Skip to content

v3.30.0

Latest

Choose a tag to compare

@goklab goklab released this 14 Jul 21:02
  • New IOC rules for two active npm supply-chain compromises: jscrambler malicious releases (8.14.0/8.16.0/8.17.0/8.18.0/8.20.0) and @injectivelabs/sdk-ts 1.20.21 wallet-key backdoor
  • New version-pin rule for n8n-mcp multi-tenant cross-tenant access (CVE-2026-54052, fixed in 2.56.1)
  • July Hono disclosures (CVE-2026-56763/56762) and Anthropic SDK memory-tool CVE ids mapped into existing rules — no duplicates