AI teddy bear for kids responds with sexual content and advice about weapons

In testing, FoloToy’s AI teddy bear jumped from friendly chat to sexual topics and unsafe household advice. It shows how easily artificial intelligence can cross serious boundaries. It’s a fair moment to ask whether AI-powered stuffed animals are appropriate for children. It’s easy to get swept u...

Malicious code in @miptaa02/teddy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4027e20c3a3e3400685db9a6414269628e6cc61cfa138cbc97dcaa336daf0df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2021-2159

Malware in sbrugna...

MAL-2025-35132 Malicious code in test-mlw2-could-latex-solen-teddy (npm)

The package test-mlw2-could-latex-solen-teddy was found to contain malicious code...

Malicious code in test-mlw1-could-latex-solen-teddy (npm)

The package test-mlw1-could-latex-solen-teddy was found to contain malicious code...

Malicious code in test-mlw2-could-latex-solen-teddy (npm)

The package test-mlw2-could-latex-solen-teddy was found to contain malicious code...

MAL-2025-34778 Malicious code in test-mlw1-could-latex-solen-teddy (npm)

The package test-mlw1-could-latex-solen-teddy was found to contain malicious code...

Malicious code in @malware-test-could-latex-solen-teddy/test-mlw3-could-latex-solen-teddy (npm)

The package @malware-test-could-latex-solen-teddy/test-mlw3-could-latex-solen-teddy was found to contain malicious code...

teddy-smith.com Cross Site Scripting vulnerability OBB-3124564

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

teddy-smith.com Cross Site Scripting vulnerability OBB-2847917

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

hermann-teddy-peluche.fr Cross Site Scripting vulnerability OBB-2344354

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

gulp-teddy (>=0.0.1 <=1.6.1), roosevelt (>=0.4.9 <=0.4.33) potentially affected by CVE-2021-23447 via teddy (>=0.2.52 <=0.4.28)

teddy NPM version =0.2.52, =0.0.1, =0.4.9, =0.4.33 Source cves: CVE-2021-23447 Source advisory: OSV:GHSA-5F38-9JW2-6R6H...

GHSA-5F38-9JW2-6R6H Cross-site Scripting in teddy

Teddy is a readable and easy to learn templating language. This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array instead of a string...

Cross-site Scripting in teddy

Teddy is a readable and easy to learn templating language. This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array instead of a string...

Cross-Site Scripting (XSS)

teddy is vulnerable to cross-site scripting XSS attacks. The vulnerability exists because it does not properly escape the user-supplied input in 'utils.js' allowing the attacker to inject arbitrary script...

CVE-2021-23447

This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array instead of a string...

CVE-2021-23447

This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array instead of a string...

Type confusion

This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array instead of a string...

CVE-2021-23447 Cross-site Scripting (XSS)

This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array instead of a string...

CVE-2021-23447

The CVE-2021-23447 entry concerns the Teddy templating language prior to version 0.5.9. A type-confusion vulnerability allows bypassing input sanitization when the model content is an array (not a string), potentially enabling XSS-like behavior in affected renders. The mitigation is to upgrade Te...