Home / Security updates / NPM - Supply Chain Attack
NPM - Supply Chain Attack
Security updates detail rendered from /security-updates/upd_a0f2751fe5dc62e5.
Overview
| ID | upd_a0f2751fe5dc62e5 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | UiPath |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_a0f2751fe5dc62e5 |
| providerId | safebase |
| organizationId | org_33d000fdc8a62017 |
| trustCenterId | tc_7d7ee18589030c52 |
| title | NPM - Supply Chain Attack |
| message | Article URL: https://cybersecuritynews.com/npm-supply-chain-ctrl-tinycolor/ **UiPath Impact Statement:** UiPath has investigated and found no evidence that we are affected by this supply chain attack. The investigation confirmed that the affected versions of the @ctrl/tinycolor package (v4.1.1 and v4.1.2) are not used in any UiPath products. The SBOM analysis verified that UiPath uses version 3.6.1 of the package, which is not impacted by this vulnerability. Additionally, the other affected NPM packages are not utilized within UiPath's ecosystem. |
| url | - |
| publishedAt | 2025-10-21 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_33d000fdc8a62017",
"name": "UiPath",
"domains": [
"trust.uipath.com",
"uipath.com"
]
} |
| trust_center | {
"id": "tc_7d7ee18589030c52",
"name": "UiPath",
"url": "https://trust.uipath.com",
"host": "trust.uipath.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_a0f2751fe5dc62e5",
"company": "/v1/companies/org_33d000fdc8a62017",
"trust_center": "/v1/trust-centers/tc_7d7ee18589030c52",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_a0f2751fe5dc62e5JSON