MAL-2025-47343 Malicious code in react-jsonschema-form-extras (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a348a6e6add3a526378c82c718c9589edc804b3a2c90e291c0abc25798ba1047 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47344 Malicious code in react-jsonschema-rxnt-extras (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e29ae9593362f6ccecd21ee9abaabfe0baf7da78be18ebeeef87277d03b1f56 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-jsonschema-form-conditionals (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19f7a4179b84b6488bf56a9222c451acb93c74cf52d5a8c021ae3f42599e289d Any computer that has this package installed or running should be considered fully compromised. All...

react-jsonschema-rxnt-extras (>=0.1.14 <=0.5.0-alpha.190053) potentially affected by unknown CVE via react-complaint-image (>=0.0.10 <=0.0.31)

react-complaint-image NPM version =0.0.10, =0.1.14, =0.5.0-alpha.190053 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47341...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

react-jsonschema-rxnt-extras (>=0.1.14 <=0.5.0-alpha.190053) potentially affected by unknown CVE via react-complaint-image (>=0.0.10 <=0.0.31)

react-complaint-image NPM version =0.0.10, =0.1.14, =0.5.0-alpha.190053 Source cves: unknown CVE Source advisory: SNYK:JS-REACTCOMPLAINTIMAGE-12705089...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

@bubbles-ui/leemons (>=1.0.0 <=1.2.277), @imtf/rjsf-conditionals (=5.0.3) +3 more potentially affected by unknown CVE via json-rules-engine-simplified (>=0.1.17 <=0.2.0)

json-rules-engine-simplified NPM version =0.1.17, =1.0.0, =0.1.0, =0.1.17, =0.1.1, =0.2.3 Source cves: unknown CVE Source advisory: SNYK:JS-JSONRULESENGINESIMPLIFIED-12704864...