@voiceflow/alexa-types (>=2.14.43 <=2.15.62), @voiceflow/api-sdk (>=3.27.18 <=3.28.60) +7 more potentially affected by unknown CVE via @voiceflow/base-types (>=2.100.1 <=2.136.1)

@voiceflow/base-types NPM version =2.100.1, =2.14.43, =3.27.18, =2.13.92, =2.0.0, =2.20.44, =1.60.0, =1.8.0, =2.9.71, =3.26.33, =3.32.47 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWBASETYPES-14103397...

@zapier/ai-actions-react (>=0.0.1 <=0.1.11) potentially affected by unknown CVE via @zapier/ai-actions (>=0.0.1 <=0.1.11)

@zapier/ai-actions NPM version =0.0.1, =0.0.1, =0.1.11 Source cves: unknown CVE Source advisory: SNYK:JS-ZAPIERAIACTIONS-14103233...

@lessondesk/schoolbus (>=3.0.43 <=5.2.1) potentially affected by unknown CVE via @tiaanduplessis/react-progressbar (=1.0.0)

@tiaanduplessis/react-progressbar NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @tiaanduplessis/react-progressbar and may be impacted: - @lessondesk/schoolbus =3.0.43, =5.2.1 Source cves: unknown CVE Source advisory:...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@voiceflow/widget (>=1.0.3 <=1.7.13) potentially affected by unknown CVE via @voiceflow/react-chat (>=1.0.3 <=1.47.4)

@voiceflow/react-chat NPM version =1.0.3, =1.0.3, =1.7.13 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWREACTCHAT-14103429...

@digifox/providers (=5.0.3), @wowpay/react-native-sdk (>=1.0.3 <=1.0.21) +3 more potentially affected by unknown CVE via react-native-websocket (=1.0.2)

react-native-websocket NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on react-native-websocket and may be impacted: - @digifox/providers =5.0.3 - @wowpay/react-native-sdk =1.0.3, =1.0.0, =1.0.0, =1.0.0, =1.0.2 Source cves: unknown CVE...

@voiceflow/react-chat (>=1.0.3 <=2.62.4), @voiceflow/widget (>=1.0.3 <=1.7.13) potentially affected by unknown CVE via @voiceflow/slate-serializer (>=1.1.6 <=1.5.5)

@voiceflow/slate-serializer NPM version =1.1.6, =1.0.3, =1.0.3, =1.7.13 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWSLATESERIALIZER-14103436...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@voiceflow/react-chat (>=1.59.4 <=2.62.4), @voiceflow/sdk-runtime (>=1.18.1 <=1.29.0-alpha.1) potentially affected by unknown CVE via @voiceflow/dtos-interact (>=1.10.0 <=1.26.0)

@voiceflow/dtos-interact NPM version =1.10.0, =1.59.4, =1.18.1, =1.29.0-alpha.1 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWDTOSINTERACT-14103405...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@everreal/react-charts (>=1.0.0 <=1.0.1-ff20697), @everreal/web-analytics (>=0.0.3 <=0.0.12) +1 more potentially affected by unknown CVE via undefsafe-typed (=1.0.2)

undefsafe-typed NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on undefsafe-typed and may be impacted: - @everreal/react-charts =1.0.0, =0.0.3, =1.1.17, =1.2.5 Source cves: unknown CVE Source advisory: SNYK:JS-UNDEFSAFETYPED-14103745...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

axios-basic-logger (=1.0.0), react-micromodal.js (=1.0.0) potentially affected by unknown CVE via pico-uid (=1.0.2)

pico-uid NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on pico-uid and may be impacted: - axios-basic-logger =1.0.0 - react-micromodal.js =1.0.0 Source cves: unknown CVE Source advisory: SNYK:JS-PICOUID-14103684...

@voiceflow/react-chat (>=1.0.0 <=2.62.4) potentially affected by unknown CVE via @voiceflow/sdk-runtime (>=1.10.0 <=1.3.4)

@voiceflow/sdk-runtime NPM version =1.10.0, =1.0.0, =2.62.4 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWSDKRUNTIME-14103432...

@jbrowse/core (>=1.4.0 <=1.7.3), @persistr/js (>=3.6.3 <=3.14.0) +5 more potentially affected by unknown CVE via tenacious-fetch (=2.3.1)

tenacious-fetch NPM version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tenacious-fetch and may be impacted: - @jbrowse/core =1.4.0, =3.6.3, =1.0.5, =1.0.0, =1.2.0 Source cves: unknown CVE Source advisory: SNYK:JS-TENACIOUSFETCH-14103737...

@voiceflow/alexa-types (>=2.14.43 <=2.15.62), @voiceflow/google-dfes-types (>=2.0.0 <=2.17.14) +3 more potentially affected by unknown CVE via @voiceflow/voiceflow-types (>=3.20.20 <=3.32.44)

@voiceflow/voiceflow-types NPM version =3.20.20, =2.14.43, =2.0.0, =2.20.44, =1.27.1, =1.0.5, =1.7.13 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWVOICEFLOWTYPES-14103448...

module-mobile-js (>=1.3.8 <=1.4.0), react-native-iris-sdk (>=3.3.16 <=3.3.31) potentially affected by unknown CVE via react-native-log-level (=1.2.0)

react-native-log-level NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-native-log-level and may be impacted: - module-mobile-js =1.3.8, =3.3.16, =3.3.31 Source cves: unknown CVE Source advisory:...