EUVD-2025-199387

Malicious code in @voiceflow/stitches-react npm...

Malicious code in @voiceflow/stitches-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06695269b63d5e1d5d67fbf2ec3e8ba8a46439f10a30ca584e674ad93dbf53f1 The package @voiceflow/stitches-react was found to contain malicious code. Source: ghsa-malware...

@voiceflow/react-chat (>=1.59.4 <=1.65.2) potentially affected by unknown CVE via @voiceflow/stitches-react (=2.3.1)

@voiceflow/stitches-react NPM version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on @voiceflow/stitches-react and may be impacted: - @voiceflow/react-chat =1.59.4, =1.65.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191375...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@voiceflow/react-chat (>=1.59.4 <=1.65.2) potentially affected by unknown CVE via @voiceflow/stitches-react (=2.3.1)

@voiceflow/stitches-react NPM version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on @voiceflow/stitches-react and may be impacted: - @voiceflow/react-chat =1.59.4, =1.65.2 Source cves: unknown CVE Source advisory:...