Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-g7cv-rxg3-hmpx
  • npm/@tanstack/arktype-adapter
  • npm/@tanstack/eslint-plugin-router
  • npm/@tanstack/eslint-plugin-start
  • npm/@tanstack/history
  • npm/@tanstack/nitro-v2-vite-plugin
  • ... 37 more
 Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys 12 May
  • Fix available
  • Severity - 9.6 (Critical)
MAL-2026-3501
  • npm/@tanstack/zod-adapter
 Malicious code in @tanstack/zod-adapter (npm) 11 May
  • No fix available
MAL-2026-1330
  • npm/import-zod
 Malicious code in import-zod (npm) 11 Mar
  • No fix available
MAL-2026-346
  • npm/zod-js
 Malicious code in zod-js (npm) 19 Jan
  • No fix available
GHSA-624g-8qjg-8qxf
  • npm/@conform-to/dom
  • npm/@conform-to/yup
  • npm/@conform-to/zod
 Conform contains a Prototype Pollution Vulnerability in `parseWith...` function 23 Apr 2024
  • Fix available
  • Severity - 8.6 (High)
GHSA-mvrp-3cvx-c325
  • npm/express-zod-api
 Zod denial of service vulnerability during email validation 04 Oct 2023
  • Fix available
  • Severity - 7.5 (High)
GHSA-m95q-7qp3-xv42
  • npm/zod
 Zod denial of service vulnerability 28 Sep 2023
  • Fix available
  • Severity - 5.3 (Medium)