EUVD-2026-4673

React Server Components have multiple Denial of Service Vulnerabilities...

GHSA-83FC-FQCC-2HMG React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...

Malicious Package

Overview auth0-lock-webpack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

K000159700: React framework vulnerability CVE-2026-23864

Security Advisory Description Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests ...

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

CVE-2026-23864

CVE-2026-23864 affects React Server Components packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The connected advisories describe a denial-of-service condition triggered by specially crafted HTTP requests to Server Function endpoints, potentially causin...

Azure Linux 3.0 Security Update: python-tensorboard (CVE-2024-43788)

The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43788 advisory. - Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a...

MiracleLinux 9 : pcs-0.11.4-7.el9.ML.1 (AXSA:2023-6066:10)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6066:10 advisory. pcs: webpack: Regression of CVE-2023-28154 fixes in the MIRACLE LINUX CVE-2023-2319 rubygem-rack: Denial of service in Multipart MIME parsing...

PT-2026-3410

Summary Since 2017, the default webpack plugins have passed the entire process.env to EnvironmentPlugin. This pattern exposed ALL build environment variables to client-side JavaScript bundles whenever application code or any dependency referenced process.env.VARIABLE NAME. This is not a regressio...

Security Bulletin: Multiple vulnerabilities in IBM Controller

Summary Multiple vulnerabilities were addressed in IBM Controller. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the...

Security Bulletin: IBM Edge Data Collector uses webpack-dev-server - 4.15.2 which is vulnerable to CVE-2025-30360.

Summary IBM Edge Data Collector uses webpack-dev-server - 4.15.2 which is vulnerable to CVE-2025-30360. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-30360 DESCRIPTION: webpack-dev-server allows users to use webpack with a development server...

EUVD-2025-204768

Malicious code in airslate-dep-webpack npm...

Malicious code in airslate-dep-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91777938469aa47ed3a4eb51c82af2752f2dd57b232978a88bfacdd3b82b1fe1 The package airslate-dep-webpack was found to contain malicious code...

MAL-2025-192693 Malicious code in airslate-dep-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91777938469aa47ed3a4eb51c82af2752f2dd57b232978a88bfacdd3b82b1fe1 The package airslate-dep-webpack was found to contain malicious code...

@1024pix/storybook-ember (=7.1.1), @asherng/storybook (>=0.0.18 <=0.1.14) +31 more potentially affected by CVE-2025-68429 via @storybook/builder-webpack5 (>=7.0.0 <=7.6.20)

@storybook/builder-webpack5 NPM version =7.0.0, =0.0.18, =0.0.0-dev-main.202308160724, =1.6.5, =3.50.0-next.2, =9.0.0-next.3, =0.1.3, =0.0.1, =7.4.0-alpha.2.1, =8.0.0, =1.0.0-alpha.4, =0.0.3, =0.0.1, =6.0.0-canary.234, =6.0.0-canary.234, =6.0.0-canary.318 and more Source cves: CVE-2025-68429 Sour...

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview @storybook/builder-webpack5 is an A Storybook builder to dev and build with Webpack Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the storybook build command. An attacker can access sensitive...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Exposed Dangerous Method or Function, Origin Validation Error due to webpack-dev-server

Summary webpack-dev-server is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat Vulnerability Details CVEID:CVE-2025-30359 DESCRIPTION: webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1,...

Malicious Package

Overview node-polyfill-webpack-plugins is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Security Bulletin: React Server Components RCE (CVE-2025-55182) and related advisories

Summary React Server Components RCE vulnerability. Carbon React and related Carbon React based libraries are not related to this CVE. However, many product teams may depend on the affected libraries via frameworks or plugins. We strongly encourage all teams to verify and upgrade any affected...

GHSA-7GMR-MQ3H-M5H9 Denial of Service Vulnerability in React Server Components

Impact It was found that the fix to address CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. We recommend updating immediately. The vulnerability exists in versions 19.0.2, 19.1.3, and 19.2.2 of: - react-server-dom-webpac...