RSS

Critical: Compromised Nx Console version 18.95.0

urbandw311er2 pts2 comments

Compromised Nx Console version 18.95.0 · Advisory · nrwl/nx-console · GitHub

//repos/advisories/show" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

//repos/advisories/show;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

nrwl

nx-console

Public

Notifications<br>You must be signed in to change notification settings

Fork<br>242

Star<br>1.4k

Compromised Nx Console version 18.95.0

Critical

jaysoo<br>published<br>GHSA-c9j4-9m59-847w<br>May 18, 2026

Package

Nx Console<br>(VSCode)

Affected versions

18.95.0

Patched versions

18.100.0

Description

Impact

Anyone who installed 18.95.0 version of Nx Console needs to immediately update to the latest Console version.

This version was publish 2:36 PM CEST and available for 11 mins until 2:47 PM CEST. If you had VSCode running with Nx Console with auto-update on at this time, assume that you were compromised.

If you were compromised, assume anything on disk needs to be rotated. This includes:

Tokens

Secrets

SSH keys

Patches

Nx Console 18.100.0 is the latest version that users need to be on.

References

Issue: #3139

We have hardened our Nx Console publishing pipeline such that two admins need to approve of a release. Previously any core contributor was able to release a new VSCode version.

This compromised occurred due to a recent supply chain attack that scraped on of our contributor's GitHub token.

We're working Microsoft and GitHub to help with the investigation. We'll post more information as we obtain them.

Severity

Critical

CVE ID

No known CVE

Weaknesses

No CWEs

You can’t perform that action at this time.

console version compromised search critical github

Related Articles

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times

PopuLoRA: Co-Evolving LLM Populations for Reasoning Self- Play

AMavorParker8 ptstasks model training self populora play

Old Reddit Is Down

Crunsher7 ptsdata autoplay videoplayerelement comments function false

The ultimate female fantasy – A feminist critique of Beauty and the Beast

muge6 ptsbeast story paglia beauty older butler
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.