For a (critical) meta-review of dependency security, I'm looking for documented dependency security incidents!

Please reply with (a link to) any such incidents that you know of, in any language/ecosystem as long as it was from a public registry/source - I'm especially interested in the less well-known incidents.

The goal is not to write a sensationalist fearmongering article, but rather to place real-world attacks in perspective and talk about where the *real* dangers are, because almost everything people claim about dependency security today is wrong.

Boosts appreciated! ​