4880 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
react-native-junsible (>=0.0.1 <=0.0.7) potentially affected by unknown CVE via react-native-email (=2.1.0)
react-native-email NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-native-email and may be impacted: - react-native-junsible =0.0.1, =0.0.7 Source cves: unknown CVE Source advisory: SNYK:JS-REACTNATIVEEMAIL-14103701...
@achinet/nestjs-async (>=0.1.0 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +35 more potentially affected by unknown CVE via @asyncapi/generator-react-sdk (>=1.1.2 <=1.1.3)
@asyncapi/generator-react-sdk NPM version =1.1.2, =0.1.0, =3.0.0, =4.1.3, =0.24.0, =1.10.14, =0.2.0, =0.1.0, =1.0.0, =0.2.2, =1.3.3, =2.0.0, =0.16.0, =0.16.23 - @asyncapi/template-dart-websocket-client =0.0.1 - @asyncapi/template-java-websocket-quarkus =0.0.1 -...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
@asyncapi/cli (>=3.1.0 <=4.1.1), @asyncapi/html-template (>=3.2.0 <=3.5.0) +18 more potentially affected by unknown CVE via @asyncapi/react-component (>=2.0.0 <=2.6.5)
@asyncapi/react-component NPM version =2.0.0, =3.1.0, =3.2.0, =0.24.0, =2.0.4, =0.0.0-nightly-20241023023252, =0.2.1, =2.6.0, =1.0.2, =1.0.0, =0.0.2-dev-0b744dd, =2.0.0, =0.0.2-test, =0.0.0-cache-perf-20240625144418, =1.16.0-next.4 - @rlawton/kuadrant-backstage-plugin-frontend =0.0.2 and more...
@voiceflow/alexa-types (>=2.15.0 <=2.15.62), @voiceflow/google-dfes-types (>=2.17.0 <=2.17.7) +3 more potentially affected by unknown CVE via @voiceflow/voice-types (>=2.10.0 <=2.10.57)
@voiceflow/voice-types NPM version =2.10.0, =2.15.0, =2.17.0, =2.21.0, =1.60.2, =3.30.0, =3.32.47 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWVOICETYPES-14103447...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
@voiceflow/react-chat (>=1.59.4 <=1.65.2) potentially affected by unknown CVE via @voiceflow/stitches-react (=2.3.1)
@voiceflow/stitches-react NPM version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on @voiceflow/stitches-react and may be impacted: - @voiceflow/react-chat =1.59.4, =1.65.2 Source cves: unknown CVE Source advisory:...
Malicious code in @darwinex/react-custom-scrollbars (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c14e6f6b8558a92600a6b705cd18fbcfc9eca9a163fcd69c792492154fbe37e The package @darwinex/react-custom-scrollbars was found to contain malicious code...
EUVD-2025-198962
Malicious code in @darwinex/react-custom-scrollbars npm...
MAL-2025-190865 Malicious code in @darwinex/react-custom-scrollbars (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c14e6f6b8558a92600a6b705cd18fbcfc9eca9a163fcd69c792492154fbe37e The package @darwinex/react-custom-scrollbars was found to contain malicious code...
EUVD-2025-198820
Malicious code in poper-react-sdk npm...
Malicious code in poper-react-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee86d01d82c77cc7c83c6d28159deba7fa26192da0ab69659d92f78f4d41cd60 The package poper-react-sdk was found to contain malicious code. Source: ghsa-malware 2c3b77a8909da7a5fe13a2fba433147468dfa75dee206eaa996325423e38244...
Malicious code in react-native-worklet-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ed2ae3214c7915580ec4f119fc2fc1ee0e071e2deea48ef419973982180aa9c The package react-native-worklet-functions was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190857 Malicious code in react-native-worklet-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ed2ae3214c7915580ec4f119fc2fc1ee0e071e2deea48ef419973982180aa9c The package react-native-worklet-functions was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198819
Malicious code in react-native-worklet-functions npm...