Malicious code in @ntnx/nx-react-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5de5a928dc220e0142c863d66448e5675a2d3283b7bf5b4e3133f4f3806bb38f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @ntnx/nx-react-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2026-4079 Malicious code in @antv/s2-react-components (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@lingxiteam/editor (>=3.5.1-alpha.3 <=3.5.1-alpha.5), @nokecy/qc-ui (>=0.0.3 <=0.3.24) +11 more potentially affected by unknown CVE via @antv/x6-react-components (>=2.0.8 <=2.0.9)

@antv/x6-react-components NPM version =2.0.8, =3.5.1-alpha.3, =0.0.3, =0.0.3, =0.0.9, =3.5.3, =0.0.1, =1.0.0, =0.0.3, =1.0.0, =0.2.3, =0.3.5 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVX6REACTCOMPONENTS-16754375...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +10 more potentially affected by CVE-2026-25535 via jspdf (>=4.0.0 <=4.1.0)

jspdf NPM version =4.0.0, =0.0.23, =0.1.2, =1.0.8, =1.4.0, =0.5.129, =0.112.0-79, =0.111.0-7, =0.111.0-7, =0.111.0-7, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-25535 Source advisory: SNYK:JS-JSPDF-15322681...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +6 more potentially affected by CVE-2026-24737 via jspdf (=4.0.0)

jspdf NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on jspdf and may be impacted: - @armco/armory-react-components =0.0.23, =0.1.2, =1.0.8, =1.4.0, =0.5.129, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-24737 Source advisory:...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 A proof-of-concept exploit demon...

EUVD-2022-1099

Malicious code in bioql PyPI...

@opencloning/opencloning-elabftw (>=1.6.0 <=1.9.1), @opencloning/opencloningdb (>=1.7.1 <=1.8.1) +9 more potentially affected by unknown CVE via @teselagen/react-list (>=0.8.16 <=0.8.18)

@teselagen/react-list NPM version =0.8.16, =1.6.0, =1.7.1, =1.0.1, =0.0.15, =6.10.1, =0.0.14, =0.5.7, =10.1.14, =18.3.6, =28.0.0, =30.15.8 Source cves: unknown CVE Source advisory: SNYK:JS-TESELAGENREACTLIST-12744522...

open-vector-editor (>=10.1.61 <=18.3.6), ove-electron (=1.2.8) +2 more potentially affected by unknown CVE via tg-client-query-builder (=2.14.3)

tg-client-query-builder NPM version =2.14.3 is affected by a known vulnerability. The following packages have a transitive dependency on tg-client-query-builder and may be impacted: - open-vector-editor =10.1.61, =18.3.6, =29.0.7, =30.15.8 Source cves: unknown CVE Source advisory:...

Malicious code in yarn-design-system-react-components (npm)

The package yarn-design-system-react-components was found to contain malicious code...

Malicious code in github-react-components (npm)

The package github-react-components was found to contain malicious code...

MAL-2025-40343 Malicious code in yarn-design-system-react-components-ce-c (npm)

The package yarn-design-system-react-components-ce-c was found to contain malicious code...

Malicious code in yabs-react-components (npm)

The package yabs-react-components was found to contain malicious code...

Malicious code in @azl-react-components/atoms (npm)

The package @azl-react-components/atoms was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

Malicious code in f34th3r-react-components (npm)

The package f34th3r-react-components was found to contain malicious code...

Malicious code in accounts-react-components (npm)

The package accounts-react-components was found to contain malicious code...

MAL-2025-21482 Malicious code in github-react-components (npm)

The package github-react-components was found to contain malicious code...

MAL-2025-7108 Malicious code in @azl-react-components/svgs (npm)

The package @azl-react-components/svgs was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

Malicious code in stats-core-js-react-components (npm)

The package stats-core-js-react-components was found to contain malicious code...