MAL-2025-191023 Malicious code in tenacious-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61051d9fdf4393e5d5b5336a35ce010a5bd613ab5e8c9b1f45c9c3a409f365c5 The package tenacious-fetch was found to contain malicious code. Source: ghsa-malware 0c44fc9d1c7099876e590cd69eb0d5ff3928dcc439cfe74cce255584a3455cf...

EUVD-2025-199020

Malicious code in tenacious-fetch npm...

@jbrowse/core (>=1.4.0 <=1.7.3), @persistr/js (>=3.6.3 <=3.14.0) +5 more potentially affected by unknown CVE via tenacious-fetch (=2.3.1)

tenacious-fetch NPM version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tenacious-fetch and may be impacted: - @jbrowse/core =1.4.0, =3.6.3, =1.0.5, =1.0.0, =1.2.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191023...

Malicious code in tenacious-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61051d9fdf4393e5d5b5336a35ce010a5bd613ab5e8c9b1f45c9c3a409f365c5 The package tenacious-fetch was found to contain malicious code. Source: ghsa-malware 0c44fc9d1c7099876e590cd69eb0d5ff3928dcc439cfe74cce255584a3455cf...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@jbrowse/core (>=1.4.0 <=1.7.3), @persistr/js (>=3.6.3 <=3.14.0) +5 more potentially affected by unknown CVE via tenacious-fetch (=2.3.1)

tenacious-fetch NPM version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tenacious-fetch and may be impacted: - @jbrowse/core =1.4.0, =3.6.3, =1.0.5, =1.0.0, =1.2.0 Source cves: unknown CVE Source advisory: SNYK:JS-TENACIOUSFETCH-14103737...