Nrwl
Products
2- Nx8 CVEsnpm
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48027 | Cri | 0.84 | 9.8 | 0.02 | KEV | May 27, 2026 | Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was… | |
| CVE-2025-36852 | Cri | 0.61 | — | 0.00 | Jun 10, 2025 | A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those using Amazon S3, Google Cloud Storage, or similar object storage) that allows any contributor with pull request privileges to inject… | ||
| CVE-2025-10894 | Cri | 0.55 | 9.6 | 0.01 | Sep 24, 2025 | Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them… | ||
| CVE-2024-41908 | Hig | 0.51 | 7.8 | 0.00 | Aug 13, 2024 | A vulnerability has been identified in NX (All versions < V2406.3000). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the… | ||
| CVE-2025-40800 | Hig | 0.48 | 7.4 | 0.00 | Dec 9, 2025 | A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002),… | ||
| CVE-2024-7608 | Med | 0.38 | 5.9 | 0.00 | Aug 27, 2024 | An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal. | ||
| CVE-2023-31179 | 0.00 | — | 0.01 | May 8, 2023 | AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request. | |||
| CVE-2023-31178 | 0.00 | — | 0.01 | May 8, 2023 | AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request. | |||
| CVE-2023-24507 | 0.00 | — | 0.01 | May 8, 2023 | AgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request. |
- risk 0.84cvss 9.8epss 0.02
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was…
- risk 0.61cvss —epss 0.00
A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those using Amazon S3, Google Cloud Storage, or similar object storage) that allows any contributor with pull request privileges to inject…
- risk 0.55cvss 9.6epss 0.01
Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them…
- risk 0.51cvss 7.8epss 0.00
A vulnerability has been identified in NX (All versions < V2406.3000). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the…
- risk 0.48cvss 7.4epss 0.00
A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002),…
- risk 0.38cvss 5.9epss 0.00
An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.
- CVE-2023-31179May 8, 2023risk 0.00cvss —epss 0.01
AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request.
- CVE-2023-31178May 8, 2023risk 0.00cvss —epss 0.01
AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request.
- CVE-2023-24507May 8, 2023risk 0.00cvss —epss 0.01
AgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request.