{"advisories":[{"id":"AGENTSCORE-2026-0005","package":"@kevinrabun/judges","old_version":"3.129.2","new_version":"3.129.3","old_score":30,"new_score":30,"old_risk":"HIGH","new_risk":"HIGH","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"type":"hardcoded_secret","detail":"Hardcoded secret found (AWS key, OpenAI key, GitHub token, or npm token)","severity":"critical","recommendation":"Remove hardcoded secrets. Use environment variables instead."}],"affected_servers":[],"verdict":"warn","severity":"critical","summary":"@kevinrabun/judges updated from 3.129.2 to 3.129.3. Score changed 30/100 to 30/100 (0). Risk: HIGH to HIGH. 3 findings.","detected_at":"2026-04-05T17:02:07.404+00:00","published_at":"2026-04-05T17:02:07.481202+00:00"},{"id":"AGENTSCORE-2026-0004","package":"@kevinrabun/judges","old_version":"3.129.1","new_version":"3.129.2","old_score":30,"new_score":30,"old_risk":"HIGH","new_risk":"HIGH","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"type":"hardcoded_secret","detail":"Hardcoded secret found (AWS key, OpenAI key, GitHub token, or npm token)","severity":"critical","recommendation":"Remove hardcoded secrets. Use environment variables instead."}],"affected_servers":[],"verdict":"warn","severity":"critical","summary":"@kevinrabun/judges updated from 3.129.1 to 3.129.2. Score changed 30/100 to 30/100 (0). Risk: HIGH to HIGH. 3 findings.","detected_at":"2026-04-05T16:24:06.699+00:00","published_at":"2026-04-05T16:24:06.765605+00:00"},{"id":"AGENTSCORE-2026-0003","package":"@kevinrabun/judges","old_version":"3.129.0","new_version":"3.129.1","old_score":30,"new_score":30,"old_risk":"HIGH","new_risk":"HIGH","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"type":"hardcoded_secret","detail":"Hardcoded secret found (AWS key, OpenAI key, GitHub token, or npm token)","severity":"critical","recommendation":"Remove hardcoded secrets. Use environment variables instead."}],"affected_servers":[],"verdict":"warn","severity":"critical","summary":"@kevinrabun/judges updated from 3.129.0 to 3.129.1. Score changed 30/100 to 30/100 (0). Risk: HIGH to HIGH. 3 findings.","detected_at":"2026-04-05T16:22:07.239+00:00","published_at":"2026-04-05T16:22:07.304086+00:00"},{"id":"AGENTSCORE-2026-0002","package":"@kevinrabun/judges","old_version":"3.128.3","new_version":"3.129.0","old_score":30,"new_score":30,"old_risk":"HIGH","new_risk":"HIGH","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"type":"hardcoded_secret","detail":"Hardcoded secret found (AWS key, OpenAI key, GitHub token, or npm token)","severity":"critical","recommendation":"Remove hardcoded secrets. Use environment variables instead."}],"affected_servers":[],"verdict":"warn","severity":"critical","summary":"@kevinrabun/judges updated from 3.128.3 to 3.129.0. Score changed 30/100 to 30/100 (0). Risk: HIGH to HIGH. 3 findings.","detected_at":"2026-04-05T15:36:06.81+00:00","published_at":"2026-04-05T15:36:06.899088+00:00"},{"id":"AGENTSCORE-2026-0001","package":"@kevinrabun/judges","old_version":"3.128.2","new_version":"3.128.3","old_score":30,"new_score":30,"old_risk":"HIGH","new_risk":"HIGH","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"type":"hardcoded_secret","detail":"Hardcoded secret found (AWS key, OpenAI key, GitHub token, or npm token)","severity":"critical","recommendation":"Remove hardcoded secrets. Use environment variables instead."}],"affected_servers":[],"verdict":"warn","severity":"critical","summary":"@kevinrabun/judges updated from 3.128.2 to 3.128.3. Score changed 30/100 to 30/100 (0). Risk: HIGH to HIGH. 3 findings.","detected_at":"2026-04-05T12:12:06.903+00:00","published_at":"2026-04-05T12:12:06.985397+00:00"}],"total":5,"feed_url":"https://agentscores.xyz/security/advisories/rss.xml"}