EUVD-2025-199075

Malicious code in image-to-uri npm...

MAL-2025-190968 Malicious code in image-to-uri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa7b50ee7112a1f75ce3c55597ff598a36e98882fce34223c7d5bde782c8a27a The package image-to-uri was found to contain malicious code. Source: ghsa-malware 6d3880cd56fca46045266b2fa25b00db141ca4d96a3e52047e6a414a20f349f5 A...

Malicious code in image-to-uri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa7b50ee7112a1f75ce3c55597ff598a36e98882fce34223c7d5bde782c8a27a The package image-to-uri was found to contain malicious code. Source: ghsa-malware 6d3880cd56fca46045266b2fa25b00db141ca4d96a3e52047e6a414a20f349f5 A...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

cleanwork (=0.0.1), tomvisions-toolkit (>=1.0.1 <=1.0.9) potentially affected by unknown CVE via image-to-uri (=1.0.0)

image-to-uri NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on image-to-uri and may be impacted: - cleanwork =0.0.1 - tomvisions-toolkit =1.0.1, =1.0.9 Source cves: unknown CVE Source advisory: SNYK:JS-IMAGETOURI-14103641...