EUVD-2019-0169

Malware in sbrugna...

EUVD-2021-0612

Malware in sbrugna...

MAL-2025-1696 Malicious code in @optimystic99/dev-utils (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in rec3t-dev-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d448e9d4d5fbd9def37731a1409acb449e54c306bddb581430918e5ea7f1db44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5713 Malicious code in rec3t-dev-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d448e9d4d5fbd9def37731a1409acb449e54c306bddb581430918e5ea7f1db44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

db-systray (>=0.1.0 <=0.1.2), dbm-systray (>=0.1.3 <=0.2.0) +6 more potentially affected by CVE-2021-23404 via sqlite-web (>=0.6.8 <=0.7.2)

sqlite-web PYPI version =0.6.8, =0.1.0, =0.1.3, =0.0.2, =0.0.2, =0.0.1, =0.2.1, =0.1.8, =0.2.6 Source cves: CVE-2021-23404 Source advisory: SNYK:PYTHON-SQLITEWEB-1316324...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +5687 more potentially affected by CVE-2021-24033 via react-dev-utils (>=0.4.0 <=11.0.3)

react-dev-utils NPM version =0.4.0, =1.0.1, =0.1.0, =0.1.2, =1.0.3, =0.1.0, =0.1.21, =1.0.0, =0.1.0, =2.0.5, =2.2.0 and more Source cves: CVE-2021-24033 Source advisory: OSV:GHSA-5Q6M-3H65-W53X...

react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

GHSA-5Q6M-3H65-W53X react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

OS Command Injection

react-dev-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS due to the usage of childprocess.execFileSync in the function getProcessIdOnPort...

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

Command injection

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

CVE-2021-24033

CVE-2021-24033 affects react-dev-utils prior to v11.0.4, where the function getProcessForPort concatenates an input argument into a shell command. The issue is only exploitable if this function is called with user-supplied input (i.e., via custom code); using it from react-scripts (as in Create R...

@yaochuxia/roadhog (=1.0.9), svmx-react-scripts (>=1.1.4 <=1.1.17) +1 more potentially affected by CVE-2018-6342 via react-dev-utils (=2.0.1)

react-dev-utils NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-dev-utils and may be impacted: - @yaochuxia/roadhog =1.0.9 - svmx-react-scripts =1.1.4, =0.1.0, =0.1.1 Source cves: CVE-2018-6342 Source advisory:...

@enact/cli (>=0.9.6 <=0.9.8), abt.api.web (=0.0.3) +26 more potentially affected by CVE-2018-6342 via react-dev-utils (>=3.0.0 <=3.1.1)

react-dev-utils NPM version =3.0.0, =0.9.6, =4.2.0, =1.5.1, =0.15.0, =0.7.0, =0.7.0, =0.1.0, =0.1.4, =1.9.2, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2018-6342 Source advisory: OSV:GHSA-29GP-92WP-94Q8...

react-dev-utils on Windows vulnerable to Remote Code Execution

react-dev-utils on Windows is vulnerable to remote code execution. Recommendation Update to one of the following versions, depending on the release line that you are using. - 1.0.4 - 2.0.2 - 3.1.2 - 4.2.2 - 5.0.2 - 6.0.0-next.a671462c...

@1337lawyers/design (>=0.1.0 <=0.1.38), @9188/w-cli (>=1.0.0 <=1.0.4) +50 more potentially affected by CVE-2018-6342 via react-dev-utils (>=5.0.0 <=5.0.1)

react-dev-utils NPM version =5.0.0, =0.1.0, =1.0.0, =0.4.1, =0.1.0-latest.1a450bb3, =1.0.5, =1.0.0-beta.28, =1.0.1, =1.0.0, =1.0.0, =0.26.4, =0.0.0-legacy, =3.10.0-beta.0, =0.1.0-alpha.0, =2.1.16, =2.3.5 - aqxy-common-ui =0.0.1 and more Source cves: CVE-2018-6342 Source advisory:...