AgentSafe-AI · brian93512 · May 29, 2026 · May 29, 2026
diff --git a/pkg/analyzer/data/blacklist.json b/pkg/analyzer/data/blacklist.json
@@ -69,6 +69,36 @@
     "reason": "Confirmed npm supply-chain compromise: attackers hijacked Bitwarden's GitHub Actions, stole release secrets, and pushed a tampered @bitwarden/cli@2026.4.0 build to npm containing malicious code. Remove immediately and rotate any credentials that passed through the CLI.",
     "link": "https://thehackernews.com/2026/04/bitwarden-cli-supply-chain-attack.html"
   },
+  {
+    "id": "CVE-2026-46421",
+    "component": "@cap-js/db-service",
+    "ecosystem": "npm",
+    "affected_versions": ["2.10.1"],
+    "action": "BLOCK",
+    "severity": "CRITICAL",
+    "reason": "Confirmed npm supply-chain compromise: malicious @cap-js package versions were published as part of a coordinated compromise across @cap-js/sqlite, @cap-js/postgres, and @cap-js/db-service.",
+    "link": "https://osv.dev/vulnerability/GHSA-pvw4-cvr4-97p8"
+  },
+  {
+    "id": "CVE-2026-46421",
+    "component": "@cap-js/postgres",
+    "ecosystem": "npm",
+    "affected_versions": ["2.2.2"],
+    "action": "BLOCK",
+    "severity": "CRITICAL",
+    "reason": "Confirmed npm supply-chain compromise: malicious @cap-js package versions were published as part of a coordinated compromise across @cap-js/sqlite, @cap-js/postgres, and @cap-js/db-service.",
+    "link": "https://osv.dev/vulnerability/GHSA-pvw4-cvr4-97p8"
+  },
+  {
+    "id": "CVE-2026-46421",
+    "component": "@cap-js/sqlite",
+    "ecosystem": "npm",
+    "affected_versions": ["2.2.2"],
+    "action": "BLOCK",
+    "severity": "CRITICAL",
+    "reason": "Confirmed npm supply-chain compromise: malicious @cap-js package versions were published as part of a coordinated compromise across @cap-js/sqlite, @cap-js/postgres, and @cap-js/db-service.",
+    "link": "https://osv.dev/vulnerability/GHSA-pvw4-cvr4-97p8"
+  },
   {
     "id": "CVE-2026-45321",
     "component": "@tanstack/arktype-adapter",