MAL-2025-1391

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/voiceedgelite/MAL-2025-1391.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-1391
Published
2025-02-17T13:02:56Z
Modified
2025-03-31T07:07:50Z
Summary
Malicious code in voiceedgelite (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (fd93b14a943a875efb1d2602d31cc497e92f135adac765f65f2a0ffd72d6ad42)

The OpenSSF Package Analysis project identified 'voiceedgelite' @ 1.1.5 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "2e4fd4b9fb9a218b7e587f7885347db6009f6cabf4225963a64a35354ef1cdc5",
            "source": "ossf-package-analysis",
            "import_time": "2025-02-17T22:05:17.398082644Z",
            "modified_time": "2025-02-17T13:02:56Z",
            "versions": [
                "1.0.7"
            ]
        },
        {
            "sha256": "fd93b14a943a875efb1d2602d31cc497e92f135adac765f65f2a0ffd72d6ad42",
            "source": "ossf-package-analysis",
            "import_time": "2025-02-18T04:06:43.321415796Z",
            "modified_time": "2025-02-18T04:03:22Z",
            "versions": [
                "1.1.5"
            ]
        },
        {
            "sha256": "5c4b6524c408d88e95e6fce41bec25ac610bc0a620c6ac635dbc56a93e119088",
            "source": "ossf-package-analysis",
            "import_time": "2025-02-18T04:36:48.332115204Z",
            "modified_time": "2025-02-18T04:08:56Z",
            "versions": [
                "1.1.6"
            ]
        },
        {
            "sha256": "82126c9800523504f45253cbb3207ecc731e122b42fa280e18d86c10b33c6f35",
            "source": "ossf-package-analysis",
            "import_time": "2025-02-18T05:05:58.792360366Z",
            "modified_time": "2025-02-18T04:44:15Z",
            "versions": [
                "1.1.7"
            ]
        },
        {
            "sha256": "7ced81fbb971d72f159003fd1c935a6470e75f7416b4e7b64dffbaf06b15c276",
            "source": "ossf-package-analysis",
            "import_time": "2025-02-19T00:21:40.926340859Z",
            "modified_time": "2025-02-18T05:18:41Z",
            "versions": [
                "1.1.8"
            ]
        },
        {
            "sha256": "25b6768f91803e84a37502bb19be23ba18df20f6f6d3608028f5da10578885a6",
            "source": "ossf-package-analysis",
            "import_time": "2025-02-20T00:21:49.110742802Z",
            "modified_time": "2025-02-19T03:40:14Z",
            "versions": [
                "1.2.0"
            ]
        },
        {
            "sha256": "bd5f8aa74a109883ebc504a892ee922d4e5d0294d9af11eb14e49bd09eea6b39",
            "id": "RLMA-2025-01883",
            "source": "reversing-labs",
            "import_time": "2025-03-31T07:07:03.059248763Z",
            "modified_time": "2025-03-28T13:03:23Z",
            "versions": [
                "1.0.1",
                "1.0.2",
                "1.0.3",
                "1.0.4",
                "1.0.5",
                "1.0.6",
                "1.0.7",
                "1.0.8",
                "1.0.9",
                "1.1.2",
                "1.1.3",
                "1.1.4",
                "1.1.5",
                "1.1.6",
                "1.1.7",
                "1.1.8",
                "1.1.9",
                "1.2.0"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / voiceedgelite

Package

Affected ranges

Affected versions

1.*
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.2.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/voiceedgelite/MAL-2025-1391.json"