fix: scope @browserbasehq/* advisories to only compromised versions#1139
Open
fix: scope @browserbasehq/* advisories to only compromised versions#1139
Conversation
Remove overly broad SEMVER ranges ("introduced": "0") from 4
@browserbasehq/* advisories. Only a single version of each package was
compromised during the Shai-Hulud 2.0 attack (Nov 2025). The broad
ranges cause tools consuming OSV data to incorrectly flag all versions
as malicious, including current clean releases.
Affected advisories:
- MAL-2025-191193: @browserbasehq/bb9 (only 1.2.21 was malicious)
- MAL-2025-191194: @browserbasehq/director-ai (only 1.0.3 was malicious)
- MAL-2025-191195: @browserbasehq/mcp (only 2.1.1 was malicious)
- MAL-2025-191199: @browserbasehq/stagehand-docs (only 1.0.1 was malicious)
The `versions` field already correctly identifies the single compromised
version in each case. The `ranges` field from the ghsa-malware source
was the only source of the overly broad scope.
Fixes: ossf#1138
kam193
reviewed
Feb 21, 2026
| "import_time": "2025-11-25T00:47:38.435172124Z", | ||
| "id": "GHSA-xxg4-p932-cqpg", | ||
| "modified_time": "2025-11-25T00:07:08Z", | ||
| "ranges": [ |
Contributor
There was a problem hiding this comment.
Do not modify source reports - this is the history reference, and as long as it won't be downloaded again from the source, it won't affect the main "affected" key. Fixing the main "affected" key should be enough. @calebbrown please correct me if I'm wrong.
Contributor
There was a problem hiding this comment.
You are correct @kam193. This part of the OSV should not be modified.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Removes overly broad SEMVER ranges (
"introduced": "0") from 4@browserbasehq/*advisories. Only a single version of each package was compromised during the Shai-Hulud 2.0 attack (Nov 2025). The broad ranges cause tools consuming OSV data (e.g., Goose) to incorrectly flag all versions as malicious, including current clean releases.Changes
For each of the 4 affected advisories:
rangesfield fromaffected[0](which said all versions>= 0are malicious)rangesin theghsa-malwareorigin underdatabase_specificwithversionsmatching the single compromised versionversionsfield inaffected[0]was already correct and unchanged@browserbasehq/bb91.2.21@browserbasehq/director-ai1.0.3@browserbasehq/mcp2.1.1@browserbasehq/stagehand-docs1.0.1The other 3
@browserbasehq/*advisories (MAL-2025-191196, MAL-2025-191197, MAL-2025-191198) already had correctly scopedversions-only entries and did not need changes.Context
google-open-source-securityandamazon-inspectorsources in each advisory already correctly identified only the single compromised version — only theghsa-malwaresource contributed the overly broad range