@unhead/angular (>=3.0.0 <=3.0.0-rc.4), @unhead/react (>=3.0.0 <=3.0.0-rc.4) +4 more potentially affected by unknown CVE via unhead (>=3.0.0-beta.5 <=3.0.0)

unhead NPM version =3.0.0-beta.5, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0-rc.4 Source cves: unknown CVE Source advisory: SNYK:JS-UNHEAD-15989796...

Malicious Package

Overview @spx-workforceops/shared-vue is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

EUVD-2026-3106

Malicious code in @spx-workforceops/shared-vue npm...

EUVD-2026-3107

Malicious code in @spx-smartsorting/vue npm...

EUVD-2025-202379

Malicious code in vue2-amis-custom-widget-pro npm...

EUVD-2025-199439

Malicious code in @productdevbook/animejs-vue npm...

EUVD-2025-199301

Malicious code in @lui-ui/lui-vue npm...

Malicious code in @lui-ui/lui-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59b88c15ab970fa80e2c420db246728871b310f27e35371206322bf8cea6abb1 The package @lui-ui/lui-vue was found to contain malicious code. Source: ghsa-malware 339d88eca55085f7dbfd769a5800adf59a499c0e6e14500a6f456cf17ec249f...

@ai-sdk/angular (>=1.1.0-beta.0 <=1.1.0-beta.28), @ai-sdk/langchain (>=1.1.0-beta.0 <=1.1.0-beta.28) +5 more potentially affected by CVE-2025-48985 via ai (>=5.1.0-beta.0 <=5.1.0-beta.8)

ai NPM version =5.1.0-beta.0, =1.1.0-beta.0, =1.1.0-beta.0, =1.1.0-beta.0, =2.1.0-beta.0, =1.1.0-beta.0, =3.1.0-beta.0, =2.1.0-beta.0, =2.1.0-beta.28 Source cves: CVE-2025-48985 Source advisory: SNYK:JS-AI-13863465...

Malicious code in vue2-script-ext-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 747331ee9a0695a63f863ebc84ad9508b515a9c8dfe77477314ff8de5a5aba40 The package vue2-script-ext-html-webpack-plugin was found to contain malicious code...

Malicious code in vue-build-no-ssr (npm)

The package vue-build-no-ssr was found to contain malicious code...

MAL-2025-38956 Malicious code in weapp-vue (npm)

The package weapp-vue was found to contain malicious code...

GHSA-5J4C-8P2G-V4JX ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function

The ReDoS can be exploited through the parseHTML function in the html-parser.ts file. This flaw allows attackers to slow down the application by providing specially crafted input that causes inefficient processing of regular expressions, leading to excessive resource consumption. To demonstrate...

ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function

The ReDoS can be exploited through the parseHTML function in the html-parser.ts file. This flaw allows attackers to slow down the application by providing specially crafted input that causes inefficient processing of regular expressions, leading to excessive resource consumption. To demonstrate...

Malicious code in audit-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d1d3fc765f4abce4b198aff5193624f464377e18c77302c696ef9e200869dcb6 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

Malicious code in site-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7ba33d57968778f93b301163d42fa17c34a79d9b4326df7778f242d2b90b344 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ado-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd009dde2794c465f22294ea7b9405a3773dfef317eefe05126917bbbcdabbbf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@3yourmind/yoco (=0.0.2-beta.3), @auto-canary/gh-pages (>=9.16.7-canary.0.b718636d.0 <=11.3.0--canary.2478.87bcf4d47797ed8cc7152538b86fd742d8d19462.0) +7 more potentially affected by CVE-2019-10803 via push-dir (=0.4.1)

push-dir NPM version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on push-dir and may be impacted: - @3yourmind/yoco =0.0.2-beta.3 - @auto-canary/gh-pages =9.16.7-canary.0.b718636d.0, =9.17.0, =1.0.0, =0.0.16, =0.0.37, =0.0.1, =0.1.1, =0.7.12...

@cao_steven/nb-core (=1.0.0), @dcodegroup-au/dsg-vue (>=0.0.17 <=0.0.18) +77 more potentially affected by CVE-2021-4103 via vditor (>=2.3.1 <=3.3.9)

vditor NPM version =2.3.1, =0.0.17, =2.1.5, =2.1.5, =2.1.5, =2.1.5, =0.0.1, =0.0.2, =0.0.1-beta.15, =0.0.1, =0.0.0, =1.0.0, =3.0.0, =3.0.0, =3.2.1 and more Source cves: CVE-2021-4103 Source advisory: OSV:GHSA-CXM3-V4MV-6MH8...