Lucene search
K

1582 matches found

OSV
OSV
added 2025/12/22 10:29 p.m.4 views

MAL-2025-192693 Malicious code in airslate-dep-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91777938469aa47ed3a4eb51c82af2752f2dd57b232978a88bfacdd3b82b1fe1 The package airslate-dep-webpack was found to contain malicious code...

6.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/12/17 10:47 p.m.6 views

@1024pix/storybook-ember (=7.1.1), @asherng/storybook (>=0.0.18 <=0.1.14) +31 more potentially affected by CVE-2025-68429 via @storybook/builder-webpack5 (>=7.0.0 <=7.6.20)

@storybook/builder-webpack5 NPM version =7.0.0, =0.0.18, =0.0.0-dev-main.202308160724, =1.6.5, =3.50.0-next.2, =9.0.0-next.3, =0.1.3, =0.0.1, =7.4.0-alpha.2.1, =8.0.0, =1.0.0-alpha.4, =0.0.3, =0.0.1, =6.0.0-canary.234, =6.0.0-canary.234, =6.0.0-canary.318 and more Source cves: CVE-2025-68429 Sour...

7.3CVSS7AI score0.00235EPSS
Exploits0
Snyk
Snyk
added 2025/12/17 10:47 p.m.3 views

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview @storybook/builder-webpack5 is an A Storybook builder to dev and build with Webpack Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the storybook build command. An attacker can access sensitive...

7.5CVSS6.9AI score0.00235EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 10:46 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Exposed Dangerous Method or Function, Origin Validation Error due to webpack-dev-server

Summary webpack-dev-server is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat Vulnerability Details CVEID:CVE-2025-30359 DESCRIPTION: webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1,...

6.5CVSS6.7AI score0.00427EPSS
Exploits2Affected Software1
Snyk
Snyk
added 2025/12/16 10:32 p.m.4 views

Malicious Package

Overview node-polyfill-webpack-plugins is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/16 10:22 p.m.10 views

Security Bulletin: React Server Components RCE (CVE-2025-55182) and related advisories

Summary React Server Components RCE vulnerability. Carbon React and related Carbon React based libraries are not related to this CVE. However, many product teams may depend on the affected libraries via frameworks or plugins. We strongly encourage all teams to verify and upgrade any affected...

10CVSS8.1AI score0.99562EPSS
Exploits372Affected Software1
OSV
OSV
added 2025/12/12 4:32 p.m.1 views

GHSA-7GMR-MQ3H-M5H9 Denial of Service Vulnerability in React Server Components

Impact It was found that the fix to address CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. We recommend updating immediately. The vulnerability exists in versions 19.0.2, 19.1.3, and 19.2.2 of: - react-server-dom-webpac...

7.5CVSS6.6AI score0.1888EPSS
Exploits3References5
NCSC
NCSC
added 2025/12/12 10:46 a.m.10 views

Vulnerabilities fixed in React Server Components

Meta has fixed vulnerabilities in React Server Components Parcel, Turbopack and Webpack Specifically for versions 19.0.2, 19.1.3 and 19.2.2. The vulnerabilities are related to insecure deserialization of HTTP request payloads, which can lead to Denial-of-Service attacks and server hangs. This...

7.5CVSS7.2AI score0.65592EPSS
Exploits13References4
vulnersOsv
vulnersOsv
added 2025/12/12 12:3 a.m.8 views

@cedarjs/api-server (>=1.0.0-canary.12879 <=1.0.0-canary.12881), @cedarjs/cli (>=1.0.0-canary.12879 <=1.0.0-canary.12881) +10 more potentially affected by CVE-2025-55183 +2 more via react-server-dom-webpack (=19.2.2)

react-server-dom-webpack NPM version =19.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12879, =1.0.0-canary.12879, =1.0.0-canary.12879, =1.0.0-canary.12879,...

7.5CVSS7AI score0.65592EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.7 views

Node.js React Server Components Denial of Service (CVE-2025-67779)

Multiple Node.js React Server Components packages are affected by a denial of service vulnerability. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0.2, 19.1.3, 19.2.2 - react-server-dom-parcel 19.0.2, 19.1.3, 19.2.2 - react-server-dom-turbopack 19.0.2,...

7.5CVSS6.2AI score0.1888EPSS
Exploits3References2
Github Security Blog
Github Security Blog
added 2025/12/11 10:36 p.m.12 views

Denial of Service Vulnerability in React Server Components

Impact There is a denial of service vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack...

7.5CVSS7AI score0.65592EPSS
Exploits10References5Affected Software3
vulnersOsv
vulnersOsv
added 2025/12/11 10:36 p.m.8 views

@cedarjs/api-server (>=1.0.0-canary.12863 <=1.0.0-canary.12878), @cedarjs/cli (>=1.0.0-canary.12863 <=2.0.3-next.1) +10 more potentially affected by CVE-2025-55184 via react-server-dom-webpack (=19.2.1)

react-server-dom-webpack NPM version =19.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

7.5CVSS7.3AI score0.65592EPSS
Exploits10
vulnersOsv
vulnersOsv
added 2025/12/11 10:36 p.m.7 views

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +18 more potentially affected by CVE-2025-55183 +1 more via react-server-dom-webpack (>=19.0.0 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...

7.5CVSS7AI score0.65592EPSS
Exploits13
vulnersOsv
vulnersOsv
added 2025/12/11 10:36 p.m.12 views

@cedarjs/api-server (>=1.0.0-canary.12863 <=3.0.0-canary.13332), @cedarjs/cli (>=1.0.0-canary.12863 <=3.0.0-canary.13332) +10 more potentially affected by CVE-2025-55183 +1 more via react-server-dom-webpack (>=19.2.1 <=19.2.3)

react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

7.5CVSS7AI score0.65592EPSS
Exploits13
vulnersOsv
vulnersOsv
added 2025/12/11 10:36 p.m.9 views

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +18 more potentially affected by CVE-2025-55184 via react-server-dom-webpack (>=19.0.0 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...

7.5CVSS7.4AI score0.65592EPSS
Exploits10
OSV
OSV
added 2025/12/11 10:36 p.m.3 views

GHSA-2M3V-V2M8-Q956 Denial of Service Vulnerability in React Server Components

Impact There is a denial of service vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack...

7.5CVSS6AI score0.65592EPSS
Exploits10References5
vulnersOsv
vulnersOsv
added 2025/12/11 10:36 p.m.8 views

@cedarjs/api-server (>=1.0.0-canary.12863 <=1.0.0-canary.12878), @cedarjs/cli (>=1.0.0-canary.12863 <=2.0.3-next.1) +10 more potentially affected by CVE-2025-55183 via react-server-dom-webpack (=19.2.1)

react-server-dom-webpack NPM version =19.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

5.3CVSS6.9AI score0.62405EPSS
Exploits7
EUVD
EUVD
added 2025/12/11 10:36 p.m.9 views

EUVD-2025-202879

Source Code Exposure Vulnerability in React Server Components...

5.3CVSS6.4AI score0.62405EPSS
Exploits7References4
vulnersOsv
vulnersOsv
added 2025/12/11 10:36 p.m.7 views

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +18 more potentially affected by CVE-2025-55183 via react-server-dom-webpack (>=19.0.0 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...

5.3CVSS7AI score0.62405EPSS
Exploits7
NVD
NVD
added 2025/12/11 8:16 p.m.10 views

CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...

5.3CVSS0.62405EPSS
Exploits7References2
Rows per page
Query Builder