223 matches found
Semantic release 安全漏洞
Semantic release is a Js-based versioning and package distribution tool from the Semantic Release team. A security vulnerability exists in Semantic release version 5.4.8, which stems from the fact that sending specially crafted HTTP requests to various API endpoints can bypass authentication...
EUVD-2025-199390
Malicious code in @voiceflow/semantic-release-config npm...
Malicious code in @voiceflow/semantic-release-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95a6c9bc458bfc9330434e338d86e85de8f5e6f5a2374749939e909a392268ad The package @voiceflow/semantic-release-config was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in eslint-plugin-semantic-release-chalk-fusion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7f76b381638ad18356b8c8d18b10785d541bf3b50f7d3ed0032bd37f205212b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176456
Malicious code in sedna-semantic-release-meissa-winston npm...
EUVD-2025-179665
Malicious code in comet-norma-semantic-release-rest npm...
EUVD-2025-179033
Malicious code in eslint-plugin-semantic-release-chalk-fusion npm...
EUVD-2025-175888
Malicious code in transport-semantic-release-cressida-middleware npm...
EUVD-2025-180326
Malicious code in ariel-semantic-release-optimize-css-assets-webpack-plugin-prettier-plugin-markdown npm...
Malicious code in comet-norma-semantic-release-rest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32d7b6f4630255380dcea5a3bf2611344de910b5a96a201e142940f865f9cc09 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179005
Malicious code in event-miranda-rest-semantic-release npm...
EUVD-2025-175667
Malicious code in vulcan-semantic-release-pino-adonis npm...
EUVD-2025-177602
Malicious code in nightwatch-abiogenesis-semantic-release-supercluster npm...
EUVD-2025-177820
Malicious code in mira-pipe-stratigraphy-semantic-release npm...
EUVD-2025-176722
Malicious code in relay-development-update-semantic-release npm...
EUVD-2025-176437
Malicious code in semantic-release-aether-buffer-concurrently npm...
Malicious code in nightwatch-abiogenesis-semantic-release-supercluster (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c04dce162afc7d6c59dc05512d4f23f6779a6891e85414c6a52032e9fc0c2d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vulcan-semantic-release-pino-adonis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c72d9e409094829214238543e07bf97ca0de11f012ae732f970551021eb40d66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177656
Malicious code in neptune-redshift-semantic-release-xml npm...