Duplicate Advisory: Malicious versions of Nx were published

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cxm3-wv7p-598c. This link is maintained to preserve external references. Original Description Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was...

CVE-2025-10894

Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...

CVE-2025-10894 Nx: nx/devkit: malicious versions of nx and plugins published to npm

Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...

Malicious code in nx (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 94e241aa8202f641d66991ca134d9c18bf1fecbf8e89c2f2052aa2a7a41e5148 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...

s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know

Detect and mitigate a critical supply chain compromise affecting the Nx NPM Package. Organizations should act urgently...

Embeded Malicious Code

Overview nx is a The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named telemetry.js. A...

Mageia: Security Advisory (MGASA-2018-0200)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 8 : nx-3.1.0-25.1.fc8 (2008-2258)

Wed Jan 2 2008 Axel Thimm - 3.1.0-25 - Update to 3.1.0. - add nxcompshad, nxauth; remove nxviewer, nxdesktop. - add -fPIC for ppc64. - Propagate %optflags for x8664, too. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...