Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...

Malicious code in @eventcatalog/generator-asyncapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9598dd9b72db501adb05bcad416fa140dc327848558cdcca03a10d2b127113b The package @eventcatalog/generator-asyncapi was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191452 Malicious code in @eventcatalog/generator-asyncapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9598dd9b72db501adb05bcad416fa140dc327848558cdcca03a10d2b127113b The package @eventcatalog/generator-asyncapi was found to contain malicious code. Source: ghsa-malware...

@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=0.13.0 <=6.0.0) +4 more potentially affected by unknown CVE via @asyncapi/diff (>=0.2.2 <=0.5.0)

@asyncapi/diff NPM version =0.2.2, =4.1.3, =0.13.0, =0.16.0, =0.10.0, =1.4.14, =1.4.39 - trusted-publishing-testasyncapi-cli =4.1.3 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIDIFF-14103252...

@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=0.36.0 <=6.0.0) +6 more potentially affected by unknown CVE via @asyncapi/bundler (>=0.3.11 <=0.6.4)

@asyncapi/bundler NPM version =0.3.11, =4.1.3, =0.36.0, =0.16.0, =1.4.14, =1.6.3, =0.0.0-beta-20240215154132, =0.3.0, =0.7.1 - trusted-publishing-testasyncapi-cli =4.1.3 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIBUNDLER-14103249...

@nmime/nestjs-asyncapi (>=2.0.0 <=2.0.7) potentially affected by unknown CVE via @asyncapi/nodejs-template (=3.0.4)

@asyncapi/nodejs-template NPM version =3.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/nodejs-template and may be impacted: - @nmime/nestjs-asyncapi =2.0.0, =2.0.7 Source cves: unknown CVE Source advisory:...

@achinet/nestjs-async (>=0.1.0 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +73 more potentially affected by unknown CVE via @asyncapi/parser (>=3.0.0-next-major-spec.8 <=3.4.0)

@asyncapi/parser NPM version =3.0.0-next-major-spec.8, =0.1.0, =3.0.0, =4.1.3, =0.24.0, =1.15.0, =0.2.0, =0.1.0, =0.2.57, =3.0.0, =4.0.0, =2.1.1, =0.16.0, =0.41.0-rc.2, =2.1.4, =3.0.0, =4.0.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIPARSER-14103272...

@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=1.12.0 <=6.0.0) +2 more potentially affected by unknown CVE via @asyncapi/optimizer (=1.0.4)

@asyncapi/optimizer NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/optimizer and may be impacted: - @asyncapi-actions-test/trusted-publishing-testasyncapi-cli =4.1.3, =1.12.0, =1.4.14, =1.4.39 -...

@asyncapi/cli (>=2.5.0 <=4.1.1), @powerlines/plugin-asyncapi (>=0.1.0 <=0.1.469) +1 more potentially affected by unknown CVE via @asyncapi/generator (>=2.11.0 <=2.8.3)

@asyncapi/generator NPM version =2.11.0, =2.5.0, =0.1.0, =0.1.469 - nestjs-asyncapi =2.0.1 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIGENERATOR-14103255...

@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=3.3.0 <=6.0.0) +3 more potentially affected by unknown CVE via @asyncapi/problem (=1.0.0)

@asyncapi/problem NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/problem and may be impacted: - @asyncapi-actions-test/trusted-publishing-testasyncapi-cli =4.1.3, =3.3.0, =0.16.0, =1.4.14, =1.4.39 -...

Embedded Malicious Code

Overview @asyncapi/modelina is a The Model SDK for generating data models Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package...

@nmime/nestjs-asyncapi (>=2.0.0 <=2.0.7) potentially affected by unknown CVE via @asyncapi/nodejs-ws-template (=0.10.0)

@asyncapi/nodejs-ws-template NPM version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/nodejs-ws-template and may be impacted: - @nmime/nestjs-asyncapi =2.0.0, =2.0.7 Source cves: unknown CVE Source advisory:...

@asyncapi/cli (>=2.16.8 <=4.1.1), @asyncapi/server-api (=0.16.23) +1 more potentially affected by unknown CVE via @asyncapi/converter (>=1.4.17 <=1.5.0)

@asyncapi/converter NPM version =1.4.17, =2.16.8, =0.21.4, =1.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPICONVERTER-14103251...

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/java-spring-template (=1.6.0)

@asyncapi/java-spring-template NPM version =1.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/java-spring-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...

@achinet/nestjs-async (>=0.1.0 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +35 more potentially affected by unknown CVE via @asyncapi/generator-react-sdk (>=1.1.2 <=1.1.3)

@asyncapi/generator-react-sdk NPM version =1.1.2, =0.1.0, =3.0.0, =4.1.3, =0.24.0, =1.10.14, =0.2.0, =0.1.0, =1.0.0, =0.2.2, =1.3.3, =2.0.0, =0.16.0, =0.16.23 - @asyncapi/template-dart-websocket-client =0.0.1 - @asyncapi/template-java-websocket-quarkus =0.0.1 -...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/java-template (=0.2.10)

@asyncapi/java-template NPM version =0.2.10 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/java-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...

@vex-chat/spire (>=1.0.0 <=1.10.3) potentially affected by unknown CVE via @asyncapi/web-component (=2.6.5)

@asyncapi/web-component NPM version =2.6.5 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/web-component and may be impacted: - @vex-chat/spire =1.0.0, =1.10.3 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIWEBCOMPONENT-14103281...

@asyncapi/cli (>=3.1.0 <=4.1.1), @asyncapi/html-template (>=3.2.0 <=3.5.0) +18 more potentially affected by unknown CVE via @asyncapi/react-component (>=2.0.0 <=2.6.5)

@asyncapi/react-component NPM version =2.0.0, =3.1.0, =3.2.0, =0.24.0, =2.0.4, =0.0.0-nightly-20241023023252, =0.2.1, =2.6.0, =1.0.2, =1.0.0, =0.0.2-dev-0b744dd, =2.0.0, =0.0.2-test, =0.0.0-cache-perf-20240625144418, =1.16.0-next.4 - @rlawton/kuadrant-backstage-plugin-frontend =0.0.2 and more...

@achinet/nestjs-async (>=0.1.0 <=0.2.0), @asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0) +14 more potentially affected by unknown CVE via @asyncapi/modelina (=5.10.1)

@asyncapi/modelina NPM version =5.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/modelina and may be impacted: - @achinet/nestjs-async =0.1.0, =4.1.3, =2.5.0, =2.8.3, =0.2.0, =5.2.2, =0.54.0, =1.4.14, =1.8.0, =2.0.0, =0.1.0, =0.48.0,...