Description
Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware detailed in the blog post below. This includes the extremely popular jsdelivr hosting of this file.
Recommendation
No fix is available yet. Followings are affected versions:
- = 1.17.3
References
Related Issues
- Prebid.js NPM package briefly compromised - CVE-2025-59038
- DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware - CVE-2025-59037
- Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2 - CVE-2025-32965
- Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements - CVE-2025-12758
- Tags:
- npm
- prebid-universal-creative
Anything's wrong? Let us know Last updated on September 11, 2025