5 matches found
EUVD-2025-199422
Malicious code in @voiceflow/common npm...
Malicious code in @voiceflow/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c31b6225a913c42ff3e119872d881af1992d5de51a2cf9632f3c055a8fd577c9 The package @voiceflow/common was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191340 Malicious code in @voiceflow/common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c31b6225a913c42ff3e119872d881af1992d5de51a2cf9632f3c055a8fd577c9 The package @voiceflow/common was found to contain malicious code. Source: ghsa-malware...
@voiceflow/alexa-types (>=2.0.0 <=2.16.3), @voiceflow/api-sdk (>=3.0.0 <=3.29.3) +11 more potentially affected by unknown CVE via @voiceflow/common (>=8.10.0 <=8.9.0)
@voiceflow/common NPM version =8.10.0, =2.0.0, =3.0.0, =2.50.1, =2.0.0, =3.0.0, =2.0.0, =2.0.0, =1.0.3, =1.3.3, =1.0.0, =2.0.0, =3.2.20, =1.0.3, =1.7.13 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWCOMMON-14103402...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...