@activitypods/react (>=2.0.0-alpha.13 <=2.2.0), @amplicode/addon-camunda (>=0.0.1-snapshot.1 <=0.0.1-snapshot.9) +58 more potentially affected by CVE-2023-25572 via ra-ui-materialui (>=4.12.0 <=4.16.20)

ra-ui-materialui NPM version =4.12.0, =2.0.0-alpha.13, =0.0.1-snapshot.1, =0.0.1-snapshot.1, =0.0.1, =3.0.0, =1.0.10, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.4, =0.1.33, =4.0.0, =1.1.0, =1.0.0, =1.6.7 and more Source cves: CVE-2023-25572 Source advisory: OSV:GHSA-5JCR-82FH-339V...

Cross site scripting

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...

MAL-2022-4488 Malicious code in mat6rialui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c4ca4e6079262c36e5b406bb45f36c6a917c96da960ec949f0c2229028f8b6ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@vidispine/vdt-materialui (>=0.12.0 <=26.2.0-pre.1) potentially affected by CVE-2020-8203 via lodash.updatewith (=4.10.2)

lodash.updatewith NPM version =4.10.2 is affected by a known vulnerability. The following packages have a transitive dependency on lodash.updatewith and may be impacted: - @vidispine/vdt-materialui =0.12.0, =26.2.0-pre.1 Source cves: CVE-2020-8203 Source advisory: OSV:GHSA-P6MC-M468-83GW...