115 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...
Malicious code in @eventcatalog/generator-asyncapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9598dd9b72db501adb05bcad416fa140dc327848558cdcca03a10d2b127113b The package @eventcatalog/generator-asyncapi was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191452 Malicious code in @eventcatalog/generator-asyncapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9598dd9b72db501adb05bcad416fa140dc327848558cdcca03a10d2b127113b The package @eventcatalog/generator-asyncapi was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview @asyncapi/modelina is a The Model SDK for generating data models Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
@nmime/nestjs-asyncapi (>=2.0.0 <=2.0.7) potentially affected by unknown CVE via @asyncapi/nodejs-ws-template (=0.10.0)
@asyncapi/nodejs-ws-template NPM version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/nodejs-ws-template and may be impacted: - @nmime/nestjs-asyncapi =2.0.0, =2.0.7 Source cves: unknown CVE Source advisory:...
@vex-chat/spire (>=1.0.0 <=2.5.0) potentially affected by unknown CVE via @asyncapi/web-component (=2.6.5)
@asyncapi/web-component NPM version =2.6.5 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/web-component and may be impacted: - @vex-chat/spire =1.0.0, =2.5.0 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIWEBCOMPONENT-14103281...
@nmime/nestjs-asyncapi (>=2.0.0 <=2.0.7) potentially affected by unknown CVE via @asyncapi/nodejs-template (=3.0.4)
@asyncapi/nodejs-template NPM version =3.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/nodejs-template and may be impacted: - @nmime/nestjs-asyncapi =2.0.0, =2.0.7 Source cves: unknown CVE Source advisory:...
@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/java-template (=0.2.10)
@asyncapi/java-template NPM version =0.2.10 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/java-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...
@asyncapi/cli (>=2.5.0 <=4.1.1), @leandrose/project-documentation (=0.2.0) +2 more potentially affected by unknown CVE via @asyncapi/generator (>=2.11.0 <=2.8.3)
@asyncapi/generator NPM version =2.11.0, =2.5.0, =0.1.0, =0.1.596 - nestjs-asyncapi =2.0.1 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIGENERATOR-14103255...
@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=3.3.0 <=6.0.2) +3 more potentially affected by unknown CVE via @asyncapi/problem (=1.0.0)
@asyncapi/problem NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/problem and may be impacted: - @asyncapi-actions-test/trusted-publishing-testasyncapi-cli =4.1.3, =3.3.0, =0.16.0, =1.4.14, =1.4.50 -...
@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/java-spring-template (=1.6.0)
@asyncapi/java-spring-template NPM version =1.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/java-spring-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...
@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=0.36.0 <=6.0.0) +6 more potentially affected by unknown CVE via @asyncapi/bundler (>=0.3.11 <=0.6.4)
@asyncapi/bundler NPM version =0.3.11, =4.1.3, =0.36.0, =0.16.0, =1.4.14, =1.6.3, =0.0.0-beta-20240215154132, =0.3.0, =0.7.1 - trusted-publishing-testasyncapi-cli =4.1.3 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIBUNDLER-14103249...
@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=1.12.0 <=6.0.2) +2 more potentially affected by unknown CVE via @asyncapi/optimizer (=1.0.4)
@asyncapi/optimizer NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/optimizer and may be impacted: - @asyncapi-actions-test/trusted-publishing-testasyncapi-cli =4.1.3, =1.12.0, =1.4.14, =1.4.50 -...
@achinet/nestjs-async (>=0.1.0 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +37 more potentially affected by unknown CVE via @asyncapi/generator-react-sdk (>=1.1.2 <=1.1.3)
@asyncapi/generator-react-sdk NPM version =1.1.2, =0.1.0, =3.0.0, =4.1.3, =0.24.0, =1.10.14, =0.2.0, =0.1.0, =1.0.0, =0.2.2, =1.3.3, =2.0.0, =0.16.0, =0.16.23 - @asyncapi/template-dart-websocket-client =0.0.1 - @asyncapi/template-java-websocket-quarkus =0.0.1 -...
@achinet/nestjs-async (>=0.1.0 <=0.2.0), @asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0) +16 more potentially affected by unknown CVE via @asyncapi/modelina (=5.10.1)
@asyncapi/modelina NPM version =5.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/modelina and may be impacted: - @achinet/nestjs-async =0.1.0, =4.1.3, =2.5.0, =2.8.3, =0.2.0, =5.2.2, =0.54.0, =1.4.14, =1.8.0, =0.2.0, =2.0.0, =0.1.0,...
@achinet/nestjs-async (>=0.1.0 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +69 more potentially affected by unknown CVE via @asyncapi/parser (>=3.0.0-next-major-spec.8 <=3.4.0)
@asyncapi/parser NPM version =3.0.0-next-major-spec.8, =0.1.0, =3.0.0, =4.1.3, =0.24.0, =1.15.0, =0.2.0, =0.1.0, =0.2.57, =3.0.0, =4.0.0, =2.1.1, =0.16.0, =0.41.0-rc.2, =2.1.4, =3.0.0, =4.0.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIPARSER-14103272...
@asyncapi/cli (>=2.16.8 <=4.1.1), @asyncapi/server-api (=0.16.23) +1 more potentially affected by unknown CVE via @asyncapi/converter (>=1.4.17 <=1.5.0)
@asyncapi/converter NPM version =1.4.17, =2.16.8, =0.21.4, =1.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPICONVERTER-14103251...
@asyncapi/cli (>=3.1.0 <=4.1.1), @asyncapi/html-template (>=3.2.0 <=3.5.0) +16 more potentially affected by unknown CVE via @asyncapi/react-component (>=2.0.0 <=2.6.5)
@asyncapi/react-component NPM version =2.0.0, =3.1.0, =3.2.0, =0.24.0, =2.0.4, =0.0.0-nightly-20241023023252, =0.2.1, =2.6.0, =0.0.2-dev-0b744dd, =2.0.0, =0.0.2-test, =0.0.0-cache-perf-20240625144418, =1.0.0, =1.0.31, =1.0.81 and more Source cves: unknown CVE Source advisory:...
@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=0.13.0 <=6.0.2) +4 more potentially affected by unknown CVE via @asyncapi/diff (>=0.2.2 <=0.5.0)
@asyncapi/diff NPM version =0.2.2, =4.1.3, =0.13.0, =0.16.0, =0.10.0, =1.4.14, =1.4.50 - trusted-publishing-testasyncapi-cli =4.1.3 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIDIFF-14103252...