Cremit
/incidentsfield log
CatchesCampaignsExfilPatternsLLMIncidentsMethodology
↺rss↗cremit.io

incidents.cremit.io

A reference feed of real-world Non-Human Identity (NHI) credential leak incidents. Maintained by Cremit.

Browse

  • All incidents
  • npm supply chain
  • CI/CD compromise
  • Methodology

Subscribe

  • RSS feed
  • @cremit_io
  • GitHub
// status
monitor active
// build
2026-07-04
// origin
cremit · seoul, kr
// license
CC BY 4.0

© 2026 Cremit. content reuse encouraged with attribution.

catches

Caught packages

Every package the analyzer pipeline classified as auto-published. Sort by weekly downloads to surface the highest-blast-radius cases first.

caught total
1,272
0 in last 7 days
top by downloads
1.1M/wk
disposable-email-domains
top pattern
reads-env-vars
185 hits
sort
downloadsrecenth-scorepatterns
/ecosystem
allnpmpypigh-actionsvscodehuggingface
3 results·indexed 2026-06-07
  • AUTO-PUBLISHED/gh-actions/2026-06-07

    barbaria888/SupplyChain-Guardian-AI-Github_Action8 versions·2026-06-07T08:53:02→2026-06-07T11:33:35

    by barbaria888

    Autonomous CVE remediation system with AI patching, runtime validation, KinD testing, and zero-trust deployment gates.

    curl-pipe-bashpy-pip-install-runtime

    → Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

    weekly
    —
    /wk
    llm verdict
    malicious 0.95
    h-score
    72
  • AUTO-PUBLISHED/gh-actions/2026-06-06

    inference-gateway/infer-action18 versions·2026-05-31T22:44:14→2026-06-06T18:21:57

    by inference-gateway

    Github action for the Infer CLI

    steals →GitHub PATAI API keys
    reads-github-tokensreads-ai-api-keyscurl-pipe-bash

    → Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

    weekly
    —
    /wk
  • AUTO-PUBLISHED/gh-actions/2026-06-05

    orkspace/orkestra-action3 versions·2026-06-05T22:52:15→2026-06-05T22:53:30

    by orkspace

    The official GitHub Action for Orkestra — runs the full ork CLI surface from any workflow

    curl-pipe-bash

    → Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.

    weekly
    —
    /wk
    llm verdict
    malicious 0.95
    h-score
    72
    patterns
patterns
2
llm verdict
malicious 0.95
h-score
42
patterns
3
1
+campaign · 1 pkgs
+campaign · 1 pkgs
+campaign · 1 pkgs