Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/01/07 11:51 p.m.5 views

Malicious code in create-react-app-lambda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dce198bea6270ee06edafb853bcde3e517778beca89073512ee6d6cf1da2304 The package create-react-app-lambda was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
GithubExploit
GithubExploitadded 2025/11/28 9:38 a.m.142 views

ExploitForge

Getting Started with Create React App This project was bootst...

7.2AI score
Exploits0
OSV
OSVadded 2025/02/22 3:35 a.m.2 views

MAL-2025-1525 Malicious code in metamask-sdk-create-react-app (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed98a81fafea025740493667412dfaf8dd28cd12988fabdf1118a1765a12733d Any computer that has this package install...

7.1AI score
Exploits0References1
OSV
OSVadded 2022/06/20 8:18 p.m.5 views

MAL-2022-5396 Malicious code in polaris-example-create-react-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b09d3e19b74639bb4f35c359140d1a531e719d2e9b76e549ef67c8953446e25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Github Security Blog
Github Security Blogadded 2021/03/11 10:26 p.m.75 views

react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

6.8CVSS3.2AI score0.01439EPSS
Exploits1References6Affected Software1
Prion
Prionadded 2021/03/09 1:15 a.m.17 views

Command injection

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

6.8CVSS5.8AI score0.01439EPSS
Exploits1References2Affected Software1
Huntr
Huntradded 2021/03/03 12:0 a.m.57 views

Command Injection in facebook/create-react-app

description react-dev-utils includes some utilities used by Create React App. The function getProcessForPort in react-dev-utils is vulnerable to command injection. PoC Create a .js file with the content below and run it, then the file pzhou@shu can be illegally created. var getProcessForPort =...

6.8CVSS1.1AI score0.01439EPSS
Exploits1
Rows per page
Query Builder