38 matches found
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell-PoC-C...
MAL-2026-2136 Malicious code in yelp-react-component-rating (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 027bbca928c4c1696f388fbb2ac0ac3a7c74a29db1a6bb76b5c7431759c27421 The package yelp-react-component-rating was found to contain malicious code. Source: ghsa-malware...
Malicious code in yelp-react-component-photo-upload (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32e7f0c90df117fd4748129db7ebb37ee6519a0f8ace68bbd197b8f6658da7ee The package yelp-react-component-photo-upload was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview yelp-react-component-photo-upload is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
Malicious code in babel-plugin-react-pure-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b646bc72d4de0e51f408bf6b7ae00d339ea8935a44b9bd71301a76337cc9b8d2 The package babel-plugin-react-pure-component was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2067 Malicious code in babel-plugin-react-pure-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b646bc72d4de0e51f408bf6b7ae00d339ea8935a44b9bd71301a76337cc9b8d2 The package babel-plugin-react-pure-component was found to contain malicious code. Source: ghsa-malware...
Malicious code in yelp-react-component-badge (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abec06c903f4139ed298b19b96521401231e6bd0cc306e5e7015d971d5a4260a The package yelp-react-component-badge was found to contain malicious code. Source: ghsa-malware...
PT-2026-21840
Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo pro...
EUVD-2025-199054
Malicious code in react-component-taggers npm...
MAL-2025-190989 Malicious code in react-component-taggers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4b49756f82524cc17df7c04f674e36e56cb9c0f20a095b38dc9297e70440d73 The package react-component-taggers was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-component-taggers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4b49756f82524cc17df7c04f674e36e56cb9c0f20a095b38dc9297e70440d73 The package react-component-taggers was found to contain malicious code. Source: ghsa-malware...
@asyncapi/cli (>=3.1.0 <=4.1.1), @asyncapi/html-template (>=3.2.0 <=3.5.0) +18 more potentially affected by unknown CVE via @asyncapi/react-component (>=2.0.0 <=2.6.5)
@asyncapi/react-component NPM version =2.0.0, =3.1.0, =3.2.0, =0.24.0, =2.0.4, =0.0.0-nightly-20241023023252, =0.2.1, =2.6.0, =1.0.2, =1.0.0, =0.0.2-dev-0b744dd, =2.0.0, =0.0.2-test, =0.0.0-cache-perf-20240625144418, =1.16.0-next.4 - @rlawton/kuadrant-backstage-plugin-frontend =0.0.2 and more...
Malicious code in @asyncapi/react-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ebe88915a6eee986912a6566783764ff832588763eaa7b763710ed9f992299 The package @asyncapi/react-component was found to contain malicious code. Source: ghsa-malware...
@asyncapi/cli (>=3.1.0 <=4.1.1), @asyncapi/html-template (>=3.2.0 <=3.5.0) +18 more potentially affected by unknown CVE via @asyncapi/react-component (>=2.0.0 <=2.6.5)
@asyncapi/react-component NPM version =2.0.0, =3.1.0, =3.2.0, =0.24.0, =2.0.4, =0.0.0-nightly-20241023023252, =0.2.1, =2.6.0, =1.0.2, =1.0.0, =0.0.2-dev-0b744dd, =2.0.0, =0.0.2-test, =0.0.0-cache-perf-20240625144418, =1.16.0-next.4 - @rlawton/kuadrant-backstage-plugin-frontend =0.0.2 and more...
MAL-2025-190642 Malicious code in @asyncapi/react-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ebe88915a6eee986912a6566783764ff832588763eaa7b763710ed9f992299 The package @asyncapi/react-component was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198638
Malicious code in @asyncapi/react-component npm...
EUVD-2023-2200
Malicious code in bioql PyPI...
MAL-2025-13697 Malicious code in @zalastax/nolb-react-io (npm)
The package @zalastax/nolb-react-io was found to contain malicious code...
Malicious code in react-component-adbox (npm)
The package react-component-adbox was found to contain malicious code...
MAL-2025-25224 Malicious code in lib-react-component-page-notifications (npm)
The package lib-react-component-page-notifications was found to contain malicious code...