16 matches found
Malicious code in @emerald-react/chat-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d0a6cbe19a31d336779d3e0975557852cb92372627904ed87950dfe35b67410 The package @emerald-react/chat-bot was found to contain malicious code...
MAL-2026-1602 Malicious code in @emerald-react/chat-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d0a6cbe19a31d336779d3e0975557852cb92372627904ed87950dfe35b67410 The package @emerald-react/chat-bot was found to contain malicious code...
Malicious code in @voiceflow/react-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7450440b7c3368ef719fcfa9511d7984fc38ed8b5279f4e49f414f588446915e The package @voiceflow/react-chat was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199395
Malicious code in @voiceflow/react-chat npm...
MAL-2025-191367 Malicious code in @voiceflow/react-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7450440b7c3368ef719fcfa9511d7984fc38ed8b5279f4e49f414f588446915e The package @voiceflow/react-chat was found to contain malicious code. Source: ghsa-malware...
@voiceflow/react-chat (>=1.0.0 <=2.62.4) potentially affected by unknown CVE via @voiceflow/sdk-runtime (>=1.10.0 <=1.3.4)
@voiceflow/sdk-runtime NPM version =1.10.0, =1.0.0, =2.62.4 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWSDKRUNTIME-14103432...
@voiceflow/react-chat (>=1.0.3 <=2.62.4), @voiceflow/widget (>=1.0.3 <=1.7.13) potentially affected by unknown CVE via @voiceflow/slate-serializer (>=1.1.6 <=1.5.5)
@voiceflow/slate-serializer NPM version =1.1.6, =1.0.3, =1.0.3, =1.7.13 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWSLATESERIALIZER-14103436...
@voiceflow/alexa-types (>=2.14.43 <=2.15.62), @voiceflow/google-dfes-types (>=2.0.0 <=2.17.14) +3 more potentially affected by unknown CVE via @voiceflow/voiceflow-types (>=3.20.20 <=3.32.44)
@voiceflow/voiceflow-types NPM version =3.20.20, =2.14.43, =2.0.0, =2.20.44, =1.27.1, =1.0.5, =1.7.13 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWVOICEFLOWTYPES-14103448...
@voiceflow/react-chat (>=1.59.4 <=1.65.2) potentially affected by unknown CVE via @voiceflow/stitches-react (=2.3.1)
@voiceflow/stitches-react NPM version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on @voiceflow/stitches-react and may be impacted: - @voiceflow/react-chat =1.59.4, =1.65.2 Source cves: unknown CVE Source advisory:...
@voiceflow/react-chat (>=1.59.4 <=2.62.4), @voiceflow/sdk-runtime (>=1.18.1 <=1.29.0-alpha.1) potentially affected by unknown CVE via @voiceflow/dtos-interact (>=1.10.0 <=1.26.0)
@voiceflow/dtos-interact NPM version =1.10.0, =1.59.4, =1.18.1, =1.29.0-alpha.1 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWDTOSINTERACT-14103405...
@voiceflow/alexa-types (>=2.15.0 <=2.15.62), @voiceflow/google-dfes-types (>=2.17.0 <=2.17.7) +3 more potentially affected by unknown CVE via @voiceflow/voice-types (>=2.10.0 <=2.10.57)
@voiceflow/voice-types NPM version =2.10.0, =2.15.0, =2.17.0, =2.21.0, =1.60.2, =3.30.0, =3.32.47 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWVOICETYPES-14103447...
@voiceflow/alexa-types (>=2.14.43 <=2.15.62), @voiceflow/api-sdk (>=3.27.18 <=3.28.60) +7 more potentially affected by unknown CVE via @voiceflow/base-types (>=2.100.1 <=2.136.1)
@voiceflow/base-types NPM version =2.100.1, =2.14.43, =3.27.18, =2.13.92, =2.0.0, =2.20.44, =1.60.0, =1.8.0, =2.9.71, =3.26.33, =3.32.47 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWBASETYPES-14103397...
@voiceflow/widget (>=1.0.3 <=1.7.13) potentially affected by unknown CVE via @voiceflow/react-chat (>=1.0.3 <=1.47.4)
@voiceflow/react-chat NPM version =1.0.3, =1.0.3, =1.7.13 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWREACTCHAT-14103429...
Malicious code in old-react-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0ae29d9cb582d5c0be810adbab5c88a3409a65d0d94034301910bb1c735e2c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3847 Malicious code in old-react-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0ae29d9cb582d5c0be810adbab5c88a3409a65d0d94034301910bb1c735e2c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
react-chat-widget-all-dream (>=2.1.6 <=2.3.1) potentially affected by CVE-2021-43785 via @joeattardi/emoji-button (=2.12.1)
@joeattardi/emoji-button NPM version =2.12.1 is affected by a known vulnerability. The following packages have a transitive dependency on @joeattardi/emoji-button and may be impacted: - react-chat-widget-all-dream =2.1.6, =2.3.1 Source cves: CVE-2021-43785 Source advisory: OSV:GHSA-F34M-X9PJ-62VQ...