6 matches found
MAL-2025-47307 Malicious code in ember-headless-form (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4687ef20e35f1ba6932bfe28dbaae50901c594a51071d24c97e6d496f7001382 Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in ember-headless-form (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4687ef20e35f1ba6932bfe28dbaae50901c594a51071d24c97e6d496f7001382 Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in ember-headless-form-yup (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed8ff319c2845a41812ca372e9a7e36c894cd5027bfadab1381fefb8892e4074 Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47308 Malicious code in ember-headless-form-yup (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed8ff319c2845a41812ca372e9a7e36c894cd5027bfadab1381fefb8892e4074 Any computer that has this package installed or running should be considered fully compromised. All...
@lblod/ember-rdfa-editor (>=12.4.0-dev.1f5a5b71099288ff594f4d5de652b8af64917693 <=13.10.2) potentially affected by unknown CVE via ember-headless-form (=1.1.1)
ember-headless-form NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on ember-headless-form and may be impacted: - @lblod/ember-rdfa-editor =12.4.0-dev.1f5a5b71099288ff594f4d5de652b8af64917693, =13.10.2 Source cves: unknown CVE Source...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...