Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40asyncapi/markdown-template@1.6.8
Typenpm
Namespace@asyncapi
Namemarkdown-template
Version1.6.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-ewfd-bn4n-1yer
vulnerability_id VCID-ewfd-bn4n-1yer
summary 
@asyncapi/markdown-template contains malware after npm account takeover
On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentials from popular online services. It is recommended all credentials be rotated, npm cache is cleared, .node_modules directory is removed and all dependencies be rolled back to previous versions.
references
0
reference_url https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/
reference_id
reference_type
scores
url https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/
1
reference_url https://socket.dev/blog/shai-hulud-strikes-again-v2
reference_id
reference_type
scores
url https://socket.dev/blog/shai-hulud-strikes-again-v2
2
reference_url https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack
reference_id
reference_type
scores
url https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack
fixed_packages
aliases GMS-2025-704
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewfd-bn4n-1yer
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540asyncapi/markdown-template@1.6.8