Semantic release 安全漏洞

Semantic release is a Js-based versioning and package distribution tool from the Semantic Release team. A security vulnerability exists in Semantic release version 5.4.8, which stems from the fact that sending specially crafted HTTP requests to various API endpoints can bypass authentication...

Malicious code in @voiceflow/semantic-release-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95a6c9bc458bfc9330434e338d86e85de8f5e6f5a2374749939e909a392268ad The package @voiceflow/semantic-release-config was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199390

Malicious code in @voiceflow/semantic-release-config npm...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

EUVD-2025-176897

Malicious code in puppeteer-exobiology-semantic-release-less npm...

EUVD-2025-177820

Malicious code in mira-pipe-stratigraphy-semantic-release npm...

EUVD-2025-175888

Malicious code in transport-semantic-release-cressida-middleware npm...

EUVD-2025-176436

Malicious code in semantic-release-boson-lepton-kastra npm...

EUVD-2025-175387

Malicious code in zooarchaeology-nodemon-semantic-release-backend npm...

EUVD-2025-176456

Malicious code in sedna-semantic-release-meissa-winston npm...

EUVD-2025-176722

Malicious code in relay-development-update-semantic-release npm...

Malicious code in eslint-plugin-semantic-release-chalk-fusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7f76b381638ad18356b8c8d18b10785d541bf3b50f7d3ed0032bd37f205212b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179665

Malicious code in comet-norma-semantic-release-rest npm...

EUVD-2025-177656

Malicious code in neptune-redshift-semantic-release-xml npm...

Malicious code in semantic-release-aether-buffer-concurrently (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ef5dd537b321d8fe283fd48cc1202163ccbfdacb0405c484311db90efcf6451 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-177340

Malicious code in palynology-semantic-release-pulsar-wormhole npm...

Malicious code in nightwatch-abiogenesis-semantic-release-supercluster (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c04dce162afc7d6c59dc05512d4f23f6779a6891e85414c6a52032e9fc0c2d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179005

Malicious code in event-miranda-rest-semantic-release npm...

EUVD-2025-176284

Malicious code in solis-semantic-release-pm2-css-minimizer-webpack-plugin npm...

Malicious code in comet-norma-semantic-release-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32d7b6f4630255380dcea5a3bf2611344de910b5a96a201e142940f865f9cc09 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...