avvvatars-vue
MAL-2025-191067
npmmalware11/24/2025
Description
Malicious code in avvvatars-vue (npm)
Indicators of Compromise
SHA256 Hashes (3)
e5704fc14aead5570b7b1abc795002ea942c9f791057989143dbe27384b20259
147f35642dddb238d6e235922992164cf8a47925095bc03e185bf2cfa57440aa
9d0177ed2908c06ff8f5fa7cf686ba026f4f225b8c4abe0678cbd28c4962b8fc
References (4)
https://github.com/advisories/GHSA-fvr9-qhw8-v3w6OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-fvr9-qhw8-v3w6
Quick Actions