Malicious code in @cloudways-lab/unified-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 23c4eddec5f89631d3d39c35763cf38b69ab7d8e0e4cd2cb66097eda0a2ed68f The OpenSSF Package Analysis project identified '@cloudways-lab/unified-design-system' @ 99.9.1 npm as malicious. It is considered malicious...

@baloise/design-system-components (>=0.0.0 <=15.2.4), @baloise/design-system-components-angular (>=0.0.0 <=15.2.4) +33 more potentially affected by unknown CVE via filesize.js (=2.0.0)

filesize.js NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on filesize.js and may be impacted: - @baloise/design-system-components =0.0.0, =0.0.0, =0.0.0, =0.0.0-nightly-20230817143308, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0,...

Malicious code in @design-system-coopeuch/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a871445c3913d747a2f1383bcfdac02d6dec26ddb2053260340284cf4ee02233 Package @design-system-coopeuch/[email protected] is a dependency-confusion squat of an internal-looking scope, published at an inflated 999.x version to...

MAL-2026-3653 Malicious code in @design-system-coopeuch/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a871445c3913d747a2f1383bcfdac02d6dec26ddb2053260340284cf4ee02233 Package @design-system-coopeuch/[email protected] is a dependency-confusion squat of an internal-looking scope, published at an inflated 999.x version to...

MAL-2026-3421 Malicious code in oneblk-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f46bbc3e155a30851463f65a3f9d5af33ebd5172df5ad70f7b022a77448fc6eb The package oneblk-design-system was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in oneblk-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f46bbc3e155a30851463f65a3f9d5af33ebd5172df5ad70f7b022a77448fc6eb The package oneblk-design-system was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-7596

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

Malicious code in experian-design-system-themes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e90ccd6c3568a7aef645cab8ed450ccd3a6161c82b6e9ba03eab795510e35847 The package experian-design-system-themes was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1696 Malicious code in components-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca129c441caef97d904867f91617f53799650e2f2deef3f531a3a18dfc917efa The package components-design-system was found to contain malicious code...

Malicious code in components-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca129c441caef97d904867f91617f53799650e2f2deef3f531a3a18dfc917efa The package components-design-system was found to contain malicious code...

Malicious code in navi-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d7c20b1a93d0713a7cd64e5937906dc8db43fe90795827cedac30fc64031c68 The package navi-design-system was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1494 Malicious code in navi-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d7c20b1a93d0713a7cd64e5937906dc8db43fe90795827cedac30fc64031c68 The package navi-design-system was found to contain malicious code. Source: ossf-package-analysis...

@zextras/carbonio-design-system (=12.0.3), react-native-github-markdown (>=2.1.0 <=2.2.0) potentially affected by CVE-2025-68467 via darkreader (>=4.7.15 <=4.9.105)

darkreader NPM version =4.7.15, =2.1.0, =2.2.0 Source cves: CVE-2025-68467 Source advisory: SNYK:JS-DARKREADER-15441035...

MAL-2026-1087 Malicious code in bps-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f41e4d6abfba5f03e914140b0b171314ef8a614e3e03ff9685325532260a745 The package bps-design-system was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in bps-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f41e4d6abfba5f03e914140b0b171314ef8a614e3e03ff9685325532260a745 The package bps-design-system was found to contain malicious code. Source: ossf-package-analysis...

@antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1), @anyauth/design-system (>=0.5.0 <=0.5.1) +21 more potentially affected by CVE-2026-27729 via astro (>=5.10.1 <=5.17.2)

astro NPM version =5.10.1, =1.0.0, =0.5.0, =0.0.1, =0.1.0, =0.0.1, =2.0.0, =2.18.7, =0.1.2-alpha.1, =0.0.28, =0.0.28, =1.5.1, =1.13.2, =0.0.1, =0.0.2 and more Source cves: CVE-2026-27729 Source advisory: SNYK:JS-ASTRO-15338138...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +8 more potentially affected by CVE-2026-25535 via jspdf (>=4.0.0 <=4.1.0)

jspdf NPM version =4.0.0, =0.0.23, =0.1.2, =1.4.0, =0.111.0-7, =7.11.3, =0.111.0-7, =0.111.0-7, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-25535 Source advisory: SNYK:JS-JSPDF-15322681...

@like-a-startup/matildex-chat (>=1.0.16 <=1.0.23), @n8n/chat (>=1.0.0 <=1.19.0) +1 more potentially affected by CVE-2026-25054 via @n8n/design-system (>=2.0.0 <=2.1.0)

@n8n/design-system NPM version =2.0.0, =1.0.16, =1.0.0, =1.0.0, =1.0.3 Source cves: CVE-2026-25054 Source advisory: SNYK:JS-N8NDESIGNSYSTEM-15225250...

Cross-site Scripting (XSS)

Overview @n8n/design-system is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown rendering process in the workflow user interface. An attacker can execute arbitrary scripts in the context of another user's session by crafting malicious markdown conten...

@n8n/chat (=1.2.0) potentially affected by CVE-2026-25054 via @n8n/design-system (=2.2.0)

@n8n/design-system NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on @n8n/design-system and may be impacted: - @n8n/chat =1.2.0 Source cves: CVE-2026-25054 Source advisory: SNYK:JS-N8NDESIGNSYSTEM-15225250...