7 matches found
MAL-2026-5135 Malicious code in @redhat-cloud-services/frontend-components-advisor-components (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...
GHSA-5W89-2C2X-6X66 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-health-monitor, newrelic-infrastructure-agent, slsa-verifier, kube-fluentd-operator, azure-workload-identity-webhook, lazygit, syft, terraform-provider-kubernetes, capslock, karpenter, mockgen, go-md2man, knative-client, gh,...
CVE-2021-3864 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-qemu, linux-vmware...
GHSA-9682-F2FR-3H46 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-qemu, linux-vmware...
GHSA-R4VM-3MC7-PRGX vulnerabilities
Vulnerabilities for packages: linux-aws, linux-gcp, linux-azure...
CVE-2025-22872 vulnerabilities
Vulnerabilities for packages: consul, spiffe-helper-fips, crossplane-provider-azure, aactl, kubernetes-csi-livenessprobe-fips, envoy-gateway, falcosidekick-fips, local-static-provisioner-fips, terraform-provider-pagerduty-fips, spegel, hubble-ui-backend-fips, telegraf, datadog-agent,...