Semantic release 安全漏洞

Semantic release is a Js-based versioning and package distribution tool from the Semantic Release team. A security vulnerability exists in Semantic release version 5.4.8, which stems from the fact that sending specially crafted HTTP requests to various API endpoints can bypass authentication...

EUVD-2025-199390

Malicious code in @voiceflow/semantic-release-config npm...

Malicious code in @voiceflow/semantic-release-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95a6c9bc458bfc9330434e338d86e85de8f5e6f5a2374749939e909a392268ad The package @voiceflow/semantic-release-config was found to contain malicious code. Source: ghsa-malware...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

EUVD-2025-175667

Malicious code in vulcan-semantic-release-pino-adonis npm...

EUVD-2025-180326

Malicious code in ariel-semantic-release-optimize-css-assets-webpack-plugin-prettier-plugin-markdown npm...

Malicious code in semantic-release-aether-buffer-concurrently (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ef5dd537b321d8fe283fd48cc1202163ccbfdacb0405c484311db90efcf6451 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in comet-norma-semantic-release-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32d7b6f4630255380dcea5a3bf2611344de910b5a96a201e142940f865f9cc09 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eslint-plugin-semantic-release-chalk-fusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7f76b381638ad18356b8c8d18b10785d541bf3b50f7d3ed0032bd37f205212b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in puppeteer-exobiology-semantic-release-less (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 492b2388e50d217d03a5e5f9711d814fffbd1724cb17c2b745d1d05ed86fbe9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176284

Malicious code in solis-semantic-release-pm2-css-minimizer-webpack-plugin npm...

EUVD-2025-175888

Malicious code in transport-semantic-release-cressida-middleware npm...

EUVD-2025-177602

Malicious code in nightwatch-abiogenesis-semantic-release-supercluster npm...

EUVD-2025-177340

Malicious code in palynology-semantic-release-pulsar-wormhole npm...

EUVD-2025-176897

Malicious code in puppeteer-exobiology-semantic-release-less npm...

EUVD-2025-176722

Malicious code in relay-development-update-semantic-release npm...

EUVD-2025-176456

Malicious code in sedna-semantic-release-meissa-winston npm...

EUVD-2025-176437

Malicious code in semantic-release-aether-buffer-concurrently npm...

EUVD-2025-176435

Malicious code in semantic-release-webdriver-mocha-holography-init npm...

EUVD-2025-177820

Malicious code in mira-pipe-stratigraphy-semantic-release npm...