11 matches found
CVE-2025-10894
Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...
CVE-2025-10894
Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...
@anarchitects/nx-js (>=0.0.1 <=0.0.3), @asd14/eslint-config (>=11.0.0 <=14.4.0) +76 more potentially affected by CVE-2025-10894 via nx (>=21.5.1-beta.3 <=21.7.0-canary.20250930-e144408)
nx NPM version =21.5.1-beta.3, =0.0.1, =11.0.0, =0.52.0, =2.23.0, =1.4.0, =3.1.1, =1.0.0, =6.10.0, =0.1.0-next.717, =9.0.0, =1.0.0, =0.0.1-alpha.7, =2.1.0 and more Source cves: CVE-2025-10894 Source advisory: OSV:MAL-2025-41443...
@10xsai/cloudflare-router-nx-plugin (=1.0.0), @akanjs/test (>=0.0.47 <=0.0.73) +115 more potentially affected by CVE-2025-10894 via @nx/workspace (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)
@nx/workspace NPM version =20.0.0-beta.0, =0.0.47, =0.0.2, =0.0.0, =1.0.0, =1.0.0, =0.5.0, =1.8.2, =3.1.0, =0.0.1, =0.0.4 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXWORKSPACE-12205641...
@aws/nx-plugin (>=0.21.0 <=0.51.4), @caliobase/caliobase-nx (>=0.3.53 <=0.3.61) +49 more potentially affected by CVE-2025-10894 via @nx/workspace (>=21.0.0-beta.0 <=21.5.0-canary.20250904-2c678a1)
@nx/workspace NPM version =21.0.0-beta.0, =0.21.0, =0.3.53, =1.1.1, =2.1.1, =2.1.1, =2.1.1, =2.1.1, =0.0.1, =0.0.3, =0.0.1, =0.0.3, =0.0.3, =0.3.3 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXWORKSPACE-12205641...
@apj-pace/pace-nx-plugin (>=0.0.2 <=0.0.5), @aws/nx-plugin (>=0.0.0 <=0.1.5) +59 more potentially affected by CVE-2025-10894 via nx (>=20.0.0-beta.0 <=20.0.9)
nx NPM version =20.0.0-beta.0, =0.0.2, =0.0.0, =0.5.0, =0.0.1, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-canary.20240926-529ab94 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NX-12205542...
@abelfubu/schematics (=0.1.1), @anarchitects/nx-js (>=0.0.1 <=0.0.3) +118 more potentially affected by CVE-2025-10894 via nx (>=21.0.0-beta.0 <=21.7.0-canary.20250930-e144408)
nx NPM version =21.0.0-beta.0, =0.0.1, =11.0.0, =0.21.0, =0.0.1, =2.23.0, =0.3.53, =0.0.5, =0.0.4, =1.3.0, =0.0.1, =0.0.1-alpha.4 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NX-12205542...
@10xsai/cloudflare-router-nx-plugin (=1.0.0), @akanjs/cli (>=0.0.38 <=0.0.73) +452 more potentially affected by CVE-2025-10894 via @nx/devkit (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)
@nx/devkit NPM version =20.0.0-beta.0, =0.0.38, =0.0.38, =0.0.47, =0.0.1, =0.1.0, =8.1.1, =0.0.2, =0.0.1, =0.0.0, =1.0.0, =0.0.12-beta.1, =0.0.1, =0.0.3 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXDEVKIT-12205635...
@naxodev/nx-cloudflare (>=4.0.0 <=4.0.2), @nestjs-mod/schematics (>=2.12.0 <=2.13.2) +9 more potentially affected by CVE-2025-10894 via @nx/node (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)
@nx/node NPM version =20.0.0-beta.0, =4.0.0, =2.12.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0-beta.0, =20.0.0, =20.0.0, =0.2.0, =20.0.0, =20.2.1-dev.3 - @terrxo/nx-cloudflare =4.0.1 - @ziacik/azure-func =4.0.0 Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXNODE-12205640...
@aws/nx-plugin (>=0.21.0 <=0.51.4), @caliobase/caliobase-nx (>=0.3.53 <=0.3.61) +47 more potentially affected by CVE-2025-10894 via @nx/js (>=21.0.0-beta.0 <=21.5.0-canary.20250904-2c678a1)
@nx/js NPM version =21.0.0-beta.0, =0.21.0, =0.3.53, =1.1.1, =2.1.1, =2.1.1, =2.1.1, =2.1.1, =0.0.1, =0.0.3, =0.0.1, =0.0.3, =0.0.3, =0.3.3 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXJS-12205638...
@abelfubu/schematics (>=0.0.3 <=0.1.1), @alfresco/aca-generators (>=1.0.2 <=1.0.4) +115 more potentially affected by CVE-2025-10894 via @nx/devkit (>=21.0.0-beta.0 <=21.5.0-canary.20250904-2c678a1)
@nx/devkit NPM version =21.0.0-beta.0, =0.0.3, =1.0.2, =1.0.0, =1.0.2, =0.0.11, =0.21.0, =0.0.1, =0.3.53, =0.0.5, =0.0.4, =9.0.2, =9.1.0 - @eumentis/nx-plugin =1.3.0 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXDEVKIT-12205635...