@asyncapi/glee (>=0.13.0 <=0.37.9), @asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/markdown-template (=1.6.7)

@asyncapi/markdown-template NPM version =1.6.7 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/markdown-template and may be impacted: - @asyncapi/glee =0.13.0, =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

EUVD-2025-198651

Malicious code in @asyncapi/markdown-template npm...

Malicious code in @asyncapi/markdown-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4eab3f67164575b589affd305405ab98f13239b541ad15720274e6657e7f6571 The package @asyncapi/markdown-template was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190659 Malicious code in @asyncapi/markdown-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4eab3f67164575b589affd305405ab98f13239b541ad15720274e6657e7f6571 The package @asyncapi/markdown-template was found to contain malicious code. Source: ghsa-malware...