@cap-js/db-service

GHSA-pvw4-cvr4-97p8

npmmalware5/20/2026

Description

Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service)

References (5)

https://github.com/cap-js/cds-dbs/security/advisories/GHSA-pvw4-cvr4-97p8github_advisory https://github.com/cap-js/cds-dbsgithub_advisory https://me.sap.com/notes/3747787github_advisory https://www.sap.com/documents/2026/05/8203a8b9-4d7f-0010-bca6-c68f7e60039b.htmlgithub_advisory https://www.stepsecurity.io/blog/a-mini-shai-hulud-has-appearedgithub_advisory

Details

Ecosystemnpm

Attack Typemalware

Published5/20/2026

Affected Versions

2.10.1

Related CVEs

Aliases

CVE-2026-46421

Quick Actions

All Incidents npm Incidents

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001