org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (=19.2.8) +2 more potentially affected by CVE-2026-33672 via org.webjars.npm:picomatch (=4.0.2)

org.webjars.npm:picomatch MAVEN version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:picomatch and may be impacted: - org.webjars.npm:angular-devkitarchitect =0.1902.8 - org.webjars.npm:angular-devkitcore =19.2.8 -...

4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +72 more potentially affected by CVE-2026-33671 via picomatch (=3.0.1)

picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...

org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (=19.2.8) +2 more potentially affected by CVE-2026-33671 via org.webjars.npm:picomatch (=4.0.2)

org.webjars.npm:picomatch MAVEN version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:picomatch and may be impacted: - org.webjars.npm:angular-devkitarchitect =0.1902.8 - org.webjars.npm:angular-devkitcore =19.2.8 -...

@eui/deps-base (>=19.0.0-next.1 <=19.3.14-snapshot-1775028727408), @eui/deps-base-light (>=19.0.0-next.1 <=19.3.14-snapshot-1775028727408) +4 more potentially affected by CVE-2026-27739 via @angular-devkit/build-angular (>=19.0.0-next.10 <=19.2.19)

@angular-devkit/build-angular NPM version =19.0.0-next.10, =19.0.0-next.1, =19.0.0-next.1, =19.0.0, =19.0.1 - @ws-test-realm/admin-kit =0.5.0-ng19 - @ws-test-realm/devkit =0.7.0-ng19 - ng-deploy-oss =19.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARDEVKITBUILDANGULAR-15357315...

@eui/deps-base (>=21.0.0-alpha.10 <=23.0.0-alpha.1), @eui/deps-base-light (>=21.0.0-alpha.10 <=23.0.0-alpha.1) +1 more potentially affected by CVE-2026-27739 via @angular-devkit/build-angular (>=21.0.0-next.1 <=21.1.0)

@angular-devkit/build-angular NPM version =21.0.0-next.1, =21.0.0-alpha.10, =21.0.0-alpha.10, =23.0.0-alpha.1 - ng-deploy-oss =21.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARDEVKITBUILDANGULAR-15357315...

@eui/deps-base-light-next (>=19.2.2 <=21.0.0-alpha.32), @eui/deps-base-next (>=19.2.2 <=21.0.0-alpha.32) +1 more potentially affected by CVE-2026-27739 via @angular-devkit/build-angular (>=20.0.0-rc.0 <=20.1.0)

@angular-devkit/build-angular NPM version =20.0.0-rc.0, =19.2.2, =19.2.2, =21.0.0-alpha.32 - ng-deploy-oss =20.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARDEVKITBUILDANGULAR-15357315...

org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (>=15.2.0-next.3 <=19.2.8) +2 more potentially affected by CVE-2025-69873 via org.webjars.npm:ajv (>=8.12.0 <=8.17.1)

org.webjars.npm:ajv MAVEN version =8.12.0, =15.2.0-next.3, =15.2.0-next.3, =15.2.0-next.3, =19.2.8 Source cves: CVE-2025-69873 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15274296...

MAL-2025-49197 Malicious code in epic-tools-devkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62dc9a7298e774713ed543ce37d55dbfbbd742daf3bbba377b9c9de861b3a4e4 The package epic-tools-devkit was found to contain malicious code...

Malicious code in epic-tools-devkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62dc9a7298e774713ed543ce37d55dbfbbd742daf3bbba377b9c9de861b3a4e4 The package epic-tools-devkit was found to contain malicious code...

EUVD-2025-37096

Malicious code in epic-tools-devkit npm...

@angular-devkit/build-angular (>=20.2.0-next.3 <=21.0.0-next.8), @angular/build (>=20.2.0-next.3 <=21.0.0-next.8) +9 more potentially affected by CVE-2025-62522 via vite (>=7.1.0 <=7.1.10)

vite NPM version =7.1.0, =20.2.0-next.3, =20.2.0-next.3, =0.0.0, =2.20.3, =2.20.3, =0.0.12, =2.2.17, =2.2.17, =1.0.0, =2.20.3, =0.25.0-alpha.0, =0.25.0-alpha.1 Source cves: CVE-2025-62522 Source advisory: SNYK:JS-VITE-13644406...

CVE-2025-10894 Nx: nx/devkit: malicious versions of nx and plugins published to npm

Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...

CVE-2025-10894

CVE-2025-10894 describes malicious versions of the Nx build system and related plugins published on the npm registry via a supply-chain attack. Affected packages contain code that scans the filesystem, collects credentials, and posts them to GitHub under the user’s account. The CVSSv3.1 base scor...

@angular-devkit/build-angular (>=20.1.0 <=20.2.0-next.2), @angular/build (>=20.1.0 <=20.2.0-next.2) +59 more potentially affected by CVE-2025-58751 via vite (>=7.0.0 <=7.0.6)

vite NPM version =7.0.0, =20.1.0, =20.1.0, =0.0.4, =0.2.9, =1.190.0, =0.1.0, =19.3.2, =19.3.2, =0.0.1750946288791, =0.0.2, =0.0.7, =0.4.1 and more Source cves: CVE-2025-58751 Source advisory: OSV:GHSA-G4JQ-H2W9-997C...

MAL-2025-41436 Malicious code in @nx/devkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 82ff2a985875be92c4e6805f2f65ae5435da3dcda53d0caebed254db81dd0b62 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...

Malicious code in @nx/devkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 82ff2a985875be92c4e6805f2f65ae5435da3dcda53d0caebed254db81dd0b62 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...

@abelfubu/schematics (>=0.0.3 <=0.1.1), @alfresco/aca-generators (>=1.0.0 <=1.0.4) +137 more potentially affected by CVE-2025-10894 via @nx/devkit (>=21.0.0-beta.0 <=21.5.0-canary.20250904-2c678a1)

@nx/devkit NPM version =21.0.0-beta.0, =0.0.3, =1.0.0, =1.0.0, =1.0.0, =0.0.11, =0.21.0, =0.0.1, =0.3.53, =0.0.5, =0.0.4, =9.0.2, =9.1.0 - @eumentis/nx-plugin =1.3.0 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXDEVKIT-12205635...

Embeded Malicious Code

Overview @nx/devkit is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. This package contains a set of utilities for creating Nx plugins. Affected versions of this package are vulnerable to Embeded Malicious Code throug...

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @akanjs/cli (>=0.0.38 <=0.0.73) +511 more potentially affected by CVE-2025-10894 via @nx/devkit (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)

@nx/devkit NPM version =20.0.0-beta.0, =0.0.38, =0.0.4, =0.0.38, =0.0.47, =0.0.1, =0.0.1, =0.1.0, =8.1.1, =0.0.2, =0.0.4, =0.0.9, =0.0.1, =0.0.2 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXDEVKIT-12205635...

MAL-2025-6901 Malicious code in @angular_devkit/build_angular (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...