Lucene search
K

5 matches found

EUVD
EUVD
added 2025/11/25 12:16 a.m.2 views

EUVD-2025-199422

Malicious code in @voiceflow/common npm...

6.6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.14 views

Malicious code in @voiceflow/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c31b6225a913c42ff3e119872d881af1992d5de51a2cf9632f3c055a8fd577c9 The package @voiceflow/common was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/11/25 12:16 a.m.3 views

MAL-2025-191340 Malicious code in @voiceflow/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c31b6225a913c42ff3e119872d881af1992d5de51a2cf9632f3c055a8fd577c9 The package @voiceflow/common was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/11/24 4:24 p.m.12 views

@voiceflow/alexa-types (>=2.0.0 <=2.16.3), @voiceflow/api-sdk (>=3.0.0 <=3.29.3) +11 more potentially affected by unknown CVE via @voiceflow/common (>=8.10.0 <=8.9.0)

@voiceflow/common NPM version =8.10.0, =2.0.0, =3.0.0, =2.50.1, =2.0.0, =3.0.0, =2.0.0, =2.0.0, =1.0.3, =1.3.3, =1.0.0, =2.0.0, =3.2.20, =1.0.3, =1.7.13 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWCOMMON-14103402...

5.8AI score
Exploits0
Snyk
Snyk
added 2025/11/24 4:24 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Rows per page
Query Builder