4 matches found
@vex-chat/spire (>=1.0.0 <=2.3.3) potentially affected by unknown CVE via @asyncapi/web-component (=2.6.5)
@asyncapi/web-component NPM version =2.6.5 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/web-component and may be impacted: - @vex-chat/spire =1.0.0, =2.3.3 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIWEBCOMPONENT-14103281...
EUVD-2025-198786
Malicious code in @asyncapi/web-component npm...
Malicious code in @asyncapi/web-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd2dff5164da9cab0fa9cbd6684d231b19caa4cc57fe660f4d0ad2cd8573dc1a The package @asyncapi/web-component was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190721 Malicious code in @asyncapi/web-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd2dff5164da9cab0fa9cbd6684d231b19caa4cc57fe660f4d0ad2cd8573dc1a The package @asyncapi/web-component was found to contain malicious code. Source: ghsa-malware...