Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40quick-start-soft/quick-markdown@1.4.2511142126
Typenpm
Namespace@quick-start-soft
Namequick-markdown
Version1.4.2511142126
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-rjhs-np6b-6khh
vulnerability_id VCID-rjhs-np6b-6khh
summary 
@quick-start-soft/quick-markdown contains malware after npm account takeover
On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentials from popular online services. It is recommended all credentials be rotated, npm cache is cleared, .node_modules directory is removed and all dependencies be rolled back to previous versions.
references
0
reference_url https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/
reference_id
reference_type
scores
url https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/
1
reference_url https://socket.dev/blog/shai-hulud-strikes-again-v2
reference_id
reference_type
scores
url https://socket.dev/blog/shai-hulud-strikes-again-v2
2
reference_url https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack
reference_id
reference_type
scores
url https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack
fixed_packages
aliases GMS-2025-258
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rjhs-np6b-6khh
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540quick-start-soft/quick-markdown@1.4.2511142126