4 matches found
Malicious code in ai-sdk-ollama (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19f3e848ffd678e29b96aec1a0aa02dcdcb7c3c5f58bc357ee3b3483b395577d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
@arc-laboratories/arclocale-compiler (=0.2.0-alpha.8), @iharkharytanovich/found (>=0.1.1 <=0.1.4) +8 more potentially affected by unknown CVE via ai-sdk-ollama (>=3.0.0 <=3.8.4)
ai-sdk-ollama NPM version =3.0.0, =0.1.1, =0.1.5, =0.4.2-canary-0ba39cdeb6, =0.1.303, =0.1.303, =0.1.303, =0.1.303, =0.4.2, =0.1.5, =1.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-AISDKOLLAMA-17146454...
@easbot/ollama-sdk (=0.1.0) potentially affected by unknown CVE via ai-sdk-ollama (=2.2.0)
ai-sdk-ollama NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on ai-sdk-ollama and may be impacted: - @easbot/ollama-sdk =0.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-AISDKOLLAMA-17146454...
Embedded Malicious Code
Overview ai-sdk-ollama is a Vercel AI SDK Provider for Ollama using official ollama-js library Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attemp...