10 matches found
CVE-2025-10894 Nx: nx/devkit: malicious versions of nx and plugins published to npm
Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...
CVE-2025-10894
CVE-2025-10894 describes malicious versions of the Nx build system and related plugins published on the npm registry via a supply-chain attack. Affected packages contain code that scans the filesystem, collects credentials, and posts them to GitHub under the user’s account. The CVSSv3.1 base scor...
@10xsai/cloudflare-router-nx-plugin (=1.0.0), @akanjs/cli (>=0.0.38 <=0.0.73) +509 more potentially affected by CVE-2025-10894 via @nx/devkit (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)
@nx/devkit NPM version =20.0.0-beta.0, =0.0.38, =0.0.4, =0.0.38, =0.0.47, =0.0.1, =0.0.1, =0.1.0, =8.1.1, =0.0.2, =0.0.4, =0.0.9, =0.0.1, =0.0.2 and more Source cves: CVE-2025-10894 Source advisory: OSV:MAL-2025-41436...
MAL-2025-41436 Malicious code in @nx/devkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 82ff2a985875be92c4e6805f2f65ae5435da3dcda53d0caebed254db81dd0b62 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...
@abelfubu/schematics (>=0.0.3 <=0.1.1), @alfresco/aca-generators (>=1.0.0 <=1.0.4) +137 more potentially affected by CVE-2025-10894 via @nx/devkit (>=21.0.0-beta.0 <=21.5.0-canary.20250904-2c678a1)
@nx/devkit NPM version =21.0.0-beta.0, =0.0.3, =1.0.0, =1.0.0, =1.0.0, =0.0.11, =0.21.0, =0.0.1, =0.3.53, =0.0.5, =0.0.4, =9.0.2, =9.1.0 - @eumentis/nx-plugin =1.3.0 and more Source cves: CVE-2025-10894 Source advisory: OSV:MAL-2025-41436...
Malicious code in @nx/devkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 82ff2a985875be92c4e6805f2f65ae5435da3dcda53d0caebed254db81dd0b62 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...
@abelfubu/schematics (>=0.0.3 <=0.1.1), @alfresco/aca-generators (>=1.0.0 <=1.0.4) +137 more potentially affected by CVE-2025-10894 via @nx/devkit (>=21.0.0-beta.0 <=21.5.0-canary.20250904-2c678a1)
@nx/devkit NPM version =21.0.0-beta.0, =0.0.3, =1.0.0, =1.0.0, =1.0.0, =0.0.11, =0.21.0, =0.0.1, =0.3.53, =0.0.5, =0.0.4, =9.0.2, =9.1.0 - @eumentis/nx-plugin =1.3.0 and more Source cves: CVE-2025-10894 Source advisory: OSV:GHSA-CXM3-WV7P-598C...
@10xsai/cloudflare-router-nx-plugin (=1.0.0), @akanjs/cli (>=0.0.38 <=0.0.73) +509 more potentially affected by CVE-2025-10894 via @nx/devkit (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)
@nx/devkit NPM version =20.0.0-beta.0, =0.0.38, =0.0.4, =0.0.38, =0.0.47, =0.0.1, =0.0.1, =0.1.0, =8.1.1, =0.0.2, =0.0.4, =0.0.9, =0.0.1, =0.0.2 and more Source cves: CVE-2025-10894 Source advisory: OSV:GHSA-CXM3-WV7P-598C...
Embeded Malicious Code
Overview @nx/devkit is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. This package contains a set of utilities for creating Nx plugins. Affected versions of this package are vulnerable to Embeded Malicious Code throug...
@abelfubu/schematics (>=0.0.3 <=0.1.1), @alfresco/aca-generators (>=1.0.0 <=1.0.4) +137 more potentially affected by CVE-2025-10894 via @nx/devkit (>=21.0.0-beta.0 <=21.5.0-canary.20250904-2c678a1)
@nx/devkit NPM version =21.0.0-beta.0, =0.0.3, =1.0.0, =1.0.0, =1.0.0, =0.0.11, =0.21.0, =0.0.1, =0.3.53, =0.0.5, =0.0.4, =9.0.2, =9.1.0 - @eumentis/nx-plugin =1.3.0 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXDEVKIT-12205635...