SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalnpm·malware·osv

Malicious code in cms-storehub (npm)

Published May 30, 2026, 04:25 PM

Risk score

92

AI summary

Indexed incident for cms-storehub (npm).

Description

The OpenSSF Package Analysis project identified 'cms-storehub' @ 1.3.6 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Technical details

Indicators

affected version<function fixed() { [native code] }75%

Timeline

May 30, 04:25 PMAdvisory published
Jun 1, 06:41 AMIndexed by ThreatPkg

Related incidents