12 matches found
Unsafe Dependency Resolution
Overview @theia/ai-chat-ui is a Theia - AI Chat UI Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by introducing...
Unsafe Dependency Resolution
Overview @theia/ai-chat-ui is a Theia - AI Chat UI Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by...
Malicious Package
Overview @capibar.chat/ui-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview one-view-chat-ui-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious code in one-view-chat-ui-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a53a27e69da28c6b1eb4c8f441a2e0723e4b7b5c0aaaab08233f5dd41b76308 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-208909
SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...
CVE-2025-63260
SyncFusion 30.1.37 is affected by a Cross-Site Scripting (XSS) vulnerability exposed through the Document-Editor’s reply-to-comment field and the Chat-UI chat messages. The issues are present in the UI components of SyncFusion for version 30.1.37 and are described consistently across Red Hat and ...
Malicious code in masons-chat-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f14b2f219e65b904ce4942da955e90e752927f635e650295337be7bc2eedfaf0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5283 Malicious code in masons-chat-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f14b2f219e65b904ce4942da955e90e752927f635e650295337be7bc2eedfaf0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in comet-chat-react-ui-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9a6f38c4d9dd2413e237c8d146d5fcf11d04f613910b552a32a52b3e4cf199f6 The OpenSSF Package Analysis project identified 'comet-chat-react-ui-kit' @ 1.0.1 npm as malicious. It is considered malicious because: - The...
Malicious code in @sbtweb/chat-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98da8f5b939eeb94617bce10dd625c39b582c21f0057799cdc2ae93196291802 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-576 Malicious code in @sbtweb/chat-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98da8f5b939eeb94617bce10dd625c39b582c21f0057799cdc2ae93196291802 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...