Malicious code in @antv/g6-cli (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Fedora 44 : rust-oo7-cli (2026-8e53f4aa95)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-8e53f4aa95 advisory. Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: - CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 -...

MAL-2026-4011 Malicious code in @antv/gi-cli (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@bassist/eslint-config (>=0.3.0 <=0.5.0), @bassist/oxc-integration (>=0.1.0 <=0.2.0) +10 more potentially affected by unknown CVE via @lint-md/parser (>=0.0.11 <=0.0.9)

@lint-md/parser NPM version =0.0.11, =0.3.0, =0.1.0, =2.0.0, =2.0.0, =2.1.4, =2.1.4, =4.1.0, =1.1.0, =1.19.7, =1.1.0, =1.0.0, =1.3.4, =1.3.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4125...

@lingxiteam/cli (=0.3.0), babel-preset-jaid (>=1.0.0 <=2.9.0) +1 more potentially affected by unknown CVE via babel-plugin-version (=0.2.3)

babel-plugin-version NPM version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on babel-plugin-version and may be impacted: - @lingxiteam/cli =0.3.0 - babel-preset-jaid =1.0.0, =2.0.0, =2.9.0 Source cves: unknown CVE Source advisory:...

MAL-2026-3984 Malicious code in @antv/g6-cli (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/gi-cli (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-4145 Malicious code in lint-md-cli (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

CVE-2026-42290

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

CLEANSTART-2026-BN65572 Security fixes for CVE-2025-61725 applied in versions: 1.2.0-r0

Security vulnerability affects the vt-cli package. This issue is resolved in later releases. See references for vulnerability details...

[SECURITY] Fedora 42 Update: uv-0.11.11-1.fc42

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

Fedora 45 : helix / rust-asyncgit / rust-cargo / rust-cargo-deny / rust-dua-cli / etc (2026-a843eb2666)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-a843eb2666 advisory. Update gix to version 0.83 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

SUSE CVE-2026-35254

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...

@better-auth/cli (>=1.5.0-beta.10 <=1.5.0-beta.13), @onmax/nuxt-better-auth (>=0.0.2-alpha.14 <=0.0.2-alpha.31) +2 more potentially affected by CVE-2026-45364 via better-auth (>=1.5.0-beta.10 <=1.5.0-beta.20)

better-auth NPM version =1.5.0-beta.10, =1.5.0-beta.10, =0.0.2-alpha.14, =1.5.0-beta.15, =0.0.2-beta.19, =0.0.10-beta.25 Source cves: CVE-2026-45364 Source advisory: OSV:GHSA-P6V2-XCPG-H6XW...

DEBIAN-CVE-2026-45803

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

CVE-2026-45803

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

UBUNTU-CVE-2026-45803

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...