supply-chain
supply-chain
- CVE-2026-55487 - pnpm allowBuilds identity spoof
- GHSA-72r4-9c5j-mj57 - pnpm better-node-range CPU exhaustion
- GHSA-fr4h-3cph-29xv - pnpm protocol specifier bypass
- GHSA-qrv3-253h-g69c - pnpm configDependencies symlink traversal
- SLSA provenance evidence check
- GHSA-gv7w-rqvm-qjhr - esbuild Deno binary integrity RCE
- CVE-2026-34841 - @usebruno/cli axios supply-chain RAT
- GHSA-jpvj-wpmj-h7rv - @cap-js/openapi package compromise
- CVE-2026-10796 - nvm mirror version command injection
- CVE-2026-45321 - TanStack npm supply-chain compromise
- CVE-2026-48027 - Nx Console extension compromise
- GHSA-wx3m-whqv-xv47 - skillctl path and symlink traversal
- CVE-2026-48501 - GitHub CLI TUF token leakage
- Source code audit - dependency and build integrity
- GHSA-54pg-9963-v8vg - Intercom client package compromise
- CVE-2026-40903 - goshs ArtiPACKED GitHub Actions token leakage
- GHSA-rpm5/GHSA-x2qx - GitPython command injection
- Compromised package — cache quarantine
- CVE-2024-3094 — xz-utils backdoor