Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...

@accordproject/cicero-cli (>=0.20.11-20200710202320 <=0.24.1-20230906105323), @accordproject/cicero-core (>=0.20.11-20200710202320 <=0.24.1-20231019080841) +22 more potentially affected by unknown CVE via @accordproject/markdown-it-cicero (>=0.11.4-20200710154317 <=0.16.20-20230811084906)

@accordproject/markdown-it-cicero NPM version =0.11.4-20200710154317, =0.20.11-20200710202320, =0.20.11-20200710202320, =0.20.11-20200710202320, =0.20.11-20200710202320, =0.20.11-20200710202320, =0.22.2-20210714131804, =0.20.11-20200714172106, =0.20.11-20200714172106, =0.20.11-20200714172106,...

EUVD-2025-199346

Malicious code in @accordproject/concerto-types npm...

@accordproject/concerto-cli (=3.18.1-20251008112859), @accordproject/concerto-linter (>=3.22.1-20250716095953 <=3.24.1-20251209112947) potentially affected by unknown CVE via @accordproject/concerto-linter-default-ruleset (>=3.22.1-20250716095953 <=3.24.1-20251209112947)

@accordproject/concerto-linter-default-ruleset NPM version =3.22.1-20250716095953, =3.22.1-20250716095953, =3.24.1-20251209112947 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191173...

EUVD-2025-199349

Malicious code in @accordproject/concerto-linter npm...

@accordproject/template-engine contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

@accordproject/cicero-cli (>=0.2.48 <=0.8.0-20181025052931), @accordproject/cicero-common (>=0.2.50 <=0.3.17-20180604161941) +104 more potentially affected by CVE-2020-7677 via thenify (>=2.0.0 <=3.3.0)

thenify NPM version =2.0.0, =0.2.48, =0.2.50, =0.2.46, =0.2.46, =0.2.46, =0.0.37, =0.0.36, =0.0.37, =0.1.0, =0.1.0, =2.1.1, =0.1.0, =0.2.2 and more Source cves: CVE-2020-7677 Source advisory: OSV:GHSA-29XR-V42J-R956...

@accordproject/cicero-cli (>=0.3.4 <=0.24.1-20231019073743), @accordproject/cicero-common (>=0.3.4 <=0.3.12) +450 more potentially affected by CVE-2022-1233 via urijs (>=1.16.1 <=1.19.10)

urijs NPM version =1.16.1, =0.3.4, =0.3.4, =0.3.4, =0.3.4, =0.4.5-20180705184508, =0.11.2-20190326183124, =0.10.2-20190213145246, =0.0.5, =0.71.8-20190915045234, =0.80.2, =0.80.4-20191003231621, =0.61.2-20190916200303, =0.90.1-20200514190616, =0.6.0-alpha.0, =0.6.0, =0.91.1-20200514222339 and mor...

@accordproject/cicero-cli (>=0.2.48 <=0.8.0-20181025052931), @accordproject/cicero-common (>=0.2.50 <=0.3.17-20180604161941) +102 more potentially affected by CVE-2020-7677 via thenify (>=3.0.0 <=3.3.0)

thenify NPM version =3.0.0, =0.2.48, =0.2.50, =0.2.46, =0.2.46, =0.2.46, =0.0.37, =0.0.36, =0.0.37, =0.1.0, =0.1.0, =2.1.1, =0.1.0, =0.2.2 and more Source cves: CVE-2020-7677 Source advisory: SNYK:JS-THENIFY-571690...

@accordproject/cicero-cli (>=0.13.1 <=0.13.5-20190807130647), @accordproject/cicero-core (>=0.13.1 <=0.13.5-20190807130647) +44 more potentially affected by unknown CVE via acorn (>=5.5.0 <=5.7.3)

acorn NPM version =5.5.0, =0.13.1, =0.13.1, =0.13.1, =0.13.1, =0.13.1, =0.13.8, =0.5.0, =0.0.10, =2.0.1-pr.0, =12.0.0, =1.2.2, =0.6.0, =1.1.1, =5.0.1 - @devsnicket/eunice-analyzer =0.36.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6CHW-6FRG-F759...