Multiple Node.js Modules compromised in self-spreading npm supply chain attack (mini-Shai-Hulud) (05/11/2026)

Language:

May 25, 2026, 4:06 PM

CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C")

CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C")

Exploit attributes ("Exploit available" set to "True")

Exploit attributes ("Exploitability ease" set to "Exploits are available")

Plugin Feed: 202605251606