35 matches found
CVE-2026-14802
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...
CVE-2026-14802
CVE-2026-14802 affects react-create-app releases up to 5.0.1 on macOS, targeting the startBrowserProcess function in openBrowser.js within react-dev-utils. The root cause is an input manipulation that enables OS command injection, with remote exploitation described as possible and the exploit pub...
Malicious code in create-react-app-lambda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dce198bea6270ee06edafb853bcde3e517778beca89073512ee6d6cf1da2304 The package create-react-app-lambda was found to contain malicious code. Source: ghsa-malware...
MAL-2026-132 Malicious code in create-react-app-lambda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dce198bea6270ee06edafb853bcde3e517778beca89073512ee6d6cf1da2304 The package create-react-app-lambda was found to contain malicious code. Source: ghsa-malware...
ExploitForge
Getting Started with Create React App This project was bootst...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in trigo-react-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b342d6dbb3287df2002c455ce23553f3aa118b46e447741fa840397425741076 The package trigo-react-app was found to contain malicious code. Source: ghsa-malware 11f63c9b322a04a69d7c2c875302dfe971081157a6ea2c3360e65c5e4f9f5a9...
EUVD-2025-198665
Malicious code in trigo-react-app npm...
MAL-2025-190702 Malicious code in trigo-react-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b342d6dbb3287df2002c455ce23553f3aa118b46e447741fa840397425741076 The package trigo-react-app was found to contain malicious code. Source: ghsa-malware 11f63c9b322a04a69d7c2c875302dfe971081157a6ea2c3360e65c5e4f9f5a9...
Malicious code in ketcher-react-app (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in spark-webpack-react-app (npm)
The package spark-webpack-react-app was found to contain malicious code...
MAL-2025-46117 Malicious code in spark-webpack-react-app (npm)
The package spark-webpack-react-app was found to contain malicious code...
Malicious code in @viihdeonline/react-app (npm)
The package @viihdeonline/react-app was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-14091 Malicious code in adform-react-app-core (npm)
The package adform-react-app-core was found to contain malicious code...
MAL-2025-9593 Malicious code in @viihdeonline/react-app (npm)
The package @viihdeonline/react-app was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
10by10-react-app (=1.2.1), 192.168.0.172 (=4.6.1) +13968 more potentially affected by CVE-2025-7339 via on-headers (>=0.0.0 <=1.0.2)
on-headers NPM version =0.0.0, =1.0.2, =1.0.0, =0.30.0, =0.2.0, =0.0.28, =4.11.0, =4.11.46 and more Source cves: CVE-2025-7339 Source advisory: OSV:GHSA-76C9-3JPH-RJ3Q...
Malicious code in @igain/react-app (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92a7ea271ab926399063ffd4583f6b66fab6f3350920ca611701719de8f9356e Any computer that has this package installed or running should be considered...
MAL-2025-3706 Malicious code in @igain/react-app (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92a7ea271ab926399063ffd4583f6b66fab6f3350920ca611701719de8f9356e Any computer that has this package installed or running should be considered...
Malicious code in bastion-react-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b653fe85132d2b38f6455a8b98a9d59deccd8982eaf7c9e13d97d1037dbc6a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2242 Malicious code in bastion-react-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b653fe85132d2b38f6455a8b98a9d59deccd8982eaf7c9e13d97d1037dbc6a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...