MAL-2026-4644 Malicious code in power-platform-playwright-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57967d58233d74f2fc4f9b0dee7c050370eb388050df8d63f29e719f83468d73 On npm install, the package's postinstall script postinstall.js collects host identifiers and CI context — whoami, os.hostname, os.platform, cwd, CI,...

CVE-2025-24363 The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...

PT-2025-5345 · Hl7 · Hl7 Fhir Ig Publisher

Name of the Vulnerable Software and Affected Versions: HL7 FHIR IG publisher versions prior to 1.8.9 Description: The HL7 FHIR IG publisher has an issue where it exposes usernames and credentials in the built Implementation Guide when using git commands to determine the URL of the originating rep...