Malicious code in yelp-react-component-tooltip (npm)

The package yelp-react-component-tooltip was found to contain malicious code...

CVE-2025-30210 Bruno XSS On Environment Name

Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...