Embedded Malicious Code

Overview @asyncapi/modelina is a The Model SDK for generating data models Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package...

@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=5.0.1 <=6.0.0) +2 more potentially affected by unknown CVE via @asyncapi/modelina-cli (=5.10.1)

@asyncapi/modelina-cli NPM version =5.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/modelina-cli and may be impacted: - @asyncapi-actions-test/trusted-publishing-testasyncapi-cli =4.1.3, =5.0.1, =1.4.14, =1.4.39 -...

@achinet/nestjs-async (>=0.1.0 <=0.2.0), @asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0) +14 more potentially affected by unknown CVE via @asyncapi/modelina (=5.10.1)

@asyncapi/modelina NPM version =5.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/modelina and may be impacted: - @achinet/nestjs-async =0.1.0, =4.1.3, =2.5.0, =2.8.3, =0.2.0, =5.2.2, =0.54.0, =1.4.14, =1.8.0, =2.0.0, =0.1.0, =0.48.0,...

MAL-2025-190660 Malicious code in @asyncapi/modelina-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3144264289038cf791432dc902acf2aafe218ea12a11fd986f2690b63531157 The package @asyncapi/modelina-cli was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198689

Malicious code in @asyncapi/modelina-cli npm...

@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=5.0.1 <=6.0.0) +2 more potentially affected by unknown CVE via @asyncapi/modelina-cli (=5.10.1)

@asyncapi/modelina-cli NPM version =5.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/modelina-cli and may be impacted: - @asyncapi-actions-test/trusted-publishing-testasyncapi-cli =4.1.3, =5.0.1, =1.4.14, =1.4.39 -...

MAL-2025-190638 Malicious code in @asyncapi/modelina (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6021816ea47fd6743ed24c196df8db60f0649e0d5b185ceb9b418ba457b21e3 The package @asyncapi/modelina was found to contain malicious code. Source: ghsa-malware...

Malicious code in @asyncapi/modelina (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6021816ea47fd6743ed24c196df8db60f0649e0d5b185ceb9b418ba457b21e3 The package @asyncapi/modelina was found to contain malicious code. Source: ghsa-malware...

@achinet/nestjs-async (>=0.1.0 <=0.2.0), @asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0) +14 more potentially affected by unknown CVE via @asyncapi/modelina (=5.10.1)

@asyncapi/modelina NPM version =5.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/modelina and may be impacted: - @achinet/nestjs-async =0.1.0, =4.1.3, =2.5.0, =2.8.3, =0.2.0, =5.2.2, =0.54.0, =1.4.14, =1.8.0, =2.0.0, =0.1.0, =0.48.0,...

EUVD-2025-198635

Malicious code in @asyncapi/modelina npm...

EUVD-2021-1975

Malware in sbrugna...

CVE-2023-23619

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue...

Code injection

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue...

CVE-2023-23619

The CVE-2023-23619 vulnerability affects @asyncapi/modelina (Modelina) prior to version 1.0.0. It enables code injection through default presets or when users do not handle rendering themselves. The issue is partially mitigated in 1.0.0, per GHSA guidance: if you only access constrained models, t...

CVE-2023-23619 Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue...

CVE-2023-23619 Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue...

CVE-2023-23619 Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue...

Modelina 代码注入漏洞

Modelina is the asyncapi personal developer's library for generating data models based on input such as AsyncAPI, OpenAPI or JSON schema documents. A code injection vulnerability exists in versions of Modelina prior to 1.0.0 that stems from vulnerability to code injection attacks...

Improper Control of Generation of Code ('Code Injection')

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 is vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue h...

@asyncapi/cli (>=0.21.0 <=0.27.3), @asyncapi/dotnet-nats-template (>=0.2.0 <=0.8.4) +9 more potentially affected by CVE-2023-23619 via @asyncapi/modelina (>=0.11.0 <=0.9.0)

@asyncapi/modelina NPM version =0.11.0, =0.21.0, =0.2.0, =0.1.8, =0.3.33, =0.4.0, =0.0.1, =0.0.1, =0.1.0, =0.1.7 Source cves: CVE-2023-23619 Source advisory: OSV:GHSA-4JG2-84C2-PJ95...