-query:1.166.18:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-start:1.167.61:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-start:1.167.64:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-start-client:1.166.46:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-start-client:1.166.49:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-start-server:1.166.50:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-start-server:1.166.53:::::node.js::
cpe:2.3:a:tanstack:tanstack\/zod-adapter:1.166.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/zod-adapter:1.166.15:::::node.js::

構成1	以上	以下	より上	未満
cpe:2.3:a:tanstack:tanstack\/arktype-adapter:1.166.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/arktype-adapter:1.166.15:::::node.js::
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-router:1.161.9:::::node.js::
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-router:1.161.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-start:0.0.4:::::node.js::
cpe:2.3:a:tanstack:tanstack\/eslint-plugin-start:0.0.7:::::node.js::
cpe:2.3:a:tanstack:tanstack\/history:1.161.9:::::node.js::
cpe:2.3:a:tanstack:tanstack\/history:1.161.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/nitro-v2-vite-plugin:1.154.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/nitro-v2-vite-plugin:1.154.15:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-router:1.169.5:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-router:1.169.8:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-router-devtools:1.166.16:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-router-devtools:1.166.19:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-router-ssr-query:1.166.15:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-router-ssr-query:1.166.18:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start:1.167.68:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start:1.167.71:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start-client:1.166.51:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start-client:1.166.54:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start-rsc:0.0.47:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start-rsc:0.0.50:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start-server:1.166.55:::::node.js::
cpe:2.3:a:tanstack:tanstack\/react-start-server:1.166.58:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-cli:1.166.46:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-cli:1.166.49:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-core:1.169.5:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-core:1.169.8:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-devtools:1.166.16:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-devtools:1.166.19:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-devtools-core:1.167.6:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-devtools-core:1.167.9:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-generator:1.166.45:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-generator:1.166.48:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-plugin:1.167.38:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-plugin:1.167.41:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-ssr-query-core:1.168.3:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-ssr-query-core:1.168.6:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-utils:1.161.11:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-utils:1.161.14:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-vite-plugin:1.166.53:::::node.js::
cpe:2.3:a:tanstack:tanstack\/router-vite-plugin:1.166.56:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-router:1.169.5:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-router:1.169.8:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-router-devtools:1.166.16:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-router-devtools:1.166.19:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-router-ssr-query:1.166.15:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-router-ssr-query:1.166.18:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-start:1.167.65:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-start:1.167.68:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-start-client:1.166.50:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-start-client:1.166.53:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-start-server:1.166.54:::::node.js::
cpe:2.3:a:tanstack:tanstack\/solid-start-server:1.166.57:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-client-core:1.168.5:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-client-core:1.168.8:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-fn-stubs:1.161.9:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-fn-stubs:1.161.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-plugin-core:1.169.23:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-plugin-core:1.169.26:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-server-core:1.167.33:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-server-core:1.167.36:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-static-server-functions:1.166.44:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-static-server-functions:1.166.47:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-storage-context:1.166.38:::::node.js::
cpe:2.3:a:tanstack:tanstack\/start-storage-context:1.166.41:::::node.js::
cpe:2.3:a:tanstack:tanstack\/valibot-adapter:1.166.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/valibot-adapter:1.166.15:::::node.js::
cpe:2.3:a:tanstack:tanstack\/virtual-file-routes:1.161.10:::::node.js::
cpe:2.3:a:tanstack:tanstack\/virtual-file-routes:1.161.13:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-router:1.169.5:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-router:1.169.8:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-router-devtools:1.166.16:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-router-devtools:1.166.19:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-router-ssr-query:1.166.15:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-router-ssr-query:1.166.18:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-start:1.167.61:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-start:1.167.64:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-start-client:1.166.46:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-start-client:1.166.49:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-start-server:1.166.50:::::node.js::
cpe:2.3:a:tanstack:tanstack\/vue-start-server:1.166.53:::::node.js::
cpe:2.3:a:tanstack:tanstack\/zod-adapter:1.166.12:::::node.js::
cpe:2.3:a:tanstack:tanstack\/zod-adapter:1.166.15:::::node.js::

No	URL	refsource
1	https://github.com/TanStack/router/issues/7383	security-advisories@github.com
2	https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx	security-advisories@github.com
3	https://tanstack.com/blog/npm-supply-chain-compromise-postmortem	security-advisories@github.com
4	https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem	security-advisories@github.com