@asyncapi/avro-schema-parser
MAL-2025-190635
npmmalware11/24/2025
Description
Malicious code in @asyncapi/avro-schema-parser (npm)
Indicators of Compromise
SHA256 Hashes (4)
ecba38c05b2f9aa27e985967c88f7debbca1619119604019cfb1f93b5a91e52b
563d7e586605241445ca55919018f95a81d98cbf9599eefa9c812eef9ccd7747
1c2858118cc6f2b2ac80dfb291a10834d04a7cd3702db08d818163826ca9d687
1db7ec5e8be3314b4daf63f38556b49c7a0c9341f0cc1742871b25a329cc193b
References (4)
https://github.com/advisories/GHSA-9vpg-29cm-rvq6OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-9vpg-29cm-rvq6
Quick Actions