EUVD-2025-199460

Malicious code in @oku-ui/toggle-group npm...

@oku-ui/primitives (>=0.4.0 <=0.6.1), @oku-ui/toolbar (>=0.4.0 <=0.6.1) potentially affected by unknown CVE via @oku-ui/toggle-group (=0.6.1)

@oku-ui/toggle-group NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/toggle-group and may be impacted: - @oku-ui/primitives =0.4.0, =0.4.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191279...

@oku-ui/primitives (>=0.0.1 <=0.6.1), @oku-ui/toggle-group (>=0.4.0 <=0.6.1) +1 more potentially affected by unknown CVE via @oku-ui/toggle (=0.6.1)

@oku-ui/toggle NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/toggle and may be impacted: - @oku-ui/primitives =0.0.1, =0.4.0, =0.4.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191278...

@oku-ui/accordion (>=0.5.0 <=0.6.1), @oku-ui/menu (>=0.6.0 <=0.6.1) +5 more potentially affected by unknown CVE via @oku-ui/roving-focus (=0.6.1)

@oku-ui/roving-focus NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/roving-focus and may be impacted: - @oku-ui/accordion =0.5.0, =0.6.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.6.1 Source cves: unknown CVE Source advisor...

MAL-2025-191279 Malicious code in @oku-ui/toggle-group (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb7f999444c4458fefe9d248fe0eaf410814ecbb5343107fe992033a61d184f3 The package @oku-ui/toggle-group was found to contain malicious code. Source: google-open-source-security...

@oku-ui/accordion (>=0.5.0 <=0.6.1), @oku-ui/menu (>=0.6.0 <=0.6.1) +8 more potentially affected by unknown CVE via @oku-ui/direction (=0.6.1)

@oku-ui/direction NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/direction and may be impacted: - @oku-ui/accordion =0.5.0, =0.6.0, =0.4.0, =0.4.0, =0.4.0, =0.0.1, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.6.1 Source cves: unknown...

Malicious Package

Overview deere-ui-toggle-group is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

MAL-2022-2411 Malicious code in deere-ui-toggle-group (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 288d9c18ada3058b1ce2ddd2a3b36426a6470f0e6c14ed4ed6353a95a1f31d8c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in deere-ui-toggle-group (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 288d9c18ada3058b1ce2ddd2a3b36426a6470f0e6c14ed4ed6353a95a1f31d8c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...