CVE-2025-55184

creationtimestamp| type| source ---|---|--- 2025-12-05 13:54:28+00:00| seen| https://vulnerability.circl.lu/bundle/6739b288-995a-4f1a-9f03-5d1ced3a8fbd 2025-12-11 20:51:04+00:00| seen| https://bsky.app/profile/react.dev/post/3m7qhaqdxuc2v 2025-12-11 20:51:04+00:00| seen|...

CVE-2025-67779

creationtimestamp| type| source ---|---|--- 2025-12-05 13:54:28+00:00| seen| https://vulnerability.circl.lu/bundle/6739b288-995a-4f1a-9f03-5d1ced3a8fbd 2025-12-12 00:04:32+00:00| seen| https://bsky.app/profile/react.dev/post/3m7qs2rtey22l 2025-12-12 02:04:06+00:00| seen|...

CVE-2025-55183

creationtimestamp| type| source ---|---|--- 2025-12-05 13:54:28+00:00| seen| https://vulnerability.circl.lu/bundle/6739b288-995a-4f1a-9f03-5d1ced3a8fbd 2025-12-11 20:51:04+00:00| seen| https://bsky.app/profile/react.dev/post/3m7qhaqdtxc2v 2025-12-11 20:51:05+00:00| seen|...

EUVD-2019-0169

Malware in sbrugna...

EUVD-2021-0612

Malware in sbrugna...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +5687 more potentially affected by CVE-2021-24033 via react-dev-utils (>=0.4.0 <=11.0.3)

react-dev-utils NPM version =0.4.0, =1.0.1, =0.1.0, =0.1.2, =1.0.3, =0.1.0, =0.1.21, =1.0.0, =0.1.0, =2.0.5, =2.2.0 and more Source cves: CVE-2021-24033 Source advisory: OSV:GHSA-5Q6M-3H65-W53X...

react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

GHSA-5Q6M-3H65-W53X react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

OS Command Injection

react-dev-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS due to the usage of childprocess.execFileSync in the function getProcessIdOnPort...

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

Command injection

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

react-dev-utils on Windows vulnerable to Remote Code Execution

react-dev-utils on Windows is vulnerable to remote code execution. Recommendation Update to one of the following versions, depending on the release line that you are using. - 1.0.4 - 2.0.2 - 3.1.2 - 4.2.2 - 5.0.2 - 6.0.0-next.a671462c...

@enact/cli (>=0.9.6 <=0.9.8), abt.api.web (=0.0.3) +26 more potentially affected by CVE-2018-6342 via react-dev-utils (>=3.0.0 <=3.1.1)

react-dev-utils NPM version =3.0.0, =0.9.6, =4.2.0, =1.5.1, =0.15.0, =0.7.0, =0.7.0, =0.1.0, =0.1.4, =1.9.2, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2018-6342 Source advisory: OSV:GHSA-29GP-92WP-94Q8...

@yaochuxia/roadhog (=1.0.9), svmx-react-scripts (>=1.1.4 <=1.1.17) +1 more potentially affected by CVE-2018-6342 via react-dev-utils (=2.0.1)

react-dev-utils NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-dev-utils and may be impacted: - @yaochuxia/roadhog =1.0.9 - svmx-react-scripts =1.1.4, =0.1.0, =0.1.1 Source cves: CVE-2018-6342 Source advisory:...

@1337lawyers/design (>=0.1.0 <=0.1.38), @9188/w-cli (>=1.0.0 <=1.0.4) +50 more potentially affected by CVE-2018-6342 via react-dev-utils (>=5.0.0 <=5.0.1)

react-dev-utils NPM version =5.0.0, =0.1.0, =1.0.0, =0.4.1, =0.1.0-latest.1a450bb3, =1.0.5, =1.0.0-beta.28, =1.0.1, =1.0.0, =1.0.0, =0.26.4, =0.0.0-legacy, =3.10.0-beta.0, =0.1.0-alpha.0, =2.1.16, =2.3.5 - aqxy-common-ui =0.0.1 and more Source cves: CVE-2018-6342 Source advisory:...

GHSA-29GP-92WP-94Q8 react-dev-utils on Windows vulnerable to Remote Code Execution

react-dev-utils on Windows is vulnerable to remote code execution. Recommendation Update to one of the following versions, depending on the release line that you are using. - 1.0.4 - 2.0.2 - 3.1.2 - 4.2.2 - 5.0.2 - 6.0.0-next.a671462c...

CVE-2018-6342

The CVE-2018-6342 entry concerns react-dev-utils on Windows, where a local webserver accepts commands including one to launch an editor. The input to that command is not properly sanitized, enabling an attacker who can issue a network request (via CSRF or direct request) to execute arbitrary comm...