74 matches found
Malicious code in safe-react-components (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb053fb51230ded6b594cc92293d5377c31b4b9fd8d47e14e46d824d7e672910 Any computer that has this package install...
MAL-2025-4 Malicious code in safe-react-components (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb053fb51230ded6b594cc92293d5377c31b4b9fd8d47e14e46d824d7e672910 Any computer that has this package install...
Malicious code in icf-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8361b152fc7c673dc95e4055a36459ced57bfc88a733b5e9543c2dc07914156a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10978 Malicious code in icf-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8361b152fc7c673dc95e4055a36459ced57bfc88a733b5e9543c2dc07914156a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in aem-core-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95d42e3a74bd354e1f4c9ce919082af4d0f85a5bbb6cbd5f32eab262ba83cd6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10549 Malicious code in aem-core-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95d42e3a74bd354e1f4c9ce919082af4d0f85a5bbb6cbd5f32eab262ba83cd6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in eos-react-components (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2301 Malicious code in eos-react-components (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in fing-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4e606602dc2c4b6d0550d90156a68cf31799054412bac90062d266e5bcad3d76 The OpenSSF Package Analysis project identified 'fing-react-components' @ 1.15.0 npm as malicious. It is considered malicious because: - The...
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components
Impact We have identified a Cross-Site Scripting XSS vulnerability within certain React components related to community members in the Invenio-Communities module. This vulnerability enables a user to inject a script tag into the Affiliations field during the account registration process. The...
Malicious code in cm-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac624ff32f672028e8dca14a6a9207e93af47cde418a00eec1b1a8dbcae0baae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8257 Malicious code in cm-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac624ff32f672028e8dca14a6a9207e93af47cde418a00eec1b1a8dbcae0baae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-32 Malicious code in @calizahq/react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78111dabb5b94f4d258c4b3b5fdcf32bdf408683de24f695841292aa83dc073a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @calizahq/react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78111dabb5b94f4d258c4b3b5fdcf32bdf408683de24f695841292aa83dc073a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1311 Malicious code in suncorp-styleguide-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1b6a39ac171632a984b8ac8c3e53ab935e47753ac7e0df7161daa7bc23f8e08d The OpenSSF Package Analysis project identified 'suncorp-styleguide-react-components' @ 102.0.0 npm as malicious. It is considered malicious...
Malicious code in suncorp-styleguide-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1b6a39ac171632a984b8ac8c3e53ab935e47753ac7e0df7161daa7bc23f8e08d The OpenSSF Package Analysis project identified 'suncorp-styleguide-react-components' @ 102.0.0 npm as malicious. It is considered malicious...
Malicious Package
Overview eos-react-components is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious Package
Overview fing-react-components is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious code in toolbox-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80bd5635a411f906576afb9ea138bba8e2255f7b8b726a44f8ce36c026532850 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-634 Malicious code in @termly/react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7438650b0752f172b10b18d8da2140cef0cd55b9e8aff4b24b161f3c432d49cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...