1582 matches found
MAL-2025-192693 Malicious code in airslate-dep-webpack (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91777938469aa47ed3a4eb51c82af2752f2dd57b232978a88bfacdd3b82b1fe1 The package airslate-dep-webpack was found to contain malicious code...
@1024pix/storybook-ember (=7.1.1), @asherng/storybook (>=0.0.18 <=0.1.14) +31 more potentially affected by CVE-2025-68429 via @storybook/builder-webpack5 (>=7.0.0 <=7.6.20)
@storybook/builder-webpack5 NPM version =7.0.0, =0.0.18, =0.0.0-dev-main.202308160724, =1.6.5, =3.50.0-next.2, =9.0.0-next.3, =0.1.3, =0.0.1, =7.4.0-alpha.2.1, =8.0.0, =1.0.0-alpha.4, =0.0.3, =0.0.1, =6.0.0-canary.234, =6.0.0-canary.234, =6.0.0-canary.318 and more Source cves: CVE-2025-68429 Sour...
Insertion of Sensitive Information into Externally-Accessible File or Directory
Overview @storybook/builder-webpack5 is an A Storybook builder to dev and build with Webpack Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the storybook build command. An attacker can access sensitive...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Exposed Dangerous Method or Function, Origin Validation Error due to webpack-dev-server
Summary webpack-dev-server is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat Vulnerability Details CVEID:CVE-2025-30359 DESCRIPTION: webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1,...
Malicious Package
Overview node-polyfill-webpack-plugins is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Security Bulletin: React Server Components RCE (CVE-2025-55182) and related advisories
Summary React Server Components RCE vulnerability. Carbon React and related Carbon React based libraries are not related to this CVE. However, many product teams may depend on the affected libraries via frameworks or plugins. We strongly encourage all teams to verify and upgrade any affected...
GHSA-7GMR-MQ3H-M5H9 Denial of Service Vulnerability in React Server Components
Impact It was found that the fix to address CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. We recommend updating immediately. The vulnerability exists in versions 19.0.2, 19.1.3, and 19.2.2 of: - react-server-dom-webpac...
Vulnerabilities fixed in React Server Components
Meta has fixed vulnerabilities in React Server Components Parcel, Turbopack and Webpack Specifically for versions 19.0.2, 19.1.3 and 19.2.2. The vulnerabilities are related to insecure deserialization of HTTP request payloads, which can lead to Denial-of-Service attacks and server hangs. This...
@cedarjs/api-server (>=1.0.0-canary.12879 <=1.0.0-canary.12881), @cedarjs/cli (>=1.0.0-canary.12879 <=1.0.0-canary.12881) +10 more potentially affected by CVE-2025-55183 +2 more via react-server-dom-webpack (=19.2.2)
react-server-dom-webpack NPM version =19.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12879, =1.0.0-canary.12879, =1.0.0-canary.12879, =1.0.0-canary.12879,...
Node.js React Server Components Denial of Service (CVE-2025-67779)
Multiple Node.js React Server Components packages are affected by a denial of service vulnerability. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0.2, 19.1.3, 19.2.2 - react-server-dom-parcel 19.0.2, 19.1.3, 19.2.2 - react-server-dom-turbopack 19.0.2,...
Denial of Service Vulnerability in React Server Components
Impact There is a denial of service vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack...
@cedarjs/api-server (>=1.0.0-canary.12863 <=1.0.0-canary.12878), @cedarjs/cli (>=1.0.0-canary.12863 <=2.0.3-next.1) +10 more potentially affected by CVE-2025-55184 via react-server-dom-webpack (=19.2.1)
react-server-dom-webpack NPM version =19.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...
@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +18 more potentially affected by CVE-2025-55183 +1 more via react-server-dom-webpack (>=19.0.0 <=19.0.1)
react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...
@cedarjs/api-server (>=1.0.0-canary.12863 <=3.0.0-canary.13332), @cedarjs/cli (>=1.0.0-canary.12863 <=3.0.0-canary.13332) +10 more potentially affected by CVE-2025-55183 +1 more via react-server-dom-webpack (>=19.2.1 <=19.2.3)
react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...
@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +18 more potentially affected by CVE-2025-55184 via react-server-dom-webpack (>=19.0.0 <=19.0.1)
react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...
GHSA-2M3V-V2M8-Q956 Denial of Service Vulnerability in React Server Components
Impact There is a denial of service vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack...
@cedarjs/api-server (>=1.0.0-canary.12863 <=1.0.0-canary.12878), @cedarjs/cli (>=1.0.0-canary.12863 <=2.0.3-next.1) +10 more potentially affected by CVE-2025-55183 via react-server-dom-webpack (=19.2.1)
react-server-dom-webpack NPM version =19.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...
EUVD-2025-202879
Source Code Exposure Vulnerability in React Server Components...
@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +18 more potentially affected by CVE-2025-55183 via react-server-dom-webpack (>=19.0.0 <=19.0.1)
react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...
CVE-2025-55183
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...