3box-orbitdb-plugins (>=2.0.0 <=2.1.2), 3id-connect (>=0.1.0 <=1.0.0-beta.15) +2246 more potentially affected by unknown CVE via @stablelib/ed25519 (>=0.7.2 <=1.0.3)

@stablelib/ed25519 NPM version =0.7.2, =2.0.0, =0.1.0, =1.0.0-alpha.6, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.21, =1.0.42, =0.0.1, =0.1.0, =1.0.0, =1.10.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-X3FF-W252-2G7J...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@achinet/nestjs-async (>=0.1.0 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +35 more potentially affected by unknown CVE via @asyncapi/generator-react-sdk (>=1.1.2 <=1.1.3)

@asyncapi/generator-react-sdk NPM version =1.1.2, =0.1.0, =3.0.0, =4.1.3, =0.24.0, =1.10.14, =0.2.0, =0.1.0, =1.0.0, =0.2.2, =1.3.3, =2.0.0, =0.16.0, =0.16.23 - @asyncapi/template-dart-websocket-client =0.0.1 - @asyncapi/template-java-websocket-quarkus =0.0.1 -...

EUVD-2025-198820

Malicious code in poper-react-sdk npm...

Malicious code in poper-react-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee86d01d82c77cc7c83c6d28159deba7fa26192da0ab69659d92f78f4d41cd60 The package poper-react-sdk was found to contain malicious code. Source: ghsa-malware 2c3b77a8909da7a5fe13a2fba433147468dfa75dee206eaa996325423e38244...

EUVD-2025-198634

Malicious code in @asyncapi/generator-react-sdk npm...

Malicious code in @asyncapi/generator-react-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b0dadd48783af136a9dcf3f65cf9f24675841f02c7d1a5b6dc60709b392bf98 The package @asyncapi/generator-react-sdk was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190637 Malicious code in @asyncapi/generator-react-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b0dadd48783af136a9dcf3f65cf9f24675841f02c7d1a5b6dc60709b392bf98 The package @asyncapi/generator-react-sdk was found to contain malicious code. Source: ghsa-malware...

EUVD-2024-45526

Malicious code in bioql PyPI...

EUVD-2024-3112

Malicious code in bioql PyPI...

@dwimm/client-web (>=0.0.1 <=0.0.2-86), @element-hq/web-shared-components (>=0.0.0-test.6 <=0.0.2) +26 more potentially affected by CVE-2025-57354 via counterpart (>=0.16.10 <=0.18.6)

counterpart NPM version =0.16.10, =0.0.1, =0.0.0-test.6, =1.0.0, =2.10.1, =0.0.1, =0.7.1, =0.0.1, =0.1.8, =2.3.0, =3.114.0-rc.0 and more Source cves: CVE-2025-57354 Source advisory: SNYK:JS-COUNTERPART-13110034...

Malicious code in react-sdk-module-api (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c328baa339da0fb222b6ed839e9e024e3df2427f155e95d650451d9a7c0d49ce Any computer that has this package installed or running should be considered...

MAL-2025-5053 Malicious code in react-sdk-module-api (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c328baa339da0fb222b6ed839e9e024e3df2427f155e95d650451d9a7c0d49ce Any computer that has this package installed or running should be considered...

CVE-2024-47824

matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that roo...

CVE-2024-51749

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

CVE-2023-30609

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message...

CVE-2021-32622

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

CVE-2021-21320

matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so...

CVE-2025-32026 Element Web could load a malicious instance of Element Call leaking media encryption keys

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used f...

CVE-2024-42347

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...