2 matches found
Malicious code in @nx/enterprise-cloud (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a8a1b6e74c68b5c6901f2ea242469aa5a34ffec9ddc3fb92267b3d1627123267 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...
PT-2025-11694
Name of the Vulnerable Software and Affected Versions reviewdog/action-setup version 1 Description The GitHub Action reviewdog/action-setup was compromised between March 11, 2025, 18:42 and 20:31 UTC with malicious code. This code dumps exposed secrets to GitHub Actions Workflow Logs. Actions tha...