38 matches found
MAL-2025-31774 Malicious code in react-component-adbox (npm)
The package react-component-adbox was found to contain malicious code...
MAL-2025-40445 Malicious code in yelp-react-component-typography (npm)
The package yelp-react-component-typography was found to contain malicious code...
MAL-2025-13757 Malicious code in @zalastax/nolb-react-sb (npm)
The package @zalastax/nolb-react-sb was found to contain malicious code...
Malicious code in lib-react-component-page-notifications (npm)
The package lib-react-component-page-notifications was found to contain malicious code...
Malicious code in react-card-security-code (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1ee206260c832fcc9736dc58bdd69c339579082e7216fd531b76689c04730e5 Any computer that has this package installed or running should be considered...
Malicious code in meteor-react-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10edb5e94e2b6aede51af9b2525726341571187cb32e9a56e9b86639c7130341 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4852 Malicious code in meteor-react-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10edb5e94e2b6aede51af9b2525726341571187cb32e9a56e9b86639c7130341 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-41167
@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the...
Malicious code in react-component-usage (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02edaef58fe9d6ea792eb3739c512482637fea90b44a07700f89233420a331f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1649 Malicious code in react-component-usage (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02edaef58fe9d6ea792eb3739c512482637fea90b44a07700f89233420a331f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in payment-react-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1be5313ebc025cf120f74736aba05ea6e53d94fb39c36b1097c2803a7f7d70de The OpenSSF Package Analysis project identified 'payment-react-component' @ 1.5.0 npm as malicious. It is considered malicious because: - The...
MAL-2023-8107 Malicious code in payment-react-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1be5313ebc025cf120f74736aba05ea6e53d94fb39c36b1097c2803a7f7d70de The OpenSSF Package Analysis project identified 'payment-react-component' @ 1.5.0 npm as malicious. It is considered malicious because: - The...
CVE-2023-41167
@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the...
GHSA-3X59-VRMC-5MX6 @webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content
Overview @webiny/react-rich-text-renderer is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the...
Malicious code in yelp-react-component-ynra (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17c5704bd0b04af2fa6b60711e53db95deb3903b359dfada1ba16fdcecd2e552 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7337 Malicious code in yelp-react-component-ynra (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17c5704bd0b04af2fa6b60711e53db95deb3903b359dfada1ba16fdcecd2e552 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7336 Malicious code in yelp-react-component-photo-box (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf62968b39da6c0f32085698bb319e4089bc94d8fdfd0b0474282b77a6bae114 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
0.8.18-p11 (=0.8.18-p12), @msvx/component (>=1.0.1 <=1.2.2) +24 more potentially affected by CVE-2021-42227 via kindeditor (=4.1.10)
kindeditor NPM version =4.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on kindeditor and may be impacted: - 0.8.18-p11 =0.8.18-p12 - @msvx/component =1.0.1, =0.0.1, =0.2.3, =0.1.1, =0.0.1, =0.0.3-p12, =4.1.9, =1.3.50, =1.0.0, =0.0.1, =0.2.49,...