4 matches found
MAL-2025-191382 Malicious code in @voiceflow/verror (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b5a50b0295fd87094117e38841e99bba0c11d47626ee9ced19ea9e7547d08e The package @voiceflow/verror was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199380
Malicious code in @voiceflow/verror npm...
@voiceflow/backend-utils (>=4.8.3 <=5.0.3) potentially affected by unknown CVE via @voiceflow/verror (=1.1.3)
@voiceflow/verror NPM version =1.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on @voiceflow/verror and may be impacted: - @voiceflow/backend-utils =4.8.3, =5.0.3 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWVERROR-14103444...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...