EUVD-2025-199388

Malicious code in @voiceflow/slate-serializer npm...

Malicious code in @voiceflow/slate-serializer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb7716bab0bde17a29c041cd61a934d39d4717019743671e8d6164fd166c0bdc The package @voiceflow/slate-serializer was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191374 Malicious code in @voiceflow/slate-serializer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb7716bab0bde17a29c041cd61a934d39d4717019743671e8d6164fd166c0bdc The package @voiceflow/slate-serializer was found to contain malicious code. Source: ghsa-malware...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@voiceflow/react-chat (>=1.0.3 <=2.62.4), @voiceflow/widget (>=1.0.3 <=1.7.13) potentially affected by unknown CVE via @voiceflow/slate-serializer (>=1.1.6 <=1.5.5)

@voiceflow/slate-serializer NPM version =1.1.6, =1.0.3, =1.0.3, =1.7.13 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWSLATESERIALIZER-14103436...