Version updated for https://github.com/gensecaihq/react2shell-scanner to version v1.1.1. This action is used across all versions by ? repositories. Go to the GitHub Marketplace to find the latest changes. Release notes GitHub Marketplace Action Ready! 🎉 This release makes the GitHub Action ready for the Marketplace with enhanced features: New Action Features Job Summary - Rich markdown summary in GitHub Actions UI PR Comments - Automatic comments on PRs with vulnerability findings SARIF Upload - One-click upload to GitHub Security tab Multiple Scan Types - Support for repo, SBOM, and container scanning Ignore Paths - Exclude paths from scanning Usage - uses: gensecaihq/react2shell-scanner@v1 with: path: '.

Version updated for https://github.com/gensecaihq/react2shell-scanner to version v1.0.9. This action is used across all versions by ? repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Fixes Improved URL scanner to correctly detect vulnerable Next.js applications: Version detection: Now checks page source for vulnerable Next.js/React version strings HTML entity handling: Properly handles " encoded quotes in version strings Multi-endpoint probing: Scans multiple common Server Action endpoints Enhanced patterns: Added RSC Flight protocol patterns for better detection Verified Tested against known vulnerable target: https://nextjs-cve-hackerone.

Version updated for https://github.com/gensecaihq/Shai-Hulud-2.0-Detector to version v2.0.0. This action is used across all versions by 38 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Shai-Hulud 2.0 Detector v2.0.0 Protect your projects from the Shai-Hulud 2.0 npm supply chain attack with enhanced detection capabilities. Why This Release? After the initial attack on November 24, 2025, security researchers discovered additional attack vectors and persistence mechanisms: Backdoor Persistence: on: discussion workflow triggers that persist even after removing compromised packages Rogue Runner Installation: Self-hosted runners installed in $HOME/.

Version updated for https://github.com/gensecaihq/Shai-Hulud-2.0-Detector to version v2.0.1. This action is used across all versions by 35 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Shai-Hulud 2.0 Detector v2.0.1 This release adds the allowlist feature for excluding false positives and includes several bug fixes and improvements. What’s New Allowlist Feature for False Positives (#26) You can now exclude known false positives using a .shai-hulud-allowlist.json file: [ { "type": "shai-hulud-repo", "titleContains": "Shai-Hulud reference", "locationContains": ".

Version updated for https://github.com/gensecaihq/Shai-Hulud-2.0-Detector to version v1.0.2. This action is used across all versions by 34 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Shai-Hulud 2.0 Detector v1.0.2 This release includes important bug fixes and a major feature enhancement for version matching accuracy. What’s New 🎯 Semver Version Matching (#11) The detector now uses proper semver version range matching when checking for compromised packages. This significantly reduces false positives by accurately matching only the specific vulnerable versions.

Version updated for https://github.com/gensecaihq/Shai-Hulud-2.0-Detector to version v2.0.0. This action is used across all versions by 24 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Shai-Hulud 2.0 Detector v2.0.0 Protect your projects from the Shai-Hulud 2.0 npm supply chain attack with enhanced detection capabilities. Why This Release? After the initial attack on November 24, 2025, security researchers discovered additional attack vectors and persistence mechanisms: Backdoor Persistence: on: discussion workflow triggers that persist even after removing compromised packages Rogue Runner Installation: Self-hosted runners installed in $HOME/.

Version updated for https://github.com/gensecaihq/Shai-Hulud-2.0-Detector to version v1.0.2. This action is used across all versions by 23 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Shai-Hulud 2.0 Detector v1.0.2 This release includes important bug fixes and a major feature enhancement for version matching accuracy. What’s New 🎯 Semver Version Matching (#11) The detector now uses proper semver version range matching when checking for compromised packages. This significantly reduces false positives by accurately matching only the specific vulnerable versions.

Version updated for https://github.com/gensecaihq/Shai-Hulud-2.0-Detector to version v1.0.1. This action is used across all versions by 23 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Shai-Hulud 2.0 Detector v1.0.1 We’re excited to announce v1.0.1 with a key feature addition contributed by our community! What’s New 🎯 Scan Node Modules Support (#9) The --scan-node-modules flag now works as documented! You can now optionally scan your node_modules directory for a more thorough security analysis.

Version updated for https://github.com/gensecaihq/Shai-Hulud-2.0-Detector to version v1.0.0. This action is used across all versions by 7 repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Shai-Hulud 2.0 Detector v1.0.0 Protect your projects from the Shai-Hulud 2.0 npm supply chain attack. Features Package Detection Database of 790+ compromised packages from the November 2025 attack Scans package.json, package-lock.json, yarn.lock, and pnpm-lock.yaml Monorepo support with automatic subdirectory scanning Security Findings Detection Malicious scripts: setup_bun.